CN112307446A - User authority verification method based on application platform - Google Patents

User authority verification method based on application platform Download PDF

Info

Publication number
CN112307446A
CN112307446A CN202011192097.2A CN202011192097A CN112307446A CN 112307446 A CN112307446 A CN 112307446A CN 202011192097 A CN202011192097 A CN 202011192097A CN 112307446 A CN112307446 A CN 112307446A
Authority
CN
China
Prior art keywords
application
authority
user
resource
role
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011192097.2A
Other languages
Chinese (zh)
Inventor
宋录文
李妃军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Arcvideo Technology Co ltd
Original Assignee
Hangzhou Arcvideo Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Arcvideo Technology Co ltd filed Critical Hangzhou Arcvideo Technology Co ltd
Priority to CN202011192097.2A priority Critical patent/CN112307446A/en
Publication of CN112307446A publication Critical patent/CN112307446A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a user permission verification method based on an application platform. The method specifically comprises the following steps: (1) an application definition appInfo file, which defines resources of all permissions of the application, marks a resource ID with a unique identifier and provides an interface for inquiring appInfo information; (2) the user authority management application is responsible for distributing and inquiring application authority resources; (3) and performing permission verification. The invention has the beneficial effects that: the authority resources of the application can be dynamically acquired or filtered, the purpose of loose coupling is achieved, and the authority resource data of the application does not need to be maintained.

Description

User authority verification method based on application platform
Technical Field
The invention relates to the technical field related to computer data processing, in particular to a user permission verification method based on an application platform.
Background
At present, when an application management platform designs user rights, all the applied rights resources are generally managed in a unified way. From the view point of responsibility division, the authority resource of the application only has service association with the application and is independent of the platform. However, when the application service is added or deleted, the platform is required to maintain the authority resource data of the application, and the coupling is high.
Disclosure of Invention
The invention provides a loose coupling user authority verification method based on an application platform in order to overcome the defects in the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
a user authority verification method based on an application platform specifically comprises the following steps:
(1) an application definition appInfo file, which defines resources of all permissions of the application, marks a resource ID with a unique identifier and provides an interface for inquiring appInfo information;
(2) the user authority management application is responsible for distributing and inquiring application authority resources;
(3) and performing permission verification.
The invention discloses a user authority verification method, which enables an application to manage own authority resources, and when an application service is added and deleted, a platform can dynamically acquire or filter the authority resources of the application, so that the aim of loose coupling is fulfilled, and the authority resource data of the application does not need to be maintained.
Preferably, in the step (2), the specific operation method is as follows:
(21) providing authority resource data interfaces of all applications by inquiring appInfo information of the applications;
(22) providing an interface authorizing the role to specify the specified resource of the application through the data in the step (21), and maintaining role and resource associated data;
(23) providing an interface for authorizing a user to specify a role, and maintaining the associated data of the user and the role;
(24) providing an interface for inquiring user authority information through the data in the step (22) and the step (23), and when the application is on-line, the user authority management can inquire the authority resource data of the application; when the application is off-line, the user authority management automatically filters the authority resource data of the application.
Preferably, in step (3), the rights checking process is as follows:
(31) a user carries a token to initiate a request to access an APP;
(32) intercepting and verifying token by the application gateway;
(33) the token is verified to pass, and the APP requests the user permission management application according to the token to obtain corresponding user permission information;
(34) matching the acquired user permission information with the resource to be requested currently, wherein the resource setting needs to appoint a role or an appointed resource ID to access: if the user authority information contains the appointed role or the appointed resource ID, the authority verification is passed; otherwise, the status code 403 is returned.
The invention has the beneficial effects that: the authority resources of the application can be dynamically acquired or filtered, the purpose of loose coupling is achieved, and the authority resource data of the application does not need to be maintained.
Drawings
FIG. 1 is a flow chart of the rights checking of the present invention.
Detailed Description
The invention is further described with reference to the following figures and detailed description.
A user authority verification method based on an application platform specifically comprises the following steps:
(1) an appInfo file is defined by an application, the file defines resources of all permissions of the application, a resource ID is marked by a unique identifier (for example, a user can have access permission of corresponding resources only by having some resource IDs when viewing the module _ list, creating the module _ create, editing the module _ edge or deleting the module _ delete and the like), and an interface for inquiring appInfo information is provided;
(2) the user authority management application is responsible for distributing and inquiring application authority resources; the specific operation method comprises the following steps:
(21) providing authority resource data interfaces of all applications (online) by inquiring appInfo information of the applications;
(22) providing an interface for authorizing a role to specify a specified resource of an application through the data in the step (21), and maintaining role and resource association data (role resource association table), such as which resource IDs a certain role has;
(23) providing an interface for authorizing a user to specify roles, and maintaining association data (user role association table) of the user and the roles, such as which roles a certain user has;
(24) through the data in the step (22) and the step (23), providing an interface for inquiring user authority information, namely, which resource ID lists a current user has, and when the application is on line, the user authority management can inquire the authority resource data of the application; when the application is off-line, the user authority management automatically filters the authority resource data of the application.
(3) Carrying out authority verification; the permission verification process is as follows:
(31) a user carries a token to initiate a request to access an APP;
(32) intercepting and verifying token by the application gateway;
(33) the token is verified to pass, and the APP requests the user permission management application according to the token to obtain corresponding user permission information;
(34) matching the acquired user permission information with the resource to be requested currently, wherein the resource setting needs to appoint a role or an appointed resource ID to access: if the user authority information contains the appointed role or the appointed resource ID, the authority verification is passed; otherwise, the status code 403 is returned.
The invention can flexibly configure the authority resources of the application in real time according to the service state of the application, thereby realizing loose coupling with the platform. The invention discloses a user authority verification method, which enables an application to manage own authority resources, and when an application service is added and deleted, a platform can dynamically acquire or filter the authority resources of the application, so that the aim of loose coupling is fulfilled, and the authority resource data of the application does not need to be maintained.

Claims (3)

1. A user authority verification method based on an application platform is characterized by comprising the following steps:
(1) an application definition appInfo file, which defines resources of all permissions of the application, marks a resource ID with a unique identifier and provides an interface for inquiring appInfo information;
(2) the user authority management application is responsible for distributing and inquiring application authority resources;
(3) and performing permission verification.
2. The method for verifying user authority based on application platform as claimed in claim 1, wherein in step (2), the specific operation method is as follows:
(21) providing authority resource data interfaces of all applications by inquiring appInfo information of the applications;
(22) providing an interface authorizing the role to specify the specified resource of the application through the data in the step (21), and maintaining role and resource associated data;
(23) providing an interface for authorizing a user to specify a role, and maintaining the associated data of the user and the role;
(24) providing an interface for inquiring user authority information through the data in the step (22) and the step (23), and when the application is on-line, the user authority management can inquire the authority resource data of the application; when the application is off-line, the user authority management automatically filters the authority resource data of the application.
3. The method for verifying user's authority based on application platform as claimed in claim 2, wherein in step (3), the authority verification process is as follows:
(31) a user carries a token to initiate a request to access an APP;
(32) intercepting and verifying token by the application gateway;
(33) the token is verified to pass, and the APP requests the user permission management application according to the token to obtain corresponding user permission information;
(34) matching the acquired user permission information with the resource to be requested currently, wherein the resource setting needs to appoint a role or an appointed resource ID to access: if the user authority information contains the appointed role or the appointed resource ID, the authority verification is passed; otherwise, the status code 403 is returned.
CN202011192097.2A 2020-10-30 2020-10-30 User authority verification method based on application platform Pending CN112307446A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011192097.2A CN112307446A (en) 2020-10-30 2020-10-30 User authority verification method based on application platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011192097.2A CN112307446A (en) 2020-10-30 2020-10-30 User authority verification method based on application platform

Publications (1)

Publication Number Publication Date
CN112307446A true CN112307446A (en) 2021-02-02

Family

ID=74334137

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011192097.2A Pending CN112307446A (en) 2020-10-30 2020-10-30 User authority verification method based on application platform

Country Status (1)

Country Link
CN (1) CN112307446A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001055875A1 (en) * 2000-01-27 2001-08-02 Ephysician, Inc. Method and apparatus for transferring data between computing systems
CN101034990A (en) * 2007-02-14 2007-09-12 华为技术有限公司 Right management method and device
CN101414253A (en) * 2007-10-17 2009-04-22 华为技术有限公司 Method and system for managing authority
CN101441688A (en) * 2007-11-20 2009-05-27 阿里巴巴集团控股有限公司 User authority allocation method and user authority control method
CN102968599A (en) * 2012-10-25 2013-03-13 北京邮电大学 User-defined access control system and method based on resource publisher
CN110162960A (en) * 2019-05-22 2019-08-23 陕西中达公路技术服务有限公司 A kind of method for verifying authority based on user management
CN110688643A (en) * 2019-11-05 2020-01-14 北京集奥聚合科技有限公司 Processing method for platform identity identification and authority authentication
CN111695156A (en) * 2020-06-15 2020-09-22 北京同邦卓益科技有限公司 Service platform access method, device, equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001055875A1 (en) * 2000-01-27 2001-08-02 Ephysician, Inc. Method and apparatus for transferring data between computing systems
CN101034990A (en) * 2007-02-14 2007-09-12 华为技术有限公司 Right management method and device
CN101414253A (en) * 2007-10-17 2009-04-22 华为技术有限公司 Method and system for managing authority
CN101441688A (en) * 2007-11-20 2009-05-27 阿里巴巴集团控股有限公司 User authority allocation method and user authority control method
CN102968599A (en) * 2012-10-25 2013-03-13 北京邮电大学 User-defined access control system and method based on resource publisher
CN110162960A (en) * 2019-05-22 2019-08-23 陕西中达公路技术服务有限公司 A kind of method for verifying authority based on user management
CN110688643A (en) * 2019-11-05 2020-01-14 北京集奥聚合科技有限公司 Processing method for platform identity identification and authority authentication
CN111695156A (en) * 2020-06-15 2020-09-22 北京同邦卓益科技有限公司 Service platform access method, device, equipment and storage medium

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
张颖;管震;蒋浩;: "基于大数据分析的技术转移平台", 计算机***应用, no. 07, pages 114 - 120 *
时子庆;刘金兰;谭晓华;: "基于OAuth2.0的认证授权技术", 计算机***应用, vol. 21, no. 3, pages 260 - 264 *
易文康;程骅;程耕国;: "Shiro框架在Web***安全性上的改进与应用", 计算机工程, no. 11, pages 141 - 145 *
欧海文 等: "一种改进的OAuth授权机制有效性分析", vol. 34, no. 12, pages 1 *

Similar Documents

Publication Publication Date Title
US7958200B2 (en) Methods, computer program products, and apparatuses for providing remote client access to exported file systems
US9992068B2 (en) Rule based mobile device management delegation
US9565260B2 (en) Account state simulation service for cloud computing environments
CN105072135B (en) A kind of the authorization method for authenticating and system of cloud file-sharing
JP4916432B2 (en) Application programming interface for managing the distribution of software updates in an update distribution system
US8402514B1 (en) Hierarchy-aware role-based access control
US9210178B1 (en) Mixed-mode authorization metadata manager for cloud computing environments
US9286475B2 (en) Systems and methods for enforcement of security profiles in multi-tenant database
CN109670297B (en) Method and device for opening service permission, storage medium and electronic equipment
CN109829286B (en) User authority management system and method for WEB application
CN105072183B (en) The management method and managing device in cloud O/S software warehouse
US8365261B2 (en) Implementing organization-specific policy during establishment of an autonomous connection between computer resources
CN102339367A (en) Method and device for controlling permission
US20160285998A1 (en) Multiuser device staging
EP2942900B1 (en) Method, device, and system for improving network security
CN112307446A (en) User authority verification method based on application platform
CN109683942B (en) Script management method, script management device, script management medium and electronic equipment
CN114254165A (en) System and method for managing authority of user data related to Internet of vehicles service
CN114528140A (en) Method and device for service degradation
CN109995735A (en) Downloading and application method, server, client, system, equipment and medium
CN113220762A (en) Method, device, processor and storage medium for realizing general record processing of key service field change in big data application
CN112766805A (en) Production process informatization management system and method
CN112732683A (en) Automatic supervision system and method based on power industry data standard
CN106648648B (en) Zookeeper-based configuration management method and system
US10862747B2 (en) Single user device staging

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination