Authentication method and device, electronic equipment and computer readable storage medium
By using a first filter in the authentication system to intercept and replace the CAS client IP address, the problem of large workload and low operability caused by modifying the source code in the existing technology is solved, and efficient CAS authentication login is achieved in various network environments.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ULTRAPOWER SOFTWARE
- Filing Date
- 2021-08-23
- Publication Date
- 2026-06-09
AI Technical Summary
Modifying the CAS client source code to support authentication login in various network environments in existing technologies involves a large workload and low operability.
By creating a first filter in the authentication system to intercept access requests, resolve IP addresses, and match and replace the IP addresses of the CAS client according to the address mapping table, CAS authentication login can be achieved in various network environments.
It reduces the workload of modifying the source code, improves operability, supports authentication login in various network environments, and has high operability and scalability.
Smart Images

Figure CN115720143B_ABST
Abstract
Description
Technical Field
[0001] This application belongs to the field of network information security, and specifically relates to an authentication method, device, electronic device, and computer-readable storage medium. Background Technology
[0002] To ensure the security of application systems (such as OA systems, office systems, and financial systems), users typically need to be authenticated and logged in via CAS (Central Authentication Service) when initiating access to the application system. Only after successful authentication does the user have the right to access the application system.
[0003] As the network environments in which application systems are deployed become increasingly complex, multiple IP addresses, such as internal and external IP addresses, may be required for the same application system in certain scenarios. Correspondingly, CAS authentication clients also need to support authentication and login in various network environments.
[0004] To achieve the above functionality, existing technologies typically modify the callback address by altering the CAS client's source code. However, due to the numerous upgrades and iterations of CAS, resulting in a large number of versions, modifying the CAS client's source code to adapt to different CAS versions would involve a significant workload and is not very practical. Summary of the Invention
[0005] In view of this, the purpose of this application is to provide an authentication method, apparatus, electronic device and computer-readable storage medium to provide a highly operable authentication login that supports multiple network environments.
[0006] The embodiments of this application are implemented as follows:
[0007] In a first aspect, embodiments of this application provide an authentication method applied to an authentication system, the authentication system including a pre-created first filter; the method includes: when it is determined that there is an access request that requires login authentication through a CAS client, intercepting the access request through the first filter and parsing the IP address representing the object to be accessed in the access request; matching an address corresponding to the IP address of the object to be accessed based on the IP address of the object to be accessed and a pre-saved address mapping table; the matching address is one of the IP addresses of the CAS client; replacing the current IP address of the CAS client with the matching address; and sending the access request to the matching address so that the CAS client authenticates the access request.
[0008] In the above process, by modifying the configuration file and creating a program with the function of intercepting access requests (i.e., the first filter), CAS authentication login can be achieved in various network environments. Compared with the existing technology that requires modifying the source code, this greatly reduces the workload, is more operable, and has the potential for widespread adoption.
[0009] In conjunction with the first aspect of the embodiment, in one possible implementation, before matching the IP address corresponding to the IP address of the object to be accessed based on the IP address of the object to be accessed and a pre-saved address mapping table, the method further includes: configuring multiple IP addresses for the object to be accessed; configuring IP addresses of CAS clients that correspond one-to-one with the multiple IP addresses for the CAS client, and establishing the address mapping table according to the one-to-one correspondence.
[0010] In conjunction with the first aspect of the embodiment, in one possible implementation, the IP addresses configured for the object to be accessed are the internal network IP address and the external network IP address of the object to be accessed, respectively; the IP addresses configured for the CAS client are the internal network IP address and the external network IP address of the CAS client, respectively; the internal network IP address of the object to be accessed corresponds to the internal network IP address of the CAS client, and the external network IP address of the object to be accessed corresponds to the external network IP address of the CAS client.
[0011] In conjunction with the first aspect of the embodiment, in one possible implementation, the method further includes: sending the access request to the object to be accessed when the CAS client authentication is successful.
[0012] In conjunction with the first aspect of the embodiment, in one possible implementation, the first filter is written using the JavaFilter approach.
[0013] In conjunction with the first aspect of the embodiment, in one possible implementation, before intercepting the access request, the method further includes: determining whether there is an authentication requirement for multiple network environments; if so, executing: intercepting the access request and performing subsequent steps.
[0014] Secondly, embodiments of this application provide an authentication device applied to an authentication system, the authentication system including a pre-created first filter; the device includes: an interception module, a matching module, a replacement module, and a sending module.
[0015] The interception module is used to intercept the access request through the first filter when it is determined that there is an access request that requires login authentication through the CAS client, and to parse the IP address used to represent the object to be accessed in the access request;
[0016] The matching module is used to match the IP address of the object to be accessed with a pre-saved address mapping table to find a matching address corresponding to the IP address of the object to be accessed; the matching address is one of the IP addresses of the CAS client.
[0017] The replacement module is used to replace the current IP address of the CAS client with the matching address.
[0018] The sending module is used to enable the CAS client to authenticate the access request by sending the access request to the matching address.
[0019] In conjunction with the second aspect of the embodiment, in one possible implementation, the device further includes a configuration module, configured to configure multiple IP addresses for the object to be accessed; configure IP addresses for the CAS clients that correspond one-to-one with the multiple IP addresses; and establish the address mapping table according to the one-to-one correspondence.
[0020] In conjunction with the second aspect of the embodiment, in one possible implementation, the IP addresses configured for the object to be accessed are the internal network IP address and the external network IP address of the object to be accessed, respectively; the IP addresses configured for the CAS client are the internal network IP address and the external network IP address of the CAS client, respectively; the internal network IP address of the object to be accessed corresponds to the internal network IP address of the CAS client, and the external network IP address of the object to be accessed corresponds to the external network IP address of the CAS client.
[0021] In conjunction with the second aspect of the embodiment, in one possible implementation, the sending module is further configured to send the access request to the object to be accessed when the CAS client authentication is successful.
[0022] In conjunction with the second aspect of the embodiment, in one possible implementation, the apparatus further includes:
[0023] The judgment module is used to determine whether there is an authentication requirement in a multi-network environment;
[0024] The interception module is used to intercept the access request when the judgment module determines that it is true.
[0025] In conjunction with the second aspect of the embodiment, in one possible implementation, the first filter is written using the JavaFilter approach.
[0026] Thirdly, embodiments of this application also provide an electronic device, including: a memory and a processor, the memory and the processor being connected; the memory being used to store a program; the processor calling the program stored in the memory to execute the method provided by any possible implementation of the first aspect embodiment and / or in combination with the first aspect embodiment.
[0027] Fourthly, embodiments of this application also provide a non-volatile computer-readable storage medium (hereinafter referred to as a computer-readable storage medium) storing a computer program thereon, wherein the computer program is executed by a computer to perform the method provided by any possible implementation of the first aspect embodiment and / or in combination with the first aspect embodiment.
[0028] Other features and advantages of this application will be set forth in the following description and will be apparent in part from the description or may be learned by practicing embodiments of this application. The objectives and other advantages of this application may be realized and obtained by means of the structures particularly pointed out in the written description and the accompanying drawings. Attached Figure Description
[0029] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the embodiments will be briefly described below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort. The above and other objects, features, and advantages of this application will become clearer through the drawings. The same reference numerals indicate the same parts in all the drawings. The drawings are not intentionally drawn to scale to actual size; the focus is on illustrating the main points of this application.
[0030] Figure 1 This document shows a flowchart of an authentication method provided in an embodiment of this application.
[0031] Figure 2 This diagram illustrates a structural block diagram of an authentication device provided in an embodiment of this application.
[0032] Figure 3 This diagram illustrates the structure of an electronic device provided in an embodiment of this application.
[0033] Icons: 100 - Electronic device; 110 - Processor; 120 - Memory; 400 - Authentication device; 410 - Interception module; 420 - Matching module; 430 - Replacement module; 440 - Transmission module. Detailed Implementation
[0034] The technical solutions in the embodiments of this application will now be described with reference to the accompanying drawings.
[0035] It should be noted that similar reference numerals and letters in the following figures denote similar items; therefore, once an item is defined in one figure, it does not need to be further defined and explained in subsequent figures. Furthermore, relational terms such as "first," "second," etc., used in the description of this application are merely used to distinguish one entity or operation from another, and do not necessarily require or imply any such actual relationship or order between these entities or operations. Moreover, the term "comprising," or any other variation thereof, is intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitations, an element defined by the phrase "comprising a…" does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.
[0036] Furthermore, the shortcomings of the existing technology (which would result in a large workload and low operability) are the result of the applicant's practical experience and careful research. Therefore, the discovery process of the above-mentioned shortcomings and the solutions proposed by the present application embodiments for the above-mentioned shortcomings in the following description should be regarded as the applicant's contribution to the present application.
[0037] To address the aforementioned issues, embodiments of this application provide an authentication method, apparatus, electronic device, and computer-readable storage medium that can support authentication login in various network environments with high operability.
[0038] This technology can be implemented using appropriate software, hardware, or a combination of both. The embodiments of this application are described in detail below.
[0039] The authentication methods provided in this application will be described below.
[0040] Please refer to Figure 1 This application provides an authentication method. The following will describe the method in conjunction with... Figure 1 The steps involved are explained.
[0041] Step S110: When it is determined that there is an access request that requires login authentication through the CAS client, the access request is intercepted by the first filter, and the IP address used to represent the object to be accessed in the access request is parsed.
[0042] When a user interacts with a client (such as a browser), causing the client to initiate an access request for an object to be accessed, under normal circumstances, the user needs to be redirected to the CAS client for login authentication. Only after successful authentication can the user be redirected to the object to be accessed for the corresponding operation.
[0043] The objects to be accessed can be application systems such as OA systems, financial systems, and office systems.
[0044] In this embodiment of the application, in order to support CAS authentication login in various network environments, when the pre-created first filter detects that the client initiates an access request for the object to be accessed, the access request can be intercepted first, and the URL (Uniform Resource Locator) in the intercepted access request can be parsed to extract information related to the object to be accessed, such as the IP address and port number of the object to be accessed.
[0045] In some implementations, the above method is applied to an authentication system. This authentication system includes a first filter written by backend personnel using a Java Filter approach. In this implementation, when it is determined that an access request requires login authentication via a CAS client, the authentication system can intercept and parse the access request using the first filter.
[0046] Of course, in some implementations, a judgment procedure can also be set to determine whether there is an authentication requirement in a multi-network environment.
[0047] Optionally, if yes, then step S110 and its subsequent steps are executed; otherwise, the user is directly redirected to the CAS client for login authentication.
[0048] Accordingly, to implement this judgment function, a new configuration item pasm.multi.ip can be added to the configuration file, and the content of this configuration item can be true or false.
[0049] Specifically, if the content of this configuration item is true, it indicates that there is an authentication requirement for multiple network environments; otherwise, it indicates that there is no authentication requirement for multiple network environments.
[0050] Of course, the settings and modifications for this configuration item are made by the backend staff.
[0051] Step S120: Based on the IP address of the object to be accessed and the pre-saved address mapping table, find the matching address corresponding to the IP address of the object to be accessed.
[0052] The matched address is one of the IP addresses of the CAS client.
[0053] It is worth noting that, in order to support CAS authentication login in various network environments, it is necessary to pre-configure different IP addresses for the same object to be accessed and different IP addresses for the same CAS client for different network environments.
[0054] After configuring the IP addresses, it is necessary to establish a one-to-one correspondence between the IP addresses of the CAS clients configured in the same network environment and the IP addresses of the objects to be accessed, and then create an address mapping table based on each one-to-one correspondence.
[0055] In one specific implementation, it is assumed that there are two network environments: an intranet and an extranet. Accordingly, the intranet IP address and the extranet IP address of the object to be accessed need to be configured in advance and separated by a first preset character; the intranet IP address and the extranet IP address of the CAS client also need to be configured in advance and separated by the first preset character.
[0056] For example, the first preset character is a semicolon, and the specific configuration format for the object to be accessed is: pasmIp1;pasmIp2. Of course, after completing the configuration, a pasm.local.map configuration item needs to be added to the configuration file. The specific configuration format for the CAS client is: casIp1;pasmIp2. Of course, after completing the configuration, a cas.local.map configuration item needs to be added to the configuration file.
[0057] In addition, it is necessary to map the internal IP address of the object to be accessed to the internal IP address of the CAS client, and the external IP address of the object to be accessed to the external IP address of the CAS client, and form an address mapping table based on this. In the mapping table, IP addresses with mapping relationships are associated with a second preset character.
[0058] For example, if the first preset character is "@", the mapping table will show the following specific association format:
[0059] pasmIp1:pasmPort1@casIp1:casPort1;
[0060] pasmIp2:pasmPort2@casIp2:casPort2.
[0061] Of course, after creating the address mapping table, you need to add the pasm.network.map configuration item to the configuration file.
[0062] In addition, it is worth noting that a configuration file parser needs to be created in order to parse the newly added configuration items.
[0063] After completing the above configuration, once the IP address of the object to be accessed in the access request is obtained, the address mapping table can be queried based on the current IP address of the object to be accessed, thereby matching the address corresponding to the current IP address of the object to be accessed. Of course, the matching address found at this time is one of several IP addresses pre-configured by the CAS client.
[0064] For example, if the IP address of the object to be accessed is parsed from the access request and is represented as the internal IP address of the object to be accessed, then after matching, the matching address is the internal IP address of the CAS client; if the IP address of the object to be accessed is parsed from the access request and is represented as the external IP address of the object to be accessed, then after matching, the matching address is the external IP address of the CAS client.
[0065] Step S130: Replace the current IP address of the CAS client with the matching address.
[0066] In this embodiment of the application, in order to support CAS authentication login in various network environments, once a matching address corresponding to the IP address of the object to be accessed is found, the current IP address of the CAS client can be replaced with the corresponding matching address.
[0067] Of course, it is worth noting that since the CAS client has a built-in second filter, in order to ensure address consistency, when replacing the current IP address of the CAS client, it is also necessary to replace the current IP address of the CAS client's second filter with the corresponding matching address.
[0068] Step S140: Send the access request to the matching address so that the CAS client can authenticate the access request.
[0069] If the IP address of the object to be accessed included in the URL of the access request is an internal network IP address, it means that the access request needs to go through the internal network access path.
[0070] After the IP address replacement steps described above, the CAS client's current IP address has been replaced with its internal network IP address within the intranet environment. Therefore, when sending the access request to the corresponding matching address (the CAS client's internal network IP address within the intranet environment), it can be guaranteed that the access request will successfully reach the CAS client, so that the CAS client can perform ticket authentication for the access request based on the intranet environment.
[0071] Of course, if we assume that the IP address of the object to be accessed included in the URL of the access request is an external or internal IP address, then it means that the access request needs to go through the external network access path.
[0072] By following similar steps, the access request can be successfully delivered to the CAS client, allowing the CAS client to perform ticket authentication on the access request based on the external network environment.
[0073] If authentication is successful, the CAS client can send an access request to the object to be accessed, so that the user can successfully access the object via the intranet.
[0074] If authentication fails, the CAS client can return an authentication failure message to the client.
[0075] The authentication method provided in this application embodiment can achieve CAS authentication login in various network environments by modifying the configuration file and adding a program with access request interception function. Compared with the existing technology that requires modifying the source code, it greatly reduces the workload, is more operable, and has the potential for widespread application.
[0076] like Figure 2 As shown, this application embodiment also provides an authentication device 400, applied to an authentication system, the authentication system including a pre-created first filter; the authentication device 400 may include: an interception module 410, a matching module 420, a replacement module 430, and a sending module 440.
[0077] The interception module 410 is used to intercept the access request through the first filter when it is determined that there is an access request that requires login authentication through the CAS client, and to parse the IP address used to represent the object to be accessed in the access request;
[0078] The matching module 420 is used to match the IP address of the object to be accessed with a matching address corresponding to the IP address of the object to be accessed, based on the IP address of the object to be accessed and a pre-saved address mapping table; the matching address is one of the IP addresses of the CAS client.
[0079] Replacement module 430 is used to replace the current IP address of the CAS client with the matching address;
[0080] The sending module 440 is used to send the access request to the matching address so that the CAS client can authenticate the access request.
[0081] In one possible implementation, the device further includes a configuration module for configuring multiple IP addresses for the object to be accessed; configuring IP addresses of CAS clients that correspond one-to-one with the multiple IP addresses for the CAS clients; and establishing the address mapping table according to the one-to-one correspondence.
[0082] In one possible implementation, the IP addresses configured for the object to be accessed are the internal network IP address and the external network IP address of the object to be accessed, respectively; the IP addresses configured for the CAS client are the internal network IP address and the external network IP address of the CAS client, respectively; the internal network IP address of the object to be accessed corresponds to the internal network IP address of the CAS client, and the external network IP address of the object to be accessed corresponds to the external network IP address of the CAS client.
[0083] In one possible implementation, the sending module 440 is further configured to send the access request to the object to be accessed when the CAS client authentication is successful.
[0084] In one possible implementation, the device further includes:
[0085] The judgment module is used to determine whether there is an authentication requirement in a multi-network environment;
[0086] The interception module 410 is used to intercept the access request when the judgment module determines that it is true.
[0087] In one possible implementation, the first filter is written using the Java Filter approach.
[0088] The authentication device 400 provided in this application embodiment has the same implementation principle and technical effect as the aforementioned method embodiment. For the sake of brevity, any parts not mentioned in the device embodiment can be referred to the corresponding content in the aforementioned method embodiment.
[0089] Furthermore, embodiments of this application also provide a computer-readable storage medium storing a computer program, which, when executed by a computer, performs the steps included in the authentication method described above.
[0090] In addition, please refer to Figure 3 This application also provides an electronic device 100 for implementing the authentication method and apparatus of this application.
[0091] Optional, electronic device 100 may include, but is not limited to, personal computers (PCs), tablet computers, mobile internet devices (MIDs), personal digital assistants, servers, and other devices.
[0092] The electronic device 100 may include a processor 110 and a memory 120.
[0093] It should be noted that Figure 3 The components and structures of the electronic device 100 shown are merely exemplary and not limiting; the electronic device 100 may also have other components and structures as needed.
[0094] The processor 110, memory 120, and other components that may be present in the electronic device 100 are electrically connected to each other, directly or indirectly, to enable data transmission or interaction. For example, the processor 110, memory 120, and other components may be electrically connected to each other via one or more communication buses or signal lines.
[0095] The memory 120 is used to store programs, such as programs corresponding to the authentication methods mentioned above or authentication devices mentioned above. Optionally, when the memory 120 stores an authentication device, the authentication device includes at least one software functional module that can be stored in the memory 120 in the form of software or firmware.
[0096] Optionally, the software functional modules included in the authentication device may also be embedded in the operating system (OS) of the electronic device 100.
[0097] The processor 110 is used to execute executable modules stored in the memory 120, such as software function modules or computer programs included in the authentication device. When the processor 110 receives an execution instruction, it can execute the computer program, for example, by: when it is determined that there is an access request that requires login authentication through a CAS client, intercepting the access request through the first filter and parsing the IP address representing the object to be accessed in the access request; matching the IP address of the object to be accessed with a pre-saved address mapping table, finding a matching address corresponding to the IP address of the object to be accessed; the matching address is one of the IP addresses of the CAS client; replacing the current IP address of the CAS client with the matching address; and sending the access request to the matching address so that the CAS client authenticates the access request.
[0098] Of course, the methods disclosed in any embodiment of this application can be applied to the processor 110, or implemented by the processor 110.
[0099] In summary, the authentication method, apparatus, electronic device, and computer-readable storage medium proposed in the embodiments of the present invention can achieve CAS authentication login in various network environments by modifying the configuration file and adding a program with access request interception function. Compared with the existing technology that requires modification of source code, it greatly reduces the workload, is more operable, and has the potential for widespread application.
[0100] It should be noted that the various embodiments in this specification are described in a progressive manner, with each embodiment focusing on the differences from other embodiments. The same or similar parts between the various embodiments can be referred to each other.
[0101] In the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can also be implemented in other ways. The apparatus embodiments described above are merely illustrative. For example, the flowcharts and block diagrams in the accompanying drawings illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods, and computer program products according to various embodiments of this application. In this regard, each block in a flowchart or block diagram may represent a module, segment, or portion of code containing one or more executable instructions for implementing a specified logical function. It should also be noted that in some alternative implementations, the functions marked in the blocks may occur in a different order than those marked in the drawings. For example, two consecutive blocks may actually be executed substantially in parallel, and they may sometimes be executed in reverse order, depending on the functions involved. It should also be noted that each block in a block diagram and / or flowchart, and combinations of blocks in block diagrams and / or flowcharts, can be implemented using a dedicated hardware-based system that performs the specified function or action, or using a combination of dedicated hardware and computer instructions.
[0102] In addition, the functional modules in the various embodiments of this application can be integrated together to form an independent part, or each module can exist independently, or two or more modules can be integrated to form an independent part.
[0103] If the aforementioned functions are implemented as software functional modules and sold or used as independent products, they can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or a portion of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, laptop, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.
[0104] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any changes or substitutions that can be easily conceived by those skilled in the art within the scope of the technology disclosed in this application should be included within the scope of protection of this application.
Claims
1. An authentication method, characterized in that, Applied to an authentication system, the authentication system including a pre-created first filter; the method includes: When it is determined that there is an access request that requires login authentication through the CAS client, the access request is intercepted by the first filter, and the IP address used to represent the object to be accessed in the access request is parsed. Based on the IP address of the object to be accessed and a pre-saved address mapping table, a matching address corresponding to the IP address of the object to be accessed is found; the matching address is one of the IP addresses of the CAS client; for different network environments, the same object to be accessed is configured with different IP addresses, and the same CAS client is configured with different IP addresses; the mapping table includes the correspondence between the IP address of the CAS client and the IP address of the object to be accessed in the same network environment; Replace the current IP address of the CAS client with the matching address; replace the current IP address of the second filter of the CAS client with the matching address; The access request is sent to the matching address so that the CAS client can authenticate the access request.
2. The method according to claim 1, characterized in that, Before matching the IP address of the object to be accessed with a pre-saved address mapping table, the method further includes: Configure multiple IP addresses for the object to be accessed; Configure the CAS client with IP addresses that correspond one-to-one with the multiple IP addresses, and establish the address mapping table according to the one-to-one correspondence.
3. The method according to claim 2, characterized in that, The IP addresses configured for the object to be accessed are the internal network IP address and the external network IP address of the object to be accessed, respectively. The IP addresses configured for the CAS client are the internal network IP address and the external network IP address of the CAS client, respectively. The internal network IP address of the object to be accessed corresponds to the internal network IP address of the CAS client, and the external network IP address of the object to be accessed corresponds to the external network IP address of the CAS client.
4. The method according to claim 1, characterized in that, The method further includes: When the CAS client authentication is successful, the access request is sent to the object to be accessed.
5. The method according to claim 1, characterized in that, The first filter is written using the Java Filter method.
6. The method according to any one of claims 1-5, characterized in that, Before intercepting the access request, the method further includes: Determine if authentication is required in multiple network environments; If yes, then: intercept the access request and perform subsequent steps.
7. An authentication device, characterized in that, Applied to an authentication system, the authentication system including a pre-created first filter; the device includes: The interception module is used to intercept the access request through the first filter when it is determined that there is an access request that requires login authentication through the CAS client, and to parse the IP address used to represent the object to be accessed in the access request; The matching module is used to match the IP address of the object to be accessed with a pre-saved address mapping table to find a matching address corresponding to the IP address of the object to be accessed; the matching address is one of the IP addresses of the CAS client; different IP addresses are configured for the same object to be accessed and different IP addresses are configured for the same CAS client for different network environments; the mapping table includes the correspondence between the IP address of the CAS client and the IP address of the object to be accessed in the same network environment; The replacement module is used to replace the current IP address of the CAS client with the matching address; and to replace the current IP address of the second filter of the CAS client with the matching address. The sending module is used to enable the CAS client to authenticate the access request by sending the access request to the matching address.
8. The apparatus according to claim 7, characterized in that, The device further includes: The judgment module is used to determine whether there is an authentication requirement in a multi-network environment; The interception module is used to intercept the access request when the judgment module determines that it is true.
9. An electronic device, characterized in that, include: A memory and a processor, wherein the memory and the processor are connected; The memory is used to store programs; The processor invokes a program stored in the memory to execute the method as described in any one of claims 1-6.
10. A computer-readable storage medium, characterized in that, It stores a computer program, which is executed by a computer to perform the method as described in any one of claims 1-6.