Search

CN-121984706-A - Access management method of unified user center based on compatibility of multiple external service platforms and unified user center

CN121984706ACN 121984706 ACN121984706 ACN 121984706ACN-121984706-A

Abstract

The invention provides a unified user center access management method based on compatibility of multiple external service platforms and a unified user center, wherein the unified user center comprises a user center BFF layer and a user center function module, and the method comprises the following steps: the user center BFF layer receives a first interaction request from the front-end page, routes the first interaction request to a corresponding function sub-module in the user center function module, and returns a corresponding first interaction result to the front-end page; the user center BFF layer receives the second interaction request from the external service platform, routes the second interaction request to the corresponding function sub-module in the user center function module, and returns the corresponding second interaction result to the external service platform, wherein the function sub-module in the user center function module interacts with the database according to the first interaction request or the second interaction request, and comprises the user and manager information, the system authority information and the stored data of the external service platform organization architecture information.

Inventors

  • LI HE
  • Mou Junhong
  • WANG DONG
  • JIN XUE
  • Liu Taifa
  • LIU ZIHAN
  • LU YUE
  • YAN PENG
  • HUA LONGYU

Assignees

  • 北京网路智联科技有限公司

Dates

Publication Date
20260505
Application Date
20251223

Claims (10)

  1. 1. The access management method of the unified user center based on the compatibility of multiple external service platforms is characterized in that the unified user center comprises a user center BFF layer and a user center function module, and the method comprises the following steps: The user center BFF layer receives a first interaction request from a front end page, routes the first interaction request to a corresponding function sub-module in a user center function module, and returns a corresponding first interaction result to the front end page, wherein the first interaction request comprises a system permission information configuration request, a login check request from a user or an administrator and an access request facing an external service platform; The user center BFF layer receives a second interaction request from the external service platform, routes the second interaction request to a corresponding function sub-module in the user center function module, and returns a corresponding second interaction result to the external service platform, wherein the second interaction request comprises a login state query request; The function sub-module in the user center function module interacts with the database according to the first interaction request or the second interaction request, wherein the interaction comprises user and administrator information, system authority information and stored data of the external service platform organization architecture information.
  2. 2. The method of claim 1, wherein when the first interactive request is a system permission information configuration request from an administrator account, the corresponding functional sub-modules are an identity access management module, a role management module, and an organization architecture management module, the method further comprising: And analyzing the system authority information configuration request by using the identity access management module, and synchronizing configuration update of the system authority information into a database by using the role management module and the organization structure management module so that the external service platform can query the system authority information through the second interaction request.
  3. 3. The method of claim 1, wherein the routing function of the user center BFF layer is implemented by a Spring-Cloud Gateway component, and the call of the user center BFF layer to each of the functional sub-modules in the user center functional module is implemented by a Feign client.
  4. 4. The method of claim 1, wherein the first interactive request is a login check request from a user when the user attempts to login to the unified user center via a front end page; The step of routing the first interaction request to a corresponding function sub-module in the user center function module and returning a corresponding first interaction result to the front-end page comprises the following steps: a login module in the user center functional module receives a login verification request which is transmitted by a user center BFF layer and comprises a user account name and an account password, and the login module calls an account management module in the user center functional module to verify the validity of the account name and the account password; After verification is passed, the login module generates a global session credential in the Redis database, and returns the global session credential to the front-end page through the user center BFF layer.
  5. 5. The method of claim 1, wherein the second interaction request further includes a device parameter modification request, the device parameter modification request having the user identifier and the operation resource identifier encapsulated therein, and the step of routing the second interaction request to a corresponding function sub-module in the user center function module and returning a corresponding second interaction result to the external service platform includes: Analyzing the equipment parameter modification request by using an identity access management module in the user center function module, and calling a role management module and an organization architecture management module in the user center function module by the identity access management module to acquire a user authority range and determine whether verification operation is allowed or not; and if the verification operation is allowed, the second interaction result returned to the external service platform indicates the platform to execute the corresponding operation.
  6. 6. The method of claim 1, wherein when the first interactive request is a login check request from an administrator, the method further comprises, after the administrator logs in: The user center BFF layer receives an organization architecture management request from an administrator, the organization architecture management request is routed to an organization architecture management module in the user center function module, an association configuration of a user and a designated organization is established through the organization architecture management request, an account management module is called to acquire target user information, the association configuration is synchronized to a database, and the updated association configuration is fed back to the administrator through the user center BFF layer.
  7. 7. The method of claim 1, wherein after the user logs in the unified user center, the method further comprises utilizing a scenerization routing component of the BFF layer of the user center to determine whether a jump is needed, calling an identity access management module to check the authority of the target external service platform if the jump is needed, jumping to the corresponding target external service platform after the jump is needed, and entering a welcome page of the unified user center if the jump is not needed.
  8. 8. The unified user center is characterized by comprising a user center BFF layer and a user center function module; The user center BFF layer is used for receiving a first interaction request from a front-end page, routing the first interaction request to a corresponding functional sub-module in the user center functional module and returning a corresponding first interaction result to the front-end page; The user center function module is used for processing the first interaction request and the second interaction request, and interacting with the database according to the first interaction request or the second interaction request, wherein the interaction with the database comprises user and administrator information, system authority information and stored data of the external service platform organization architecture information; the first interaction request comprises a system authority information configuration request, a login check request from a user or an administrator and an access request facing the external service platform, and the second interaction request comprises a login state query request.
  9. 9. An electronic device comprising a processor, a memory and computer programs/instructions stored on the memory, characterized in that the processor is adapted to execute the computer programs/instructions, which when executed, implement the steps of the method according to any of claims 1 to 7.
  10. 10. A computer program product comprising computer programs/instructions which, when executed by a processor, implement the steps of the method of any of claims 1 to 7.

Description

Access management method of unified user center based on compatibility of multiple external service platforms and unified user center Technical Field The invention relates to the technical field of identity security and access management, in particular to an access management method of a unified user center based on compatibility of multiple external service platforms and the unified user center. Background In the enterprise informatization construction process, multiple service platforms are parallel to form a common scene, for example, a portal configuration platform, an information release platform, various management systems and the like in an enterprise are often independently constructed. In the prior art, each service platform constructs an independent user center service for managing user identities, authentication flows and authorization rules in the platform. Taking an enterprise common scene as an example, if enterprise staff needs to use a portal configuration platform to configure equipment parameters, the enterprise staff needs to independently log in the platform, and if the enterprise staff needs to use an information release platform to release internal notification, the enterprise staff needs to log in again in the information release platform. Even the operation and maintenance personnel of the same enterprise can repeatedly input account passwords in a plurality of sets of systems when managing different platforms. In the prior art, each service platform (such as a portal configuration platform, an information release platform and the like) respectively builds an independent user management system, and the framework of the service platform presents a 'platform independence' characteristic. For example, the front end of the portal configuration platform is connected with portal configuration BFF (Backend for Frontend) and then connected with portal configuration service, wherein the own user identity recognition and authority module is embedded in the portal configuration service, for example, the front end of the information release platform is connected with the information release platform BFF and is connected with information release service, timing task service and the like under traffic watchers, and meanwhile, the own user authentication and authority module is built in the portal configuration service. The user systems of the platforms (such as a portal configuration platform, an information release platform and the like) are mutually isolated, the data are not communicated, and the authentication and authorization mechanisms are administrative, so that an 'information island' is easy to form. The current independent architecture of each service platform can easily form an 'information island', and brings the following problems or defects that 1) the user experience is poor, the user needs to repeatedly log in among multiple platforms, the operation is complicated, the working efficiency is seriously reduced, and frequent account password input can easily cause the contradiction emotion of the user to the system. 2) The data redundancy and inconsistency are that identity information (such as names, departments and authorities) of the same user is repeatedly stored in a plurality of platforms, and once one platform updates user information, other platforms cannot be synchronized, so that data conflict and decision misalignment are caused. 3) The operation and maintenance cost is high, enterprises need to input server resources, data backup, safety protection and other manpower and material resources for multiple user systems, and the operation and maintenance complexity is exponentially increased as the systems are more. 4) The security risk is outstanding, the multiple systems mean multiple security defense lines, if a certain system security mechanism is weak, the whole system is involved, the user passwords are distributed and managed in the multiple systems, and the leakage probability is greatly increased. 5) The system integration difficulty is high, the difference between the technical stacks of each platform and the user management logic is large, and when the cross-platform collaborative service is needed, the unified identification of the user identity becomes a core obstacle, so that the complexity of the integration between the systems is greatly increased. Therefore, how to provide a unified user center compatible with multiple external service platforms and an access management method based on the unified user center, so that the information island among different platforms is opened, the user experience is improved, the operation and maintenance cost is reduced, the data is concise and consistent, the high security is achieved, and the integration complexity of each platform is reduced. Disclosure of Invention In view of this, embodiments of the present invention provide a unified user center access management method based on multi-external service platform compatibi