CN112506678B - RPC remote calling method, system and storage medium based on authentication and authorization - Google Patents

RPC remote calling method, system and storage medium based on authentication and authorization Download PDF

Info

Publication number
CN112506678B
CN112506678B CN202011445222.6A CN202011445222A CN112506678B CN 112506678 B CN112506678 B CN 112506678B CN 202011445222 A CN202011445222 A CN 202011445222A CN 112506678 B CN112506678 B CN 112506678B
Authority
CN
China
Prior art keywords
authentication
authority
interface
application
request
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011445222.6A
Other languages
Chinese (zh)
Other versions
CN112506678A (en
Inventor
隆少华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An International Smart City Technology Co Ltd
Original Assignee
Ping An International Smart City Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An International Smart City Technology Co Ltd filed Critical Ping An International Smart City Technology Co Ltd
Priority to CN202011445222.6A priority Critical patent/CN112506678B/en
Publication of CN112506678A publication Critical patent/CN112506678A/en
Application granted granted Critical
Publication of CN112506678B publication Critical patent/CN112506678B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • G06F9/547Remote procedure calls [RPC]; Web services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/54Indexing scheme relating to G06F9/54
    • G06F2209/544Remote

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the invention discloses an RPC remote calling method, an RPC remote calling system and a storage medium based on authentication and authorization, which relate to the technical field of system security. The embodiment of the invention provides a centralized authentication and authentication platform, which is convenient for unified management, has finer authentication granularity and improves the security in the RPC remote calling process.

Description

RPC remote calling method, system and storage medium based on authentication and authorization
Technical Field
The invention relates to the technical field of system security, in particular to an RPC remote calling method, an RPC remote calling system and a storage medium based on authentication and authentication.
Background
RPC (Remote Procedure Call, remote procedure call protocol) is a framework to address inter-communication between applications deployed within the same large local area network. In the general process of calling interfaces through RPC, firstly, a service provider defines an interface, and publishes the Jar packet of the interface into a local area network, then the interface is realized in the project, and finally, the interface and the corresponding realization class are exposed to the outside through the API provided by the RPC. Because all Jar coordinates in the local area network are in an exposed state, if the coordinates of Jar packets are acquired, jar packets issued into the local area network can be introduced into projects to complete RPC call, and the process has a great potential safety hazard problem.
The prior art scheme generally adopts a unique identity AppId allocated to each caller, when each caller invokes an interface, a time stamp, a 32-bit random number and a client digital signature c_sign are transmitted to a provider, when a service provider receives a request for invoking the interface, whether the request time is legal or not is judged according to the time stamp, then parameters sent by the caller client are acquired, the digital signature s_sign is obtained through recombination to acquire a character string representing the unique identity of the caller, and the service provider realizes authentication of invoking authority by comparing whether the digital signature c_sign and the digital signature s_sign are corresponding or not. However, the authority authentication is performed by the service provider, unified management of the calling authority of the calling party is inconvenient, and the existing calling method only solves the problem of authority authentication and does not solve the problem of authority of calling an interface and a certain method in multiple methods in the interface.
Disclosure of Invention
The embodiment of the invention provides an RPC remote calling method, an RPC remote calling system and a storage medium based on authentication and authentication, which aim to solve the problem that the authority of calling interfaces and methods in the interfaces is not solved in the related technology.
In a first aspect, an embodiment of the present invention provides an RPC remote call method based on authentication and authorization, where the method is applied to a first server, a second server, and a third server, where the first server is a caller for calling an interface, the second server is an authorization platform, and the third server is a service provider for providing an interface, and the method includes: if the calling party needs to call a method corresponding to an interface of an application, the calling party sends a record request corresponding to the application to the authorization platform; the authorization platform authenticates the record request sent by the calling party to obtain record information; the call sends a call request corresponding to the application to the service provider, wherein the call request comprises a method call request for calling a method in an interface; the service provider sends an authentication request for authenticating authority of the call request of the caller to the authorization platform; the authorization platform performs authority authentication on the call request of the caller according to the authentication request and the record information to obtain an authority authentication result and feeds the authority authentication result back to the service provider, wherein the authority authentication comprises determining the authority of the caller for calling the interface and the authority for calling the method in the interface; if the authority authentication result is authentication pass, the caller acquires the method in the interface corresponding to the application provided by the service provider
In a second aspect, an embodiment of the present invention provides an RPC remote invocation system based on authentication and authorization, including: the first sending unit is used for sending a record request corresponding to an application to the authorization platform if the calling party needs to call a method corresponding to an interface of the application; the authentication unit is used for authenticating the record request sent by the calling party by the authorization platform so as to obtain record information; a second issuing unit, configured to issue a call request corresponding to the application to the service provider, where the call request includes a method call request for calling a method in an interface; a third sending unit, configured to send an authentication request for performing authority authentication on the call request of the caller to the authorization platform by using the service provider; the first authentication feedback unit is used for carrying out authority authentication on the call request of the caller according to the authentication request and the record information to obtain an authority authentication result and feeding the authority authentication result back to the service provider, wherein the authority authentication comprises the steps of determining the authority of the caller for calling the interface and the authority for calling the method in the interface; and the acquisition unit is used for acquiring the method in the interface corresponding to the application provided by the service provider by the calling party if the authority authentication result is authentication passing.
In a third aspect, an embodiment of the present invention provides an RPC remote call system based on authentication and authorization, which is characterized by including a first server, a second server, and a third server, where the first server, the second server, and the third server each include a memory and a processor, the memory stores a computer program, and the processors of the first server, the second server, and the third server implement the methods as described above together when executing the respective computer programs.
In a fourth aspect, embodiments of the present invention provide a storage medium storing a computer program which, when executed by at least one processor, implements a method as described above.
The embodiment of the application provides an RPC remote calling method, an RPC remote calling system and a storage medium based on authentication and authentication, based on the method, if a calling party sends a record request corresponding to an application to an authorization platform before formally sending the calling request, the authorization platform authenticates the record request sent by the calling party to obtain record information, when the calling party formally sends a calling request corresponding to the application to a service provider, the service provider sends an authentication request to the authorization platform, and the authorization platform authenticates authority of the calling request of the calling party according to the authentication request and the record information to obtain an authority authentication result and feeds the authority authentication result back to the service provider, and if the authority authentication result is authentication pass, the calling party acquires the method provided by the service provider and corresponding to the interface of the application. According to the technical scheme, the authorization platform provides a centralized authentication and authentication platform, unified management is convenient, authentication and authentication of the method level of the method in the application calling interface are realized, authentication granularity is finer, and safety in the RPC remote calling process is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an application scenario of an RPC remote invocation method based on authentication and authentication according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of an RPC remote call method based on authentication and authentication according to an embodiment of the present invention;
fig. 3 is a schematic sub-flowchart of an RPC remote call method based on authentication and authentication according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of another sub-flowchart of an RPC remote invocation method based on authentication and authorization according to an embodiment of the present invention;
fig. 5 is another flow chart of an RPC remote call method based on authentication and authentication according to an embodiment of the present invention;
Fig. 6 is a schematic flow chart of an RPC remote call method based on authentication and authentication applied to a second server according to an embodiment of the present invention;
fig. 7 is a schematic sub-flowchart of an RPC remote call method based on authentication and authentication applied to a second server according to an embodiment of the present invention;
fig. 8 is another schematic sub-flowchart of an RPC remote call method based on authentication and authentication applied to a second server according to an embodiment of the present invention;
FIG. 9 is a schematic block diagram of an RPC remote invocation system based on authentication and authorization of the present invention;
FIG. 10 is a schematic block diagram of an authentication unit of the RPC remote invocation system of the present invention based on authentication and authentication;
FIG. 11 is a schematic block diagram of a first authentication feedback unit of the authentication and authorization-based RPC remote invocation system of the present invention;
FIG. 12 is another schematic block diagram of a first authentication feedback unit of the authentication and authorization-based RPC remote invocation system of the present invention;
FIG. 13 is a schematic block diagram of an application of the RPC remote invocation system of the present invention to a second server-side based on authentication and authorization;
FIG. 14 is a schematic block diagram of an authentication proposal unit applied to a second server side of the RPC remote invocation system based on authentication and authentication of the present invention;
FIG. 15 is a schematic block diagram of a second authentication feedback unit of the authentication and authorization-based RPC remote invocation system of the present invention applied to a second server side; and
Fig. 16 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
Referring to fig. 1, fig. 1 is a schematic diagram of an application scenario of an RPC remote invocation method based on authentication and authentication according to an embodiment of the present invention. The RPC remote call method based on authentication and authentication in the embodiment of the present invention may be applied to a server, for example, including a first server 10, a second server 20 and a third server 30, where the first server 10 is a caller for calling an interface, the second server 20 is an authorization platform, and the third server 30 is a service provider for providing an interface. The RPC remote calling method based on authentication and authentication is realized through software installed on the server side, so that the security of a calling interface and a method in the calling interface is improved in the RPC remote process. The following describes the method in detail by taking an example that an RPC remote call method based on authentication and authentication is applied to the first server side 10, the second server side 20 and the third server side 30.
As shown in fig. 2, a flowchart of an RPC remote call method based on authentication and authentication according to an embodiment of the present invention includes the following steps S110 to S160:
s110, if the calling party needs to call a method corresponding to an interface of an application, the calling party sends a record request corresponding to the application to the authorization platform.
In an embodiment, in the remote RPC process, if an application of the caller needs to obtain a method in an interface provided by the service provider, before the caller sends a call request for calling the interface and a method in the interface to the service provider, the caller needs to send a record request corresponding to the application to the authorization platform.
And S120, the authorization platform authenticates the filing request sent by the calling party to obtain filing information.
In an embodiment, after the caller issues the request for filing, the authorization platform authenticates the request for filing to obtain the information for filing. The authorization platform determines the identity of the application of the calling party, and the authorization platform conveniently configures the calling authority of the application by acquiring the identity of the application so as to acquire and store preset interface authority information and preset method authority information of the application corresponding to the calling party as the record information. When the caller again invokes the method in the interface to the service provider for the same application, the request for proposal does not need to be issued again, thereby reducing the proposal pressure of the authorization platform. When the caller invokes a method in an interface to a service provider for a different application, the caller needs to issue a proposal request to the authorization platform for the current application before issuing a call request.
S130, the calling party sends a calling request corresponding to the application to the service provider, wherein the calling request comprises a method calling request for calling a method in an interface.
In an embodiment, after the authorization platform authenticates the proposal request sent by the caller to obtain the proposal information, the caller formally sends a call request corresponding to the application to the service provider, wherein the call request comprises a method call request for calling a method in an interface, and the caller pairs the application with the method in the interface by acquiring the method in the interface provided by the service provider so as to carry out communication transmission in an RPC remote process.
And S140, the service provider sends an authentication request for authenticating the authority of the call request of the caller to the authorization platform.
In an embodiment, after the service provider obtains that the caller sends a call request corresponding to the application, the service provider sends an authentication request for performing authority authentication on the call request of the caller to the authorization platform, so as to request the authorization platform to perform authority authentication.
And S150, the authorization platform performs authority authentication on the call request of the calling party according to the authentication request and the record information to obtain an authority authentication result and feeds the authority authentication result back to the service provider, wherein the authority authentication comprises the steps of determining the authority of the calling party for calling the interface and the authority for calling the method in the interface.
In an embodiment, when the authorization platform authenticates the record request to obtain record information, the authorization platform obtains an identity of the application used for identifying the caller and a right of the application to call the method in the interface, when the authorization platform obtains the authentication request sent by the service provider, the authorization platform identifies the identity of the application of the caller and obtains a calling right of the application according to the record information, performs right authentication on the calling request of the caller to obtain a right authentication result and feeds the right authentication result back to the service provider, wherein the right authentication comprises determining a right of the caller to call the interface and a right of the caller to call the method in the interface.
And S160, if the authority authentication result is that authentication is passed, the calling party acquires the method in the interface corresponding to the application, which is provided by the service provider.
In an embodiment, the service provider obtains the authority authentication result fed back by the authorization platform, if the authority authentication result is authentication passing, the caller obtains the method in the interface corresponding to the application provided by the service provider, and the application of the caller successfully invokes the method in the interface. The application pairs with the method in the interface for communication transmission in an RPC remote procedure.
In one embodiment, as shown in fig. 3, the specific steps of step S120 include steps S121-S123.
S121, distributing AppId corresponding to the application and a private key bound with the AppId to the calling party according to the record request.
S122, signing the private key to generate an authentication character indicating the unique identity information of the application.
S123, interface authority information and method authority information corresponding to the application of the calling party are configured and are bound with the authentication character to be stored in the authorization platform to serve as record information.
In an embodiment, when the caller issues the proposal request, the caller obtains AppId corresponding to the application and a private key bound to AppId, which are distributed by an authorization platform, the authorization platform signs the private key to generate an authentication character indicating unique identity information of the application, and the authorization platform configures interface authority information and method authority information corresponding to the application for the caller and binds with the authentication character and stores the interface authority information and the method authority information in the authorization platform as proposal information. The record information comprises the authentication character, preset interface authority information corresponding to the application and preset method authority information which are the record information. The authentication character is used to cause the authorization platform and the service provider to identify the application of the caller. The preset interface permission information and the preset method permission information are set by the authorization platform according to preset configuration permissions possessed by the authorization platform, for example, the authorization platform can configure calling permissions of similar applications similar to the application into preset interface permissions and preset method permissions of the application according to the preset configuration permissions. The authorization platform may change the preset interface authority and the preset method authority, if the preset interface authority and the preset method authority change, for example, if the authorization platform and/or the service provider obtain information that the application of the caller is an unsafe application, the authorization platform changes the calling authority of the application of the caller, or if the authorization platform and/or the service provider obtain information that all applications of the caller are unsafe applications, the authorization platform may uniformly change the calling authority of all applications of the caller.
In one embodiment, as shown in fig. 4, the specific steps of step S150 include steps S151-S155.
S151, acquiring an authentication request which is sent by the service provider and used for carrying out authority authentication on the call request of the caller.
S152, judging whether the application of the calling party has the authority for calling the interface or not according to preset interface authority information. If the application of the caller has the right to call the interface, step S153 is executed, and if the application of the caller does not have the right to call the interface, step S156 is executed.
And S153, if the application of the calling party has the authority to call the interface, judging whether the application of the calling party has the authority to call the method according to preset method authority information. If the application of the caller has the right to call the method, step S154 is performed, and if the application of the caller does not have the right to call the method, step S157 is performed.
And S154, if the application of the calling party has the authority to call the method, judging that the authority authentication result of authority authentication on the calling request of the calling party is authentication passing.
S155, feeding back the authority authentication result to the service provider.
In an embodiment, when the service provider sends an authentication request for performing authority authentication on the call request of the caller to the authorization platform, the authorization platform obtains the authentication request and performs authority authentication on the call request according to the record information of the application. And judging whether the application of the calling party has the authority for calling the interface or not according to preset interface authority information. If the application of the calling party has the authority to call the interface, judging whether the application of the calling party has the authority to call the method according to preset method authority information. And if the application of the calling party has the authority for calling the method, judging that the authority authentication result of authority authentication on the calling request of the calling party is authentication passing. The authorization platform feeds back the authentication result to the service provider to cause the service provider to confirm whether to provide the method in the interface to the caller. The authorization platform provides a centralized authentication and authentication platform for setting and uniformly managing the calling authority of the calling party, and can change the calling authority of the application of the calling party at any time so as to ensure the safety of the application. Meanwhile, when the operation authority of a person who changes the calling authority in the authorization platform is controlled, the history of changing operation can be traced, and the safety of the method in the calling interface is further improved.
In one embodiment, as shown in fig. 4, the specific steps of step S140 further include steps S156-S157.
And S156, if the application of the calling party does not have the authority to call the interface, the authorization platform sends out first preset prompt information to the calling party.
S157, if the application of the calling party has the authority to call the method, the authorization platform sends a second preset prompt message to the calling party.
In an embodiment, when an authentication request sent by the service provider for performing authority authentication on the call request of the caller is obtained, whether the application of the caller has authority to call the interface is judged according to preset interface authority information, if the application of the caller does not have authority to call the interface, for example, the authority of the authorization platform to call the interface of all applications of the caller is changed, after the change, the application of the caller does not have authority to call the interface, the authorization platform sends first preset prompt information to the caller, for example, the first preset prompt information is "no authority to call the interface". When the authority configuration center of the authorization platform determines that the application of the caller has authority to call the interface, determining whether the application of the caller has authority to call the method, if it is determined that the application of the caller does not have authority to call the method, for example, the authority of the authorization platform to the method in the call interfaces of all applications of the caller is changed, after the change, the application of the caller does not have authority to call the method, the authorization platform sends a second preset prompt message to the caller, for example, the second preset prompt message is "no authority to call the method". The authorization platform sends the first preset prompt information or the second preset prompt information to the calling party and simultaneously feeds the authentication result of the first preset prompt information or the second preset prompt information back to the service provider, so that the service provider does not provide the method in the interface to be called by the application to ensure the safety of the service provider.
In the method provided by the application, as shown in fig. 5, if the caller sends a record request corresponding to the application to the authorization platform before formally sending a call request, the authorization platform authenticates the record request sent by the caller to obtain record information, when the caller formally sends a call request corresponding to the application to the service provider, the service provider sends an authentication request to the authorization platform, and the authorization platform authenticates the call request of the caller according to the authentication request and the record information to obtain an authority authentication result and feeds the authority authentication result back to the service provider, and if the authority authentication result is authentication passing, the caller acquires the method in the interface corresponding to the application provided by the service provider. According to the technical scheme, the authorization platform provides a centralized authentication and authentication platform, unified management is convenient, authentication and authentication of the method level of the method in the application calling interface are realized, authentication granularity is finer, and safety in the RPC remote calling process is improved.
The application can be applied to intelligent government affairs/intelligent urban management/intelligent communities/intelligent security protection/intelligent logistics/intelligent medical treatment/intelligent education/intelligent environmental protection/intelligent traffic scenes, for example, when the method in the interface provided by the service provider needs to be called in the RPC remote process in the scenes, the security of the method in the calling interface is enhanced, and thus the construction of the intelligent city is promoted.
Fig. 6 is a schematic flow chart of an RPC remote call method based on authentication and authentication applied to a second server according to an embodiment of the present invention. As shown in fig. 6, the RPC remote call method based on authentication and authentication of the present embodiment includes steps S210 to S240. The method is applied in the second server side 20.
S210, if the calling party needs to call a method corresponding to an interface of an application, the authorization platform receives a record request corresponding to the application sent by the calling party.
S220, the authorization platform authenticates the filing request sent by the calling party to obtain filing information.
And S230, when the call sends a call request corresponding to the application to the service provider, the authorization platform receives an authentication request sent by the service provider for authenticating the call request of the caller, wherein the call request comprises a method call request for calling a method in an interface.
S240, the authorization platform performs authority authentication on the call request of the calling party according to the authentication request and the record information to obtain an authority authentication result and feeds the authority authentication result back to the service provider, wherein the authority authentication comprises determining the authority of the calling party for calling the interface and the authority for calling the method in the interface; and if the authority authentication result is authentication pass, the calling party acquires the method in the interface corresponding to the application provided by the service provider.
In one embodiment, as shown in fig. 7, the specific steps of step S210 include steps S211 to S213.
S211, distributing AppId corresponding to the application and a private key bound with the AppId to the calling party according to the record request;
S212, signing the private key to generate an authentication character indicating unique identity information of the application;
s213, interface authority information and method authority information corresponding to the application of the calling party are configured and are bound with the authentication character to be stored in the authorization platform to be used as record information.
In one embodiment, as shown in fig. 8, the specific steps of step S240 include steps S241-S245.
S241, judging whether the application of the calling party has the authority for calling the interface or not according to preset interface authority information. If the application of the caller has the right to call the interface, step S242 is executed, and if the application of the caller does not have the right to call the interface, step S244 is executed.
S242, if the application of the calling party has the authority to call the interface, judging whether the application of the calling party has the authority to call the method. If the application of the caller has the right to call the method, step S243 is executed, and if the application of the caller does not have the right to call the method, step S245 is executed.
S243, if the application of the calling party has the authority to call the method, judging that the authority authentication result of authority authentication on the calling request of the calling party is authentication passing.
S244, if the application of the calling party does not have the authority to call the interface, a first preset prompt message is sent to the calling party.
S245, if the application of the calling party does not have the authority to call the method, a second preset prompt message is sent to the calling party.
It should be noted that, as those skilled in the art can clearly understand, the specific implementation steps of the RPC remote invocation method based on authentication and authorization applied to the second server may refer to the corresponding descriptions in the foregoing method embodiments, and for convenience and brevity of description, the description is omitted here.
Fig. 9 is a schematic block diagram of an RPC remote invocation system 100 based on authentication and authentication provided by an embodiment of the present invention. As shown in fig. 9, the system 100 includes a first server 10, a second server 20, and a third server 30, where the first server 10 is a caller for calling an interface, the first server 10 includes a first sending unit 101, a second sending unit 102, and an obtaining unit 103, the second server 20 is an authorization platform, the second server 20 includes an authentication unit 201 and a first authentication feedback unit 202, the third server 30 is a service provider for providing an interface, and the third server 30 includes a third sending unit 301. Specifically:
The first sending unit 101 is configured to send a request for recording a record corresponding to an application to the authorization platform if the calling party needs to call a method corresponding to an interface of the application.
The authentication unit 201 authenticates the request for recording the record sent by the calling party by the authorization platform to obtain recording information.
The second issuing unit 102 is configured to issue a call request corresponding to the application to the service provider, where the call request includes a method call request for calling a method in an interface.
The third issuing unit 301 is configured to issue, to the authorization platform, an authentication request for authenticating the authority of the call request of the caller.
The first authentication feedback unit 202 is configured to perform authority authentication on the call request of the caller according to the authentication request and the record information, so as to obtain an authority authentication result, and feed back the authority authentication result to the service provider, where the authority authentication includes determining an authority of the caller to call the interface and an authority of the caller to call a method in the interface.
The obtaining unit 103 is configured to obtain, by the caller, the method in the interface corresponding to the application provided by the service provider if the authority authentication result is authentication pass.
In some embodiments, for example, referring to fig. 10, the authentication unit 201 includes an acquisition subunit 2011, a first signature generation subunit 2012, and a save settings subunit 2013.
The obtaining subunit 2011 is configured to allocate AppId corresponding to the application and a private key bound to the AppId to the caller according to the record request.
The first signature generation subunit 2012 is configured to sign the private key to generate an authentication character that indicates unique identity information of the application.
The save setting subunit 2013 is configured to configure interface authority information and method authority information corresponding to the application of the caller, and bind with the authentication character and save in the authorization platform as record information.
In some embodiments, for example, referring to fig. 11, the first authentication feedback unit 202 includes a first sending out subunit 2021, a first judging subunit 2022, a second judging subunit 2023, a first judging subunit 2024, and a feedback subunit 2025.
The first issuing subunit 2021 is configured to obtain an authentication request issued by the service provider for performing authority authentication on the call request of the caller.
The first judging subunit 2022 is configured to judge, according to preset interface permission information, whether the application of the caller has permission to invoke the interface.
The second judging subunit 2023 is configured to judge, if the application of the caller has a right to invoke the interface, according to preset method right information, whether the application of the caller has a right to invoke the method.
The first determining subunit 2024 is configured to determine that a permission authentication result of performing permission authentication on the call request of the caller is authentication pass if the application of the caller has permission to invoke the method.
The feedback subunit 2025 is configured to feed back the rights authentication result to the service provider.
In some embodiments, for example, the present embodiment, referring to fig. 12, the first authentication feedback unit 202 further includes a second issuing subunit 2026 and a third issuing subunit 2027.
The second issuing subunit 2026 is configured to issue a first preset prompting message to the caller by using the authorization platform if the application of the caller does not have authority to invoke the interface.
The third issuing subunit 2027 is configured to issue a second preset alert message to the caller if the application of the caller does not have authority to invoke the method.
It should be noted that, as those skilled in the art can clearly understand, the specific implementation process of the RPC remote invocation system 100 and the units based on authentication and authorization may refer to the corresponding description in the foregoing method embodiment, and for convenience and brevity of description, the description is omitted here.
Fig. 13 is a schematic block diagram of an RPC remote call system 400 based on authentication and authorization applied to a second server side 20 according to an embodiment of the present invention. As shown in fig. 13, the present invention also provides an RPC remote invocation system 400 based on authentication and authentication, corresponding to the above RPC remote invocation method based on authentication and authentication. The authentication and authorization-based RPC remote call system 400 includes a unit for performing the above-described authentication and authorization-based RPC remote call method, and may be configured in the second server side 20. Specifically, referring to fig. 13, the RPC remote call system 400 based on authentication and authentication includes a first receiving unit 401, an authentication docket unit 402, a second receiving unit 403, and a second authentication feedback unit 404.
The first receiving unit 401 is configured to, if the caller needs to call a method corresponding to an interface of an application, receive a record request corresponding to the application sent by the caller by the authorization platform;
the authentication docketing unit 402 is configured to authenticate the docketing request sent by the caller to obtain docketing information.
The second receiving unit 403 is configured to, when the call sends a call request corresponding to the application to the service provider, receive, by the authorization platform, an authentication request sent by the service provider to perform authority authentication on the call request of the caller, where the call request includes a method call request for calling a method in an interface;
The second authentication feedback unit 404 is configured to perform authority authentication on the call request of the caller according to the authentication request and the record information, so as to obtain an authority authentication result and feed back the authority authentication result to the service provider, where the authority authentication includes determining an authority of the caller to call the interface and an authority of the caller to call a method in the interface; and if the authority authentication result is authentication pass, the calling party acquires the method in the interface corresponding to the application provided by the service provider.
In some embodiments, for example, the authentication docket unit 402 includes an allocation subunit 4021, a second signature generation subunit 4022, and a configuration save subunit 4023, see fig. 15.
The allocation subunit 4021 is configured to allocate AppId corresponding to the application and a private key bound to the AppId to the caller according to the record request;
The second signature generation subunit 4022 is configured to sign the private key to generate an authentication character indicating unique identity information of the application;
The configuration saving subunit 4023 is configured to configure interface authority information and method authority information corresponding to the application of the caller, and bind with the authentication character and save in the authorization platform as record information.
In some embodiments, for example, referring to fig. 14, the second authentication feedback unit 404 includes a third judging subunit 4041, a fourth judging subunit 4042, and a second judging subunit 4043.
The third judging subunit 4041 is configured to judge, according to preset interface permission information, whether the application of the caller has permission to invoke the interface;
the fourth judging subunit 4042 is configured to judge, if the application of the caller has a right to invoke the interface, whether the application of the caller has a right to invoke the method according to preset method right information;
The second determining subunit 4043 is configured to determine that the authority authentication result of performing authority authentication on the call request of the caller is authentication pass if the application of the caller has authority to invoke the method.
It should be noted that, as those skilled in the art can clearly understand, the specific implementation process of the RPC remote invocation system 400 and each unit based on authentication and authorization may refer to the corresponding description in the foregoing method embodiment, and for convenience and brevity of description, the description is omitted here.
The above-described authentication and authorization-based RPC remote invocation system may be implemented in the form of a computer program that may be run on a computer device as shown in fig. 16.
Referring to fig. 16, fig. 16 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 500 may be the first server side, the second server side, or the third server side.
With reference to FIG. 16, the computer device 500 includes a processor 502, memory, and a network interface 505 connected by a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
The non-volatile storage medium 503 may store an operating system 5031 and a computer program 5032. The computer program 5032 includes program instructions that, when executed, cause the processor 502 to perform an RPC remote invocation method based on authentication and authorization.
The processor 502 is used to provide computing and control capabilities to support the operation of the overall computer device 500.
The internal memory 504 provides an environment for running the computer program 5032 in the nonvolatile storage medium 503, and when the computer program 5032 on the first server side, the second server side or the third server side is executed by the processor 502, the processor 502 can jointly execute an RPC remote call method based on authentication and authorization.
The network interface 505 is used for network communication with other devices. It will be appreciated by those skilled in the art that the structure shown in FIG. 15 is merely a block diagram of some of the structures associated with the present inventive arrangements and does not constitute a limitation of the computer device 500 to which the present inventive arrangements may be applied, and that a particular computer device 500 may include more or fewer components than shown, or may combine some of the components, or have a different arrangement of components.
In this embodiment, the processor 502 of the first server is configured to execute the computer program 5032 stored in the memory, so as to implement the following steps: and if the calling party needs to call a method corresponding to an interface of an application, the calling party sends a record request corresponding to the application to the authorization platform.
In this embodiment, the processor 502 of the second server side is configured to execute the computer program 5032 stored in the memory, so as to implement the following steps: and the authorization platform authenticates the filing request sent by the calling party to obtain filing information.
In this embodiment, the processor 502 of the first server is configured to execute the computer program 5032 stored in the memory, so as to implement the following steps: the call sends a call request corresponding to the application to the service provider, the call request including a method call request for calling a method in an interface.
In this embodiment, the processor 502 of the third server is configured to execute the computer program 5032 stored in the memory, so as to implement the following steps: the service provider sends an authentication request for authenticating the authority of the call request of the caller to the authorization platform.
The processor 502 of the second server side is configured to execute the computer program 5032 stored in the memory, so as to implement the following steps: and the authorization platform performs authority authentication on the call request of the calling party according to the authentication request and the record information to obtain an authority authentication result and feeds the authority authentication result back to the service provider, wherein the authority authentication comprises the steps of determining the authority of the calling party for calling the interface and the authority for calling the method in the interface.
The processor 502 of the first server side is configured to execute the computer program 5032 stored in the memory, so as to implement the following steps: and if the authority authentication result is that the authentication is passed, the calling party acquires the method in the interface corresponding to the application, which is provided by the service provider.
In this embodiment, when implementing the step of authenticating the record request sent by the caller by the authorization platform to obtain record information, the processor 502 at the second server side specifically implements the following steps: distributing AppId corresponding to the application and a private key bound with AppId to the caller according to the proposal request; signing the private key to generate an authentication character indicative of unique identity information of the application; interface authority information and method authority information corresponding to the application of the calling party are configured and are bound with the authentication character to be stored in the authorization platform to serve as record information.
In this embodiment, when implementing the authorization platform, according to the authentication request and the record information, the processor 502 of the second server side performs authority authentication on the call request of the caller to obtain an authority authentication result and feeds back the authority authentication result to the service provider, where the authority authentication includes the steps of determining the authority of the caller to call the interface and the authority of invoking the method in the interface, specifically implementing the following steps: acquiring an authentication request which is sent by the service provider and used for carrying out authority authentication on the call request of the caller; judging whether the application of the calling party has the authority for calling the interface or not according to preset interface authority information; if the application of the calling party has the authority to call the interface, judging whether the application of the calling party has the authority to call the method according to preset method authority information; if the application of the calling party has the authority for calling the method, judging that the authority authentication result of authority authentication on the calling request of the calling party is authentication passing; and feeding the authority authentication result back to the service provider.
In this embodiment, when implementing the authorization platform, according to the authentication request and the record information, the processor 502 of the second server side performs authority authentication on the call request of the caller to obtain an authority authentication result and feeds back the authority authentication result to the service provider, where the authority authentication includes the steps of determining the authority of the caller to call the interface and the authority of invoking the method in the interface, specifically implementing the following steps: if the application of the calling party does not have the authority to call the interface, the authorization platform sends a first preset prompt message to the calling party; and if the application of the calling party does not have the authority to call the method, the authorization platform sends a second preset prompt message to the calling party.
It should be appreciated that in embodiments of the present application, the Processor 502 may be a central processing unit (Central Processing Unit, CPU), the Processor 502 may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processors, DSPs), application SPECIFIC INTEGRATED Circuits (ASICs), off-the-shelf Programmable gate arrays (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
It will be appreciated by those of ordinary skill in the art that implementing all or part of the processes in the methods of the above embodiments may be accomplished by generating request-related hardware by a computer program. The computer program comprises program instructions, and the computer program can be stored in a storage medium, which is a computer readable storage medium. The program instructions are executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a storage medium. The storage medium may be a computer readable storage medium. The plurality of storage media provided by the present invention stores a plurality of computer programs that, when executed by a plurality of processors, collectively implement the various embodiments of the above-described authentication and authentication-based RPC remote invocation methods.
The storage medium may be a U-disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, or other various computer-readable storage media that can store program codes.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be combined, divided and deleted according to actual needs. In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The integrated unit may be stored in a storage medium if implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention is essentially or part of what contributes to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising a number of generation requests for a computer device (which may be a personal computer, a terminal, a network device, etc.) to execute all or part of the steps of the method according to the embodiments of the present invention.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.

Claims (6)

1. An RPC remote call method based on authentication and authentication is applied to an RPC remote call system, the RPC remote call system comprises a first server end, a second server end and a third server end, the first server end is a calling party for calling an interface, the second server end is an authorization platform, and the third server end is a service provider for providing the interface, the method is characterized in that:
if the calling party needs to call a method corresponding to an interface of an application, the calling party sends a record request corresponding to the application to the authorization platform;
The authorization platform authenticates the record request sent by the calling party to obtain record information;
the call sends a call request corresponding to the application to the service provider, wherein the call request comprises a method call request for calling a method in an interface;
the service provider sends an authentication request for authenticating authority of the call request of the caller to the authorization platform;
The authorization platform performs authority authentication on the call request of the caller according to the authentication request and the record information to obtain an authority authentication result and feeds the authority authentication result back to the service provider, wherein the authority authentication comprises determining the authority of the caller for calling the interface and the authority for calling the method in the interface;
If the authority authentication result is that authentication is passed, the calling party acquires the method in the interface corresponding to the application provided by the service provider;
the step of authenticating the record request sent by the calling party by the authorization platform to obtain record information comprises the following steps:
Distributing AppId corresponding to the application and a private key bound with AppId to the caller according to the proposal request;
signing the private key to generate an authentication character indicative of unique identity information of the application;
configuring interface authority information and method authority information corresponding to the application of the calling party, binding the interface authority information and the method authority information with the authentication character and storing the information in the authorization platform to serve as record information;
the step of the authorization platform carrying out authority authentication on the call request of the calling party according to the authentication request and the record information to obtain an authority authentication result and feeding back the authority authentication result to the service provider comprises the following steps:
Acquiring an authentication request which is sent by the service provider and used for carrying out authority authentication on the call request of the caller;
judging whether the application of the calling party has the authority for calling the interface or not according to preset interface authority information;
if the application of the calling party has the authority to call the interface, judging whether the application of the calling party has the authority to call the method according to preset method authority information;
If the application of the calling party has the authority for calling the method, judging that the authority authentication result of authority authentication on the calling request of the calling party is authentication passing;
And feeding the authority authentication result back to the service provider.
2. The RPC remote invocation method based on authentication and authentication of claim 1, wherein the step of the authorization platform performing authority authentication on the invocation request of the caller to obtain an authority authentication result and feeding back the authority authentication result to the service provider according to the authentication request and the docket information further comprises:
if the application of the calling party does not have the authority to call the interface, the authorization platform sends a first preset prompt message to the calling party;
and if the application of the calling party does not have the authority to call the method, the authorization platform sends a second preset prompt message to the calling party.
3. An RPC remote call method based on authentication and authentication, the method is applied to a second server in an RPC remote call system, the second server is an authorization platform, the RPC remote call system further includes a first server and a third server, the first server is a caller for calling an interface, and the third server is a service provider for providing the interface, the method is characterized in that:
if the calling party needs to call a method corresponding to an interface of an application, the authorization platform receives a record request corresponding to the application sent by the calling party;
The authorization platform authenticates the record request sent by the calling party to obtain record information;
When the call sends a call request corresponding to the application to the service provider, the authorization platform receives an authentication request sent by the service provider for authenticating the call request of the caller, wherein the call request comprises a method call request for calling a method in an interface;
the authorization platform performs authority authentication on the call request of the caller according to the authentication request and the record information to obtain an authority authentication result and feeds the authority authentication result back to the service provider, wherein the authority authentication comprises determining the authority of the caller for calling the interface and the authority for calling the method in the interface; if the authority authentication result is authentication passing, the calling party acquires the method in the interface corresponding to the application provided by the service provider;
the step of authenticating the record request sent by the calling party to obtain record information comprises the following steps:
Distributing AppId corresponding to the application and a private key bound with AppId to the caller according to the proposal request;
signing the private key to generate an authentication character indicative of unique identity information of the application;
configuring interface authority information and method authority information corresponding to the application of the calling party, binding the interface authority information and the method authority information with the authentication character and storing the information in the authorization platform to serve as record information;
the step of the authorization platform carrying out authority authentication on the call request of the calling party according to the authentication request and the record information to obtain an authority authentication result and feeding back the authority authentication result to the service provider comprises the following steps:
judging whether the application of the calling party has the authority for calling the interface or not according to preset interface authority information;
if the application of the calling party has the authority to call the interface, judging whether the application of the calling party has the authority to call the method according to preset method authority information;
And if the application of the calling party has the authority for calling the method, judging that the authority authentication result of authority authentication on the calling request of the calling party is authentication passing.
4. An RPC remote invocation system based on authentication and authorization, comprising: the system comprises a first sending unit, a second sending unit and an obtaining unit which are configured at a first server end, an authentication unit and a first authentication feedback unit which are configured at a second server end, and a third sending unit which is configured at a third server end, wherein the first server end is a calling party for calling an interface, the second server end is an authorization platform, and the third server end is a service provider for providing the interface, and the system comprises the following components:
the first sending unit is configured to send a record request corresponding to an application to the authorization platform if the calling party needs to call a method corresponding to an interface of the application;
the authentication unit is used for authenticating the filing request sent by the calling party by the authorization platform so as to obtain filing information;
The second sending unit is used for sending a calling request corresponding to the application to the service provider by the calling unit, wherein the calling request comprises a method calling request for calling a method in an interface;
The third sending unit is used for sending an authentication request for authenticating the authority of the calling request of the calling party to the authorization platform by the service provider;
The first authentication feedback unit is used for performing authority authentication on the call request of the caller according to the authentication request and the record information to obtain an authority authentication result and feeding the authority authentication result back to the service provider, and the authority authentication comprises determining the authority of the caller for calling the interface and the authority for calling the method in the interface;
The obtaining unit is used for obtaining the method in the interface corresponding to the application provided by the service provider by the calling party if the authority authentication result is that the authentication is passed;
Wherein the authentication unit includes:
An obtaining subunit, configured to allocate AppId corresponding to the application and a private key bound to the AppId to the caller according to the record request;
a first signature generation subunit for signing the private key to generate an authentication character indicative of unique identity information of the application;
a storage setting subunit, configured to configure interface authority information and method authority information corresponding to the application of the caller, and bind with the authentication character and store in the authorization platform as record information;
The first authentication feedback unit includes:
A first sending subunit, configured to obtain an authentication request sent by the service provider for performing authority authentication on the call request of the caller;
The first judging subunit is used for judging whether the application of the calling party has the authority for calling the interface or not according to preset interface authority information;
A second judging subunit, configured to judge, according to preset method permission information, whether the application of the caller has permission to invoke the method if the application of the caller has permission to invoke the interface;
A first judging subunit, configured to judge that a permission authentication result of performing permission authentication on the call request of the caller is authentication passing if the application of the caller has permission to invoke the method;
And the feedback subunit is used for feeding the authority authentication result back to the service provider.
5. An RPC remote call system based on authentication and authorization, comprising a first server side, a second server side and a third server side, wherein the first server side, the second server side and the third server side each comprise a memory and a processor, the memory stores a computer program, and the processors of the first server side, the second server side and the third server side jointly implement the method according to any one of claims 1-2 when executing the respective computer programs.
6. A computer-readable storage medium, characterized in that the storage medium stores a computer program which, when executed by at least one processor, can implement the method of any one of claims 1-3.
CN202011445222.6A 2020-12-08 2020-12-08 RPC remote calling method, system and storage medium based on authentication and authorization Active CN112506678B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011445222.6A CN112506678B (en) 2020-12-08 2020-12-08 RPC remote calling method, system and storage medium based on authentication and authorization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011445222.6A CN112506678B (en) 2020-12-08 2020-12-08 RPC remote calling method, system and storage medium based on authentication and authorization

Publications (2)

Publication Number Publication Date
CN112506678A CN112506678A (en) 2021-03-16
CN112506678B true CN112506678B (en) 2024-06-11

Family

ID=74971162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011445222.6A Active CN112506678B (en) 2020-12-08 2020-12-08 RPC remote calling method, system and storage medium based on authentication and authorization

Country Status (1)

Country Link
CN (1) CN112506678B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114666387A (en) * 2022-03-25 2022-06-24 广州方硅信息技术有限公司 Interface management system, method, storage medium and computer device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107493286A (en) * 2017-08-23 2017-12-19 杭州安恒信息技术有限公司 A kind of RPC remote procedure calling (PRC) methods based on secure authentication
CN110493237A (en) * 2019-08-26 2019-11-22 深圳前海环融联易信息科技服务有限公司 Identity management method, device, computer equipment and storage medium
CN111095865A (en) * 2019-07-02 2020-05-01 阿里巴巴集团控股有限公司 System and method for issuing verifiable claims
CN111754216A (en) * 2020-06-19 2020-10-09 多加网络科技(北京)有限公司 Automatic switching method for payment link
CN111858089A (en) * 2020-06-29 2020-10-30 北京百度网讯科技有限公司 Method and device for calling Ether house node

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013010172A2 (en) * 2011-07-14 2013-01-17 Docusign, Inc. Online signature identity and verification in community

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107493286A (en) * 2017-08-23 2017-12-19 杭州安恒信息技术有限公司 A kind of RPC remote procedure calling (PRC) methods based on secure authentication
CN111095865A (en) * 2019-07-02 2020-05-01 阿里巴巴集团控股有限公司 System and method for issuing verifiable claims
CN110493237A (en) * 2019-08-26 2019-11-22 深圳前海环融联易信息科技服务有限公司 Identity management method, device, computer equipment and storage medium
CN111754216A (en) * 2020-06-19 2020-10-09 多加网络科技(北京)有限公司 Automatic switching method for payment link
CN111858089A (en) * 2020-06-29 2020-10-30 北京百度网讯科技有限公司 Method and device for calling Ether house node

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
公安警务综合认证鉴权服务中心的设计与实现;王东;樊燕红;;信息技术与信息化(06);全文 *

Also Published As

Publication number Publication date
CN112506678A (en) 2021-03-16

Similar Documents

Publication Publication Date Title
CN106657130B (en) MQTT-based access authentication method and equipment
CN110032865B (en) Authority management method, device and storage medium
US10891383B2 (en) Validating computer resource usage
CN107579958B (en) Data management method, device and system
US9419962B2 (en) Method and apparatus for sharing server resources using a local group
KR101553491B1 (en) Facilitating group access control to data objects in peer-to-peer overlay networks
CN110213276B (en) Authorization verification method under micro-service architecture, server, terminal and medium
CN108769230B (en) Transaction data storage method, device, server and storage medium
JP7260230B2 (en) Alias-based addressing calling method and apparatus
US20080097998A1 (en) Data file access control
CN110933084B (en) Cross-domain shared login state method, device, terminal and storage medium
CN110177124B (en) Identity authentication method based on block chain and related equipment
US9954839B2 (en) Systems and methods for providing distributed authentication of service requests by identity management components
CN109992976B (en) Access credential verification method, device, computer equipment and storage medium
EP3791615A1 (en) Method and appratus for revoking authorization of api invoker
WO2012155456A1 (en) License control method and system thereof
CN112506678B (en) RPC remote calling method, system and storage medium based on authentication and authorization
WO2016134482A1 (en) License management for device management system
CN107172172B (en) Communication method and system in IaaS system
WO2020093609A1 (en) Block generation method, apparatus and device for blockchain, and non-volatile readable storage medium
CN115766064A (en) Password application method, device, equipment and storage medium
JP2008287359A (en) Authentication apparatus and program
CN113806709A (en) Method for activating vehicle-mounted machine service, vehicle and readable storage medium
CN109120631B (en) Function calling system, method, device and storage medium
KR20220085375A (en) Public key management method based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant