CN107341388A - Access right control method and device - Google Patents

Access right control method and device Download PDF

Info

Publication number
CN107341388A
CN107341388A CN201710465938.4A CN201710465938A CN107341388A CN 107341388 A CN107341388 A CN 107341388A CN 201710465938 A CN201710465938 A CN 201710465938A CN 107341388 A CN107341388 A CN 107341388A
Authority
CN
China
Prior art keywords
page
control element
user terminal
control
authority
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710465938.4A
Other languages
Chinese (zh)
Inventor
陆国际
张德阳
何昌钦
谢新强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Neusoft Corp
Original Assignee
Neusoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Neusoft Corp filed Critical Neusoft Corp
Priority to CN201710465938.4A priority Critical patent/CN107341388A/en
Publication of CN107341388A publication Critical patent/CN107341388A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
    • G06F16/9566URL specific, e.g. using aliases, detecting broken or misspelled links

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention proposes a kind of access right control method and device, wherein, method includes:The request for accession page that user terminal is sent is received, extracts the control element in the page, according to the page permissions data of user terminal, conducted interviews control of authority to the control element in the page, the page for authorization to after, and the page after authorizing is sent to user terminal.Because page permissions licensing process is completed on backstage, send to user terminal the page be authorize after the page, so as to avoid page permissions data being exposed to user terminal, solving page elements in the prior art, easily leakage causes the relatively low technical problem of security.

Description

Access right control method and device
Technical field
The present invention relates to Internet technical field, more particularly to a kind of access right control method and device.
Background technology
The access privilege control of the page, also referred to as page mandate, refer to the access privilege control for page control element. By access privilege control, page control element can be controlled whether available or visible in front end.Access of the prior art Control of authority, permissions data often is obtained from rear end, so as in front end foundation authorization data, the power of conducting interviews to page elements Limit control, and then the page after mandate is carried out the step such as to render.
This mode of the prior art, due in front end execution access privilege control, page elements leakage be present Risk, so as to cause originally unavailable or sightless page elements to be tampered to be available or visible, security is not high.
The content of the invention
It is contemplated that at least solves one of technical problem in correlation technique to a certain extent.
Therefore, first purpose of the present invention is to propose a kind of access right control method, to solve in the prior art In page permissions licensing process, easily leakage causes the relatively low technical problem of security to page elements.
Second object of the present invention is to propose a kind of address control set.
Third object of the present invention is to propose a kind of arrangement of computer devices.
Fourth object of the present invention is to propose a kind of non-transitorycomputer readable storage medium.
The 5th purpose of the present invention is to propose a kind of computer program product.
For the above-mentioned purpose, first aspect present invention embodiment proposes a kind of access right control method, including following Step:
When user terminal asks accession page, the control element in the page is extracted;
According to the page permissions data of the user terminal, conduct interviews control of authority to the control element in the page, The page for authorization to after;
The page after the mandate is sent to the user terminal.
As the first possible implementation of first aspect present invention, the page permissions according to the user terminal Data, conduct interviews control of authority to the control element in the page, including:
According to the page permissions data of the user terminal, the DOM Document Object Model of the control element in the page is changed Dom structures.
Second of possible implementation as first aspect present invention, the page permissions according to the user terminal Data, the DOM Document Object Model dom structures of the control element in the page are changed, including:
Travel through the control element in the page;
For control element each described, according to the mark of the control element, the page permissions data are inquired about, with Determine authority corresponding to the mark;The authority includes read-only and/or hiding;
The dom structures of the control element are changed according to the authority inquired.
As the third possible implementation of first aspect present invention, described in the authority modification that the basis inquires The dom structures of control element, including:
If the authority inquired is read-only, increase unavailable attribute in the dom structures of the control element;
If the authority inquired is hiding, the dom structures of the control element are deleted.
As the 4th kind of possible implementation of first aspect present invention, the page has taglib labels, described The control element in the page is extracted, including:
According to the introduced tld files of Web.XML, identify URL described in the tld files whether with the taglib URL in label is consistent;
When the URL described in the tld files is consistent with the URL in the taglib labels, the tld files are read Middle JAVA class.paths;
Using the method under the JAVA class.paths, the control element in the page with tag labels is extracted, with to institute The body bodies for stating tag inside tags are parsed to obtain the dom structures of the control element.
The access right control method of the embodiment of the present invention, the request for accession page that user terminal is sent is received, is carried The control element in the page is taken, according to the page permissions data of user terminal, conduct interviews authority control to the control element in the page System, the page for authorization to after, the page after authorizing is sent to user terminal.Because page permissions licensing process is complete on backstage Into, send to the page of user terminal be authorize after the page, so as to avoid page permissions data being exposed to use Family end, solving page elements in the prior art, easily leakage causes the relatively low technical problem of security.
For the above-mentioned purpose, second aspect of the present invention embodiment proposes a kind of address control set, including:
Extraction module, for when user terminal asks accession page, extracting the control element in the page;
Control module, for the page permissions data according to the user terminal, the control element in the page is carried out Access privilege control, the page for authorization to after;
Sending module, for sending the page after the mandate to the user terminal.
As the first possible implementation of second aspect of the present invention, the control module, including:
According to the page permissions data of the user terminal, the DOM Document Object Model of the control element in the page is changed Dom structures.
Second of possible implementation as second aspect of the present invention, the control module, including:
Query unit, for traveling through the control element in the page;For control element each described, according to described The mark of control element, the page permissions data are inquired about, to determine authority corresponding to the mark;The authority includes read-only And/or hide;
Unit is changed, for changing the dom structures of the control element according to the authority inquired.
As the third possible implementation of second aspect of the present invention, the modification unit, it is specifically used for:
If the authority inquired is read-only, increase unavailable attribute in the dom structures of the control element;
If the authority inquired is hiding, the dom structures of the control element are deleted.
As the 4th kind of possible implementation of second aspect of the present invention, the page has taglib labels, described Extraction module, including:
Recognition unit, for according to tld files introduced Web.XML, identifying that the URL described in the tld files is It is no consistent with URL in the taglib labels;
Reading unit, for when the URL described in the tld files is consistent with the URL in the taglib labels, reading Take JAVA class.paths in the tld files;
Extraction unit, for using the method under the JAVA class.paths, extracting the control in the page with tag labels Part element, parsed to obtain the dom structures of the control element with the body bodies to the tag inside tags.
The address control set of the embodiment of the present invention, the request for accession page that user terminal is sent is received, is carried The control element in the page is taken, according to the page permissions data of user terminal, conduct interviews authority control to the control element in the page System, the page for authorization to after, the page after authorizing is sent to user terminal.Because page permissions licensing process is complete on backstage Into, send to the page of user terminal be authorize after the page, so as to avoid page permissions data being exposed to use Family end, solving page elements in the prior art, easily leakage causes the relatively low technical problem of security.
For the above-mentioned purpose, third aspect present invention embodiment proposes a kind of computer equipment, including memory, processing Device and storage on a memory and the computer program that can run on a processor, during the computing device described program, reality The step of existing above-mentioned access right control method.
For the above-mentioned purpose, fourth aspect present invention embodiment proposes a kind of non-transitory computer-readable storage medium Matter, computer program is stored thereon with, the step of program realizes above-mentioned access right control method when being executed by processor.
For the above-mentioned purpose, fourth aspect present invention embodiment proposes a kind of computer program product, when the calculating When instruction in machine program product is by computing device, the step of realizing above-mentioned access right control method.
The additional aspect of the present invention and advantage will be set forth in part in the description, and will partly become from the following description Obtain substantially, or recognized by the practice of the present invention.
Brief description of the drawings
Of the invention above-mentioned and/or additional aspect and advantage will become from the following description of the accompanying drawings of embodiments Substantially and it is readily appreciated that, wherein:
A kind of schematic flow sheet for access right control method that Fig. 1 is provided by the embodiment of the present invention;
Fig. 2 is the schematic flow sheet of another access right control method provided in an embodiment of the present invention;
Fig. 3 is tld file part code schematic diagrames;
Fig. 4 is the schematic flow sheet of method performed by filter;
Fig. 5 is a kind of structural representation of address control set provided in an embodiment of the present invention;
The structural representation for another address control set that Fig. 6 is provided by the embodiment of the present invention;And
Fig. 7 is the block diagram of computer equipment.
Embodiment
Embodiments of the invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning to end Same or similar label represents same or similar element or the element with same or like function.Below with reference to attached The embodiment of figure description is exemplary, it is intended to for explaining the present invention, and is not considered as limiting the invention.
Below with reference to the accompanying drawings the access right control method and device of the embodiment of the present invention are described.
A kind of schematic flow sheet for access right control method that Fig. 1 is provided by the embodiment of the present invention, the present embodiment institute The method of offer, it can be performed by background server, as shown in figure 1, access right control method comprises the following steps:
Step 101, when user terminal asks accession page, the control element in the page is extracted.
Specifically, the page can be that Java Server Pages (JAVA Server Pages, JSP) can also be super literary This markup language (HyperText Markup Language, HTML) page.
As a kind of possible implementation, the page is JSP, and JSP is the insertion JAVA programs in html file A kind of page that section and tag labels are formed.The page can be with label allocation storehouse (taglib) label, in addition, the control member in the page Element can both include head (head) and content (body) body etc., can also include tag labels.
Therefore, tld files can be introduced in Web.XML first, tld files include the URL of statement (Uniform Resoure Locator, URL), and for extracting the JAVA class.paths of control element.And then it can wait to award Taglib labels are configured in the page of power, while increase corresponding tag labels in the nexine of page body elements, so as to control Element is extracted.Wherein, taglib labels can pass through instruction:<%@taglib%>It is self-defined to state that the page has used Tag labels.When configuring taglib labels, needed in taglib labels configure a URL, the URL should with tld files The URL of statement is consistent.
After the request for accession page of user terminal transmission is received, there can be tag marks by extracting in the page The control element of label, parsed to obtain the dom structures of control element with the body bodies for encasing tag labels.Wherein, dom Structure is typically a kind of tree structure, for characterizing the structural relation between document object.Dom structures enable the page dynamically Ground changes, for example, can be with one element of show or hide.
Specifically, can according to tld files introduced Web.XML, identify tld files described in URL whether with URL in taglib labels is consistent.When the URL described in tld files is consistent with the URL in taglib labels, tld texts are read JAVA class.paths in part, and correlation method is run according to JAVA class.paths, being extracted by this method has tag labels in the page Control element, parsed to obtain the dom structures of control element with the body bodies to tag inside tags.
Step 102, according to the page permissions data of user terminal, conduct interviews control of authority to the control element in the page, The page for authorization to after.
Specifically, according to the page permissions data of user terminal, the DOM Document Object Model dom of the control element in the page is changed Structure.Specifically, the control element in the page is traveled through.For control element each described, according to the control element Mark, inquires about the page permissions data, to determine authority corresponding to the mark;The authority includes read-only and/or hiding. According to the dom structures of the authority modification control element inquired.
Specifically:If the authority inquired is read-only, increase unavailable category in the dom structures of the control element Property;If the authority inquired is hiding, the dom structures of the control element are deleted.
Step 103, the page after authorizing is sent to user terminal.
Specifically, in the page after the mandate sent to user terminal, for the control element of read-only authority, in dom structures Include unavailable attribute, and the control element for hiding authority has been completely absent corresponding dom structures, so as to pass through user terminal It is that can not recover to hide the control element of authority by distorting authority, improves security.Further, since it is in rear end to authorize Server performs, and front end user end does not have page permissions data, avoided to a certain extent due to page permissions data Carry out distorting caused security risk.
It should be noted that when the present embodiment is applied to non-JSP, the filter in server is getting the page After whole dom elements, page permissions can be changed by changing dom elements.Therefore, the method that the present embodiment is provided, together Sample is applied to the non-JSPs such as HTML.Such as:For html page, page full content is obtained by filter, uses this implementation Method in example carries out page permissions filtering, and amended dom is sent to the front end user end progress page and shown.
In the present embodiment, after background server receives the request for accession page that user terminal is sent, the page is extracted In control element, according to the page permissions data of user terminal, conduct interviews control of authority to the control element in the page, with The page after to mandate, the page after authorizing is sent to user terminal.Because page permissions licensing process is complete in background server Into, send to the page of user terminal be authorize after the page, so as to avoid page permissions data being exposed to use Family end, solving page elements in the prior art, easily leakage causes the relatively low technical problem of security.
For an embodiment in clear explanation, another access right control method is present embodiments provided, in order to clear Illustrate the schematic flow sheet that Fig. 2 is another access right control method provided in an embodiment of the present invention, this implementation as shown in Figure 2 In relate separately to front end user end and background server.
Step 201, server configures to the page.
Specifically, the page in the present embodiment is specially JSP, and page configuration has taglib labels, meanwhile, the page In control element, increase corresponding tag labels, to encase corresponding body bodies., it is necessary to carry out the control of page mandate in the page The identity of part element arrangements (identification, ID) attribute.
For example, taglib configurations are specially:
<%@taglib uri=" http://unieap.neusoft.com/techcomp/security"prefix =" security " %>
In another example the configuration of tag labels is specially:
Wherein,<security:auth>With</security:auth>For tag labels, the portion that is encased between tag labels It is divided into body bodies.
Step 202, user terminal accession page sends request, and the filter of background server intercepts the asked page.
Specifically, background server is according to the URL in the taglib labels of the page, tld files in query graph 3, to determine Whether the URL in taglib labels matches with the URL (i.e. first box inside points in Fig. 3) in tld files, if matching inquiry institute The path (i.e. second inframe part in Fig. 3) of JAVA classes is needed, to perform correlation method, such as AuthorityTag classes DoEndTag methods, realize the extraction for control element.
Step 203, whole control elements of the filter extraction page, parsing obtain the dom structures of control element.
Wherein, whole control elements of the page extracted, that is, the content of page actual displayed.
Specifically, for for each control element, because tag labels have had been crimped around body bodies, that is, control The content of pages of element.For the method performed by clear explanation filter, Fig. 4 is that the flow of method performed by filter is illustrated Figure, as shown in figure 4, filter carries out XML parsings by the body bodies encased to tag labels, obtain the dom knots of the control element Structure.
Step 204, filter obtains page permissions data of the user terminal login user under current page from caching.
Specifically, the control element in filter traversal page body elements, for control element each described, according to The ID attributes of the control element, the page permissions data are inquired about, to determine authority corresponding to the mark.Wherein, authority Including read-only and/or hiding.
Step 205, the dom structures of control element are changed according to the authority inquired.
Specifically, if the authority inquired is read-only, unavailable attribute is increased in the dom structures of the control element; If the authority inquired is hiding, the dom structures of the control element are deleted.
Step 206, the page of dom structures, which is sent to user terminal, after will be modified is shown.
In the present embodiment, the request for accession page that user terminal is sent is received, extracts the control element in the page, root According to the page permissions data of user terminal, conduct interviews control of authority to the control element in the page, the page for authorization to after, The page after authorizing is sent to user terminal.Because page permissions licensing process is completed on backstage, send to the page of user terminal Face has been the page after authorizing, and so as to avoid page permissions data being exposed to user terminal, is solved in the prior art Easily leakage causes the relatively low technical problem of security to page elements.
In order to realize above-described embodiment, the present invention also proposes a kind of address control set.
Fig. 5 is a kind of structural representation of address control set provided in an embodiment of the present invention.
As shown in figure 5, the address control set includes:Extraction module 31, control module 32 and sending module 33.
Extraction module 31, for when user terminal asks accession page, extracting the control element in the page.
Control module 32, for the page permissions data according to the user terminal, the control element in the page is entered Row access privilege control, the page for authorization to after.
Specifically, control module 32 is specifically used for the page permissions data according to the user terminal, changes in the page Control element DOM Document Object Model dom structures.
Sending module 33, for sending the page after the mandate to the user terminal.
It should be noted that the foregoing explanation to embodiment of the method is also applied for the device of the embodiment, herein not Repeat again.
Based on above-described embodiment, the embodiment of the present invention additionally provides a kind of possible realization side of address control set Formula, the structural representation for another address control set that Fig. 6 is provided by the embodiment of the present invention, as shown in fig. 6, upper On the basis of Fig. 5 that one embodiment provides, the control module 32 in address control set, including:Query unit 321 and repair Change unit 322.
Query unit 321, for traveling through the control element in the page;For control element each described, according to The mark of the control element, the page permissions data are inquired about, to determine authority corresponding to the mark.
Wherein, authority includes read-only and/or hiding.
Unit 322 is changed, for changing the dom structures of the control element according to the authority inquired.
Wherein, unit 322 is changed, is specifically used for:If the authority inquired is read-only, tied in the dom of the control element Increase unavailable attribute in structure;If the authority inquired is hiding, the dom structures of the control element are deleted.
Further, the page has a taglib labels, the extraction module 31, including:Recognition unit 311, reading unit 312 With extraction unit 313.
Recognition unit 311, for according to tld files introduced Web.XML, identifying the URL described in the tld files It is whether consistent with the URL in the taglib labels.
Reading unit 312, for when the URL described in the tld files it is consistent with the URL in the taglib labels When, read JAVA class.paths in the tld files.
Extraction unit 313, for using the method under the JAVA class.paths, extracting to have tag labels in the page Control element, parsed to obtain the dom structures of the control element with the body bodies to the tag inside tags.
In the embodiment of the present invention, by receiving the request for accession page of user terminal transmission, the control in the page is extracted Part element, according to the page permissions data of user terminal, conduct interviews control of authority to the control element in the page, for authorization to The page afterwards, the page after authorizing is sent to user terminal.Because page permissions licensing process is completed on backstage, send to use The page at family end has been the page after authorizing, and so as to avoid page permissions data being exposed to user terminal, is solved existing There is the easy leakage of page elements in technology to cause the relatively low technical problem of security.
In order to realize above-described embodiment, the present invention also proposes a kind of computer equipment, including:Processor, and for depositing Store up the memory of the processor-executable instruction.
Wherein, processor is configured as:
When user terminal asks accession page, the control element in the page is extracted;
According to the page permissions data of the user terminal, conduct interviews control of authority to the control element in the page, The page for authorization to after;
The page after the mandate is sent to the user terminal.
In order to realize above-described embodiment, the present invention also proposes a kind of non-transitorycomputer readable storage medium, deposited thereon Contain computer program, it is characterised in that the program realizes following access right control method when being executed by processor:
When user terminal asks accession page, the control element in the page is extracted;
According to the page permissions data of the user terminal, conduct interviews control of authority to the control element in the page, The page for authorization to after;
The page after the mandate is sent to the user terminal.
In order to realize above-described embodiment, the present invention also proposes a kind of computer program product, when the computer program produces When instruction in product is by computing device, following access right control method is performed:
When user terminal asks accession page, the control element in the page is extracted;
According to the page permissions data of the user terminal, conduct interviews control of authority to the control element in the page, The page for authorization to after;
The page after the mandate is sent to the user terminal.
Fig. 7 shows the block diagram suitable for being used for the exemplary computer device for realizing the application embodiment.What Fig. 7 was shown Computer equipment 12 is only an example, should not bring any restrictions to the function and use range of the embodiment of the present application.
As shown in fig. 7, computer equipment 12 is showed in the form of universal computing device.The component of computer equipment 12 can be with Including but not limited to:One or more processor or processing unit 16, system storage 28, connect different system component The bus 18 of (including system storage 28 and processing unit 16).
Bus 18 represents the one or more in a few class bus structures, including memory bus or Memory Controller, Peripheral bus, graphics acceleration port, processor or the local bus using any bus structures in a variety of bus structures.Lift For example, these architectures include but is not limited to industry standard architecture (Industry Standard Architecture;Hereinafter referred to as:ISA) bus, MCA (Micro Channel Architecture;Below Referred to as:MAC) bus, enhanced isa bus, VESA (Video Electronics Standards Association;Hereinafter referred to as:VESA) local bus and periphery component interconnection (Peripheral Component Interconnection;Hereinafter referred to as:PCI) bus.
Computer equipment 12 typically comprises various computing systems computer-readable recording medium.These media can be it is any can be by The usable medium that computer equipment 12 accesses, including volatibility and non-volatile media, moveable and immovable medium.
Memory 28 can include the computer system readable media of form of volatile memory, such as random access memory Device (Random Access Memory;Hereinafter referred to as:RAM) 50 and/or cache memory 52.Computer equipment 12 can be with Further comprise other removable/nonremovable, volatile/non-volatile computer system storage mediums.Only as an example, Storage system 54 can be used for reading and writing immovable, non-volatile magnetic media, and (Fig. 7 do not show, commonly referred to as " hard drive Device ").Although not shown in Fig. 7, it can provide for being driven to the disk that may move non-volatile magnetic disk (such as " floppy disk ") read-write Dynamic device, and to removable anonvolatile optical disk (such as:Compact disc read-only memory (Compact Disc Read Only Memory;Hereinafter referred to as:CD-ROM), digital multi read-only optical disc (Digital Video Disc Read Only Memory;Hereinafter referred to as:DVD-ROM) or other optical mediums) read-write CD drive.In these cases, each driving Device can be connected by one or more data media interfaces with bus 18.Memory 28 can include at least one program and produce Product, the program product have one group of (for example, at least one) program module, and it is each that these program modules are configured to perform the application The function of embodiment.
Program/utility 40 with one group of (at least one) program module 42, such as memory 28 can be stored in In, such program module 42 include but is not limited to operating system, one or more application program, other program modules and Routine data, the realization of network environment may be included in each or certain combination in these examples.Program module 42 is usual Perform the function and/or method in embodiments described herein.
Computer equipment 12 can also be with one or more external equipments 14 (such as keyboard, sensing equipment, display 24 Deng) communication, it can also enable a user to the equipment communication interacted with the computer system/server 12 with one or more, and/ Or any equipment (example with enabling the computer system/server 12 to be communicated with one or more of the other computing device Such as network interface card, modem etc.) communication.This communication can be carried out by input/output (I/O) interface 22.Also, calculate Machine equipment 12 can also pass through network adapter 20 and one or more network (such as LAN (Local Area Network;Hereinafter referred to as:LAN), wide area network (Wide Area Network;Hereinafter referred to as:WAN) and/or public network, example Such as internet) communication.As illustrated, network adapter 20 is communicated by bus 18 with other modules of computer equipment 12.Should When understanding, although not shown in the drawings, can combine computer equipment 12 does not use other hardware and/or software module, including but not It is limited to:Microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and Data backup storage system etc..
Processing unit 16 is stored in program in system storage 28 by operation, so as to perform various function application and Data processing, such as realize the access right control method referred in previous embodiment.
In the description of this specification, reference term " one embodiment ", " some embodiments ", " example ", " specifically show The description of example " or " some examples " etc. means specific features, structure, material or the spy for combining the embodiment or example description Point is contained at least one embodiment or example of the present invention.In this manual, to the schematic representation of above-mentioned term not Identical embodiment or example must be directed to.Moreover, specific features, structure, material or the feature of description can be with office Combined in an appropriate manner in one or more embodiments or example.In addition, in the case of not conflicting, the skill of this area Art personnel can be tied the different embodiments or example and the feature of different embodiments or example described in this specification Close and combine.
In addition, term " first ", " second " are only used for describing purpose, and it is not intended that instruction or hint relative importance Or the implicit quantity for indicating indicated technical characteristic.Thus, define " first ", the feature of " second " can be expressed or Implicitly include at least one this feature.In the description of the invention, " multiple " are meant that at least two, such as two, three It is individual etc., unless otherwise specifically defined.
Any process or method described otherwise above description in flow chart or herein is construed as, and represents to include Module, fragment or the portion of the code of the executable instruction of one or more the step of being used to realize custom logic function or process Point, and the scope of the preferred embodiment of the present invention includes other realization, wherein can not press shown or discuss suitable Sequence, including according to involved function by it is basic simultaneously in the way of or in the opposite order, carry out perform function, this should be of the invention Embodiment person of ordinary skill in the field understood.
Expression or logic and/or step described otherwise above herein in flow charts, for example, being considered use In the order list for the executable instruction for realizing logic function, may be embodied in any computer-readable medium, for Instruction execution system, device or equipment (such as computer based system including the system of processor or other can be held from instruction The system of row system, device or equipment instruction fetch and execute instruction) use, or combine these instruction execution systems, device or set It is standby and use.For the purpose of this specification, " computer-readable medium " can any can be included, store, communicate, propagate or pass Defeated program is for instruction execution system, device or equipment or the dress used with reference to these instruction execution systems, device or equipment Put.The more specifically example (non-exhaustive list) of computer-readable medium includes following:Electricity with one or more wiring Connecting portion (electronic installation), portable computer diskette box (magnetic device), random access memory (RAM), read-only storage (ROM), erasable edit read-only storage (EPROM or flash memory), fiber device, and portable optic disk is read-only deposits Reservoir (CDROM).In addition, computer-readable medium, which can even is that, to print the paper of described program thereon or other are suitable Medium, because can then enter edlin, interpretation or if necessary with it for example by carrying out optical scanner to paper or other media His suitable method is handled electronically to obtain described program, is then stored in computer storage.
It should be appreciated that each several part of the present invention can be realized with hardware, software, firmware or combinations thereof.Above-mentioned In embodiment, software that multiple steps or method can be performed in memory and by suitable instruction execution system with storage Or firmware is realized.Such as, if realized with hardware with another embodiment, following skill well known in the art can be used Any one of art or their combination are realized:With the logic gates for realizing logic function to data-signal from Logic circuit is dissipated, the application specific integrated circuit with suitable combinational logic gate circuit, programmable gate array (PGA), scene can compile Journey gate array (FPGA) etc..
Those skilled in the art are appreciated that to realize all or part of step that above-described embodiment method carries Suddenly it is that by program the hardware of correlation can be instructed to complete, described program can be stored in a kind of computer-readable storage medium In matter, the program upon execution, including one or a combination set of the step of embodiment of the method.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing module, can also That unit is individually physically present, can also two or more units be integrated in a module.Above-mentioned integrated mould Block can both be realized in the form of hardware, can also be realized in the form of software function module.The integrated module is such as Fruit is realized in the form of software function module and as independent production marketing or in use, can also be stored in a computer In read/write memory medium.
Storage medium mentioned above can be read-only storage, disk or CD etc..Although have been shown and retouch above Embodiments of the invention are stated, it is to be understood that above-described embodiment is exemplary, it is impossible to be interpreted as the limit to the present invention System, one of ordinary skill in the art can be changed to above-described embodiment, change, replace and become within the scope of the invention Type.

Claims (10)

1. a kind of access right control method, it is characterised in that comprise the following steps:
When user terminal asks accession page, the control element in the page is extracted;
According to the page permissions data of the user terminal, conduct interviews control of authority to the control element in the page, with The page after to mandate;
The page after the mandate is sent to the user terminal.
2. access right control method according to claim 1, it is characterised in that the page according to the user terminal Permissions data, conduct interviews control of authority to the control element in the page, including:
According to the page permissions data of the user terminal, the DOM Document Object Model dom for changing the control element in the page is tied Structure.
3. access right control method according to claim 2, it is characterised in that the page according to the user terminal Permissions data, the DOM Document Object Model dom structures of the control element in the page are changed, including:
Travel through the control element in the page;
For control element each described, according to the mark of the control element, the page permissions data are inquired about, to determine Authority corresponding to the mark;The authority includes read-only and/or hiding;
The dom structures of the control element are changed according to the authority inquired.
4. access right control method according to claim 3, it is characterised in that the authority modification that the basis inquires The dom structures of the control element, including:
If the authority inquired is read-only, increase unavailable attribute in the dom structures of the control element;
If the authority inquired is hiding, the dom structures of the control element are deleted.
5. according to the access right control method described in claim any one of 1-4, it is characterised in that the page has Taglib labels, the control element extracted in the page, including:
According to the introduced tld files of Web.XML, identify uniform resource position mark URL described in the tld files whether with URL in the taglib labels is consistent;
When the URL described in the tld files is consistent with the URL in the taglib labels, read in the tld files JAVA class.paths;
Using the method under the JAVA class.paths, the control element in the page with tag labels is extracted, with to described The body bodies of tag inside tags are parsed to obtain the dom structures of the control element.
A kind of 6. address control set, it is characterised in that including:
Extraction module, for when user terminal asks accession page, extracting the control element in the page;
Control module, for the page permissions data according to the user terminal, the control element in the page is conducted interviews Control of authority, the page for authorization to after;
Sending module, for sending the page after the mandate to the user terminal.
7. address control set according to claim 6, it is characterised in that the control module, be specifically used for:
According to the page permissions data of the user terminal, the DOM Document Object Model dom for changing the control element in the page is tied Structure.
8. a kind of computer equipment, it is characterised in that including memory, processor and storage on a memory and can be in processor The computer program of upper operation, it is characterised in that during the computing device described program, realize as appointed in claim 1-5 Access right control method described in one.
9. a kind of non-transitorycomputer readable storage medium, is stored thereon with computer program, it is characterised in that the program quilt The access right control method as described in any in claim 1-5 is realized during computing device.
10. a kind of computer program product, when the instruction in the computer program product is by computing device, perform as weighed Profit requires any described access right control method in 1-5.
CN201710465938.4A 2017-06-19 2017-06-19 Access right control method and device Pending CN107341388A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710465938.4A CN107341388A (en) 2017-06-19 2017-06-19 Access right control method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710465938.4A CN107341388A (en) 2017-06-19 2017-06-19 Access right control method and device

Publications (1)

Publication Number Publication Date
CN107341388A true CN107341388A (en) 2017-11-10

Family

ID=60221339

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710465938.4A Pending CN107341388A (en) 2017-06-19 2017-06-19 Access right control method and device

Country Status (1)

Country Link
CN (1) CN107341388A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109871210A (en) * 2019-01-17 2019-06-11 平安城市建设科技(深圳)有限公司 Web page element amending method, device, equipment and storage medium
CN110442812A (en) * 2019-05-10 2019-11-12 平安科技(深圳)有限公司 The authority control method and system of front page layout
CN110688167A (en) * 2018-07-04 2020-01-14 中国电信股份有限公司 Method and device for generating function link set and computer readable storage medium
CN110830569A (en) * 2019-11-01 2020-02-21 国云科技股份有限公司 Page permission access level control method based on multi-cloud management platform
WO2020135583A1 (en) * 2018-12-29 2020-07-02 北京辰安科技股份有限公司 Access control method for processing front-end page, and device
CN113360813A (en) * 2020-03-02 2021-09-07 深圳中广核工程设计有限公司 Data interaction method, device, equipment and storage medium of nuclear power design and production management platform
CN113641939A (en) * 2021-08-19 2021-11-12 阿里巴巴(中国)有限公司 Data security processing method, browser system, electronic device and storage medium
CN114020992A (en) * 2021-11-09 2022-02-08 北京百度网讯科技有限公司 Page blocking method, device, system, client and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050138650A1 (en) * 2003-12-19 2005-06-23 Lenny Hon Method and system for creating and providing a multi-tier networked service
CN102130916A (en) * 2011-03-18 2011-07-20 深圳市深信服电子科技有限公司 Authority control method and device for page content level
CN104317933A (en) * 2014-10-31 2015-01-28 北京思特奇信息技术股份有限公司 Authority control tag display method and system
CN104335523A (en) * 2014-04-15 2015-02-04 华为技术有限公司 Access control method, client and server
CN105227560A (en) * 2015-10-14 2016-01-06 浪潮集团有限公司 A kind of method of control of authority and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050138650A1 (en) * 2003-12-19 2005-06-23 Lenny Hon Method and system for creating and providing a multi-tier networked service
CN102130916A (en) * 2011-03-18 2011-07-20 深圳市深信服电子科技有限公司 Authority control method and device for page content level
CN104335523A (en) * 2014-04-15 2015-02-04 华为技术有限公司 Access control method, client and server
CN104317933A (en) * 2014-10-31 2015-01-28 北京思特奇信息技术股份有限公司 Authority control tag display method and system
CN105227560A (en) * 2015-10-14 2016-01-06 浪潮集团有限公司 A kind of method of control of authority and device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郑刚: "《Java Web程序设计》", 31 August 2013 *

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110688167A (en) * 2018-07-04 2020-01-14 中国电信股份有限公司 Method and device for generating function link set and computer readable storage medium
WO2020135583A1 (en) * 2018-12-29 2020-07-02 北京辰安科技股份有限公司 Access control method for processing front-end page, and device
CN109871210A (en) * 2019-01-17 2019-06-11 平安城市建设科技(深圳)有限公司 Web page element amending method, device, equipment and storage medium
CN110442812A (en) * 2019-05-10 2019-11-12 平安科技(深圳)有限公司 The authority control method and system of front page layout
CN110442812B (en) * 2019-05-10 2024-02-13 平安科技(深圳)有限公司 Permission control method and system for foreground page
CN110830569A (en) * 2019-11-01 2020-02-21 国云科技股份有限公司 Page permission access level control method based on multi-cloud management platform
CN113360813A (en) * 2020-03-02 2021-09-07 深圳中广核工程设计有限公司 Data interaction method, device, equipment and storage medium of nuclear power design and production management platform
CN113360813B (en) * 2020-03-02 2024-05-31 深圳中广核工程设计有限公司 Data interaction method, device and equipment of nuclear power design production management platform and storage medium
CN113641939A (en) * 2021-08-19 2021-11-12 阿里巴巴(中国)有限公司 Data security processing method, browser system, electronic device and storage medium
CN113641939B (en) * 2021-08-19 2024-04-12 阿里巴巴(中国)有限公司 Data security processing method, browser system, electronic device and storage medium
CN114020992A (en) * 2021-11-09 2022-02-08 北京百度网讯科技有限公司 Page blocking method, device, system, client and storage medium

Similar Documents

Publication Publication Date Title
CN107341388A (en) Access right control method and device
Scharl Evolutionary web development
CN102902693B (en) Detect the repeat pattern on webpage
US9116865B2 (en) Enhancing automated terms listings in HTML document publishing based on user searches
US9489178B2 (en) Method of website optimisation
US9870358B2 (en) Augmented reading systems
CN108733779A (en) The method and apparatus of text figure
US20070174762A1 (en) Personal web page annotation system
US10049095B2 (en) In-context editing of output presentations via automatic pattern detection
CN104133884B (en) Show the method and device of webpage
CN107679564A (en) Sample data recommends method and its device
CN109948343A (en) Leak detection method, Hole Detection device and computer readable storage medium
CN105589922A (en) Page display method, device and system and page display assisting method and device
CN107992602A (en) Search result methods of exhibiting and device
CN105955593B (en) Method and device for presenting discussion information
CN108197085A (en) A kind of submission reviewing method and device
KR101638423B1 (en) Method for how to create and distribute articles online through banner-type article auto-generation
CN109033282A (en) A kind of Web page text extracting method and device based on extraction template
CN108874934A (en) Page body extracting method and device
CN112116325A (en) Examination and approval form control method and device, electronic equipment and readable storage medium
CN112434330A (en) Method, system and device for displaying front-end page and readable storage medium
Harper et al. Sadie: Structural semantics for accessibility and device independence
CN113285936B (en) Cross-domain data acquisition method and related device
CN107357810A (en) A kind of method and system for being used to export special topic landing page
CN109284482A (en) Write plateform system and the article dissemination method for writing platform

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20171110