CN108924125B - Control method and device of interface calling authority, computer equipment and storage medium - Google Patents
Control method and device of interface calling authority, computer equipment and storage medium Download PDFInfo
- Publication number
- CN108924125B CN108924125B CN201810698726.5A CN201810698726A CN108924125B CN 108924125 B CN108924125 B CN 108924125B CN 201810698726 A CN201810698726 A CN 201810698726A CN 108924125 B CN108924125 B CN 108924125B
- Authority
- CN
- China
- Prior art keywords
- interface
- product
- user
- authority
- tenant
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 72
- 238000003860 storage Methods 0.000 title claims abstract description 15
- 230000004044 response Effects 0.000 claims abstract description 31
- 238000004590 computer program Methods 0.000 claims description 25
- 230000006870 function Effects 0.000 claims description 22
- 238000010586 diagram Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 8
- 238000009826 distribution Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to a method and a device for controlling interface calling authority, computer equipment and a storage medium, belonging to the technical field of computer networks. The method comprises the following steps: receiving user login information sent by an API gateway, and determining the product authority of a current login user according to the user login information; returning the product permission to the API gateway to trigger the API gateway to forward a product interface calling request to the business service; receiving an interface authentication request sent by a business service, and identifying the product interface calling authority of the current login user according to the interface authentication request; if the product interface calling authority passes the identification, returning an interface response instruction to the service; so as to trigger the business service to execute the function of the corresponding interface of the product. By the technical scheme, the problems of high complexity and low efficiency of authority control of calling of the multi-user interface are solved, and effective authority control can be performed on the interface calling of a plurality of users in a tenant.
Description
Technical Field
The invention relates to the technical field of computer networks, in particular to a method and a device for controlling interface calling authority, computer equipment and a storage medium.
Background
Compared with the conventional technology, the difference of the SAAS (Software-as-a-Service) from the architecture level is a Multi-tent (Multi-Tenant) mode, the SAAS provides and rents applications for tenants, and the tenants can connect to the SAAS through a network and call corresponding interfaces. In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art: a tenant may include multiple users, different users may need to invoke different interfaces, and different users may have different rights to different products and interfaces. This results in a high complexity and low efficiency of the authority control for the multi-user interface call.
Disclosure of Invention
Based on the method, the device, the computer equipment and the storage medium for controlling the interface calling authority, the method and the device can effectively control the authority of interface calling of a plurality of users in a tenant.
The content of the embodiment of the invention is as follows:
a control method for interface calling authority comprises the following steps: receiving user login information sent by an API gateway, and determining the product authority of a current login user according to the user login information; returning the product authority of the current login user to the API gateway to trigger the API gateway to forward a product interface calling request of the current login user to the service; receiving an interface authentication request sent by a business service, and identifying the product interface calling authority of the current login user according to the interface authentication request; the interface authentication request is obtained according to a product interface calling request forwarded by the API gateway; if the product interface calling authority passes the identification, returning an interface response instruction to the service; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product.
In one embodiment, before the step of receiving user login information sent by the API gateway and determining the product permission of the currently logged-in user according to the user login information, the method further includes: receiving a registration request of a tenant; the registration request comprises the product requested to be registered by the tenant and user information of a plurality of users; and registering the tenants according to the registration request, determining product permissions of the users under the products, and determining tokens corresponding to the product permissions.
In one embodiment, after the step of determining the product permissions of the multiple users under the respective products and determining the tokens corresponding to the respective product permissions, the method further includes: and storing the product authority into a pre-established authority database, and returning the token to the tenant so that the tenant distributes the token to a corresponding user.
In one embodiment, the user login information comprises a token; the token has a validity time; before the step of determining the product authority of the current login user according to the user login information, the method further comprises the following steps: and judging whether the token is in the valid time.
In one embodiment, the step of determining the product right of the currently logged-in user according to the user login information includes: and if the token is in the effective time, inquiring the product authority corresponding to the token in an authority database to obtain the product authority of the current login user.
In one embodiment, the permission database stores a plurality of tenant IDs and user IDs; after the step of receiving user login information sent by the API gateway and determining the product permission of the current login user according to the user login information, the method further comprises the following steps: and if the current login user is determined to have the authority of using the corresponding product, distributing the tenant ID and the user ID for the current login user according to the tenant ID and the user ID stored in the authority database, and returning the distributed tenant ID and the user ID to the API gateway.
In one embodiment, the interface authentication request is obtained according to a product interface call request, a tenant ID and a user ID forwarded by the API gateway; the step of identifying the product interface calling authority of the current login user according to the interface authentication request comprises the following steps: according to the interface authentication request, identifying the corresponding tenant ID and the user ID; and if the corresponding tenant ID and the user ID pass the authentication, the product interface calls the authority authentication to pass, and the current login user has the authority to call the corresponding interface.
Correspondingly, an embodiment of the present invention provides a device for controlling an interface call authority, including: the product authentication module is used for receiving user login information sent by the API gateway and determining the product authority of the current login user according to the user login information; the authority return module is used for returning the product authority of the current login user to the API gateway so as to trigger the API gateway to forward the product interface calling request of the current login user to the service; the interface authentication module is used for receiving an interface authentication request sent by a business service and identifying the product interface calling authority of the current login user according to the interface authentication request; the interface authentication request is obtained according to a product interface calling request forwarded by the API gateway; the interface response module is used for returning an interface response instruction to the business service if the product interface calling authority passes the identification; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product.
The control method and the control device for the interface calling authority determine the product corresponding to each user and which interface in the product the user needs to call when different users log in. And respectively carrying out authority authentication on the product of each user and the interface to be called: the unified authentication service firstly determines whether a user has the right to use a corresponding product; after the product authority is determined, whether the user has the authority to call the corresponding interface is judged; and if the authority identification of the interface passes, controlling the business service to execute the function of the interface called by the user. The multi-user authority control can be managed in a unified mode, different users can be identified in a targeted mode, and the multi-user authority control efficiency can be effectively improved.
A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program: receiving user login information sent by an API gateway, and determining the product authority of a current login user according to the user login information; returning the product authority of the current login user to the API gateway to trigger the API gateway to forward a product interface calling request of the current login user to the service; receiving an interface authentication request sent by a business service, and identifying the product interface calling authority of the current login user according to the interface authentication request; the interface authentication request is obtained according to a product interface calling request forwarded by the API gateway; if the product interface calling authority passes the identification, returning an interface response instruction to the service; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product.
The computer equipment can uniformly manage the authority control of multiple users, can perform targeted identification on different users, and can effectively improve the efficiency of the authority control of multiple users.
A computer-readable storage medium, on which a computer program is stored which, when executed by a processor, carries out the steps of: receiving user login information sent by an API gateway, and determining the product authority of a current login user according to the user login information; returning the product authority of the current login user to the API gateway to trigger the API gateway to forward a product interface calling request of the current login user to the service; receiving an interface authentication request sent by a business service, and identifying the product interface calling authority of the current login user according to the interface authentication request; the interface authentication request is obtained according to a product interface calling request forwarded by the API gateway; if the product interface calling authority passes the identification, returning an interface response instruction to the service; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product.
The computer readable storage medium can uniformly manage the authority control of multiple users, can identify different users in a targeted manner, and can effectively improve the efficiency of the authority control of multiple users.
Drawings
FIG. 1 is a diagram illustrating an exemplary embodiment of an application environment for a method for controlling interface call permissions;
FIG. 2 is a flowchart illustrating a method for controlling interface call permissions according to an embodiment;
FIG. 3 is a diagram of a product table of the rights database in one embodiment;
FIG. 4 is a diagram of a product rights table of the rights database in one embodiment;
FIG. 5 is a timing diagram illustrating a method for controlling interface call permissions in one embodiment;
FIG. 6 is a flowchart illustrating a method for controlling interface call permissions in another embodiment;
FIG. 7 is a block diagram showing the structure of a control device for controlling the interface call authority in one embodiment;
FIG. 8 shows an internal structure of a computer device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The control method of the interface calling authority provided by the application can be applied to the application environment shown in fig. 1. The external system 101 communicates with the product management center 102 through a network, and the external system 101 registers with the product management center 102 to acquire the right to use certain products and interfaces corresponding to the products. When the external system 101 needs to call the function of a certain interface of the product management center 102, the product management center authenticates the corresponding product and interface authority, and when the authentication is passed, the function corresponding to the interface is provided for the external system 101. The external system 101 and the product management center 102 may be terminals or servers. The terminal can be, but is not limited to, various personal computers, notebook computers, smart phones, tablet computers and portable wearable devices, and the server can be implemented by an independent server or a server cluster formed by a plurality of servers.
In one embodiment, the product management center 102 may refer to SAAS (software as a service) services, which may include API gateways, business services, and unified authentication services, among others. The business service and the unified authentication service can be servers.
SAAS provides a complete software solution, and tenants can purchase products provided by SAAS from cloud service providers in a pay-as-you-go manner. The user may connect to the application via the Internet (typically using a Web browser). The SAAS services all infrastructure, middleware, application software and application data are located in the service provider's data center. The service provider is responsible for managing the hardware and software and ensuring the availability and security of applications and data according to appropriate service protocols. The SAAS service enables users to quickly build up a production through the lowest upfront cost application.
The SAAS service may store information about products (including but not limited to software products), product resources, resource permissions, product permissions, tenants, tenant roles, users, etc. via a permission database. The product self-defines product resources, resource permissions and product permissions, and each interface corresponds to a group of resources and resource permissions. The SAAS service provides both tenant registration and tenant user management services. The SAAS service can comprise an SAAS service login platform, a tenant user can call the SAAS service login platform, and the SAAS service registers for the tenant user according to the information of the tenant and the tenant user to determine the product authority corresponding to each product and stores the product authority into a cache (authority database). And the tenant calls the SAAS service open interface to register corresponding product resources, resource permissions and product permissions. When a user in a tenant needs to call a certain interface, the SAAS service identifies the authority of the user according to the corresponding resource and the resource permission.
In one embodiment, the control method of the entire interface call authority may be implemented in a micro service Architecture (MicroService Architecture). The micro-service is a structural style, and is a large complex software application composed of one or more micro-services. Each microservice in the architecture can be deployed independently, with loose coupling between each microservice. Each microservice is only concerned with and well performs one task, each representing a small business capability. Specifically, in the embodiment of the present invention, the external system, the API gateway, the service, and the unified authentication service may all refer to a micro service, and these micro services cooperate with each other to effectively control the user right. Wherein, the external system refers to the system where the tenant is located.
The embodiment of the invention provides a method and a device for controlling interface calling authority, computer equipment and a storage medium. The following are detailed below.
In one embodiment, as shown in FIG. 2, a method for controlling interface call permissions is provided. The unified authentication server side applied to the SAAS service by the method is taken as an example for explanation, and the method comprises the following steps:
s201, receiving user login information sent by an API gateWay (API-gateWay) and determining the product authority of a current login user according to the user login information.
In the step, when a user logs in, determining a product to be used and sending user login information corresponding to the product to the API gateway; and after receiving the user login information, the API gateway sends the user login information to the unified authentication service, and the unified authentication service judges whether the user has the authority to use the corresponding product according to the user login information.
The API gateway refers to an entrance of an external system accessing the SAAS service, and the external system can interact with the SAAS service through the API gateway and call an interface of the SAAS service. The unified authentication service is realized by the information identification and the server, and the embodiment of the invention does not limit the form of the unified authentication service.
In one embodiment, the user login information may include user information, product information, and a token corresponding to the product, where the token is a token in the computer identity authentication, and the unified authentication service may determine, according to the token, the product authority of the login user, that is, determine whether the login user has the authority to use the corresponding product.
In one embodiment, when a user needs to invoke an interface of the SAAS service, a connection relationship needs to be established with the SAAS service, and the SAAS service can be logged in through the SAAS service login platform.
In one embodiment, when a user logs in, a message is sent to the API gateway, where the message includes information such as a header (header), a selected product, and interface call information. And after the user logs in, the API gateway verifies the safety, integrity and the like of the message.
S202, returning the product authority of the current login user to the API gateway to trigger the API gateway to forward the product interface calling request of the current login user to the service.
In this step, after the unified authentication service determines the product permission of the current login user, the unified authentication service returns the product permission to the API gateway to trigger the API gateway to forward the product interface call request of the current login user to the service.
In one embodiment, the product rights may be that the corresponding product may be used, the corresponding product may not be used, and the like.
In one embodiment, if the unified authentication service determines that the current login user has the right to use the corresponding product, product authentication passing information is returned to the API gateway, so that the API gateway triggers the subsequent interface authentication. And if the unified authentication service determines that the current login user does not have the authority of using the corresponding product, product authentication failure information is returned to the API gateway. After receiving the product authentication failure information, the API gateway may not trigger the subsequent interface authentication, i.e. the interface authentication process is not performed any more.
S203, receiving an interface authentication request sent by a business service, and identifying the product interface calling authority of the current login user according to the interface authentication request; the interface authentication request is obtained according to a product interface calling request forwarded by the API gateway.
In this step, the unified authentication service feeds back information that the product authority authentication passes to the API gateway after determining that the user has the authority to use the corresponding product. After determining that a user has the authority to use a corresponding product, an API gateway determines which interface the user needs to call according to a product interface calling request when the user logs in, generates a product interface calling request, sends the product interface calling request to a business service, the business service generates an interface authentication request according to the product interface calling request, sends the interface authentication request to a unified authentication service, and the unified authentication service identifies the authority of the user to call the corresponding interface.
The business service refers to a server for processing specific applications, namely, when a user logs in and product authority identification is passed, specific interface service is completed: and sending the product interface calling request of the current login user to the unified authentication service in an interface authentication request mode, and processing the service of the corresponding interface after the interface authority identification is passed so as to respond to the product interface calling request of the user.
S204, if the product interface calling authority passes the identification, returning an interface response instruction to the service; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product.
In this step, if the authority identification of the interface passes, the unified authentication service returns an interface response instruction to the service. And the business service executes the function of the corresponding interface according to the interface response instruction.
According to the embodiment, the authority control of multiple users can be managed in a unified mode, meanwhile, different users can be identified in a targeted mode, and the efficiency of the authority control of multiple users can be effectively improved.
In one embodiment, before the step of receiving user login information sent by the API gateway and determining the product right of the currently logged-in user according to the user login information, the method further includes: receiving a registration request of a tenant; the registration request comprises the product requested to be registered by the tenant and user information of a plurality of users; and registering the tenants according to the registration request, determining product permissions of the users under the products, and determining tokens corresponding to the product permissions.
In one embodiment, when a tenant needs to use some products in the SAAS service, the tenant sends a registration request to the SAAS service, where the registration request includes the products to be registered, which interfaces in the products are to be registered, and the user included by the tenant. And the tenant pays corresponding fees according to the charging standard of the SAAS service. And the unified authentication service in the SAAS service registers for the tenant according to the registration request, namely, the permission of each user in the tenant for using the corresponding product and interface is determined, and the product permission is embodied by token.
In this embodiment, the method and the system register for the tenant, determine the usage right of the corresponding product and interface by the user in the tenant, prepare for subsequently identifying the right of calling the specific interface for the user, can realize the centralized management of the tenant by the SAAS service, and effectively prevent the unregistered user from using the product provided by the SAAS service at will.
In an embodiment, after the step of determining the product permissions of the multiple users under the respective products and determining the tokens corresponding to the respective product permissions, the method further includes: and storing the product authority into a pre-established authority database, and returning the token to the tenant so that the tenant distributes the token to a corresponding user.
In an embodiment, the token may also be stored in the authority database, and the unified authentication service directly queries whether the corresponding token exists in the authority database according to the token sent by the user, so as to determine whether the user has the authority to use the corresponding product.
In this embodiment, the determined product authority is stored in a pre-established authority database, and the token is returned to the tenant, and the tenant receives the token. When the tenant needs to use the product of the SAAS service, the tenant sends a request to the SAAS service, and the token is carried in a request message to indicate the attribute of the tenant, so that the tenant can be conveniently identified by the unified authentication service. The product authority is stored in the authority database, the result can be obtained by inquiring the authority database when the product authority of the login user needs to be determined, convenience and directness are achieved, and the control efficiency of the interface calling authority can be effectively improved.
In one embodiment, the user login information comprises a token; the token has a validity time; before the step of determining the product authority of the current login user according to the user login information, the method further comprises the following steps: and judging whether the token is in the valid time.
In this embodiment, the unified authentication service determines whether to perform subsequent rights database query according to the valid time of the token. If the token's valid time is over, then it is not necessary to query the authority database, and it is determined that the user does not have the authority to use the corresponding product; and if the valid time of the token is not finished, finishing the subsequent product authentication process.
In one embodiment, the step of determining the product authority of the currently logged-in user according to the user login information includes: and if the token is in the effective time, inquiring the product authority corresponding to the token in an authority database to obtain the product authority of the current login user.
In one embodiment, the message header of the user login information may include token, selected product, interface calling information, and the like. The API gateway obtains the token from the header of the message, sends the token to the unified authentication service, and the unified authentication service determines whether the user has the authority of using the corresponding product according to the token.
In one embodiment, the step of querying the product authority corresponding to the token in the authority database to obtain the product authority of the current login user includes: inquiring corresponding product definition information in the authority database according to the token; and determining authority definition information corresponding to the product definition information, and judging whether the user has the authority to use the corresponding product according to the authority definition information.
The product definition information refers to information such as a name, an ID, a function description, and an authority level related to a product provided by the SAAS service, and may be stored in a product table of the authority database, where the product table is shown in fig. 3. The authority definition information is information on authority for a user to use a certain product, and may be stored in a product authority table of an authority database, as shown in fig. 4, where the product authority table includes information such as an authority ID, a product ID, and an authority name. Wherein, there is a relationship between the product table and the product authority table. The uniform authentication service can inquire each product provided by the SAAS service through the product table, and when user login information sent by the API gateway is received, the product permission table can be inquired according to a token in the user login information, and the permission of the user for using the product is determined.
In one embodiment, the rights database may not include a product table, and the product definition information and the rights definition information are directly placed in a product rights table.
The embodiment combines the effective time and the product authority to determine whether the user has the authority to use the corresponding product, and can dually ensure the accuracy of authority identification.
In one embodiment, the authority database stores a plurality of tenant ids (entreprise ids) and user ids (user ids); after the step of receiving user login information sent by the API gateway and determining the product permission of the current login user according to the user login information, the method further comprises the following steps: and if the current login user is determined to have the authority of using the corresponding product, distributing the tenant ID and the user ID for the current login user according to the tenant ID and the user ID stored in the authority database, and returning the distributed tenant ID and the user ID to the API gateway.
In one embodiment, after the user logs in, if the current login user is determined to have the authority of using the corresponding product, the tenant ID and the user ID are allocated to the current login user. Therefore, the user who can provide the tenant ID and the user ID information is the user who has logged in the SAAS service and passed the product authority authentication.
In the embodiment, the tenant ID and the user ID are distributed to the users with the authority of using the corresponding products, so that the subsequent identification of the interface authority is facilitated.
In one embodiment, the interface authentication request is obtained according to a product interface call request, a tenant ID and a user ID forwarded by the API gateway; the step of identifying the product interface calling authority of the current login user according to the interface authentication request comprises the following steps: according to the interface authentication request, identifying the corresponding tenant ID and the user ID; and if the corresponding tenant ID and the user ID pass the authentication, the product interface calls the authority authentication to pass, and the current login user has the authority to call the corresponding interface.
In one embodiment, the interfaces may include an open access interface, a login access interface, and an authorized access interface. The open access interface can also be called a login-free access interface, and is completely open without any control; the login access interface is that the service is only opened to a login user without permission control, and if the user A successfully logs in, namely the user A obtains a tenant ID and a user ID, the user A is considered to have the permission for calling the corresponding interface; the authorized access interface is that the service is only opened to the user with specific authority, and the validity of the tenant ID and the user ID needs to be authenticated.
In one embodiment, the process of authenticating the product permission can be realized by a business service, when the business service determines that the interface called by the current login user is an authorized access interface, an interface authentication request is sent to the unified authentication service, and the unified authentication service authenticates the tenant ID and the user ID. If the authentication of the tenant ID and the user ID is passed, judging that the current login user has the authority of calling the corresponding interface, returning authentication passing information to the business service, and allowing the business service to agree with the interface calling request of the user and execute the function of the corresponding interface; if the identification of the tenant ID and the user ID is not passed, the current login user is judged not to have the authority of calling the corresponding interface, and the subsequent process of executing the function of the corresponding interface is not carried out.
In this embodiment, the unified authentication service identifies the tenant ID and the user ID provided by the user, and if the tenant ID and the user ID are legal, it is determined that the currently logged-in user has the right to call the corresponding interface. The interface authentication mode is simple, and meanwhile, the interface can be further authenticated on the basis that the product authentication is passed, so that the safety of the SAAS service is ensured.
In one embodiment, the step of authenticating the product interface invocation authority of the current login user further comprises: if the business service determines that the interface called by the current login user is an open access interface, judging that the current login user has the authority of calling the corresponding interface; if the business service determines that the interface called by the current login user is a login access interface, judging whether the interface authentication request corresponds to a tenant ID and a user ID; if yes, the user has the authority of calling the corresponding interface. If the business service determines that the interface called by the current login user is an authorized access interface, an interface authentication request is sent to the unified authentication service, and the unified authentication service determines whether the current login user has the authority of calling the corresponding interface.
According to the embodiment, different identification modes are carried out on different interfaces, and the efficiency of authority control on the user can be effectively improved.
In one embodiment, as shown in fig. 5, a method for controlling interface call authority is provided, which includes the following steps:
s501, receiving a registration request of a tenant; the registration request comprises the product requested to be registered by the tenant and user information of a plurality of users.
S502, registering the tenants according to the registration request, determining product permissions of the users under the products, and determining tokens corresponding to the product permissions.
S503, storing the product authority into a pre-established authority database, and returning the token to the tenant, so that the tenant distributes the token to the corresponding user.
S504, receiving user login information sent by the API gateway, and judging whether a token in the user login information is in the valid time.
And S505, if the token is in the valid time, inquiring the product authority corresponding to the token in the authority database to obtain the product authority of the current login user.
S506, if the current login user is determined to have the authority of using the corresponding product, distributing the tenant ID and the user ID for the current login user according to the tenant ID and the user ID stored in the authority database, and returning the distributed tenant ID and the user ID to the API gateway.
And S507, returning the product permission of the current login user to the API gateway to trigger the API gateway to forward the product interface calling request of the current login user to the service.
S508, receiving an interface authentication request sent by the business service, and identifying the product interface calling authority of the current login user according to the interface authentication request; the interface authentication request is obtained according to the product interface calling request, the tenant ID and the user ID forwarded by the API gateway.
S509, identifying the corresponding tenant ID and the user ID according to the interface authentication request; and if the corresponding tenant ID and the user ID pass the authentication, the product interface calls the authority authentication to pass, and the current login user has the authority to call the corresponding interface.
S510, if the product interface calling authority passes the identification, returning an interface response instruction to the business service; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product.
According to the embodiment, the authority control of multiple users can be managed in a unified mode, meanwhile, different users can be identified in a targeted mode, and the efficiency of the authority control of multiple users can be effectively improved.
In order to better understand the above method, an application example of the control method of the interface call authority of the present invention is described in detail below. A timing diagram of this application example may be as shown in fig. 6.
Product registration (not shown in fig. 6):
1. the unified authentication service receives a registration request of a tenant; the registration request comprises a product requested to be registered by a tenant and user information of a plurality of users; and the unified authentication service registers the tenants according to the registration request, determines the product permission of each user under each product, and determines the token corresponding to each product permission.
2. The unified authentication service stores the product authority into a pre-established authority database and returns the token to the tenant; and after receiving the user login information, the tenant allocates the token to the corresponding user.
Entitlement control (i.e. interface call):
3. the current login user sends a product interface calling request to the API gateway in the form of a message, where the message includes the token, interface calling information (for example, calling an interface for sending a short message), and the like.
4. The API gateway sends a product interface calling request to the unified authentication service, and the unified authentication service judges whether the user has the authority to use the corresponding product according to the corresponding token; and if the user is determined to have the authority of using the corresponding product, returning the tenant ID and the user ID to the API gateway.
5. And the API gateway sends the information that the product authentication passes to the short message service and sends the assigned tenant ID and the user ID.
6. If the short message service determines that the called interface is an authorized access interface according to the interface calling information of the user, an interface authentication request is generated according to the tenant ID and the user ID, and the interface authentication request is sent to the unified authentication service.
7. And when receiving an interface authentication request sent by the short message service, the unified authentication service identifies the legality of the corresponding tenant ID and the user ID.
8. If the authority identification of the interface is determined to pass according to the legality of the tenant ID and the user ID, the unified authentication service returns an interface response instruction to the short message service.
9. The short message service executes corresponding short message sending operation according to the function of the corresponding interface, and returns corresponding request response information to the user (external system).
The embodiment can uniformly manage the authority control of multiple users, can identify different users in a targeted manner, and can effectively improve the efficiency of the authority control of multiple users.
It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts or combinations, but those skilled in the art should understand that the present invention is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present invention.
Based on the same idea as the control method of the interface call authority in the above embodiment, the present invention further provides a control device of the interface call authority, which can be used to execute the control method of the interface call authority. For convenience of description, in the structural schematic diagram of the embodiment of the control device of the interface call authority, only the part related to the embodiment of the present invention is shown, and those skilled in the art will understand that the illustrated structure does not constitute a limitation to the device, and may include more or less components than those illustrated, or combine some components, or arrange different components.
As shown in fig. 7, the control device for controlling the interface call authority includes a product authentication module 701, an authority returning module 702, an interface authentication module 703 and an interface response module 704, which are described in detail as follows:
and the product authentication module 701 is configured to receive user login information sent by the API gateway, and determine the product permission of the current login user according to the user login information.
And the permission returning module 702 is configured to return the product permission of the current login user to the API gateway, so as to trigger the API gateway to forward the product interface call request of the current login user to the service.
The interface authentication module 703 is configured to receive an interface authentication request sent by a service, and identify a product interface invocation authority of a currently logged-in user according to the interface authentication request; the interface authentication request is obtained according to a product interface calling request forwarded by the API gateway.
The interface response module 704 is used for returning an interface response instruction to the business service if the product interface calling authority passes the identification; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product.
According to the embodiment, the authority control of multiple users can be managed in a unified mode, meanwhile, different users can be identified in a targeted mode, and the efficiency of the authority control of multiple users can be effectively improved.
In one embodiment, the control device for controlling the interface call authority further includes: a registration request receiving module, configured to receive a registration request of a tenant; the registration request comprises the product requested to be registered by the tenant and user information of a plurality of users; and the registration module is used for registering the tenants according to the registration request, determining the product permission of the users under each product, and determining the token corresponding to each product permission.
In one embodiment, further comprising: and the authority storage module is used for storing the product authority into a pre-established authority database and returning the token to the tenant so that the tenant distributes the token to a corresponding user.
In one embodiment, the user login information comprises a token; the token has a validity time; further comprising: and the time judging module is used for judging whether the token is in the effective time.
In an embodiment, the product authentication module is further configured to query a product authority corresponding to the token in an authority database if the token is within the valid time, so as to obtain the product authority of the currently logged-in user.
In one embodiment, the permission database has stored therein a plurality of tenant IDs and user IDs; the control device for the interface calling authority further comprises: and the ID distribution module is used for distributing the tenant ID and the user ID for the current login user according to the tenant ID and the user ID stored in the permission database and returning the distributed tenant ID and the user ID to the API gateway if the current login user is determined to have the permission to use the corresponding product.
In one embodiment, the interface authentication request is obtained according to a product interface call request, a tenant ID and a user ID forwarded by the API gateway; the interface authentication module is also used for identifying the corresponding tenant ID and the user ID according to the interface authentication request; and if the corresponding tenant ID and the user ID pass the authentication, the product interface calls the authority authentication to pass, and the current login user has the authority to call the corresponding interface.
It should be noted that, the control device of interface call permission of the present invention corresponds to the control method of interface call permission of the present invention one to one, and the technical features and the beneficial effects described in the embodiments of the control method of interface call permission are all applicable to the embodiments of the control device of interface call permission, and specific contents may refer to the description in the embodiments of the method of the present invention, and are not described herein again, and thus are stated herein.
In addition, in the above-mentioned exemplary embodiment of the control device of the interface call authority, the logic division of each program module is only an example, and in practical applications, the above-mentioned function distribution may be performed by different program modules according to needs, for example, due to the configuration requirements of corresponding hardware or the convenience of implementation of software, that is, the internal structure of the control device of the interface call authority is divided into different program modules so as to perform all or part of the above-mentioned functions.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used as a permission database for storing information such as product definition information, permission definition information, tenant ID, and user ID. The network interface of the computer equipment is used for connecting and communicating with an external terminal through a network, and whether the interface of the external terminal uses a corresponding product and the authority of the interface is identified. The computer program is executed by a processor to implement a method of controlling interface call permissions.
Those skilled in the art will appreciate that the architecture shown in fig. 8 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
In one embodiment, a computer device is provided, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program: receiving user login information sent by an API gateway, and determining the product authority of a current login user according to the user login information; returning the product authority of the current login user to the API gateway to trigger the API gateway to forward a product interface calling request of the current login user to the service; receiving an interface authentication request sent by a business service, and identifying the product interface calling authority of the current login user according to the interface authentication request; the interface authentication request is obtained according to a product interface calling request forwarded by the API gateway; if the product interface calling authority passes the identification, returning an interface response instruction to the service; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product.
In one embodiment, the processor, when executing the computer program, further performs the steps of: before the step of receiving user login information sent by the API gateway and determining the product permission of the current login user according to the user login information, the method further comprises: receiving a registration request of a tenant; the registration request comprises the product requested to be registered by the tenant and user information of a plurality of users; and registering the tenants according to the registration request, determining product permissions of the users under the products, and determining tokens corresponding to the product permissions.
In one embodiment, the processor, when executing the computer program, further performs the steps of: after the step of determining the product permissions of the plurality of users under the products and determining the tokens corresponding to the product permissions, the method further includes: and storing the product authority into a pre-established authority database, and returning the token to the tenant so that the tenant distributes the token to a corresponding user.
In one embodiment, the processor, when executing the computer program, further performs the steps of: the user login information comprises a token; the token has a validity time; before the step of determining the product authority of the current login user according to the user login information, the method further comprises the following steps: and judging whether the token is in the valid time.
In one embodiment, the processor, when executing the computer program, further performs the steps of: the step of determining the product authority of the current login user according to the user login information comprises the following steps: and if the token is in the effective time, inquiring the product authority corresponding to the token in an authority database to obtain the product authority of the current login user.
In one embodiment, the processor, when executing the computer program, further performs the steps of: a plurality of tenant IDs and user IDs are stored in the permission database; after the step of receiving user login information sent by the API gateway and determining the product permission of the current login user according to the user login information, the method further comprises the following steps: and if the current login user is determined to have the authority of using the corresponding product, distributing the tenant ID and the user ID for the current login user according to the tenant ID and the user ID stored in the authority database, and returning the distributed tenant ID and the user ID to the API gateway.
In one embodiment, the processor, when executing the computer program, further performs the steps of: the interface authentication request is obtained according to a product interface calling request, a tenant ID and a user ID forwarded by the API gateway; the step of identifying the product interface calling authority of the current login user according to the interface authentication request comprises the following steps: according to the interface authentication request, identifying the corresponding tenant ID and the user ID; and if the corresponding tenant ID and the user ID pass the authentication, the product interface calls the authority authentication to pass, and the current login user has the authority to call the corresponding interface.
In one embodiment, a computer-readable storage medium is provided, having a computer program stored thereon, which when executed by a processor, performs the steps of: receiving user login information sent by an API gateway, and determining the product authority of a current login user according to the user login information; returning the product authority of the current login user to the API gateway to trigger the API gateway to forward a product interface calling request of the current login user to the service; receiving an interface authentication request sent by a business service, and identifying the product interface calling authority of the current login user according to the interface authentication request; the interface authentication request is obtained according to a product interface calling request forwarded by the API gateway; if the product interface calling authority passes the identification, returning an interface response instruction to the service; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product.
In one embodiment, the computer program when executed by the processor further performs the steps of: before the step of receiving user login information sent by the API gateway and determining the product permission of the current login user according to the user login information, the method further comprises: receiving a registration request of a tenant; the registration request comprises the product requested to be registered by the tenant and user information of a plurality of users; and registering the tenants according to the registration request, determining product permissions of the users under the products, and determining tokens corresponding to the product permissions.
In one embodiment, the computer program when executed by the processor further performs the steps of: after the step of determining the product permissions of the plurality of users under the products and determining the tokens corresponding to the product permissions, the method further includes: and storing the product authority into a pre-established authority database, and returning the token to the tenant so that the tenant distributes the token to a corresponding user.
In one embodiment, the computer program when executed by the processor further performs the steps of: the user login information comprises a token; the token has a validity time; before the step of determining the product authority of the current login user according to the user login information, the method further comprises the following steps: and judging whether the token is in the valid time.
In one embodiment, the computer program when executed by the processor further performs the steps of: the step of determining the product authority of the current login user according to the user login information comprises the following steps: and if the token is in the effective time, inquiring the product authority corresponding to the token in an authority database to obtain the product authority of the current login user.
In one embodiment, the computer program when executed by the processor further performs the steps of: a plurality of tenant IDs and user IDs are stored in the permission database; after the step of receiving user login information sent by the API gateway and determining the product permission of the current login user according to the user login information, the method further comprises the following steps: and if the current login user is determined to have the authority of using the corresponding product, distributing the tenant ID and the user ID for the current login user according to the tenant ID and the user ID stored in the authority database, and returning the distributed tenant ID and the user ID to the API gateway.
In one embodiment, the computer program when executed by the processor further performs the steps of: the interface authentication request is obtained according to a product interface calling request, a tenant ID and a user ID forwarded by the API gateway; the step of identifying the product interface calling authority of the current login user according to the interface authentication request comprises the following steps: according to the interface authentication request, identifying the corresponding tenant ID and the user ID; and if the corresponding tenant ID and the user ID pass the authentication, the product interface calls the authority authentication to pass, and the current login user has the authority to call the corresponding interface.
It will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by a computer program, which is stored in a computer readable storage medium and sold or used as a stand-alone product. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
The terms "comprises" and "comprising," and any variations thereof, of embodiments of the present invention are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or (module) elements is not limited to only those steps or elements but may alternatively include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-described examples merely represent several embodiments of the present invention and should not be construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A control method of interface calling authority is applied to unified authentication service, and comprises the following steps:
receiving user login information sent by an API gateway, and determining the product authority of a current login user according to the user login information;
returning the product authority of the current login user to the API gateway to trigger the API gateway to forward a product interface calling request of the current login user to the service; the interface comprises a login access interface and an authorized access interface;
receiving an interface authentication request sent by a business service when the interface called by the current login user is determined to be an authorized access interface, and identifying the product interface calling authority of the current login user according to the interface authentication request; the interface authentication request is obtained according to a product interface calling request forwarded by the API gateway;
if the product interface calling authority passes the identification, returning an interface response instruction to the service; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product;
the step of identifying the product interface calling authority of the current login user further comprises the following steps: if the business service determines that the interface called by the current login user is a login access interface, judging whether the interface authentication request corresponds to the tenant ID and the user ID, and if so, the user has the authority of calling the corresponding interface.
2. The method for controlling interface call authority according to claim 1, wherein before the step of receiving user login information sent by the API gateway and determining the product authority of the currently logged-in user according to the user login information, the method further comprises:
receiving a registration request of a tenant; the registration request comprises the product requested to be registered by the tenant and user information of a plurality of users;
and registering the tenants according to the registration request, determining product permissions of the users under the products, and determining tokens corresponding to the product permissions.
3. The method for controlling interface call authority according to claim 2, wherein after the step of determining the product authority of the plurality of users under each product and determining the token corresponding to each product authority, the method further comprises:
and storing the product authority into a pre-established authority database, and returning the token to the tenant so that the tenant distributes the token to a corresponding user.
4. The method for controlling interface call authority according to claim 3, wherein the user login information includes a token; the token has a validity time;
before the step of determining the product authority of the current login user according to the user login information, the method further comprises the following steps:
and judging whether the token is in the valid time.
5. The method for controlling interface invocation authority according to claim 4, wherein the step of determining the product authority of the currently logged-in user according to the user login information includes:
and if the token is in the effective time, inquiring the product authority corresponding to the token in an authority database to obtain the product authority of the current login user.
6. The method for controlling interface call authority according to claim 5, wherein the authority database stores therein a plurality of tenant IDs and user IDs;
after the step of receiving user login information sent by the API gateway and determining the product permission of the current login user according to the user login information, the method further comprises the following steps:
and if the current login user is determined to have the authority of using the corresponding product, distributing the tenant ID and the user ID for the current login user according to the tenant ID and the user ID stored in the authority database, and returning the distributed tenant ID and the user ID to the API gateway.
7. The method for controlling interface calling authority of claim 6, wherein the interface authentication request is obtained according to a product interface calling request, a tenant ID and a user ID forwarded by an API gateway;
the step of identifying the product interface calling authority of the current login user according to the interface authentication request comprises the following steps:
according to the interface authentication request, identifying the corresponding tenant ID and the user ID;
and if the corresponding tenant ID and the user ID pass the authentication, the product interface calls the authority authentication to pass, and the current login user has the authority to call the corresponding interface.
8. A control device of interface calling authority is applied to a unified authentication service, and comprises:
the product authentication module is used for receiving user login information sent by the API gateway and determining the product authority of the current login user according to the user login information;
the authority return module is used for returning the product authority of the current login user to the API gateway so as to trigger the API gateway to forward the product interface calling request of the current login user to the service; the interface comprises a login access interface and an authorized access interface;
the interface authentication module is used for receiving an interface authentication request sent by a business service when the interface called by the current login user is determined to be an authorized access interface, and identifying the product interface calling authority of the current login user according to the interface authentication request; the interface authentication request is obtained according to a product interface calling request forwarded by the API gateway;
the interface response module is used for returning an interface response instruction to the business service if the product interface calling authority passes the identification; the interface response instruction is used for triggering the business service to execute the function of the corresponding interface of the product;
the apparatus also includes means for performing the steps of: if the business service determines that the interface called by the current login user is a login access interface, judging whether the interface authentication request corresponds to the tenant ID and the user ID, and if so, the user has the authority of calling the corresponding interface.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 7 are implemented by the processor when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810698726.5A CN108924125B (en) | 2018-06-29 | 2018-06-29 | Control method and device of interface calling authority, computer equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810698726.5A CN108924125B (en) | 2018-06-29 | 2018-06-29 | Control method and device of interface calling authority, computer equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108924125A CN108924125A (en) | 2018-11-30 |
| CN108924125B true CN108924125B (en) | 2021-06-04 |
Family
ID=64424375
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810698726.5A Active CN108924125B (en) | 2018-06-29 | 2018-06-29 | Control method and device of interface calling authority, computer equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108924125B (en) |
Families Citing this family (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109871287A (en) * | 2018-12-15 | 2019-06-11 | 中国平安人寿保险股份有限公司 | Interface call method, device, computer installation and storage medium |
| CN110225039B (en) * | 2019-06-14 | 2021-10-26 | 华云数据控股集团有限公司 | Authority model obtaining method, authority authentication method, gateway, server and storage medium |
| CN110309636B (en) * | 2019-07-04 | 2022-11-25 | 创新先进技术有限公司 | Identity authentication method and system |
| CN110414252A (en) * | 2019-08-02 | 2019-11-05 | 湖南御家科技有限公司 | A kind of method for processing business, system and electronic equipment and storage medium |
| CN110457399A (en) * | 2019-08-19 | 2019-11-15 | 浪潮通用软件有限公司 | A kind of data permission distribution control method and system based on micro services framework |
| CN111163063B (en) * | 2019-12-12 | 2022-07-12 | 万翼科技有限公司 | Edge application management method and related product |
| CN111010396A (en) * | 2019-12-17 | 2020-04-14 | 紫光云(南京)数字技术有限公司 | Internet identity authentication management method |
| CN111092892A (en) * | 2019-12-20 | 2020-05-01 | 上海众源网络有限公司 | Authentication method, device, server and storage medium |
| CN110995450B (en) * | 2020-02-27 | 2020-06-23 | 中科星图股份有限公司 | Authentication and authorization method and system based on Kubernetes |
| CN111355743B (en) * | 2020-03-11 | 2021-07-06 | 成都卓杭网络科技股份有限公司 | Management method and system based on API gateway |
| CN111488598B (en) * | 2020-04-09 | 2023-04-07 | 腾讯科技(深圳)有限公司 | Access control method, device, computer equipment and storage medium |
| CN111818035B (en) * | 2020-07-01 | 2022-09-30 | 上海万物新生环保科技集团有限公司 | Permission verification method and device based on API gateway |
| CN111800426A (en) * | 2020-07-07 | 2020-10-20 | 腾讯科技(深圳)有限公司 | Method, device, equipment and medium for accessing native code interface in application program |
| CN112559976B (en) * | 2020-12-08 | 2024-03-19 | 广联达科技股份有限公司 | Product authorization method and system |
| CN113179243B (en) * | 2021-03-10 | 2022-11-18 | 中国人民财产保险股份有限公司 | Authentication method, device, equipment and storage medium for interface call |
| CN113472794B (en) * | 2021-07-05 | 2023-08-15 | 福州数据技术研究院有限公司 | Multi-application system authority unified management method based on micro-service and storage medium |
| CN115883394A (en) * | 2021-09-30 | 2023-03-31 | 华为技术有限公司 | Communication method and device for managing service |
| CN114928460A (en) * | 2022-02-14 | 2022-08-19 | 上海大学 | Multi-tenant application integration framework system based on micro-service architecture |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480354A (en) * | 2010-11-30 | 2012-05-30 | 北大方正集团有限公司 | Unified authentication service system and method for unified authentication |
| CN103078827B (en) * | 2011-10-25 | 2017-05-31 | 腾讯数码(天津)有限公司 | Open platform system and implementation method that third-party application is called |
| CN105187372B (en) * | 2015-06-09 | 2018-05-18 | 深圳市腾讯计算机***有限公司 | A kind of data processing method based on mobile application entrance, device and system |
| US9591000B2 (en) * | 2015-06-19 | 2017-03-07 | Oracle International Corporation | Methods, systems, and computer readable media for authorization frameworks for web-based applications |
| CN105635132B (en) * | 2015-12-24 | 2018-09-07 | 浪潮软件集团有限公司 | User authentication method and system |
-
2018
- 2018-06-29 CN CN201810698726.5A patent/CN108924125B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN108924125A (en) | 2018-11-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108924125B (en) | Control method and device of interface calling authority, computer equipment and storage medium | |
| EP3047626B1 (en) | Multiple resource servers with single, flexible, pluggable oauth server and oauth-protected restful oauth consent management service, and mobile application single sign on oauth service | |
| US9614855B2 (en) | System and method for implementing a secure web application entitlement service | |
| CN108881228B (en) | Cloud registration activation method, device, equipment and storage medium | |
| CN105991614B (en) | It is a kind of it is open authorization, resource access method and device, server | |
| US20120240211A1 (en) | Policy-based authentication | |
| CN111835789B (en) | Service authentication method, device, equipment, system and storage medium | |
| CN112953745B (en) | Service calling method, system, computer device and storage medium | |
| CN101562621A (en) | User authorization method and system and device thereof | |
| CN110247758B (en) | Password management method and device and password manager | |
| CN112765648B (en) | Document processing method, device, equipment and storage medium | |
| CN113014593B (en) | Access request authentication method and device, storage medium and electronic equipment | |
| CN113672896A (en) | Interface authority verification method, system, electronic device and storage medium | |
| CN112948802A (en) | Single sign-on method, device, equipment and storage medium | |
| CN114928460A (en) | Multi-tenant application integration framework system based on micro-service architecture | |
| CN113765655A (en) | Access control method, device, equipment and storage medium | |
| CN113489689B (en) | Authentication method and device for access request, storage medium and electronic equipment | |
| CN110198540B (en) | Portal authentication method and device | |
| CN111371811A (en) | Resource calling method, resource calling device, client and service server | |
| CN114268478B (en) | Calling request authentication method, device, equipment and medium of edge cloud platform | |
| CN115329297A (en) | Application mutual trust method, device, equipment and storage medium based on block chain | |
| CN115412294A (en) | Platform service-based access method and device, storage medium and electronic equipment | |
| CN116094814A (en) | VPN access method, device, electronic equipment and storage medium | |
| CN116208376A (en) | Single sign-on method and device, electronic equipment and storage medium | |
| CN113518091A (en) | Multi-user authentication method, device, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Room 1901, building 5, Shenzhen new generation industrial park, 136 Zhongkang Road, Meidu community, Meilin street, Futian District, Shenzhen, Guangdong 518000 Applicant after: Zhaoyin yunchuang Information Technology Co.,Ltd. Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.) Applicant before: MBCLOUD (SHENZHEN) INFORMATION TECHNOLOGY Co.,Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Control methods, devices, computer devices, and storage media for interface call permissions Effective date of registration: 20231117 Granted publication date: 20210604 Pledgee: Shenzhen Branch of China Merchants Bank Co.,Ltd. Pledgor: Zhaoyin yunchuang Information Technology Co.,Ltd. Registration number: Y2023980065913 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |