Unified authentication and authorization method based on OAuth2 protocol

Abstract

The invention relates to the technical field of computers, in particular to a unified authentication and authorization method based on an OAuth2 protocol. The method comprises the following steps that: an OAuth2.0 protocol is integrated based on a Spring secure open source framework, and an authorization server is generated; extended authorization models are created in the authorization server, and corresponding resource access permission marks are created; then extended access filters corresponding to the extended authorization models are created; a model based on role access control is created in the authorization server; when a user accesses system resources, the authorization server filters through the extended access filters to obtain corresponding extended authorization models, and performs authorization authentication according to the corresponding extended authorization models; if the corresponding extended authorization models are not obtained through filtering, authorization authentication is carried out through the model based on role access control; and after the user passes authorization authentication, the authorization server allows the user to access the corresponding system resources. According to the authentication and authorization method, unified authentication and authorization can be provided for an internal user, an external user and a third-party application of the system.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a unified authentication and authorization method based on the OAuth2 protocol. Background technique [0002] At present, most Internet open platforms use the OAuth protocol to implement authentication and authentication for third-party applications. OAuth is an open protocol that provides a simple and standard way for desktop applications or B / S-based WWW applications to access API services that require user authorization. Any third-party application needs to pass the user's authorization when accessing user resources. It can only be accessed after authentication and consent, which ensures the privacy and confidentiality of user data. Because of its security and easy development, many Internet vendors such as Google, Yahoo, Sina, and Tencent have provided OAuth authentication services when building open platforms. [0003] Aiming at the problem of low accuracy of third-party...

AI Technical Summary

Problems solved by technology

However, the existing security authentication methods are mainly aimed at running instances of third-party applications, and are not fully applicable to system internal users or system external users. When applied to system users, the accuracy of authentication will be greatly reduced, resulting in access to the system. Less secure resources

At the same time, the existing authentication methods applied to system users are difficult to be well applied to third-party applications

Images