基于JWT的EAST实验数据用户身份和服务权限认证
JWT BASED USER IDENTITY AND SERVICE AUTHORITY AUTHENTICATION FOR EAST EXPERIMENTAL DATA
申正阳 1王枫 2任环宇1
作者信息
- 1. 中国科学院合肥物质科学研究院等离子体物理研究所 安徽合肥 230031;中国科学技术大学 安徽合肥 230026
- 2. 中国科学院合肥物质科学研究院等离子体物理研究所 安徽合肥 230031
- 折叠
摘要
用户身份和服务权限认证已成为身份验证和数据访问安全的重要手段.用户身份认证采用动态令牌技术JWT实现.针对JWT丢失和被截获的问题,提出加密存储、解密使用的策略和IP与JWT绑定机制.根据EAST实验数据和用户的现状,将用户资源划分为二级用户,将服务资源划分为三级资源,采用图数据库Neo4j存储用户和资源之间的权限关系,并提出位图法加速权限认证.实验结果表明,基于JWT的认证方法及其安全策略能够有效解决身份和权限认证的问题.相较于传统的关系数据库存储用户权限,图数据库Neo4j和位图法能有效地提高权限认证效率.
Abstract
User identity and service authority authentication have become important means of identity verification and data access security.User identity authentication is implemented using dynamic token technology JWT.For the problems of JWT being lost and intercepted,the strategy of encrypted storage and decryption and the binding mechanism of IP and JWT are proposed.According to the EAST experimental data and the current status of users,user resources were divided into second-level users,and service resources were divided into third-level resources.Graph database Neo4j was used to store the authority relationship between users and resources,and a bitmap method was proposed to accelerate authority authentication.The experimental results show that the JWT based authentication method and its security strategy can effectively solve the problems of identity and permission authentication.Compared with the traditional relational database storing user permissions,the graph database Neo4j and the bitmap method can effectively improve the efficiency of authentication.
关键词
身份认证/权限认/JWT/EAST/图数据库/位图法Key words
Identity authentication/Authority authentication/JWT/EAST/Graph database/Bitmap引用本文复制引用
基金项目
国家磁约束核聚变能发展研究专项(2018YFE0302100)
出版年
2024
国家科技期刊平台
NSTL
万方数据