CN111092892A - Authentication method, device, server and storage medium - Google Patents

Authentication method, device, server and storage medium Download PDF

Info

Publication number
CN111092892A
CN111092892A CN201911330700.6A CN201911330700A CN111092892A CN 111092892 A CN111092892 A CN 111092892A CN 201911330700 A CN201911330700 A CN 201911330700A CN 111092892 A CN111092892 A CN 111092892A
Authority
CN
China
Prior art keywords
resource
identity
processor
authority
resource processor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911330700.6A
Other languages
Chinese (zh)
Inventor
张大虎
周正
王平
段光磊
赫振军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Zhongyuan Network Co ltd
Original Assignee
Shanghai Zhongyuan Network Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Zhongyuan Network Co ltd filed Critical Shanghai Zhongyuan Network Co ltd
Priority to CN201911330700.6A priority Critical patent/CN111092892A/en
Publication of CN111092892A publication Critical patent/CN111092892A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • H04L67/5682Policies or rules for updating, deleting or replacing the stored data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides an authentication method, an authentication device, a server and a storage medium, wherein the method comprises the following steps: when a resource processor requests to process internet resources, acquiring an identity of the resource processor, and judging whether the identity of the resource processor is stored at a preset position; if the identity of the resource processor is stored in a preset position, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity, wherein the authority owned by the resource processor with the identity stored in the preset position is stored in the local cache; and verifying whether the resource processor is authorized to process the internet resource according to the owned authority. Therefore, the permission owned by the resource processor can be obtained from the local cache in a targeted manner, and the cache utilization rate and the cache hit rate can be improved.

Description

Authentication method, device, server and storage medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an authentication method, an authentication device, a server, and a storage medium.
Background
With the development of internet, computers and application programs, various internet resources (e.g. drama, cartoon and education) are appeared, and a resource processor can process internet resources in the internet through the application program in the computer, but can not process the internet resources at will as long as the computer is accessed to the internet, in other words, for a certain internet resource, there is no right to process as long as the computer is accessed to the internet, and this appears an authentication mechanism, which refers to verifying (identifying) whether the resource processor has the right of the internet resource. When the resource processor requests to process the internet resource, the authentication interface is called to obtain the authority owned by the resource processor, so as to determine whether the resource processor has the authority to process the internet resource.
In the related technology, in order to reduce the response time of calling the authentication interface and improve the friendliness of a resource processor in processing internet resources, when an active resource processor processes internet resources for the first time, the authentication interface is called to acquire all the permissions owned by the active resource processor and is stored in a cache, so that when the active resource processor processes other internet resources subsequently, the authentication interface is called to acquire the permissions owned by the active resource processor from the cache, and thus whether the active resource processor has the right to process other internet resources is determined.
However, for the inactive resource handler, the situation of processing the internet resource for the first time may also be encountered, the authentication interface needs to be invoked to obtain all the permissions owned by the inactive resource handler and store the permissions in the cache, but the probability of processing other internet resources by the subsequent inactive resource handler is low, which further results in low probability of invoking the authentication interface to obtain the permissions owned by the inactive resource handler from the cache, and low cache utilization and cache hit rate.
Disclosure of Invention
Embodiments of the present invention provide an authentication method, an authentication device, a server, and a storage medium, so as to improve a cache utilization rate and a cache hit rate. The specific technical scheme is as follows:
in a first aspect of the present invention, there is provided an authentication method, including:
when a resource processor requests to process internet resources, acquiring an identity of the resource processor, and judging whether the identity of the resource processor is stored at a preset position;
if the identity of the resource processor is stored in a preset position, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity, wherein the authority owned by the resource processor with the identity stored in the preset position is stored in the local cache;
and verifying whether the resource processor is authorized to process the internet resource according to the owned authority.
In an optional implementation manner of the embodiment of the present invention, the determining whether the identity of the resource handler is stored in a preset location includes:
acquiring a preset resource processor list, wherein the resource processor list records the identity of a resource processor;
judging whether the identity of the resource processor is matched with the identity in the resource processor list or not;
if the identity of the resource processor is stored in a preset position, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity, wherein the authority includes:
if the identity of the resource processor is matched with the identity in the resource processor list, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity.
In an optional implementation manner of the embodiment of the present invention, the invoking the authentication interface obtains the right owned by the resource handler from a local cache according to the identity, including:
determining the current time and the updating time corresponding to the authority owned by the resource processor;
judging whether the time difference between the current time and the updating time is greater than a preset time difference threshold value or not;
and if the time difference between the current time and the updating time is not greater than a preset time difference threshold value, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity.
In an optional implementation of the embodiment of the present invention, the method further comprises:
if the time difference between the current time and the updating time is larger than a preset time difference threshold value, calling a target authority interface corresponding to the internet resource, and summarizing the authority owned by the resource processor aiming at the internet resource to update to a local cache.
In an optional implementation manner of the embodiment of the present invention, the invoking a target permission interface corresponding to the internet resource, and summarizing permission possessed by the resource handler for the internet resource to update to a local cache includes:
calling a target authority interface corresponding to the internet resource, and summarizing the authority of the resource processor for the internet resource;
verifying whether the resource processor is authorized to process the Internet resources according to the summarized authority of the resource processor for the Internet resources;
and if the resource processor has the right to process the Internet resources, updating the summarized right of the resource processor for the Internet resources to a local cache.
In an optional implementation of the embodiment of the present invention, the method further comprises:
and if the resource processor does not have the right to process the Internet resources, the identity of the resource processor is removed from the resource processor list.
In an optional implementation of the embodiment of the present invention, the method further comprises:
if the identity of the resource processor is not matched with the identity in the resource processor list, calling a target authority interface corresponding to the internet resource, and summarizing the authority owned by the resource processor for the internet resource;
verifying whether the resource processor is authorized to process the Internet resources according to the summarized authority of the resource processor for the Internet resources;
and if the resource processor is authorized to process the Internet resources, adding the identity of the resource processor to the resource processor list, and storing the summarized authority of the resource processor for the Internet resources in a local cache.
In a second aspect of the present invention, there is also provided an authentication apparatus, comprising:
the identification acquisition module is used for acquiring the identification of the resource processor when the resource processor requests to process the internet resource;
the identification judgment module is used for judging whether the identity identification of the resource processing party is stored in a preset position;
the authority acquiring module is used for calling an authentication interface to acquire the authority owned by the resource processing party from a local cache according to the identity if the identity of the resource processing party is stored in a preset position, wherein the authority owned by the resource processing party with the identity stored in the preset position is stored in the local cache;
and the authority verification module is used for verifying whether the resource processor is authorized to process the internet resources according to the owned authority.
In a third aspect of the present invention, there is also provided a server, including a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing any one of the authentication methods when executing the program stored in the memory.
In a fourth aspect of the present invention, there is also provided a storage medium having stored therein instructions that, when run on a computer, cause the computer to perform any of the authentication methods described above.
In a fifth aspect of the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform any of the authentication methods described above.
According to the technical scheme provided by the embodiment of the invention, the resource processing parties are distinguished by judging whether the identity of the resource processing party is stored at the preset position, if the identity of the resource processing party is stored at the preset position, the authentication interface can be called to acquire the authority owned by the resource processing party from the local cache according to the identity of the resource processing party, and whether the resource processing party has the authority to process the internet resource is verified according to the owned authority, so that the authority owned by the resource processing party is acquired from the local cache in a targeted manner, and the cache utilization rate and the cache hit rate can be improved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a schematic flow chart illustrating an implementation of an authentication method according to an embodiment of the present invention;
fig. 2 is a schematic flow chart illustrating another implementation of the authentication method according to the embodiment of the present invention;
FIG. 3 is a diagram illustrating a resource handler list in an embodiment of the invention;
fig. 4 is a schematic structural diagram of an authentication apparatus shown in an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a server shown in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
As shown in fig. 1, a schematic view of an implementation flow of an authentication method provided in an embodiment of the present invention is provided, where the method specifically includes the following steps:
s101, when a resource processor requests to process Internet resources, acquiring an identity of the resource processor, and judging whether the identity of the resource processor is stored at a preset position;
in the embodiment of the present invention, as for the resource handler, at least one of the following may be used: active users, inactive users. Of course, the resource processing party may also be other websites, players, and the like, which is not limited in the embodiment of the present invention.
For example, the resource handlers may be active users and inactive users, the active users may be users with the arcade account, and the inactive users may be users without the arcade account.
In the embodiment of the present invention, the internet processing resource may be various types of resources such as a drama, a child, an animation, and education, which is not limited in the embodiment of the present invention. For example, the internet resource may be various types of resources such as a drama, a child, an animation, education, etc. in the romantic art.
When a resource processor requests to process an internet resource, the embodiment of the invention acquires the identity of the resource processor on one hand and judges whether the identity of the resource processor is stored in a preset position on the other hand.
For the resource processing party requesting to process the internet resource, in the embodiment of the present invention, the resource processing party may request to access the internet resource, the resource processing party may request to edit the internet resource, the resource processing party may request to download the internet resource, and the like, which is not limited in the embodiment of the present invention.
Wherein, the identity of the resource handler is obtained, and the optional implementation manner is as follows: and extracting the identity of the resource processor from the processing request sent by the resource processor. In the embodiment of the present invention, the identity may be a UID (User Identification), a name of a resource handler, or the like, which is not limited in the embodiment of the present invention.
In addition, the resource processing party is distinguished, that is, whether the identity of the resource processing party is stored in a preset position is judged, so that the authority owned by the resource processing party is acquired from a local cache in a subsequent step.
S102, if the identity of the resource processor is stored in a preset position, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity, wherein the authority owned by the resource processor with the identity stored in the preset position is stored in the local cache;
and according to the judgment result in the step, if the identity of the resource processing party is stored in a preset position, further calling an authentication interface to acquire the authority owned by the resource processing party from a local cache according to the identity.
In the embodiment of the present invention, the owned permissions may be access permissions, editing permissions, downloading permissions, browsing permissions, and the like, which are not limited in the embodiment of the present invention.
For example, for the UID of the resource handler, if the UID of the resource handler is stored in a preset location, the authentication interface may be invoked to obtain the rights (access rights, editing rights, downloading rights, browsing rights) owned by the resource handler from the local cache according to the UID of the resource handler.
In the embodiment of the invention, the local cache stores the authority owned by the resource processing party of which the identity is stored at the preset position, the authority owned by the resource processing party of which the identity is not stored at the preset position is not stored in the local cache, the resource processing parties are distinguished, if the identity of the resource processing party is stored at the preset position, the authentication interface can be called to acquire the authority owned by the resource processing party from the local cache according to the identity of the resource processing party, so that the authority owned by the resource processing party is acquired from the local cache in a targeted manner, and the cache utilization rate and the cache hit rate can be improved.
S103, verifying whether the resource processor is authorized to process the Internet resources according to the owned authority.
And aiming at the acquired authority owned by the resource processing party, performing authentication according to the authority owned by the resource processing party, namely verifying whether the resource processing party is authorized to process the internet resources according to the owned authority.
For example, invoking the authentication interface to obtain the right owned by the resource handler from the local cache according to the identity of the resource handler includes: the user requests to edit the internet resource, and verifies that the resource processor is authorized to edit the internet resource according to the acquired authority (access authority, editing authority, downloading authority, browsing authority).
Through the above description of the technical solution provided by the embodiment of the present invention, the resource processing parties are distinguished by determining whether the identity of the resource processing party is stored in the preset position, and if the identity of the resource processing party is stored in the preset position, the authentication interface can be invoked to obtain the right owned by the resource processing party from the local cache according to the identity of the resource processing party, and verify whether the resource processing party has the right to process the internet resource according to the right owned by the resource processing party, so that the right owned by the resource processing party is obtained from the local cache in a targeted manner, and the cache utilization rate and the cache hit rate can be improved.
As shown in fig. 2, a schematic view of an implementation flow of another authentication method provided in the embodiment of the present invention, the method may specifically include the following steps:
s201, when a resource processor requests to process Internet resources, acquiring an identity of the resource processor;
in the embodiment of the present invention, this step is similar to the step S101, and the details of the embodiment of the present invention are not repeated herein.
S202, acquiring a preset resource processing party list, wherein the resource processing party list records the identity of a resource processing party;
in the embodiment of the present invention, in order to distinguish the resource processing parties and facilitate subsequent different processing for different resource processing parties, a resource processing party list or a resource processing party queue is preset, which is not limited in the embodiment of the present invention.
The resource processing party list records the identity of the resource processing party, and if the identity of the resource processing party is in the resource processing party list, it indicates that the right owned by the resource processing party can be acquired from the local cache subsequently. Therefore, whether the authority owned by the resource processor exists in the local cache is judged in advance through the resource processor list, the response time for calling the authentication interface can be shortened, and the friendliness of the resource processor in processing internet resources is improved.
Fig. 3 is a resource handler list shown in the embodiment of the present invention, in which UIDs corresponding to active user a, active user B, active user C, and active user D are recorded in the resource handler list.
In the embodiment of the present invention, in order to determine whether the identifier of the resource handler is stored in the preset location, the resource handler list needs to be obtained, so as to determine whether the identifier of the resource handler is stored in the preset location according to the resource handler list.
In addition, in order to further reduce the response time of calling the authentication interface and improve the friendliness of the resource processing party in processing internet resources, the resource processing party list can be stored locally in advance, the resource processing party list is acquired locally and stored in the cache, and the resource processing party list is acquired from the local cache when the resource processing party list is actually used.
S203, judging whether the identity of the resource processor is matched with the identity in the resource processor list;
and judging whether the identity of the resource processing party is matched with the identity in the resource processing party list or not according to the acquired identity of the resource processing party and the resource processing party list.
For example, the id UID of the resource handler includes 123, and the id UIDs in the resource handler list include 123, 122, 133, 456, and it is determined that the id UID (123) of the resource handler matches the id UID (123) in the resource handler list.
S204, if the identity of the resource processor is matched with the identity in the resource processor list, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity;
as for the judgment result in the above step, if the identity of the resource handler matches with the identity in the resource handler list, it means that the right owned by the resource handler can be obtained from the local cache, that is, the right owned by the resource handler is obtained from the local cache by calling the authentication interface according to the identity.
In the embodiment of the invention, the valid time is set for the authority owned by the resource processing party in the local cache, and if the authority owned by the resource processing party in the local cache does not exceed the valid time, the authentication interface is directly called to acquire the authority owned by the resource processing party from the local cache according to the identity.
Therefore, in the embodiment of the invention, the current time and the updating time corresponding to the authority owned by the resource processing party in the local cache are determined, whether the time difference between the current time and the updating time is greater than a preset time difference threshold value or not is judged, and if the time difference between the current time and the updating time is not greater than the preset time difference threshold value, the authentication interface is called to acquire the authority owned by the resource processing party from the local cache according to the identity.
For example, for the authority owned by the resource processing party in the local cache, the latest update time is 10:04, the current time is 10:00, the time difference between the current time and the update time is 4, the preset time difference threshold is 5, the time difference between the current time and the update time is not greater than the preset time difference threshold, and the authentication interface is called to acquire the authority owned by the resource processing party from the local cache according to the identity.
If the time difference between the current time and the updating time is larger than a preset time difference threshold value, calling a target authority interface corresponding to the internet resource, and summarizing the authority owned by the resource processor aiming at the internet resource to update to a local cache. In the embodiment of the invention, the target authority interface can be used for acquiring the authority of the resource processing party for the internet resource. For example, the target permission interface may be a third party permission interface such as netbook, drama, children, CP, jade, etc.
After a target authority interface corresponding to the internet resource is called, the resource processing party updates the authority owned by the internet resource to a local cache, the current time and the updating time corresponding to the authority owned by the resource processing party in the local cache are determined, whether the time difference between the current time and the updating time is greater than a preset time difference threshold value or not is judged, and the time difference between the current time and the updating time is not greater than the preset time difference threshold value due to the updating operation, at the moment, the authority interface can be called to acquire the authority owned by the resource processing party from the local cache according to the identity, so that whether the resource processing party has the authority to process the internet resource or not is verified according to the owned authority.
In addition, in the embodiment of the present invention, when the authority owned by the resource handler in the local cache exceeds the valid time, a target authority interface corresponding to the internet resource is called, the authority owned by the resource handler for the internet resource is summarized, whether the resource handler is authorized to handle the internet resource is verified according to the summarized authority owned by the resource handler for the internet resource, if the resource handler is authorized to handle the internet resource, the summarized authority owned by the resource handler for the internet resource is updated to the local cache, and if the resource handler is not authorized to handle the internet resource, the identity of the resource handler is removed from the resource handler list, and the resource handler is prohibited from handling the internet resource.
Furthermore, as for the judgment result in the step S203, if the identity of the resource handler is not matched with the identity in the resource handler list, a target permission interface corresponding to the internet resource is called, the permission of the resource handler for the internet resource is summarized, and whether the resource handler is authorized to process the internet resource is verified according to the summarized permission of the resource handler for the internet resource; and if the resource processor is authorized to process the Internet resources, adding the identity of the resource processor to the resource processor list, and storing the summarized authority of the resource processor for the Internet resources in a local cache.
For example, the id UID of the resource handler includes 789, the id UID (123, 122, 133, 456) in the resource handler list does not match with the id UID (123, 122, 133, 456) in the resource handler list, a target permission interface corresponding to the internet resource is called, the permissions possessed by the resource handler for the internet resource are summarized, whether the resource handler has the right to process the internet resource is verified according to the summarized permissions possessed by the resource handler for the internet resource, if the resource handler has the right to process the internet resource, the id of the resource handler is added to the resource handler list (updated for the resource handler list), and the summarized permissions possessed by the resource handler for the internet resource are stored in a local cache (updated for the local cache) The rights owned by the middle resource handler are updated).
S205, verifying whether the resource processor is authorized to process the Internet resources according to the owned authority.
In the embodiment of the present invention, this step is similar to the step S103, and the details of the embodiment of the present invention are not repeated herein.
The embodiment of the invention judges whether the identity of the resource processing party is stored in the preset position, distinguishes the resource processing party, if the identity of the resource processing party is stored in the preset position, the authentication interface can be called to obtain the authority owned by the resource processing party from the local cache according to the identity of the resource processing party, and verifies whether the resource processing party has the authority to process the internet resource according to the owned authority, so that the authority owned by the resource processing party is obtained from the local cache in a targeted manner, the cache utilization rate and the cache hit rate can be improved, and in addition, the authentication efficiency can be further improved.
Corresponding to the above method embodiment, an embodiment of the present invention further provides an authentication apparatus, as shown in fig. 4, the apparatus may include: an identity acquisition module 410, an identity judgment module 420, a permission acquisition module 430, and a permission verification module 440.
An identifier obtaining module 410, configured to obtain an identifier of a resource handler when the resource handler requests to process an internet resource;
an identifier determining module 420, configured to determine whether the identity identifier of the resource handler is stored in a preset location;
an authority obtaining module 430, configured to, if the identity of the resource handler is stored in a preset location, invoke an authentication interface to obtain, according to the identity, an authority owned by the resource handler from a local cache, where the authority owned by the resource handler whose identity is stored in the preset location is stored in the local cache;
and the authority verification module 440 is configured to verify whether the resource handler has the right to process the internet resource according to the owned authority.
In a specific implementation manner of the embodiment of the present invention, the identifier determining module 420 is specifically configured to:
acquiring a preset resource processor list, wherein the resource processor list records the identity of a resource processor;
judging whether the identity of the resource processor is matched with the identity in the resource processor list or not;
the right obtaining module 430 is specifically configured to:
if the identity of the resource processor is matched with the identity in the resource processor list, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity.
In a specific implementation manner of the embodiment of the present invention, the right obtaining module 430 is further configured to:
determining the current time and the updating time corresponding to the authority owned by the resource processor;
judging whether the time difference between the current time and the updating time is greater than a preset time difference threshold value or not;
and if the time difference between the current time and the updating time is not greater than a preset time difference threshold value, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity.
In a specific implementation manner of the embodiment of the present invention, the apparatus further includes:
and an authority summarizing module 450, configured to, if a time difference between the current time and the update time is greater than a preset time difference threshold, call a target authority interface corresponding to the internet resource, and summarize the authority owned by the resource handler for the internet resource and update the authority to a local cache.
In a specific implementation manner of the embodiment of the present invention, the permission collection module 450 is specifically configured to:
calling a target authority interface corresponding to the internet resource, and summarizing the authority of the resource processor for the internet resource;
verifying whether the resource processor is authorized to process the Internet resources according to the summarized authority of the resource processor for the Internet resources;
and if the resource processor has the right to process the Internet resources, updating the summarized right of the resource processor for the Internet resources to a local cache.
In a specific implementation manner of the embodiment of the present invention, the apparatus further includes:
an identifier removing module 460, configured to remove the identifier of the resource handler from the resource handler list if the resource handler does not have the right to handle the internet resource.
In a specific implementation manner of the embodiment of the present invention, the apparatus further includes:
an identifier adding module 470, configured to, if the identifier of the resource handler is not matched with the identifier in the resource handler list, invoke a target permission interface corresponding to the internet resource, and summarize the permission owned by the resource handler for the internet resource;
verifying whether the resource processor is authorized to process the Internet resources according to the summarized authority of the resource processor for the Internet resources;
and if the resource processor is authorized to process the Internet resources, adding the identity of the resource processor to the resource processor list, and storing the summarized authority of the resource processor for the Internet resources in a local cache.
The embodiment of the present invention further provides a server, as shown in fig. 5, including a processor 51, a communication interface 52, a memory 53 and a communication bus 54, where the processor 51, the communication interface 52, and the memory 53 complete mutual communication through the communication bus 54,
a memory 53 for storing a computer program;
the processor 51 is configured to implement the following steps when executing the program stored in the memory 53:
when a resource processor requests to process internet resources, acquiring an identity of the resource processor, and judging whether the identity of the resource processor is stored at a preset position;
if the identity of the resource processor is stored in a preset position, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity, wherein the authority owned by the resource processor with the identity stored in the preset position is stored in the local cache;
and verifying whether the resource processor is authorized to process the internet resource according to the owned authority.
The communication bus mentioned in the above server may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the server and other devices.
The Memory may include a Random Access Memory (RAM) or a non-volatile Memory (non-volatile Memory), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, and includes a Central Processing Unit (CPU), a Network Processor (NP), and the like; the device can also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, a discrete Gate or transistor logic device, or a discrete hardware component.
In yet another embodiment of the present invention, a storage medium is further provided, which stores instructions that, when executed on a computer, cause the computer to perform the authentication method described in any of the above embodiments.
In a further embodiment provided by the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the authentication method described in any of the above embodiments.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a storage medium or transmitted from one storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optics, digital resource processor (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The storage medium may be any available medium that can be accessed by a computer or a data storage device including one or more available media integrated servers, data centers, and the like. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (10)

1. A method of authentication, the method comprising:
when a resource processor requests to process internet resources, acquiring an identity of the resource processor, and judging whether the identity of the resource processor is stored at a preset position;
if the identity of the resource processor is stored in a preset position, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity, wherein the authority owned by the resource processor with the identity stored in the preset position is stored in the local cache;
and verifying whether the resource processor is authorized to process the internet resource according to the owned authority.
2. The method of claim 1, wherein the determining whether the identity of the resource handler is stored in a predetermined location comprises:
acquiring a preset resource processor list, wherein the resource processor list records the identity of a resource processor;
judging whether the identity of the resource processor is matched with the identity in the resource processor list or not;
if the identity of the resource processor is stored in a preset position, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity, wherein the authority includes:
if the identity of the resource processor is matched with the identity in the resource processor list, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity.
3. The method of claim 2, wherein the invoking authentication interface obtains the right owned by the resource handler from a local cache according to the identity, comprising:
determining the current time and the updating time corresponding to the authority owned by the resource processor;
judging whether the time difference between the current time and the updating time is greater than a preset time difference threshold value or not;
and if the time difference between the current time and the updating time is not greater than a preset time difference threshold value, calling an authentication interface to acquire the authority owned by the resource processor from a local cache according to the identity.
4. The method of claim 3, further comprising:
if the time difference between the current time and the updating time is larger than a preset time difference threshold value, calling a target authority interface corresponding to the internet resource, and summarizing the authority owned by the resource processor aiming at the internet resource to update to a local cache.
5. The method of claim 4, wherein the invoking of the target permission interface corresponding to the internet resource, and the summarizing of the permission owned by the resource handler for the internet resource to a local cache, comprises:
calling a target authority interface corresponding to the internet resource, and summarizing the authority of the resource processor for the internet resource;
verifying whether the resource processor is authorized to process the Internet resources according to the summarized authority of the resource processor for the Internet resources;
and if the resource processor has the right to process the Internet resources, updating the summarized right of the resource processor for the Internet resources to a local cache.
6. The method of claim 5, further comprising:
and if the resource processor does not have the right to process the Internet resources, the identity of the resource processor is removed from the resource processor list.
7. The method of claim 2, further comprising:
if the identity of the resource processor is not matched with the identity in the resource processor list, calling a target authority interface corresponding to the internet resource, and summarizing the authority owned by the resource processor for the internet resource;
verifying whether the resource processor is authorized to process the Internet resources according to the summarized authority of the resource processor for the Internet resources;
and if the resource processor is authorized to process the Internet resources, adding the identity of the resource processor to the resource processor list, and storing the summarized authority of the resource processor for the Internet resources in a local cache.
8. An authentication apparatus, characterized in that the apparatus comprises:
the identification acquisition module is used for acquiring the identification of the resource processor when the resource processor requests to process the internet resource;
the identification judgment module is used for judging whether the identity identification of the resource processing party is stored in a preset position;
the authority acquiring module is used for calling an authentication interface to acquire the authority owned by the resource processing party from a local cache according to the identity if the identity of the resource processing party is stored in a preset position, wherein the authority owned by the resource processing party with the identity stored in the preset position is stored in the local cache;
and the authority verification module is used for verifying whether the resource processor is authorized to process the internet resources according to the owned authority.
9. A server is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing the communication between the processor and the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1 to 7 when executing a program stored in the memory.
10. A storage medium on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 7.
CN201911330700.6A 2019-12-20 2019-12-20 Authentication method, device, server and storage medium Pending CN111092892A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911330700.6A CN111092892A (en) 2019-12-20 2019-12-20 Authentication method, device, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911330700.6A CN111092892A (en) 2019-12-20 2019-12-20 Authentication method, device, server and storage medium

Publications (1)

Publication Number Publication Date
CN111092892A true CN111092892A (en) 2020-05-01

Family

ID=70396584

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911330700.6A Pending CN111092892A (en) 2019-12-20 2019-12-20 Authentication method, device, server and storage medium

Country Status (1)

Country Link
CN (1) CN111092892A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024114211A1 (en) * 2022-12-02 2024-06-06 Oppo广东移动通信有限公司 Permissions management method and related product

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060117010A1 (en) * 2004-11-29 2006-06-01 Nokia Corporation Access rights
CN106612250A (en) * 2015-10-21 2017-05-03 腾讯科技(深圳)有限公司 Resource utilization authority judgment system and method
CN107657155A (en) * 2016-07-26 2018-02-02 北京京东尚科信息技术有限公司 Method and apparatus for identifying user's operating right
CN108924125A (en) * 2018-06-29 2018-11-30 招银云创(深圳)信息技术有限公司 Control method, device, computer equipment and the storage medium of interface calling permission
CN110062006A (en) * 2019-05-08 2019-07-26 福州福昕网络技术有限责任公司 A kind of client high concurrent method for authenticating and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060117010A1 (en) * 2004-11-29 2006-06-01 Nokia Corporation Access rights
CN106612250A (en) * 2015-10-21 2017-05-03 腾讯科技(深圳)有限公司 Resource utilization authority judgment system and method
CN107657155A (en) * 2016-07-26 2018-02-02 北京京东尚科信息技术有限公司 Method and apparatus for identifying user's operating right
CN108924125A (en) * 2018-06-29 2018-11-30 招银云创(深圳)信息技术有限公司 Control method, device, computer equipment and the storage medium of interface calling permission
CN110062006A (en) * 2019-05-08 2019-07-26 福州福昕网络技术有限责任公司 A kind of client high concurrent method for authenticating and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024114211A1 (en) * 2022-12-02 2024-06-06 Oppo广东移动通信有限公司 Permissions management method and related product

Similar Documents

Publication Publication Date Title
US10419425B2 (en) Method, device, and system for access control of a cloud hosting service
US9491182B2 (en) Methods and systems for secure internet access and services
EP3345087B1 (en) Method, device, and system for access control of a cloud hosting service
CN108897628B (en) Method and device for realizing distributed lock and electronic equipment
TWI706262B (en) Account login method, equipment and server
WO2017076193A1 (en) Method and apparatus for processing request from client
JP6533871B2 (en) System and method for controlling sign-on to web applications
CN109937564B (en) Method and apparatus for detecting fraudulent account usage in a distributed computing system
CN110888838B (en) Request processing method, device, equipment and storage medium based on object storage
US20160072818A1 (en) Using a URI Whitelist
JP2009151751A (en) Method and system for creating and updating approved-file and trusted-domain database
CN109213604B (en) Data source management method and device
TW201510761A (en) Method and apparatus of downloading and installing a client
US20100037301A1 (en) Management of user authentication
US9665732B2 (en) Secure Download from internet marketplace
CN112291258A (en) Gateway risk control method and device
CN111294337B (en) Authentication method and device based on token
TW201743237A (en) Method and device for preventing server from being attacked
KR101977428B1 (en) Content handling for applications
CN111092892A (en) Authentication method, device, server and storage medium
CN109995863B (en) Dynamic resource downloading method and device, electronic equipment and storage medium
JP7445017B2 (en) Mobile application forgery/alteration detection method using user identifier and signature collection, computer program, computer readable recording medium, and computer device
CN107085681B (en) Robust computing device identification framework
JP5357927B2 (en) COMMUNICATION DEVICE, DATA ACCESS METHOD, AND DATA ACCESS PROGRAM
KR101285729B1 (en) System and method for securing databse

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200501