CN111814186A - Menu authority access control method of intelligent equipment operation platform - Google Patents

Menu authority access control method of intelligent equipment operation platform Download PDF

Info

Publication number
CN111814186A
CN111814186A CN202010668945.6A CN202010668945A CN111814186A CN 111814186 A CN111814186 A CN 111814186A CN 202010668945 A CN202010668945 A CN 202010668945A CN 111814186 A CN111814186 A CN 111814186A
Authority
CN
China
Prior art keywords
information
server
token
request
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010668945.6A
Other languages
Chinese (zh)
Other versions
CN111814186B (en
Inventor
鲜青林
邓文科
林桓
彭一亮
黄睿葱
宋舰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Hongmagic Cube Network Technology Co ltd
Original Assignee
Sichuan Hongmagic Cube Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Hongmagic Cube Network Technology Co ltd filed Critical Sichuan Hongmagic Cube Network Technology Co ltd
Priority to CN202010668945.6A priority Critical patent/CN111814186B/en
Publication of CN111814186A publication Critical patent/CN111814186A/en
Application granted granted Critical
Publication of CN111814186B publication Critical patent/CN111814186B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a menu authority access control method of an intelligent device operation platform, which comprises the following steps: creating a database table for storing user information and authority information; a client logs in a server through an HTTP/HTTPS encryption request, and inquires authority information under a user in a database table; the server packages the acquired user information, packages the authority information and the interface information of the user into a token when packaging the user information, returns the encrypted authority information of the server to the client, transmits the token to the server by the client request service interface, and is used for verifying the request validity and session maintenance of the user; the client accesses the service interface, an encryption parameter is symmetrically encrypted by packaging the service interface and is transmitted to the server, and the server verifies the encryption parameter so as to ensure that the interface is not requested to be forged. The invention improves the checking efficiency.

Description

Menu authority access control method of intelligent equipment operation platform
Technical Field
The invention relates to the technical field of computer network communication, in particular to a menu authority access control method of an intelligent device operation platform.
Background
The smart television operation platform needs to include an operation service management background, and the management background generally provides platform management functions such as operation configuration data issuing, administrator role distinguishing, account numbers and passwords for the terminal. Generally, user permissions are distinguished and background user function menus are configured according to different user roles. The problems of authority validity and efficiency of interface request verification, user application and authority configuration flexibility and the like are solved in the software research and development process.
Disclosure of Invention
In order to solve the problems in the prior art, the invention aims to provide a menu authority access control method of an intelligent device operation platform, and the invention improves the verification efficiency.
In order to achieve the purpose, the invention adopts the technical scheme that: a menu authority access control method of an intelligent device operation platform comprises the following steps:
step S100, creating a database table for storing user information and authority information;
s200, a client requests to log in a server through HTTP/HTTPS encryption, and rights information under a user in a database table is inquired;
step S300, the server packages the acquired user information, packages the authority information and the interface information of the user into a token when packaging the user information, returns the encrypted authority information of the server to the client, transmits the token to the server by the client request service interface, and is used for verifying the request validity and session maintenance of the user;
step S400, the client accesses the service interface, an encryption parameter is symmetrically packaged and encrypted on the service interface and is transmitted to the server, and the server verifies the encryption parameter so as to ensure that the interface is not forged.
In a preferred embodiment, in step S300, the server packages the acquired user information through JSON WEB Token.
As another preferred embodiment, in step S100, the database table includes a user information table, a menu information table, a role information table, an association table of user information and role information, and an association table of menu information and role information of the login system; and the menu information table stores the page path accessed by the front end.
As another preferred embodiment, step S300 specifically includes:
and returning the Token information which is successfully logged in and packaged to the access client, storing the Token information into a client request session, and bringing the Token to the server through authorization ion of an HTTP/HTTPS request header for each request access.
As another preferred embodiment, step S400 specifically includes the following steps:
step 410, when the front end opens the page and requests the service interface, the front end appoints a secret key with the server, and a parameter K of the encrypted current request address is generated through a symmetric encryption algorithm;
step 420, obtaining a parameter K of the HTTP/HTTPS request at the server, decrypting the parameter K to obtain a current page access path, comparing the current page access path with an access path in an HTTP/HTTPS request header, verifying the validity of the parameter K, and if the current page access path and the access path are consistent, indicating that the parameter K is legal under the request address;
step 430, the server develops an interceptor, intercepts all interface information for performing permission access verification, acquires Token information in the request in the interceptor, firstly verifies the validity and legality of Token, then acquires a page path needing to store front-end access in a menu information table packaged in Token and compares the page path with a path decrypted in an HTTP/HTTPS request parameter K, if the Token contains the decrypted parameter K, the Token is an effective access, and verifies the request for performing effective access.
As another preferred embodiment, the smart device is a smart television.
The invention has the beneficial effects that:
in the invention, under the conditions of registering users, expanding menus and flexibly configuring menu authorities of the users, the frequent reading, inquiring and checking of the database and the submitting and checking efficiency are reduced; and preventing the Token parameter with low authority from being used for calling the interface with the page interface access authority which the Token does not have.
Drawings
FIG. 1 is a block diagram of a verification process in an embodiment of the invention;
fig. 2 is a block diagram of a flow of right access verification in an embodiment of the present invention.
Detailed Description
Embodiments of the present invention will be described in detail below with reference to the accompanying drawings.
Examples
As shown in fig. 1 and fig. 2, a menu authority access control method for an intelligent device operation platform includes the following steps:
step 1: creating five database tables which are respectively used for storing and logging in a user information table of a system, a menu information table (a page path needing to be stored for front end access in the menu information table), a role information table, an incidence relation table of user information and role information, and an incidence relation table of menu information and role information, wherein the table structure can flexibly and efficiently configure the relation of users, roles and menus;
step 2: and the user inputs a correct user name and a correct password to call the login interface for verification, and after the verification is passed. The server obtains user information and menu authority information under the user through JWT (JSON Web token) tool encapsulation, and the menu authority information comprises a page path needing to be stored with front-end access in the menu list information, so that the query access times of the user to the database are reduced, and the service processing efficiency is improved;
and step 3: returning the Token information which is successfully logged in and packaged to the access client, storing the Token information into a client request session, and bringing the Token to the server through authorization ion of an HTTP/HTTPS request header in each request access;
and 4, step 4: when a page is opened at the front end and a service interface is requested, a secret key needs to be agreed with a server, and an encrypted parameter K of the current request address is generated through a symmetric encryption algorithm;
and 5: acquiring a parameter K of an HTTP/HTTPS request at a server side, decrypting the parameter K to obtain a current page access path, comparing the current page access path with an access path in an HTTP/HTTPS request header, verifying the validity of the parameter K, and if the current page access path and the access path are consistent, indicating that the parameter K is legal under a request address;
step 6: the server develops an interceptor, intercepts all interface information needing authority access verification, and acquires Token information in the request in the interceptor. The validity and legitimacy of Token are first verified. And then acquiring a page path needing to be stored in a menu information table encapsulated in Token and comparing the page path with the path decrypted from the HTTP request parameter K. If the Token contains the decrypted parameter K, the Token is valid access, and the request is verified to carry out valid access.
The above-mentioned embodiments only express the specific embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention.

Claims (6)

1. A menu authority access control method of an intelligent device operation platform is characterized by comprising the following steps:
step S100, creating a database table for storing user information and authority information;
s200, a client requests to log in a server through HTTP/HTTPS encryption, and rights information under a user in a database table is inquired;
step S300, the server packages the acquired user information, packages the authority information and the interface information of the user into a token when packaging the user information, returns the encrypted authority information of the server to the client, transmits the token to the server by the client request service interface, and is used for verifying the request validity and session maintenance of the user;
step S400, the client accesses the service interface, an encryption parameter is symmetrically packaged and encrypted on the service interface and is transmitted to the server, and the server verifies the encryption parameter so as to ensure that the interface is not forged.
2. The menu permission access control method of the intelligent device operation platform according to claim 1, wherein in step S300, the server encapsulates the acquired user information through JSON WEB Token.
3. The menu authority access control method for the intelligent device operation platform according to claim 1, wherein in step S100, the database table includes a user information table, a menu information table, a role information table, an association table of user information and role information, and an association table of menu information and role information of a login system; and the menu information table stores the page path accessed by the front end.
4. The menu authority access control method for the intelligent device operation platform according to claim 3, wherein step S300 specifically includes:
and returning the Token information which is successfully logged in and packaged to the access client, storing the Token information into a client request session, and bringing the Token to the server through Authorization of an HTTP/HTTPS request header every time of requesting access.
5. The menu authority access control method for the intelligent device operation platform according to claim 4, wherein step S400 specifically includes the following steps:
step 410, when the front end opens the page and requests the service interface, the front end appoints a secret key with the server, and a parameter K of the encrypted current request address is generated through a symmetric encryption algorithm;
step 420, obtaining a parameter K of the HTTP/HTTPS request at the server, decrypting the parameter K to obtain a current page access path, comparing the current page access path with an access path in an HTTP/HTTPS request header, verifying the validity of the parameter K, and if the current page access path and the access path are consistent, indicating that the parameter K is legal under the request address;
step 430, the server develops an interceptor, intercepts all interface information for performing permission access verification, acquires Token information in the request in the interceptor, firstly verifies the validity and legality of Token, then acquires a page path needing to store front-end access in a menu information table packaged in Token and compares the page path with a path decrypted in an HTTP/HTTPS request parameter K, if the Token contains the decrypted parameter K, the Token is an effective access, and verifies the request for performing effective access.
6. The menu authority access control method for the intelligent device operation platform according to any one of claims 1 to 5, wherein the intelligent device is an intelligent television.
CN202010668945.6A 2020-07-13 2020-07-13 Menu authority access control method of intelligent equipment operation platform Active CN111814186B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010668945.6A CN111814186B (en) 2020-07-13 2020-07-13 Menu authority access control method of intelligent equipment operation platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010668945.6A CN111814186B (en) 2020-07-13 2020-07-13 Menu authority access control method of intelligent equipment operation platform

Publications (2)

Publication Number Publication Date
CN111814186A true CN111814186A (en) 2020-10-23
CN111814186B CN111814186B (en) 2021-03-16

Family

ID=72842425

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010668945.6A Active CN111814186B (en) 2020-07-13 2020-07-13 Menu authority access control method of intelligent equipment operation platform

Country Status (1)

Country Link
CN (1) CN111814186B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113271310A (en) * 2021-05-25 2021-08-17 四川虹魔方网络科技有限公司 Method for checking and managing request authority
CN113268759A (en) * 2021-06-24 2021-08-17 福建天晴在线互动科技有限公司 Token authority authentication method and system based on web architecture

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3367284A1 (en) * 2017-02-23 2018-08-29 Bundesdruckerei GmbH Access control device and method for authenticating access authorization
US20180337975A1 (en) * 2015-09-30 2018-11-22 Surfdash System and method for providing a secure network
CN109033774A (en) * 2018-08-31 2018-12-18 阿里巴巴集团控股有限公司 Acquisition, the method, apparatus of feedback user resource and electronic equipment
CN109818746A (en) * 2018-12-28 2019-05-28 深圳竹云科技有限公司 A kind of method of safe offer restful interface
CN110198318A (en) * 2019-06-03 2019-09-03 浪潮云信息技术有限公司 A kind of container service user authen method
CN110730077A (en) * 2019-10-09 2020-01-24 北京华宇信息技术有限公司 Method and system for micro-service identity authentication and interface authentication
CN111181727A (en) * 2019-12-16 2020-05-19 北京航天智造科技发展有限公司 Open API full life cycle management method based on micro service

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180337975A1 (en) * 2015-09-30 2018-11-22 Surfdash System and method for providing a secure network
EP3367284A1 (en) * 2017-02-23 2018-08-29 Bundesdruckerei GmbH Access control device and method for authenticating access authorization
CN109033774A (en) * 2018-08-31 2018-12-18 阿里巴巴集团控股有限公司 Acquisition, the method, apparatus of feedback user resource and electronic equipment
CN109818746A (en) * 2018-12-28 2019-05-28 深圳竹云科技有限公司 A kind of method of safe offer restful interface
CN110198318A (en) * 2019-06-03 2019-09-03 浪潮云信息技术有限公司 A kind of container service user authen method
CN110730077A (en) * 2019-10-09 2020-01-24 北京华宇信息技术有限公司 Method and system for micro-service identity authentication and interface authentication
CN111181727A (en) * 2019-12-16 2020-05-19 北京航天智造科技发展有限公司 Open API full life cycle management method based on micro service

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113271310A (en) * 2021-05-25 2021-08-17 四川虹魔方网络科技有限公司 Method for checking and managing request authority
CN113271310B (en) * 2021-05-25 2022-10-11 四川虹魔方网络科技有限公司 Method for checking and managing request authority
CN113268759A (en) * 2021-06-24 2021-08-17 福建天晴在线互动科技有限公司 Token authority authentication method and system based on web architecture
CN113268759B (en) * 2021-06-24 2022-12-13 福建天晴在线互动科技有限公司 Token authority authentication method and system based on web architecture

Also Published As

Publication number Publication date
CN111814186B (en) 2021-03-16

Similar Documents

Publication Publication Date Title
US11252140B2 (en) Systems and methods for securely calling APIs on an API gateway from applications needing first party authentication
CN111953708B (en) Cross-account login method and device based on cloud platform and server
CN105187362B (en) Method and device for connection authentication between desktop cloud client and server
CN111416822B (en) Method for access control, electronic device and storage medium
CN102457509B (en) Cloud computing resources safety access method, Apparatus and system
US7991996B2 (en) Architecture and design for central authentication and authorization in an on-demand utility environment
US8977857B1 (en) System and method for granting access to protected information on a remote server
CN108322416B (en) Security authentication implementation method, device and system
CN103297437A (en) Safety server access method for mobile intelligent terminal
WO2005114946A1 (en) An apparatus, computer-readable memory and method for authenticating and authorizing a service request sent from a service client to a service provider
CN107122674A (en) A kind of access method of oracle database applied to O&M auditing system
CN111814186B (en) Menu authority access control method of intelligent equipment operation platform
CN112861089A (en) Method, resource server, resource user side, device and medium for authorization authentication
EP2414983B1 (en) Secure Data System
CN113872940B (en) Access control method, device and equipment based on NC-Link
CN112416597A (en) System calling method and device, computer equipment and storage medium
CN116108416A (en) Application program interface safety protection method and system
US20040083296A1 (en) Apparatus and method for controlling user access
CN112039857B (en) Calling method and device of public basic module
CN117692241A (en) Authorization method, system, equipment and readable storage medium
KR101803535B1 (en) Single Sign-On Service Authentication Method Using One-Time-Token
CN113505353A (en) Authentication method, device, equipment and storage medium
CN112560102A (en) Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium
CN112511565B (en) Request response method and device, computer readable storage medium and electronic equipment
US8250649B2 (en) Securing system and method using a security device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant