CN103065074B - A kind of method of carrying out URL control of authority based on fine granularity - Google Patents
A kind of method of carrying out URL control of authority based on fine granularity Download PDFInfo
- Publication number
- CN103065074B CN103065074B CN201210544535.6A CN201210544535A CN103065074B CN 103065074 B CN103065074 B CN 103065074B CN 201210544535 A CN201210544535 A CN 201210544535A CN 103065074 B CN103065074 B CN 103065074B
- Authority
- CN
- China
- Prior art keywords
- role
- url
- function information
- function
- information corresponding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The present invention relates to a kind of method of carrying out URL control of authority based on fine granularity, comprising: step 1, set up the incidence relation between function information corresponding to role, role and URL corresponding to function information, and described incidence relation is loaded into buffer memory preserves; Step 2, obtains URL request address and the log-on message of user's submission, and according to log-on message determination user role; Step 3, loads incidence relation in buffer memory, mates the function information corresponding with user role and the function information corresponding with URL request matching addresses respectively; Step 4, if function information corresponding to the user role function information corresponding with URL request address matches, then accesses the page that this URL request address is corresponding, otherwise carries out intercept process to URL request address.Present invention achieves the configuration of authority, extensibility is comparatively strong, is applicable to the miscellaneous service control of authority of gate system, realizes efficient rights management and the unified configuration of complete backstage authority.
Description
Technical field
The present invention relates to computer authorizing administrative skill field, particularly relate to and a kind of carry out URL(Uniform/UniversalResourceLocator based on fine granularity, URL(uniform resource locator)) method of control of authority.
Background technology
Along with the development of telecommunications industry electronic channel, the requirement differentiation of different customer groups to business is increasing, and customer group is different, determines that the business that user handles at electronic channel is different.The space of a whole page that such as user logs in may be individual and home edition, and also may be government and enterprise version, user authentication mode has registered user, encoder client, phone number, landline telephone or broadband etc., also have and logged in by different password type, as client password, user cipher or random cipher.Therefore, business handling is carried out for different user login system, during the functions such as telephone expenses inquiry, have corresponding business operation restriction, how to carry out corresponding business operation control when doing business operation for different customer groups, and do not need all new business demand business rule to be write in the middle of program by the mode of hard coded, and how realized the research of rights management fast, safely and steadly by technological means and configuration is a problem demanding prompt solution at every turn.
Summary of the invention
Technical matters to be solved by this invention is to provide a kind of method of carrying out URL control of authority based on fine granularity, and for solving, the right management method existed in prior art is complicated, low, the inadequate security problems of adaptability.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of method of carrying out URL control of authority based on fine granularity, comprising:
Step 1, according to predefined permission match rule, sets up the incidence relation between function information corresponding to role, role and URL corresponding to function information, and described incidence relation is loaded into buffer memory preserves;
Step 2, obtains URL request address and the log-on message of user's submission, and according to log-on message determination user role;
Step 3, loads the incidence relation in buffer memory, mates the function information corresponding with user role and the function information corresponding with URL request matching addresses respectively;
Step 4, if function information corresponding to the user role function information corresponding with URL request address matches, then accesses the page that this URL request address is corresponding, otherwise carries out intercept process to URL request address.
On the basis of technique scheme, the present invention can also do following improvement.
Further, the content of the role set up in described step 1 comprises: role's title, role's code and role's current state.
Further, the content of the function information that the role set up in described step 1 is corresponding comprises: function coding, function title, system banner, operational order and function privilege.
Further, the incidence relation set up in described step 1 stores in the mode of database.
Further, mate the function information corresponding with URL request matching addresses in described step 3 to be realized by the filtrator corresponding with user role, the coupling function information corresponding with URL request matching addresses is realized by the filtrator corresponding with URL request.
Further, carry out intercept process to URL request in described step 4 to be realized by authority interception controller.
Further, described authority interception controller exports the intercept process page.
The invention has the beneficial effects as follows: present invention achieves the configuration of authority, apply low coupling with web, and the extensibility of authority configuration is stronger, the miscellaneous service control of authority of the gate systems such as electronic channel can be applicable to, achieve efficient rights management and the unified configuration of complete backstage authority.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet carrying out the method for URL control of authority based on fine granularity of the present invention;
Fig. 2 is the control of authority sequential chart in the embodiment of the present invention two.
Embodiment
Be described principle of the present invention and feature below in conjunction with accompanying drawing, example, only for explaining the present invention, is not intended to limit scope of the present invention.
As shown in Figure 1, embodiment one is a kind of method of carrying out URL control of authority based on fine granularity, comprising:
Step 1, according to predefined permission match rule, sets up the incidence relation between function information corresponding to role, role and URL corresponding to function information, and described incidence relation is loaded into buffer memory preserves.
Wherein, the content of the role of foundation comprises: role's title, role's code and role's current state; The content of the function information that the role set up is corresponding comprises: function coding, function title, system banner, operational order and function privilege.And the final incidence relation set up stores in the mode of database.
Step 2, obtains URL request address and the log-on message of user's submission, and according to log-on message determination user role.
Step 3, loads the incidence relation in buffer memory, mates the function information corresponding with user role and the function information corresponding with URL request address respectively.Here, mate the function information corresponding with URL request matching addresses and realized by the filtrator corresponding with user role, the coupling function information corresponding with URL request matching addresses is realized by the filtrator corresponding with URL request.
Step 4, if function information corresponding to the user role function information corresponding with URL request address matches, then accesses the page that this URL request address is corresponding, otherwise carries out intercept process to URL request address.Here, intercept process is carried out to URL request and is realized by authority interception controller, and described authority interception controller can export the intercept process page.
Embodiment two is by analyzing each business rule restriction of telecommunications and sum up, and devise the system architecture of a set of URL authority models, this system architecture designs according to web application access feature.Mainly the composition of authority in user's access process is designed to three parts: the url address (http: // * * .action) of user's access, function (comprising concrete class of service), role.
For system architecture, first carry out role definition according to the feature of current system calling party, definition element comprises role id, role's title and role's presence.Going out function (authority classification) according to identical privilege feature being carried out collection definition again, in typing background system, determining which role can access corresponding function simultaneously.Finally by the URL reference address (i.e. the page) of all functions, based on data, entering in background system, the function of simultaneously selecting this page to belong to (giving tacit consent to ownership function when everyone can access when the page for sky).
After putting up system architecture, mainly complete the work of two aspects:
One, authority models design
Around " role ", " function ", " role is corresponding with function ", role associates with URL by the incidence relation of " function is corresponding with URL's " these four factors, corresponding incidence relation is set up according to predefined permission match rule, and is loaded in buffer memory by the incidence relation of foundation.The log-on message that system inputs according to user, gives user with specific role, then can realize accessing the URL of the function privilege of corresponding role according to the incidence relation set up, thus reach the object of control of authority.Particularly: predefine permission match rule, role, function, the triangular incidence relation of URL is set up according to pre-permission match rule.Note, when system starts, load incidence relation by a cache controller and enter system, form a set, play a role during system cloud gray model always.
In the design of authority models, set up role, function, the triangular incidence relation of URL are the most important, the mode need setting up corresponding tables of data can be adopted to associate.Citing: set up role function mapping table, foreground menu, Role Information table and page URL information table, the structure that these four tables of data are corresponding and field are respectively as shown in table 1 to table 4.
Table 1, role function mapping table: TD_PTL_ROLE_FUNC
Name | Code |
Role's code | ROLE_ID |
Function coding | FUNC_CODE |
Table 2, foreground menu: TD_PTL_FUNCCODE
Table 3, Role Information table: TD_PTL_ROLE
Name | Code |
Authorization code | ROLE_ID |
Authority name | ROLE_NAME |
State | STATUS |
Describe | NOTE |
Table 4, page URL information table: TD_PTL_PAGE_INFO
For above-mentioned four tables of data: " ROLE_ID " (role's code) field that foreground menu is carried out with role function mapping table by " ROLE_ID " (role's code) field associates; Role function mapping table is corresponding with " FUNC_CODE " (function coding) field of foreground menu by " FUNC_CODE " (function coding) field; Foreground menu is associated with " FUNC_CODE_REL " (function coding of mapping) field of page URL information table by " FUNC_CODE " (function coding) field of menu.
By this series of incidence relation, " role's code " is mapped with " function coding " the most at last, and " function coding " associates with URL, forms the complete incidence relation from " role's code " to URL.
Two, control of authority is realized by loading incidence relation
System joins buffer memory feature list corresponding for each role when starting, user is according to different login types, role corresponding to the initialization such as customer type, the corresponding corresponding feature list of role, the corresponding fine-grained URL of feature list, user accesses corresponding URL, and pass through feature list corresponding to filter matching and role, thus carry out corresponding service authority control.
The flow process of control of authority as shown in Figure 2, comprising:
(1) system starts to start;
(2) system starts Java Virtual Machine, load application;
(3) load application basic content carry out initialization;
(4) control of authority blocker loads, initialization miscue page during startup;
(5) application initializes, is read buffer memory, is associated by multilist, obtains the corresponding relation of URL and role, stored in buffer memory; Obtain the relation of the function coding of URL and its correspondence, stored in buffer memory simultaneously;
(6) user initiates URL request of access;
(7) authority interception controller interception request, check information wherein, whether the function coding checking function coding corresponding to URL corresponding with predefined role mates, if coupling, does not tackle, otherwise carries out intercept process.Here, generally interception is first because user does not log in.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (7)
1. carry out a method for URL URL(uniform resource locator) control of authority based on fine granularity, it is characterized in that, comprising:
Step 1, according to predefined permission match rule, sets up the incidence relation between function information corresponding to role, role and URL corresponding to function information, and is loaded in buffer memory by described incidence relation and preserves; Employing need set up the mode of corresponding tables of data to set up role, function, the triangular incidence relation of URL, namely sets up role function mapping table, foreground menu, Role Information table and page URL information table;
Step 2, obtains URL request address and the log-on message of user's submission, and according to log-on message determination user role;
Step 3, loads the incidence relation in buffer memory, mates the function information corresponding with user role and the function information corresponding with URL request address respectively;
Step 4, if function information corresponding to the user role function information corresponding with URL request address matches, then accesses the page that this URL request address is corresponding, otherwise carries out intercept process to URL request address.
2. method according to claim 1, is characterized in that, the content of the role set up in described step 1 comprises: role's title, role's code and role's current state.
3. method according to claim 1, is characterized in that, the content of the function information that the role set up in described step 1 is corresponding comprises: function coding, function title, system banner, operational order and function privilege.
4. method according to claim 1, is characterized in that, the incidence relation set up in described step 1 stores in the mode of database.
5. method according to claim 1, it is characterized in that, mate the function information corresponding with user role in described step 3 to be realized by the filtrator corresponding with user role, the coupling function information corresponding with URL request matching addresses is realized by the filtrator corresponding with URL request.
6. method according to claim 1, is characterized in that, carries out intercept process realized by authority interception controller in described step 4 to URL request.
7. method according to claim 6, is characterized in that, described authority interception controller exports the intercept process page.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210544535.6A CN103065074B (en) | 2012-12-14 | 2012-12-14 | A kind of method of carrying out URL control of authority based on fine granularity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201210544535.6A CN103065074B (en) | 2012-12-14 | 2012-12-14 | A kind of method of carrying out URL control of authority based on fine granularity |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103065074A CN103065074A (en) | 2013-04-24 |
CN103065074B true CN103065074B (en) | 2016-03-16 |
Family
ID=48107702
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201210544535.6A Active CN103065074B (en) | 2012-12-14 | 2012-12-14 | A kind of method of carrying out URL control of authority based on fine granularity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103065074B (en) |
Families Citing this family (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103473301A (en) * | 2013-09-09 | 2013-12-25 | 北京思特奇信息技术股份有限公司 | Business model automatic filtering method and system based on fine grit |
CN104580077A (en) * | 2013-10-15 | 2015-04-29 | 镇江雅迅软件有限责任公司 | Method for realizing page access control through interceptors |
CN104796280B (en) * | 2014-01-21 | 2018-06-26 | ***通信集团河北有限公司 | A kind of service authority detection method and device |
CN104363211A (en) * | 2014-10-31 | 2015-02-18 | 北京思特奇信息技术股份有限公司 | Method and system for managing authority |
CN105119916B (en) * | 2015-08-21 | 2018-04-10 | 福建天晴数码有限公司 | A kind of authentication method and system based on http |
CN105426221B (en) * | 2015-12-16 | 2018-11-06 | 广州华多网络科技有限公司 | The method and system of caching is realized by JVM safe contexts |
CN107257337B (en) * | 2017-06-15 | 2021-02-05 | 重庆扬讯软件技术股份有限公司 | Multi-terminal sharing authority control method and system |
CN109962805A (en) * | 2017-12-26 | 2019-07-02 | 中移(杭州)信息技术有限公司 | A kind of multi-platform cut-in method and equipment based on Authority and Domain Based Management |
CN109088858B (en) * | 2018-07-13 | 2021-09-21 | 南京邮电大学 | Medical system and method based on authority management |
CN109409043B (en) * | 2018-09-03 | 2024-05-17 | 中国平安人寿保险股份有限公司 | Login method of application system, terminal equipment and medium |
CN109214151A (en) * | 2018-09-28 | 2019-01-15 | 北京赛博贝斯数据科技有限责任公司 | The control method and system of user right |
CN110968580B (en) * | 2018-09-30 | 2023-05-23 | 北京国双科技有限公司 | Method and device for creating data storage structure |
CN111669349B (en) * | 2019-03-05 | 2022-08-05 | 中国环境监测总站 | Data access security control method and device based on control drive management |
CN110442812B (en) * | 2019-05-10 | 2024-02-13 | 平安科技(深圳)有限公司 | Permission control method and system for foreground page |
CN110290112B (en) * | 2019-05-30 | 2022-08-12 | 平安科技(深圳)有限公司 | Authority control method and device, computer equipment and storage medium |
CN110333925A (en) * | 2019-06-27 | 2019-10-15 | 深圳前海微众银行股份有限公司 | Right management method, device, equipment and readable storage medium storing program for executing |
CN110569667B (en) * | 2019-09-10 | 2022-03-15 | 北京字节跳动网络技术有限公司 | Access control method and device, computer equipment and storage medium |
CN110839090B (en) * | 2019-11-14 | 2022-04-26 | 中国民航信息网络股份有限公司 | Product configuration method and system based on dynamic URL |
CN111314386B (en) * | 2020-03-23 | 2021-04-23 | 北京邮电大学 | Intrusion detection method and device for intelligent networked automobile |
CN112968880B (en) * | 2021-02-01 | 2022-07-12 | 浪潮思科网络科技有限公司 | SDN architecture-based permission control method and system |
CN113377647B (en) * | 2021-05-27 | 2023-04-07 | 北京达佳互联信息技术有限公司 | Page processing method, device, server, terminal and readable storage medium |
CN114301778B (en) * | 2021-12-29 | 2024-05-03 | 中国建设银行股份有限公司 | Access control method and device |
CN114518924B (en) * | 2022-01-29 | 2024-02-02 | 苏州达家迎信息技术有限公司 | Page display method, device and equipment of mobile client and storage medium |
CN115640605A (en) * | 2022-10-19 | 2023-01-24 | 中电金信软件有限公司 | Authority management method for financial institution |
CN116702213A (en) * | 2023-08-01 | 2023-09-05 | 北京太极法智易科技有限公司 | Service system data authority management method, device and equipment for multi-level enterprise |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101227285A (en) * | 2008-01-29 | 2008-07-23 | 中兴通讯股份有限公司 | System and method for dynamic controlling terminal user authority |
CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
CN101499906A (en) * | 2008-02-02 | 2009-08-05 | 厦门雅迅网络股份有限公司 | Method for implementing subscriber authority management based on role function mapping table |
CN101894231A (en) * | 2010-07-19 | 2010-11-24 | 上海三零卫士信息安全技术有限公司 | Permission expansion control system and method thereof |
-
2012
- 2012-12-14 CN CN201210544535.6A patent/CN103065074B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101227285A (en) * | 2008-01-29 | 2008-07-23 | 中兴通讯股份有限公司 | System and method for dynamic controlling terminal user authority |
CN101499906A (en) * | 2008-02-02 | 2009-08-05 | 厦门雅迅网络股份有限公司 | Method for implementing subscriber authority management based on role function mapping table |
CN101478536A (en) * | 2008-12-08 | 2009-07-08 | 山东浪潮齐鲁软件产业股份有限公司 | Method for solving access control in authority management |
CN101894231A (en) * | 2010-07-19 | 2010-11-24 | 上海三零卫士信息安全技术有限公司 | Permission expansion control system and method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN103065074A (en) | 2013-04-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103065074B (en) | A kind of method of carrying out URL control of authority based on fine granularity | |
US20210144147A1 (en) | System and method for externally-delegated access control and authorization | |
WO2015096695A1 (en) | Installation control method, system and device for application program | |
US9805209B2 (en) | Systems and methodologies for managing document access permissions | |
TWI691861B (en) | Resource permission management method and device | |
US9077704B2 (en) | Multiple authentication support in a shared environment | |
CN102724221A (en) | Enterprise information system using cloud computing and method for setting user authority thereof | |
US10650153B2 (en) | Electronic document access validation | |
CN110489994B (en) | File authority management method and device for nuclear power station and terminal equipment | |
WO2020000716A1 (en) | Big data analysis system, server, data processing method, program and storage medium | |
CN102685122B (en) | The method of the software protection based on cloud server | |
CN104333553A (en) | Mass data authority control strategy based on combination of blacklist and whitelist | |
CN111651738A (en) | Fine-grained role authority unified management method based on front-end and back-end separation framework and electronic device | |
CN105022939A (en) | Information verification method and device | |
CN104252454A (en) | Method and system for multi-tenant mode data authority control oriented to cloud calculation | |
CN112019543A (en) | Multi-tenant permission system based on BRAC model | |
CN107748849A (en) | A kind of authority control method and system based on NFS | |
CN114218538A (en) | Authority control method and device, computer equipment and storage medium | |
CN110765192A (en) | GIS data management and processing method based on cloud platform | |
CN107645474A (en) | Log in the method for open platform and log in the device of open platform | |
CN103023651B (en) | Be used for the method and apparatus of the access of monitoring movable equipment | |
CN110717192B (en) | Big data security oriented access control method based on Key-Value accelerator | |
Zhao et al. | Research and Design of Power Big Data Desensitization System Based on K-means++ Clustering Algorithm | |
TW201501045A (en) | The management method and system of unified communication | |
CN110162946B (en) | Mobile storage management and control method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |