CN108664811A - A kind of right management method and device - Google Patents

A kind of right management method and device Download PDF

Info

Publication number
CN108664811A
CN108664811A CN201810449787.8A CN201810449787A CN108664811A CN 108664811 A CN108664811 A CN 108664811A CN 201810449787 A CN201810449787 A CN 201810449787A CN 108664811 A CN108664811 A CN 108664811A
Authority
CN
China
Prior art keywords
user
target
role
uri
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810449787.8A
Other languages
Chinese (zh)
Inventor
杜丽娟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Hanergy Solar Power Investment Co Ltd
Original Assignee
Beijing Hanergy Solar Power Investment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Hanergy Solar Power Investment Co Ltd filed Critical Beijing Hanergy Solar Power Investment Co Ltd
Priority to CN201810449787.8A priority Critical patent/CN108664811A/en
Publication of CN108664811A publication Critical patent/CN108664811A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

An embodiment of the present invention provides a kind of right management method and device, this method includes:Receive the access request from target user, wherein the target user's mark and target resource identifier URI of target user are carried in access request;It is identified according to target user, obtains corresponding target angle color value;According to target URI, corresponding target authority credentials is obtained;Based on target angle color value and target authority credentials, whether judgement target user has the permission of access target URI.To provide a kind of easily and efficiently rights management mode, the processing speed of rights management is effectively increased, and alleviate system burden, and then improve user experience.

Description

A kind of right management method and device
Technical field
The present embodiments relate to rights management field more particularly to a kind of right management methods and device.
Background technology
Rights management generally use:System is that different access URI (Uniform Resource are arranged in user role Identifier, uniform resource identifier) permission, after user logins successfully, is sent to server and access URI requests, server Whether the request for verifying user is legal.
Currently, in the prior art, operating personnel configure URI in role-security relation table and may have access to the URI in advance User role between correspondence.Then, user, which sends, accesses URI requests, server intercepts user request, and according to The user identifier carried in request searches the user owning user role.Server obtains the URI carried in request, and in role The corresponding addressable user role lists of the URI are searched in authority relation table, and judge user's owning user role whether In addressable user role list.If so, judgement user's request is legal, the operation after allowing user to carry out, otherwise Judge that the request is request of going beyond one's commission.
But there are following defects for the prior art:
If the corresponding addressable user roles of URI are multiple, server is needed in Qualify Phase by the user of user Role's user role corresponding with URI matches one by one, causes treatment effeciency low, affects user experience.
Secondly as URI corresponds to multiple addressable user roles, therefore, each URI will be right in role-security relation table A plurality of correspondence is answered, data redundancy is caused, increases system burden.
Invention content
A kind of right management method of offer of the embodiment of the present invention and device, the right management method to solve the prior art are deposited It is low in treatment effeciency, the problem of affecting user experience.
To solve the above-mentioned problems, the invention discloses a kind of right management method, the method includes:
Receive the access request from target user, wherein target user's mark of target user is carried in access request Knowledge and target resource identifier URI;
It is identified according to target user, obtains corresponding target angle color value;
According to target URI, corresponding target authority credentials is obtained;
Based on target angle color value and target authority credentials, whether judgement target user has the permission of access target URI.
According to another aspect of the present invention, a kind of rights management device is provided, including:
Receiving module, for receiving the access request from target user, wherein carry target user in access request Target user mark and target resource identifier URI;
First acquisition module obtains corresponding target angle color value for being identified according to target user;
Second acquisition module, for according to target URI, obtaining corresponding target authority credentials;
Determination module, for being based on target angle color value and target authority credentials, whether judgement target user, which has, accesses mesh Mark the permission of URI.
Compared with prior art, by receiving the access request from target user in the present invention, wherein in access request Carry the target user's mark and target resource identifier URI of target user;It identifies, obtains corresponding according to target user Target angle color value;According to target URI, corresponding target authority credentials is obtained;Based on target angle color value and target authority credentials, judgement Whether target user has the permission of access target URI.To provide a kind of easily and efficiently rights management mode, effectively The processing speed of rights management is improved, and alleviates system burden, and then improves user experience.
Description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by institute in the description to the embodiment of the present invention Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the present invention Example, for those of ordinary skill in the art, without having to pay creative labor, can also be according to these attached drawings Obtain other attached drawings.
Fig. 1 is a kind of flow chart of right management method of the embodiment of the present invention;
Fig. 2 is a kind of flow chart of priority assignation process of the embodiment of the present invention;
Fig. 3 is a kind of flow chart of user's access process of the embodiment of the present invention;
Fig. 4 is a kind of one of the structure diagram of rights management device of the embodiment of the present invention;
Fig. 5 is the two of the structure diagram of a kind of rights management device of the embodiment of the present invention;
Fig. 6 is the three of the structure diagram of a kind of rights management device of the embodiment of the present invention;
Fig. 7 is the four of the structure diagram of a kind of rights management device of the embodiment of the present invention;
Fig. 8 is the five of the structure diagram of a kind of rights management device of the embodiment of the present invention.
Specific implementation mode
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, below in conjunction with the accompanying drawings and specific real Applying mode, the present invention is described in further detail.
Referring to Fig.1, the flow chart for showing a kind of right management method of the embodiment of the present invention, can specifically include following Step:
Step 101, the access request from target user is received, wherein the mesh of target user is carried in access request Mark user identifier and target resource identifier URI.
Specifically, in an embodiment of the present invention, right management method can be applied to server end.Target user logs in Afterwards, access request can be sent to server by mobile terminal, with access target URI.
In an embodiment of the present invention, after server receives the access request from target user, access request is extracted The target user of the target user of middle carrying identifies and target URI.Wherein, user identifier is for the unique mark user.
Step 102, it is identified according to target user, obtains corresponding target angle color value.
Specifically, in an embodiment of the present invention, server can be identified according to target user, obtains and identified with target user Corresponding target angle color value.
Step 103, according to target URI, corresponding target authority credentials is obtained.
Specifically, in an embodiment of the present invention, server can get mesh corresponding with target URI according to target URI Mark authority credentials.
Step 104, it is based on target angle color value and target authority credentials, whether judgement target user has access target URI Permission.
Specifically, in an embodiment of the present invention, server can be based on the target angle color value and target permission got Value carries out logical operation, to judge whether target user has the permission of access target URI by logic operation result.
To sum up, the technical solution in the embodiment of the present invention, by receiving the access request from target user, wherein visit Ask the target user's mark and target resource identifier URI that target user is carried in request;It identifies, obtains according to target user Take corresponding target angle color value;According to target URI, corresponding target authority credentials is obtained;It is weighed based on target angle color value and target Whether limit value, judgement target user have the permission of access target URI.To provide a kind of easily and efficiently rights management Mode, effectively increases the processing speed of rights management, and alleviates system burden, and then improves user experience.
In order to make those skilled in the art be better understood from the present invention right management method, below with specific embodiment into Row elaborates.
1) priority assignation
With reference to Fig. 2, shows a kind of flow chart of priority assignation of the embodiment of the present invention, can specifically include following step Suddenly:
Step 201, multiple user roles are established.
Specifically, in an embodiment of the present invention, operating personnel can establish multiple use in server end according to actual demand Family role.
Step 202, the corresponding role's value of each user role being arranged in multiple user roles.
Specifically, in an embodiment of the present invention, it is corresponding that each user role can be arranged in server end in operating personnel Role's value.In an embodiment of the present invention, the n times side that role's value is 2, wherein n is positive integer, also, different user roles Corresponding to different role's values.It illustrates:Role's value of user role A is 2, role's value of user role B is 4, user angle Role's value of color C is 8.
Step 203, according to the configuration-direct received, user and user role mapping table are established.
Specifically, in an embodiment of the present invention, operating personnel can according to actual demand designated user and user role it Between correspondence, and trigger configuration-direct.After server receives configuration-direct, user and user role correspondence are established Table, will be in specified user write-in relation table corresponding with user role.In one embodiment, every in relation table is corresponding closes System may include:User identifier and corresponding user role title, user role identifier etc..In an embodiment of the present invention, Each user can correspond at least one user role.
Step 204, it is based on the corresponding role's value of the corresponding user role of each user, the authority credentials of each URI is set.
Specifically, in an embodiment of the present invention, step 204 may particularly include:
A. receive permission designated order, wherein permission designated order be used to indicate URI allow access user role collection It closes;
B. according to permission designated order, each user role allowed to access in user role set for extracting URI corresponds to Role's value;
C. by the role's value extracted progress or operation, the authority credentials of URI is obtained.
Specifically, in an embodiment of the present invention, operating personnel can assign permission designated order, to specify the permission of URI Access user role.After server receives permission designated order, that detects each URI indicated in instruction allows access user Role gathers.Then, server extraction allows to access the corresponding role's value of each user role in user role set.
Then, server carries out the role's value extracted or operation, obtain or operation result are the permission of URI Value.
It illustrates:The corresponding role's values of user role A are 1, the corresponding role's values of user role B are 2, if URI's can It includes user role A and user role B to allow access role, then by role's value 1 of user role A, the role with user role B Value 2 carries out binary system or operation, and result of calculation 011, as 3, then, the authority credentials of URI is 3.
In one embodiment of the invention, if desired increase URI allows access user role, then can be current by URI Authority credentials role's value corresponding with increased user role is needed carry out or operation.It illustrates:The corresponding angles user role A Color value is 1, the corresponding role's values of user role B are 2, the corresponding role's values of user role C are that the current authority credentials of 4, URI is 3, Permissible access role includes user role A and user role B.If desired by user role C increase to URI allow access use Role's value 4 of URI current entitlements value 3 and user role C are then carried out binary system or operation by family role, result of calculation 111, As 7, then the authority credentials of URI is 7.
In another embodiment of the present invention, that if desired reduces URI allows access user role, then can work as URI Preceding authority credentials role's value corresponding with reduced user role is needed carries out XOR operation.It illustrates:User role A is corresponded to Role's value be 1, the corresponding role's values of user role B are 2, the corresponding role's values of user role C are the current authority credentials of 4, URI It is 7, permissible access role includes user role A, B, C.If desired user role B is allowed into access user role from URI Middle deletion, then carry out binary system XOR operation by URI current entitlements value 7 and role's value 2 of user role B, and result of calculation is 101, as 5, then, the authority credentials of URI is 5.
It can be seen that the present invention can only get the authority credentials of URI by simple logical operation, and can permission according to this Value judges the user role for allowing to access, and realizes that one kind is simple, efficiently rights management mode, replacement tradition need to record a plurality of The mode of correspondence, effectively reduces system burden, economizes on resources.
2) user accesses
With reference to Fig. 3, shows the flow chart that a kind of user of the embodiment of the present invention accesses, can specifically include following step Suddenly:
Step 301, the access request from target user is received.
Specifically, in an embodiment of the present invention, after target user logs in, can be sent and be visited to server by mobile terminal Request is asked, with access target URI.
In an embodiment of the present invention, after server receives the access request from target user, access request is extracted The target user of the target user of middle carrying identifies and target URI.Wherein, user identifier is for the unique mark user.
Step 302, it identifies according to target user, is used in user's target corresponding with being searched in user role mapping table Family role.
Specifically, in an embodiment of the present invention, server is identified according to target user, retrieval user and user role pair Multiple user identifiers in relation table are answered, identify matched user identifier with target user to search, and obtain successful match The corresponding user role of user identifier.
Step 303, the corresponding target angle color value of extraction target user role.
Specifically, in an embodiment of the present invention, server extracts the corresponding target angle color value of target user role.One In a preferred embodiment, role's value of each user role is recordable in user and user role relation list.
Step 304, according to target URI, corresponding target authority credentials is obtained.
Specifically, in an embodiment of the present invention, server can get pre-set target corresponding with target URI Authority credentials.
Step 305, to target angle color value and the progress of target authority credentials and operation.
Step 306, judge whether consistent with target angle color value with operation result.
Specifically, in an embodiment of the present invention, server carries out the target angle color value got and target authority credentials With operation, and whether judging result is consistent.In one embodiment, if result is consistent, 307 are entered step, that is, judgement target User has the permission of access target URI.It illustrates:1 corresponding user role of user is user role A, also, user angle The permissible user role that the corresponding role's values of color A are 1, the corresponding role's values of user role B are 2, URI1 includes user role A And B, and authority credentials is 3.After user 1 logs in, request accesses URI1 and gets 1 corresponding use of user after server receives request Family role is user role A, and it is 1 to extract corresponding role's value, and, the authority credentials for getting URI1 is 3.Server is by angle The authority credentials 3 of color value 1 and URI1 carries out binary system and operation, and it is 001, as 1 to obtain operation result, the result and user role Role's value of A is consistent.Then judge that user 1 has the permission of access target URI1.
In another embodiment, if result is inconsistent, 308 are entered step, that is, judgement target user, which has, accesses mesh The permission for marking URI, as goes beyond one's commission.It illustrates:1 corresponding user role of user is user role B, and user role A is corresponding The permissible user role that role's value is 1, the corresponding role's values of user role B are 2, the corresponding role's values of user C are 4, URI1 Including user role A and C, and authority credentials is 5.After user 1 logs in, request accesses URI1 and is got after server receives request 1 corresponding user role of user is user role B, and it is 2 to extract corresponding role's value, and, get the authority credentials of URI1 It is 5.The authority credentials 5 of role's value 2 and URI1 are carried out binary system and operation by server, and it is 000, as 0 to obtain operation result, should As a result it is worth with the role of user role B inconsistent.Then judge that user 1 does not have the permission of access target URI1, as goes beyond one's commission.
Step 307, judgement target user has the permission of access target URI.
Step 308, judgement target user does not have the permission of access target URI.
In conclusion the technical solution in the embodiment of the present invention, by receiving the access request from target user, In, the target user's mark and target resource identifier URI of target user are carried in access request;It is marked according to target user Know, obtains corresponding target angle color value;According to target URI, corresponding target authority credentials is obtained;Based on target angle color value and mesh Authority credentials is marked, whether judgement target user has the permission of access target URI.To provide a kind of easily and efficiently permission Way to manage, effectively increases the processing speed of rights management, and alleviates system burden, and then improves user and use body It tests.
With reference to Fig. 4, show that a kind of structure diagram of rights management device 400 of the embodiment of the present invention, the device are specific May include with lower module:
Receiving module 401, for receiving the access request from target user, wherein carry target in access request The target user of user identifies and target resource identifier URI.
First acquisition module 402 obtains corresponding target angle color value for being identified according to target user.
Second acquisition module 403, for according to target URI, obtaining corresponding target authority credentials.
Determination module 404, for being based on target angle color value and target authority credentials, whether judgement target user, which has, accesses The permission of target URI.
With reference to Fig. 5, in a preferred embodiment of the invention, on the basis of Fig. 4, device 400 further includes:
First establishes module 405, for establishing multiple user roles.
First setup module 406, the corresponding role's value of each user role for being arranged in multiple user roles, In, each role's value is 2 n times side, and n is integer, also, different user role corresponds to different role's values.
Second establishes module 407, for according to the configuration-direct received, establishing user and user role correspondence Table, wherein in user and user role mapping table, each user corresponds at least one user role.
Second setup module 408, for being based on the corresponding role's value of the corresponding user role of each user, setting is each The authority credentials of URI.
With reference to Fig. 6, in a preferred embodiment of the invention, on the basis of Fig. 5, the second setup module 408 packet It includes:
Receiving submodule 4081, for receiving permission designated order, wherein permission designated order is used to indicate permitting for URI Perhaps user role set is accessed.
First extracting sub-module 4082, for according to permission designated order, that extracts URI to allow access user role set In the corresponding role's value of each user role.
First logical operation submodule 4083, role's value for will extract carries out or operation, obtains the permission of URI Value.
With reference to Fig. 7, in a preferred embodiment of the invention, on the basis of Fig. 4, the first acquisition module 402 packet It includes:
Submodule 4021 is searched, for being identified according to target user, is searched with user role mapping table in user Corresponding target user role.
Second extracting sub-module 4022, for extracting the corresponding target angle color value of target user role.
With reference to Fig. 8, in a preferred embodiment of the invention, on the basis of Fig. 4, determination module 404 includes:
Second logical operation submodule 4041, for target angle color value and the progress of target authority credentials and operation.
Judging submodule 4042, it is whether consistent with target angle color value with operation result for judging.
Decision sub-module 4043 is used for if so, judgement target user has the permission of access target URI.
Decision sub-module 4043 is further used for if it is not, then judging that target user does not have the permission of access target URI.
In conclusion the device in the embodiment of the present invention, by receiving the access request from target user, wherein visit Ask the target user's mark and target resource identifier URI that target user is carried in request;It identifies, obtains according to target user Take corresponding target angle color value;According to target URI, corresponding target authority credentials is obtained;It is weighed based on target angle color value and target Whether limit value, judgement target user have the permission of access target URI.To provide a kind of easily and efficiently rights management Mode, effectively increases the processing speed of rights management, and alleviates system burden, and then improves user experience.
For apparatus embodiments, since it is basically similar to the method embodiment, so description is fairly simple, it is related Place illustrates referring to the part of embodiment of the method.
Algorithm and display be not inherently related to any certain computer, virtual system or miscellaneous equipment provided herein. Various general-purpose systems can also be used together with teaching based on this.As described above, it constructs required by this kind of system Structure be obvious.In addition, the present invention is not also directed to any certain programmed language.It should be understood that can utilize various Programming language realizes the content of invention described herein, and the description done above to language-specific is to disclose this hair Bright preferred forms.
In the instructions provided here, numerous specific details are set forth.It is to be appreciated, however, that the implementation of the present invention Example can be put into practice without these specific details.In some instances, well known method, structure is not been shown in detail And technology, so as not to obscure the understanding of this description.
Similarly, it should be understood that in order to simplify the disclosure and help to understand one or more of each inventive aspect, Above in the description of exemplary embodiment of the present invention, each feature of the invention is grouped together into single implementation sometimes In example, figure or descriptions thereof.However, the method for the disclosure should be construed to reflect following intention:It is i.e. required to protect Shield the present invention claims the more features of feature than being expressly recited in each claim.More precisely, as following Claims reflect as, inventive aspect is all features less than single embodiment disclosed above.Therefore, Thus the claims for following specific implementation mode are expressly incorporated in the specific implementation mode, wherein each claim itself All as a separate embodiment of the present invention.
Those skilled in the art, which are appreciated that, to carry out adaptively the module in the equipment in embodiment Change and they are arranged in the one or more equipment different from the embodiment.It can be the module or list in embodiment Member or component be combined into a module or unit or component, and can be divided into addition multiple submodule or subelement or Sub-component.Other than such feature and/or at least some of process or unit exclude each other, it may be used any Combination is disclosed to all features disclosed in this specification (including adjoint claim, abstract and attached drawing) and so to appoint Where all processes or unit of method or equipment are combined.Unless expressly stated otherwise, this specification (including adjoint power Profit requires, abstract and attached drawing) disclosed in each feature can be by providing identical, equivalent or similar purpose alternative features come generation It replaces.
In addition, it will be appreciated by those of skill in the art that although some embodiments described herein include other embodiments In included certain features rather than other feature, but the combination of the feature of different embodiments means in of the invention Within the scope of and form different embodiments.For example, in the following claims, embodiment claimed is appointed One of meaning mode can use in any combination.
The all parts embodiment of the present invention can be with hardware realization, or to run on one or more processors Software module realize, or realized with combination thereof.It will be understood by those of skill in the art that can use in practice Microprocessor or digital signal processor (DSP) realize some or all portions in equipment according to the ... of the embodiment of the present invention The some or all functions of part.The present invention is also implemented as the part or complete for executing method as described herein The equipment or program of device (for example, computer program and computer program product) in portion.Such program for realizing the present invention It can may be stored on the computer-readable medium, or can be with the form of one or more signal.Such signal can be with It downloads and obtains from internet website, either provided on carrier signal or provide in any other forms.
It should be noted that the present invention will be described rather than limits the invention for above-described embodiment, and ability Field technique personnel can design alternative embodiment without departing from the scope of the appended claims.In the claims, Any reference mark between bracket should not be configured to limitations on claims.Word "comprising" does not exclude the presence of not Element or step listed in the claims.Word "a" or "an" before element does not exclude the presence of multiple such Element.The present invention can be by means of including the hardware of several different elements and being come by means of properly programmed computer real It is existing.In the unit claims listing several devices, several in these devices can be by the same hardware branch To embody.The use of word first, second, and third does not indicate that any sequence.These words can be explained and be run after fame Claim.
A kind of right management method provided by the present invention and device are described in detail above, it is used herein Principle and implementation of the present invention are described for specific case, and the explanation of above example is only intended to help to understand this The method and its core concept of invention;Meanwhile for those of ordinary skill in the art, according to the thought of the present invention, specific There will be changes in embodiment and application range, in conclusion the content of the present specification should not be construed as to the present invention's Limitation.

Claims (10)

1. a kind of right management method, which is characterized in that including:
Receive the access request from target user, wherein the target that the target user is carried in the access request is used Family identifies and target resource identifier URI;
It is identified according to the target user, obtains corresponding target angle color value;
According to the target URI, corresponding target authority credentials is obtained;
Based on the target angle color value and the target authority credentials, judges whether the target user has and access the target The permission of URI.
2. according to the method described in claim 1, it is characterized in that, the step of the access request of the reception from target user Before, further include:
Establish multiple user roles;
The corresponding role's value of each user role being arranged in the multiple user role, wherein each role's value is 2 n Power, n is integer, also, different user role corresponds to different role's values;
And according to the configuration-direct that receives, establish user and user role mapping table, wherein in the user and In user role mapping table, each user corresponds at least one user role;
Based on the corresponding role's value of the corresponding user role of each user, the authority credentials of each URI is set.
3. according to the method described in claim 2, it is characterized in that, described be based on the corresponding user role pair of each user The role's value answered, the step of authority credentials of each URI is set, including:
Receive permission designated order, wherein the permission designated order be used to indicate the URI allow access user role collection It closes;
According to the permission designated order, each user role pair of the URI allowed in access user role set is extracted The role's value answered;
By the role's value extracted progress or operation, the authority credentials of the URI is obtained.
4. according to the method described in claim 2, it is characterized in that, described identify according to the target user, acquisition is corresponding The step of target angle color value, including:
It is identified according to the target user, at user target user angle corresponding with being searched in user role mapping table Color;
Extract the corresponding target angle color value of the target user role.
5. according to the method described in claim 1, it is characterized in that, described weighed based on the target angle color value and the target Limit value, judges whether the user has the step of permission for accessing the target URI, including:
To the target angle color value and the target authority credentials carries out and operation;
Judge whether consistent with operation result and the target angle color value;
If so, judging that the target user has the permission for accessing the target URI;
If it is not, then judging that the target user does not have the permission for accessing the target URI.
6. a kind of rights management device, which is characterized in that including:
Receiving module, for receiving the access request from target user, wherein carry the target in the access request The target user of user identifies and target resource identifier URI;
First acquisition module obtains corresponding target angle color value for being identified according to the target user;
Second acquisition module, for according to the target URI, obtaining corresponding target authority credentials;
Determination module judges whether the target user has for being based on the target angle color value and the target authority credentials There is the permission for accessing the target URI.
7. device according to claim 6, which is characterized in that described device further includes:
First establishes module, for establishing multiple user roles;
First setup module, the corresponding role's value of each user role for being arranged in the multiple user role, wherein every A role's value is 2 n times side, and n is integer, also, different user role corresponds to different role's values;
Second establishes module, for according to the configuration-direct received, establishing user and user role mapping table, wherein In the user and user role mapping table, each user corresponds at least one user role;
Second setup module is arranged each URI's for being based on the corresponding role's value of the corresponding user role of each user Authority credentials.
8. device according to claim 7, which is characterized in that second setup module includes:
Receiving submodule, for receiving permission designated order, wherein the permission designated order is used to indicate permitting for the URI Perhaps user role set is accessed;
First extracting sub-module, for according to the permission designated order, that extracts the URI to allow access user role set In the corresponding role's value of each user role;
First logical operation submodule, role's value for will extract carries out or operation, obtains the authority credentials of the URI.
9. device according to claim 7, which is characterized in that first acquisition module includes:
Submodule is searched, for being identified according to the target user, is searched with user role mapping table in the user Corresponding target user role;
Second extracting sub-module, for extracting the corresponding target angle color value of the target user role.
10. device according to claim 6, which is characterized in that the determination module includes:
Second logical operation submodule, for the target angle color value and target authority credentials progress and operation;
Judging submodule, it is whether consistent with operation result and the target angle color value for judging;
Decision sub-module, for if so, judging that the target user has the permission for accessing the target URI;
The decision sub-module is further used for if it is not, then judging that the target user does not have the power for accessing the target URI Limit.
CN201810449787.8A 2018-05-11 2018-05-11 A kind of right management method and device Pending CN108664811A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810449787.8A CN108664811A (en) 2018-05-11 2018-05-11 A kind of right management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810449787.8A CN108664811A (en) 2018-05-11 2018-05-11 A kind of right management method and device

Publications (1)

Publication Number Publication Date
CN108664811A true CN108664811A (en) 2018-10-16

Family

ID=63779300

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810449787.8A Pending CN108664811A (en) 2018-05-11 2018-05-11 A kind of right management method and device

Country Status (1)

Country Link
CN (1) CN108664811A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109598117A (en) * 2018-10-24 2019-04-09 平安科技(深圳)有限公司 Right management method, device, electronic equipment and storage medium
CN110222524A (en) * 2019-05-07 2019-09-10 深圳壹账通智能科技有限公司 The authorization check method, apparatus and terminal device of uniform resource locator request
CN112818264A (en) * 2021-01-26 2021-05-18 广州欢网科技有限责任公司 User permission verification method, device and terminal

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005275759A (en) * 2004-03-24 2005-10-06 Ntt Comware Corp Electronic document management system, user attribute management device, electronic document management device, electronic document management method and electronic document management program
CN101414253A (en) * 2007-10-17 2009-04-22 华为技术有限公司 Method and system for managing authority
CN106878325A (en) * 2017-03-20 2017-06-20 北京润科通用技术有限公司 A kind of method and device for determining access privilege

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005275759A (en) * 2004-03-24 2005-10-06 Ntt Comware Corp Electronic document management system, user attribute management device, electronic document management device, electronic document management method and electronic document management program
CN101414253A (en) * 2007-10-17 2009-04-22 华为技术有限公司 Method and system for managing authority
CN106878325A (en) * 2017-03-20 2017-06-20 北京润科通用技术有限公司 A kind of method and device for determining access privilege

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109598117A (en) * 2018-10-24 2019-04-09 平安科技(深圳)有限公司 Right management method, device, electronic equipment and storage medium
CN110222524A (en) * 2019-05-07 2019-09-10 深圳壹账通智能科技有限公司 The authorization check method, apparatus and terminal device of uniform resource locator request
CN112818264A (en) * 2021-01-26 2021-05-18 广州欢网科技有限责任公司 User permission verification method, device and terminal

Similar Documents

Publication Publication Date Title
CN109409043B (en) Login method of application system, terminal equipment and medium
US10691816B2 (en) Applying host access control rules for data used in application containers
CN107948314B (en) Business processing method and device based on rule file and server
US20170163675A1 (en) Distributed split browser content inspection and analysis
US9870313B2 (en) Unit-level formal verification for vehicular software systems
Saini Squid Proxy Server 3.1: beginner's guide
JP2021500658A (en) Computer implementation methods, systems, and computer program products that perform interactive workflows, as well as computer programs.
US11095614B2 (en) Configuring hostname based firewall policies
CN111641627A (en) User role authority management method and device, computer equipment and storage medium
CN109922030B (en) Global network access control method based on Android equipment
US20170104718A1 (en) Security threat identification, isolation, and repairing in a network
CN105141605B (en) Session method, Website server and browser
CN108664811A (en) A kind of right management method and device
CN109802919B (en) Web page access intercepting method and device
CN103747010B (en) A kind of method, system and device by mobile terminal control PC
CN106302862B (en) A kind of collection method and system of DNS recursion server
US10417412B2 (en) Protecting computer code against ROP attacks
CN111177672A (en) Page access control method and device and electronic equipment
CN107577590A (en) Method and device based on database service real-time calling virtual interface
CN104504331A (en) Virtualization security detection method and system
CN107451461A (en) Device-fingerprint processing method, device, server and the storage medium of mobile device
US10701128B2 (en) Systems and methods for accessing multiple resources via one identifier
US9398041B2 (en) Identifying stored vulnerabilities in a web service
CN112069499A (en) Detection method, detection device, storage medium and electronic equipment
CN104504330B (en) Virtualize safety detection method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20181016