Summary of the invention
In view of this, the invention provides a kind of single-point logging method, Fat Client, server and system, can only realize that single-sign-on arrives the problem of the web page by Fat Client to solve in the prior art.
To achieve these goals, the invention provides following scheme:
A kind of single-point logging method is characterized in that, comprising:
Receive the access request of browser;
According to the corresponding relation between the address of described access request and Fat Client, obtain the address of described Fat Client;
Browser sends the address of described Fat Client to described browser, so that can be handled described access request according to the described Fat Client of the call by location of described Fat Client;
Receive the user profile of having logined that described Fat Client sends;
Authentication sign that will be corresponding with described user profile sends to described Fat Client, so that described Fat Client sends to described browser with described authentication sign;
Receive the described authentication sign that described browser sends;
Response results is sent to described browser.
A kind of single-point logging method comprises:
Receive the call request that browser sends;
Send the user's who has logined on the Fat Client user profile to server;
Receive the authentication sign corresponding that described server sends with described user profile;
Send described authentication sign to browser.
A kind of single-point logging method comprises:
Browser sends access request to server;
Described server obtains the address of described Fat Client according to the corresponding relation between the address of described access request and Fat Client;
Described server sends the address of described Fat Client to described browser, so that browser can be handled described access request according to the described Fat Client of the call by location of described Fat Client;
Described browser sends call request according to the address of the Fat Client of server transmission to described Fat Client, to obtain the authentication sign;
Described Fat Client receives the call request that browser sends, and sends the user's who has logined on the Fat Client user profile to server;
The authentication sign corresponding that described Fat Client reception server sends with described user profile;
Described Fat Client sends described authentication sign to browser;
Described browser receives the authentication sign that Fat Client sends, and described authentication sign is sent to server;
Described server returns response results according to described authentication sign;
A kind of server comprises:
The access request receiving element is used to receive the access request of browser;
Address acquisition unit is used for obtaining the address of described Fat Client according to the corresponding relation between the address of described access request and Fat Client;
The address transmitting element is used for sending to described browser the address of described Fat Client, so that browser can be handled described access request according to the described Fat Client of the call by location of described Fat Client;
The user profile receiving element is used to receive the user profile of having logined that described Fat Client sends;
Authentication sign transmitting element is used for the authentication sign corresponding with described user profile sent to described Fat Client, so that described Fat Client sends to described browser with described authentication sign;
Authentication sign receiving element is used to receive the described authentication sign that described browser sends;
The response results transmitting element is used for response results is sent to described browser.
A kind of Fat Client comprises:
The access request receiving element is used to receive the call request that browser sends;
The user profile transmitting element is used for sending to server the user's who has logined on the described Fat Client user profile;
Authentication sign receiving element is used to receive the authentication sign corresponding with described user profile that described server sends;
Authentication sign transmitting element is used for sending described authentication sign to browser.
A kind of single-node login system comprises: browser, server and Fat Client, wherein:
Described browser is used for, send access request to server, the call by location Fat Client of the Fat Client that sends according to server receives the authentication sign that Fat Client sends, described authentication sign is sent to server, the response results that reception server returns according to described authentication sign;
Described server is used for, receive the access request of browser, according to the corresponding relation between the address of described access request and Fat Client, obtain the address of described Fat Client, send the address of described Fat Client to described browser, so that browser can be handled described access request according to the described Fat Client of the call by location of described Fat Client, receive the user profile of having logined that described Fat Client sends, authentication sign that will be corresponding with described user profile sends to described Fat Client, so that described Fat Client sends to described browser with described authentication sign, receive the described authentication sign that described browser sends, response results is sent to described browser;
Described Fat Client is used for, and receives the call request that browser sends, and sends the user profile of having logined to server, receives the authentication sign corresponding with described user profile that described server sends, and sends described authentication sign to browser.
From above-mentioned technical scheme as can be seen, in the embodiment of the invention, after the user logins Fat Client, during by browser login web page or leaf, according to the relation between predefined access request and the Fat Client, can call Fat Client obtain with Fat Client on the corresponding authentication sign of listed user's user profile, browser is realized the visit to purpose web page or leaf by the authentication of this authentication sign by server.Do not need to input user's name and password again, realized the single-sign-on purpose of multiple mode, simplified operation, convenient for users.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the invention, the technical scheme in the embodiment of the invention is clearly and completely described, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
The invention discloses a kind of single-point logging method, need not import the user profile of logging on client, the authentication that returns to browser by client identifies the purpose that realizes single-sign-on, has simplified operation, and its embodiment is as follows:
Embodiment one
The embodiment of the invention 1 discloses a kind of single-point logging method, and its idiographic flow comprises as shown in Figure 1:
The access request of step S11, reception browser;
Step S12, according to the corresponding relation between the address of described access request and Fat Client, obtain the address of described Fat Client;
Step S13, send the address of described Fat Client to described browser, so that browser can be handled described access request according to the described Fat Client of the call by location of described Fat Client;
The user profile of having logined that step S14, the described Fat Client of reception send;
Step S15, authentication sign that will be corresponding with described user profile send to described Fat Client, so that described Fat Client sends to described browser with described authentication sign;
The described authentication sign that step S16, the described browser of reception send;
Step S17, response results is sent to described browser.
The Windows system supports the registered network protocol handling program.For example, after emule had been installed, as long as the network address that input " ed2k: // " starts among IE (perhaps other browsers), browser will call emule and handle this URL.This is because emule when installing, can add a log-in protocol handling procedure list item at system registry, has specified the ed2k agreement to be handled by emule.
So, according to above-mentioned feature, we can register an agreement in the windows system, for example be called " sso " agreement, appointment need be carried out the handling procedure of the Fat Client of SSO as this agreement, sets up the corresponding relation between access request and Fat Client.And then, when the user logins the web webpage of this system,, then jump to a URL with " SSO: " beginning if not by the client of login according in the said process.System will call the Fat Client of our appointment and handle this URL, and to obtain an authentication sign, token TOKEN for example, browser be by the authentication of this authentication sign by server, and then realize single logging-on server.
Above-mentioned steps as can be seen, single-point logging method disclosed by the invention need not imported the user profile of logging on client, but realizes the purpose of single-sign-on by the authentication sign that client returns to browser, has simplified operation.
Embodiment two
The flow process of the embodiment of the invention 3 disclosed single-point logging methods comprises as shown in Figure 2:
The access request of step S21, reception browser;
Step S22, according to the corresponding relation between the address of described access request and Fat Client, obtain the address of described Fat Client;
Step S23, send the address of described Fat Client to described browser, so that browser can be handled described access request according to the described Fat Client of the call by location of described Fat Client;
The user's who has logined that step S24, the described Fat Client of reception send user profile, the user profile in this step comprises: user's name or session id;
Step S25, authentication sign that will be corresponding with described user profile send to described Fat Client, so that described Fat Client sends to described browser with described authentication sign;
The described authentication sign that step S26, the described browser of reception send;
Whether step S27, the authentication sign that judge to receive be correct, if correctly then execution in step S28, if mistake execution in step S29 then;
Step S28, the page documents of access request appointment is fed back to described browser;
Step S29, send the request error prompting to browser.
Added the process that the authentication sign that receives is verified in the present embodiment, thereby guaranteed the accuracy of navigation process, avoided because the authentication sign that the mistake in the transmission course causes is incorrect, and then influenced the accuracy of server to the browser return information.Send different response results according to the result who judges to browser.Present embodiment does not limit concrete response results, for example, when judging authentication sign when incorrect, also can send the prompting of authentication once more to browser, concrete response results type is decided according to actual conditions, as long as can realize user-friendly purpose.
By above-mentioned steps as can be seen, after the user logins Fat Client, when the user logins the web page or leaf again, just can call the authentication sign that Fat Client sends the current user's name of having logined and/or session id and then acquisition server, be forwarded to browser by Fat Client again, finally send authentication and identify,, realize visit purpose web page or leaf by the authentication of server to server by browser.As long as the active user has logined Fat Client, just can login the webpage of this system by any way, do not need to input again user's name and password, realize the single-sign-on of multiple mode, make things convenient for the user, improve user experience, be specially adapted to the user and have the situation of evaluating electron stream.
Embodiment three
The single-point logging method that present embodiment discloses is applicable to Fat Client, and its idiographic flow comprises as shown in Figure 3:
The call request that step S31, reception browser send;
The address of the Fat Client that browser obtains according to the corresponding relation between the address of access request and Fat Client by server, the visit Fat Client.
Step S32, send the user's logined user profile to server;
After receiving access request, send the user profile of having logined to server, comprising user name or session id.
The authentication sign corresponding that step S33, the described server of reception send with described user profile;
Server sends authentication sign, for example a token TOKEN to Fat Client.
Step S34, send described authentication sign to browser.
In the present embodiment, the authentication sign that Fat Client will obtain from server end send to browser, make browser to send to server and verify should authentication identifying, and make server just identify under the correct situation recognizing, can accept the access request of browser, realize single-sign-on.
Embodiment four
The embodiment of the invention 4 discloses a kind of single-point logging method, and its idiographic flow comprises as shown in Figure 4:
Step 41, browser send access request to server;
Step 42, the address that obtains Fat Client;
In this step, described server obtains the address of described Fat Client according to the corresponding relation between the address of described access request and Fat Client;
Step 43, described server send the address of described Fat Client to described browser;
In this step, server sends the address of described Fat Client to described browser, so that browser can be handled described access request according to the described Fat Client of the call by location of described Fat Client;
Step 44, send call request to described Fat Client;
In this step, described browser sends call request according to the address of the Fat Client of server transmission to described Fat Client, to obtain the authentication sign;
Step 45, the user's that on server sends Fat Client, logined user profile;
In this step, described Fat Client receives the call request that browser sends, and sends the user's who has logined on the Fat Client user profile to server;
The authentication sign corresponding that step 46, described Fat Client reception server send with described user profile;
Step 47, described Fat Client send described authentication sign to browser;
Step 48, described browser receive the authentication sign that Fat Client sends, and described authentication sign is sent to server;
Step 49, described server return response results according to described authentication sign;
Above-mentioned steps as can be seen, single-point logging method disclosed by the invention need not imported the user profile of logging on client, but identifies the purpose that realizes single-sign-on to browser by the client return authentication, has simplified operation.
The present invention discloses a kind of server of realizing single-sign-on, its structure as shown in Figure 4, comprise: access request receiving element 51, address acquisition unit 52, address transmitting element 53, user profile receiving element 54, authentication sign transmitting element 55, authentication sign receiving element 56 and response results transmitting element 57, wherein:
Access request receiving element 51 is used to receive the access request of browser; Address acquisition unit 52 is used for obtaining the address of described Fat Client according to the corresponding relation between the address of described access request and Fat Client; Address transmitting element 53 is used for sending to described browser the address of described Fat Client, so that browser can be handled described access request according to the described Fat Client of the call by location of described Fat Client; User profile receiving element 54 is used to receive the user profile of having logined that described Fat Client sends; Authentication sign transmitting element 55 is used for the authentication sign corresponding with described user profile sent to described Fat Client, so that described Fat Client sends to described browser with described authentication sign; Authentication sign receiving element 56 is used to receive the described authentication sign that described browser sends; Response results transmitting element 57 is used for response results is sent to described browser.
Wherein, described response results transmitting element 57 comprises: judging unit 571 is used to judge whether the authentication sign of reception is correct; Page documents transmitting element 572 is used for when authentication sign is correct, and the page documents of described access request appointment is sent to described browser; Miscue unit 573 is used for identifying when incorrect when described authentication, sends the request bomp to described browser.
The present invention discloses a kind of Fat Client of realizing single-sign-on, its structure comprises as shown in Figure 6: access request receiving element 61, user profile transmitting element 62, authentication sign receiving element 63 and authentication sign transmitting element 64, wherein,
Access request receiving element 61 is used to receive the call request that browser sends; User profile transmitting element 62 is used for sending the user profile of having logined to server; Authentication sign receiving element 63 is used to receive the authentication sign corresponding with described user profile that described server sends; Authentication sign transmitting element 64 is used for sending described authentication sign to browser.
The present invention further discloses a kind of single-node login system, its structure comprises as shown in Figure 7: browser 71, server 72 and Fat Client 73, wherein:
Described browser 71 is used for, send access request to server, the call by location Fat Client of the Fat Client that sends according to server receives the authentication sign that Fat Client sends, described authentication sign is sent to server, the response results that reception server returns according to described authentication sign;
Described server 72 is used for, receive the access request of browser, according to the corresponding relation between the address of described access request and Fat Client, obtain the address of described Fat Client, send the address of described Fat Client to described browser, so that browser can be handled described access request according to the described Fat Client of the call by location of described Fat Client, receive the user profile of having logined that described Fat Client sends, authentication sign that will be corresponding with described user profile sends to described Fat Client, so that described Fat Client sends to described browser with described authentication sign, receive the described authentication sign that described browser sends, response results is sent to described browser;
Described Fat Client 73 is used for, and receives the call request that browser sends, and sends the user profile of having logined to server, receives the authentication sign corresponding with described user profile that described server sends, and sends described authentication sign to browser.Single-point logging method disclosed by the invention, Fat Client, server and system, can realize after the user has logined the client of a C/S type, even it logins homepage by active mode of the web page or leaf network address of input system in browser, also can be by just calling the authentication sign that Fat Client sends the current user's name of having logined and/or session id and then acquisition server, be forwarded to browser by Fat Client again, finally sending authentication by browser identifies to server, authentication by server, realization is to the visit of purpose web page or leaf, and need be at the input username and password, simplify operating process, made things convenient for user experience.
Each embodiment adopts the mode of going forward one by one to describe in this specification, and what each embodiment stressed all is and the difference of other embodiment that identical similar part is mutually referring to getting final product between each embodiment.For the disclosed device of embodiment, because it is corresponding with the embodiment disclosed method, so description is fairly simple, relevant part partly illustrates referring to method and gets final product.
The professional can recognize, the unit and the algorithm steps of each example of describing in conjunction with embodiment disclosed herein, can realize with electronic hardware, computer software or the combination of the two, for the interchangeability of hardware and software clearly is described, the composition and the step of each example described prevailingly according to function in the above description.These functions still are that software mode is carried out with hardware actually, depend on the application-specific and the design constraint of technical scheme.The professional and technical personnel can use distinct methods to realize described function to each specific should being used for, but this realization should not thought and exceeds scope of the present invention.
The method of describing in conjunction with embodiment disclosed herein or the step of algorithm can directly use the software module of hardware, processor execution, and perhaps the combination of the two is implemented.Software module can place the storage medium of any other form known in random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or the technical field.
To the above-mentioned explanation of the disclosed embodiments, make this area professional and technical personnel can realize or use the present invention.Multiple modification to these embodiment will be conspicuous concerning those skilled in the art, and defined herein General Principle can realize under the situation that does not break away from the spirit or scope of the present invention in other embodiments.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet and principle disclosed herein and features of novelty the wideest corresponding to scope.