CN114357426A - Interface access verification method and device, electronic equipment and readable storage medium - Google Patents

Interface access verification method and device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN114357426A
CN114357426A CN202111473196.2A CN202111473196A CN114357426A CN 114357426 A CN114357426 A CN 114357426A CN 202111473196 A CN202111473196 A CN 202111473196A CN 114357426 A CN114357426 A CN 114357426A
Authority
CN
China
Prior art keywords
target
account
access
type
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111473196.2A
Other languages
Chinese (zh)
Inventor
李艳艳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Cloud Network Technology Co Ltd
Original Assignee
Beijing Kingsoft Cloud Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Cloud Network Technology Co Ltd filed Critical Beijing Kingsoft Cloud Network Technology Co Ltd
Priority to CN202111473196.2A priority Critical patent/CN114357426A/en
Publication of CN114357426A publication Critical patent/CN114357426A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides an interface access verification method, an interface access verification device, electronic equipment and a readable storage medium, and the method comprises the following steps: under the condition that an access request aiming at a target application program interface is received, acquiring a target account identification of a user initiating the access request, wherein the target account identification represents a target user account of the user; acquiring the account type of the target user account according to the target account identification; and performing interface access verification processing on the target user account according to the account type and the target account identification.

Description

Interface access verification method and device, electronic equipment and readable storage medium
Technical Field
The disclosed embodiments relate to the technical field of authority control, and more particularly, to an interface access verification method and apparatus, an electronic device, and a readable storage medium.
Background
With the continuous development of cloud computing technology, cloud resources have more and more functions, and generally, a cloud platform encapsulates services provided by the platform into a series of Open Application Programming interfaces (OpenAPI) so as to facilitate development and use by a user.
In the related art, an application developed by a user may access an open application interface by mounting a Super key (Super access key) and a common key (AK, access key), where the Super key is generally provided for a service registered by a line-of-business (LOB), and the common key is generally provided for the user or for a role. For example, a service registered by a certain service line can access an open application program interface provided by the cloud platform based on the mounted super key.
Generally, because the authority of the super key is relatively large, and the authority of the common key is relatively small, the cloud platform generally only performs access verification on an access request initiated based on the super key mounted on a service registered by a service line, so that under some working conditions, if the common key is leaked, the possibility of bringing potential safety hazards to the cloud platform exists.
Disclosure of Invention
An object of the present disclosure is to provide a new technical solution for interface access verification, so as to improve the security of a cloud platform.
According to a first aspect of the present disclosure, there is provided an embodiment of an interface access authentication method, including:
under the condition that an access request aiming at a target application program interface is received, acquiring a target account identification of a user initiating the access request, wherein the target account identification represents a target user account of the user;
acquiring the account type of the target user account according to the target account identification;
and performing interface access verification processing on the target user account according to the account type and the target account identification.
Optionally, the performing, according to the account type and the target account identifier, interface access verification processing on the target user account includes:
under the condition that the account number type is a first preset type, acquiring address information of a request end initiating the access request, and determining the address type of the address information;
and under the condition that the address type is a first preset address type, performing interface access verification processing on the target user account.
Optionally, the performing the interface access verification processing on the target user account includes:
acquiring a preset white list, wherein the white list comprises configuration information used for limiting whether to perform interface access verification processing on a user account;
under the condition that the content in the white list is not empty, acquiring a first configuration item from the white list, wherein the first configuration item indicates whether to perform the interface access verification processing on the user account with the account type being the first preset type;
and performing interface access verification processing on the target user account according to the first configuration item and the target account identifier.
Optionally, the performing, according to the first configuration item and the target account id, the interface access verification processing on the target user account includes:
and when the first configuration item indicates that the interface access verification processing is not performed on the user account with the account type being the first preset type, allowing a target access key corresponding to the target user account to access the target application program interface.
Optionally, the performing, according to the first configuration item and the target account id, the interface access verification processing on the target user account further includes:
under the condition that the first configuration item indicates that the interface access verification processing is performed on the user account with the account type being the first preset type, acquiring an account identification set and/or an access key set from the white list;
and in the case that the target account identification exists in the account identification set and/or the target access key exists in the access key set, allowing the target application program interface based on the target access key.
Optionally, the method further comprises:
and under the condition that the address type is a second preset address type, the interface access verification processing is not carried out on the target user account, and the target application program interface is allowed to be accessed based on a target access key corresponding to the user account.
Optionally, the obtaining the target account id of the user corresponding to the access request includes:
obtaining a target access key from the access request;
and acquiring the target account identification from preset mapping data according to the target access key, wherein the preset mapping data reflects the corresponding relation between the access key and the account identification of the user.
According to a second aspect of the present disclosure, there is provided an embodiment of an interface access authentication apparatus, comprising:
the system comprises a receiving response module, a processing module and a display module, wherein the receiving response module is used for acquiring a target account identification of a user initiating an access request under the condition of receiving the access request aiming at a target application program interface, and the target account identification represents a target user account of the user;
the account type obtaining module is used for obtaining the account type of the target user account according to the target account identification;
and the interface access verification module is used for performing interface access verification processing on the target user account according to the account type and the target account identification.
According to a third aspect of the disclosure, there is provided an embodiment of an electronic device, an apparatus as described in the second aspect of the specification; alternatively, the first and second electrodes may be,
the electronic device includes:
a memory for storing executable instructions;
a processor configured to operate the electronic device to perform the method according to the first aspect of the specification.
According to a fourth aspect of the present disclosure, there is provided one embodiment of a computer-readable storage medium storing a computer program readable for execution by a computer, the computer program, when read by the computer, being for performing the method according to the first aspect of the present description.
One beneficial effect of the embodiment of the present disclosure is that, according to the embodiment of the present disclosure, in order to improve the security of the cloud platform, when the electronic device receives an access request for a target application program interface, in the embodiment, a target account id of a user account is obtained, so as to obtain an account type of the user account according to the target account id, and then, interface access verification processing may be performed on the user account according to the account type and the target account id, so as to avoid a risk that may be brought to the cloud platform when an access key corresponding to the user account, especially an internal account, is leaked.
Other features of the present description and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description, serve to explain the principles of the specification.
FIG. 1 is a schematic structural diagram of an electronic device that can be used to implement embodiments of the present disclosure.
Fig. 2 is a schematic flowchart of an interface access verification method according to an embodiment of the present disclosure.
Fig. 3 is a schematic block diagram of an interface access authentication apparatus provided in an embodiment of the present disclosure.
Fig. 4 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure.
Detailed Description
Various exemplary embodiments of the present disclosure will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the invention, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
In all examples shown and discussed herein, any particular value should be construed as merely illustrative, and not limiting. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
< hardware configuration >
FIG. 1 is a schematic structural diagram of an electronic device that can be used to implement embodiments of the present disclosure.
The electronic device 1000 may be a server, which may be a physical server or a cloud server, and is not limited herein, and in the embodiment of the disclosure, if there is no special description, the electronic device 1000 is taken as a server for example.
The electronic device 1000 may include, but is not limited to, a processor 1100, a memory 1200, an interface device 1300, a communication device 1400, a display device 1500, an input device 1600, a speaker 1700, a microphone 1800, and the like. The processor 1100 may be a central processing unit CPU, a graphics processing unit GPU, a microprocessor MCU, or the like, and is configured to execute a computer program, and the computer program may be written by using an instruction set of architectures such as x86, Arm, RISC, MIPS, and SSE. The memory 1200 includes, for example, a ROM (read only memory), a RAM (random access memory), a nonvolatile memory such as a hard disk, and the like. The interface device 1300 includes, for example, a USB interface, a serial interface, a parallel interface, and the like. The communication device 1400 is capable of wired communication using an optical fiber or a cable, or wireless communication, and specifically may include WiFi communication, bluetooth communication, 2G/3G/4G/5G communication, and the like. The display device 1500 is, for example, a liquid crystal display panel, a touch panel, or the like. The input device 1600 may include, for example, a touch screen, a keyboard, a somatosensory input, and the like. The speaker 1700 is used to output an audio signal. The microphone 1800 is used to collect audio signals.
As applied to the disclosed embodiments, the memory 1200 of the electronic device 1000 is used to store a computer program for controlling the processor 1100 to operate so as to implement the method according to the disclosed embodiments. The skilled person can design the computer program according to the solution disclosed in the present disclosure. How the computer program controls the processor to operate is well known in the art and will not be described in detail here. The electronic device 1000 may be installed with an intelligent operating system (e.g., Windows, Linux, android, IOS, etc. systems) and application software.
It should be understood by those skilled in the art that although a plurality of devices of the electronic apparatus 1000 are illustrated in fig. 1, the electronic apparatus 1000 of the embodiments of the present disclosure may refer to only some of the devices therein, for example, only the processor 1100 and the memory 1200, etc.
< method examples >
Please refer to fig. 2, which is a flowchart illustrating an interface access verification method according to an embodiment of the present disclosure, where the embodiment may be implemented by an electronic device, for example, the electronic device 1000 shown in fig. 1, and the electronic device is configured to receive an access request for an application program interface provided by a cloud platform, for example, an open application program interface, and perform interface access verification processing on the access request, so as to improve security of the cloud platform.
As shown in fig. 2, the interface access authentication method of the present embodiment may include the following steps S2100 to S2300, which will be described in detail below.
In step S2100, when an access request for a target application program interface is received, a target account id of a user initiating the access request is obtained, where the target account id represents a target user account of the user.
In the embodiment of the present disclosure, the target application program interface may be an open application program interface, that is, an OpenAPI, provided by the cloud platform and facilitating a user to develop and use a service provided by the user, and of course, in a specific implementation, the target application program interface may also be an application program interface of another type, which is not particularly limited herein.
Specifically, the user may create a common access key, that is, a common key, in the cloud platform in advance; then, an access key corresponding to the user account is mounted in the developed application program, so that the open application program interface provided by the cloud platform can be accessed based on the access key in the running process of the application program; or, an operator of the cloud platform may also create a super access key with a relatively large authority in advance, that is, a super key, and mount the super key on a service registered by a certain service line, so that the service can conveniently access resources provided by the cloud platform.
In the related art, because the authority of the super key is usually large, core resources, data and the like in the cloud platform can be conveniently viewed and operated based on the super key, the cloud platform usually restricts intranet access to an access request for accessing the open application program interface based on the super key, and does not usually restrict the access request for accessing the open application program interface based on a common key created by a common user. However, in the case that the common user is an internal employee of an enterprise, the common key created by the common user has a possibility of accessing and operating core resources and data of the cloud platform, and if the key is leaked, for example, because the employee leaves the work and is not logged off in time, there is a risk that the resources of the cloud platform are illegally accessed by other users in the external network based on the key.
In order to solve the problem, in the embodiment of the present disclosure, when an electronic device implementing the method of this embodiment receives an access request for a target application program interface, a target account id of a user may be obtained first based on the access request, so as to determine whether interface access verification processing needs to be performed on a target user account of the user according to the target account id, so as to solve the problem. It should be noted that, for convenience of description, in the following description, if there is no particular description, a general key corresponding to a user account is referred to as an access key for description.
In an embodiment, the obtaining the target account id of the user corresponding to the access request includes: obtaining a target access key from the access request; and obtaining the target account identification from preset mapping data according to the target access key, wherein the preset mapping data reflects the corresponding relation between the access key and the account identification of the user.
Step S2200, obtaining the account type of the target user account according to the target account identifier; and executing step S2300, and performing interface access verification processing on the target user account according to the account type and the target account identifier.
In the embodiment of the disclosure, the account type of the user account may be set by an operator corresponding to the cloud platform when the user account is created, and the account type may specifically be one attribute information of the user account.
For example, in the case of creating a user account of "user 01" for an employee inside an enterprise, the account type of the user account may be automatically set to information indicating that it is a first preset type, that is, an internal account.
It should be noted that, in a specific implementation, in order to enable the electronic device to accurately obtain the account type of the user account, after the account type of the user account is set by an operator, the account type may be synchronized to a cache database used by the cloud platform, for example, a Redis database, in an asynchronous message queue manner.
In one embodiment, the interface access verification processing performed on the target user account according to the account type and the target account identifier includes: under the condition that the account number type is a first preset type, acquiring address information of a request end initiating the access request, and determining the address type of the address information; and under the condition that the address type is a first preset address type, carrying out interface access verification processing on the user account.
Specifically, the account types in the embodiment of the present disclosure at least include a first preset type and a second preset type, where the first preset type indicates that the user account is an internal account, that is, a user account used by an internal user of an enterprise to which the cloud platform belongs; the second preset type represents that the user account is an external account, namely, a user account used by an external user except for an enterprise to which the cloud platform belongs.
In specific implementation, if the account type is the second preset type, it is indicated that the user corresponding to the access request is an external user, and since the user key is provided for the external user and the usage right of the user is limited, that is, the access and operation right to the core resource and data of the cloud platform is not involved, in the case that the account type is the second preset type, the interface access verification processing may not be performed on the access request initiated by the user key based on the user account of the type, and the target application program interface may be directly allowed to be accessed based on the access key corresponding to the user account.
If the account type is the first preset type, it is indicated that the user corresponding to the access request is an internal user, and in order to ensure the security of the cloud platform, the address type of the request terminal initiating the access request needs to be determined first, so as to determine whether interface access verification processing needs to be performed on the access request initiated by the user key based on the user account of the type.
The request terminal may be an IP address of the electronic device that initiates the access request. The address type may include a first preset address type and a second preset address type, where the first preset address type is used to indicate that the corresponding address is an external IP address, and the second preset address type is used to indicate that the corresponding address is an internal IP address. In an optional implementation manner, the address type of the request end may be determined by a network segment to which the IP address belongs, and if the IP address initiating the access request belongs to an intranet-specific IP network segment, the address type of the IP address may be determined to be a second preset address type (i.e., an intranet IP address).
Specifically, in the embodiment of the present disclosure, in order to avoid a potential safety hazard that may be caused to a cloud platform due to a leakage of an access key corresponding to an internal account when a target user account initiating an access request for a target application program interface is an internal account and an address type of a request end initiating the access request is an external network address, interface access verification processing needs to be performed on the access request received under the circumstance, so as to ensure the security of the cloud platform.
In one embodiment, the performing the interface access verification process on the target user account includes: acquiring a preset white list, wherein the white list comprises configuration information used for limiting whether to perform interface access verification processing on a user account; under the condition that the content in the white list is not empty, acquiring a first configuration item from the white list, wherein the first configuration item indicates whether to perform the interface access verification processing on the user account with the account type being the first preset type; and performing interface access verification processing on the target user account according to the first configuration item and the target account identifier.
The white list refers to configuration information which is preset and can be maintained based on an automatic updating mechanism and is used for limiting whether interface access verification processing needs to be carried out on the user account. The white list may include a first configuration item, namely enable _ all, for identifying whether the verification processing is performed on the user account with the account type being a first preset type; in the embodiment of the disclosure, whether interface access verification processing needs to be performed on the internal account may be identified by setting a value of the first configuration item enable _ all. For example, in the case where enable _ all is "1", it is identified that interface access authentication processing is not required for the internal account, and in the case where enable _ all is "0" or a specific numerical value is not set, it is identified that interface access authentication processing is required for the internal account.
That is, in one embodiment, the performing, according to the first configuration item and the target account id, interface access verification processing on the user account includes: and under the condition that the first configuration item indicates that interface access verification processing is not performed on the user account with the account type being the first preset type, allowing access to the target application program interface based on the access key corresponding to the target user account.
In addition, in an embodiment, the performing interface access verification processing on the target user account according to the first configuration item and the target user account id further includes: under the condition that the first configuration item indicates that interface access verification processing is performed on a user account of which the account type is a first preset type, acquiring an account identification set and/or an access key set from the white list; access to a target application program interface based on the target access key is allowed in the event that a target account identification exists in the set of account identifications and/or the target access key exists in the set of access keys.
Specifically, when the first configuration item is empty or the set value indicates that interface access verification processing needs to be performed on the internal account, an account identifier set account _ list and/or an access key set ak _ list may be obtained in the white list; whether the target account identification exists or not is inquired in the account _ list, and whether a target access key in the access request exists or not is inquired in the ak _ list; and if any item is met, allowing the request terminal to access the target application program interface based on the target access key.
To sum up, in the method provided in the embodiment of the present disclosure, in order to improve the security of the cloud platform when the electronic device receives an access request for a target application program interface, the target account id of a user account is obtained in the embodiment, so as to obtain the account type of the user account according to the target account id, and then, interface access verification processing may be performed on the user account according to the account type and the target account id, so as to avoid a risk that may be brought to the cloud platform when an access key corresponding to the user account, especially an internal account, is leaked.
< apparatus embodiment >
Corresponding to the above method embodiment, fig. 3 is a schematic block diagram of an interface access authentication apparatus according to an embodiment of the present disclosure. As shown in fig. 3, the interface access authentication device 3000 may include: a receive response module 3100, an account type obtaining module 3200, and an interface access verification module 3300.
The receiving response module 3100 is configured to, when an access request for a target application program interface is received, obtain a target account id of a user initiating the access request, where the target account id represents a target user account of the user.
In one embodiment, the receiving response module 3100, when obtaining the target account id of the user corresponding to the access request, may be configured to: obtaining a target access key from the access request; and acquiring the target account identification from preset mapping data according to the target access key, wherein the preset mapping data reflects the corresponding relation between the access key and the account identification of the user. The account type obtaining module 3200 is configured to obtain an account type of the target user account according to the target account id.
The interface access verification module 3300 is configured to perform interface access verification processing on the target user account according to the account type and the target account identifier.
In an embodiment, when performing interface access verification processing on the target user account according to the account type and the target account id, the interface access verification module 3300 may be configured to: under the condition that the account number type is a first preset type, acquiring address information of a request end initiating the access request, and determining the address type of the address information; and under the condition that the address type is a first preset address type, performing interface access verification processing on the target user account.
In one embodiment, the interface access verification module 3300, when performing the interface access verification process on the target user account, may be configured to: acquiring a preset white list, wherein the white list comprises configuration information used for limiting whether to perform interface access verification processing on a user account; under the condition that the content in the white list is not empty, acquiring a first configuration item from the white list, wherein the first configuration item indicates whether to perform the interface access verification processing on the user account with the account type being the first preset type; and performing interface access verification processing on the target user account according to the first configuration item and the target account identifier.
In an embodiment, the interface access verification module 3300, when performing the interface access verification processing on the target user account according to the first configuration item and the target account id, may be configured to: and when the first configuration item indicates that the interface access verification processing is not performed on the user account with the account type being the first preset type, allowing a target access key corresponding to the target user account to access the target application program interface.
In an embodiment, the interface access verification module 3300, when performing the interface access verification processing on the target user account according to the first configuration item and the target account id, may further be configured to: under the condition that the first configuration item indicates that the interface access verification processing is performed on the user account with the account type being the first preset type, acquiring an account identification set and/or an access key set from the white list; and in the case that the target account identification exists in the account identification set and/or the target access key exists in the access key set, allowing the target application program interface based on the target access key.
In one embodiment, the interface access verification module 3300 may be further configured to: and under the condition that the address type is a second preset address type, the interface access verification processing is not carried out on the target user account, and the target application program interface is allowed to be accessed based on a target access key corresponding to the user account.
< apparatus embodiment >
Corresponding to the above embodiments, fig. 4 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure.
As shown in fig. 4, the electronic device 400 comprises a processor 410 and a memory 420, the memory 420 being adapted to store an executable computer program, the processor 410 being adapted to perform a method according to any of the above method embodiments, under control of the computer program.
The modules of the interface access authentication apparatus 3000 may be realized by the processor 410 executing the computer program stored in the memory 420 in the present embodiment, or may be realized by another circuit configuration, which is not limited herein.
< computer-readable storage Medium embodiment >
The present embodiments provide a computer-readable storage medium having stored therein an executable command, which when executed by a processor, performs the method described in any of the method embodiments of the present specification.
One or more embodiments of the present description may be a system, method, and/or computer program product. The computer program product may include a computer-readable storage medium having computer-readable program instructions embodied thereon for causing a processor to implement various aspects of the specification.
The computer readable storage medium may be a tangible device that can hold and store the instructions for use by the instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic memory device, a magnetic memory device, an optical memory device, an electromagnetic memory device, a semiconductor memory device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a Static Random Access Memory (SRAM), a portable compact disc read-only memory (CD-ROM), a Digital Versatile Disc (DVD), a memory stick, a floppy disk, a mechanical coding device, such as punch cards or in-groove projection structures having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media as used herein is not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or other transmission medium (e.g., optical pulses through a fiber optic cable), or electrical signals transmitted through electrical wires.
The computer-readable program instructions described herein may be downloaded from a computer-readable storage medium to a respective computing/processing device, or to an external computer or external storage device via a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmission, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers. The network adapter card or network interface in each computing/processing device receives computer-readable program instructions from the network and forwards the computer-readable program instructions for storage in a computer-readable storage medium in the respective computing/processing device.
The computer program instructions for carrying out operations for embodiments of the present description may be assembly instructions, Instruction Set Architecture (ISA) instructions, machine related instructions, microcode, firmware instructions, state setting data, or source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer-readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, an electronic circuit, such as a programmable logic circuit, a Field Programmable Gate Array (FPGA), or a Programmable Logic Array (PLA), can execute computer-readable program instructions to implement various aspects of the present description by utilizing state information of the computer-readable program instructions to personalize the electronic circuit.
Aspects of the present description are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the description. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.
These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer-readable program instructions may also be stored in a computer-readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer-readable medium storing the instructions comprises an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present description. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. It is well known to those skilled in the art that implementation by hardware, implementation by software, and implementation by a combination of software and hardware are equivalent.
The foregoing description of the embodiments of the present specification has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein. The scope of the application is defined by the appended claims.

Claims (10)

1. An interface access authentication method, comprising:
under the condition that an access request aiming at a target application program interface is received, acquiring a target account identification of a user initiating the access request, wherein the target account identification represents a target user account of the user;
acquiring the account type of the target user account according to the target account identification;
and performing interface access verification processing on the target user account according to the account type and the target account identification.
2. The method according to claim 1, wherein the performing interface access validation processing on the target user account according to the account type and the target account identifier comprises:
under the condition that the account number type is a first preset type, acquiring address information of a request end initiating the access request, and determining the address type of the address information;
and under the condition that the address type is a first preset address type, performing interface access verification processing on the target user account.
3. The method of claim 2, wherein the performing the interface access validation process on the target user account comprises:
acquiring a preset white list, wherein the white list comprises configuration information used for limiting whether to perform interface access verification processing on a user account;
under the condition that the content in the white list is not empty, acquiring a first configuration item from the white list, wherein the first configuration item indicates whether to perform the interface access verification processing on the user account with the account type being the first preset type;
and performing interface access verification processing on the target user account according to the first configuration item and the target account identifier.
4. The method according to claim 3, wherein the performing the interface access verification processing on the target user account according to the first configuration item and the target account id includes:
and when the first configuration item indicates that the interface access verification processing is not performed on the user account with the account type being the first preset type, allowing a target access key corresponding to the target user account to access the target application program interface.
5. The method according to claim 4, wherein the performing the interface access verification processing on the target user account according to the first configuration item and the target account id further includes:
under the condition that the first configuration item indicates that the interface access verification processing is performed on the user account with the account type being the first preset type, acquiring an account identification set and/or an access key set from the white list;
and in the case that the target account identification exists in the account identification set and/or the target access key exists in the access key set, allowing the target application program interface based on the target access key.
6. The method of claim 2, further comprising:
and under the condition that the address type is a second preset address type, the interface access verification processing is not carried out on the target user account, and the target application program interface is allowed to be accessed based on a target access key corresponding to the user account.
7. The method according to claim 1, wherein the obtaining of the target account id of the user corresponding to the access request includes:
obtaining a target access key from the access request;
and acquiring the target account identification from preset mapping data according to the target access key, wherein the preset mapping data reflects the corresponding relation between the access key and the account identification of the user.
8. An interface access authentication apparatus, comprising:
the system comprises a receiving response module, a processing module and a display module, wherein the receiving response module is used for acquiring a target account identification of a user initiating an access request under the condition of receiving the access request aiming at a target application program interface, and the target account identification represents a target user account of the user;
the account type obtaining module is used for obtaining the account type of the target user account according to the target account identification;
and the interface access verification module is used for performing interface access verification processing on the target user account according to the account type and the target account identification.
9. An electronic device comprising the apparatus of claim 8; alternatively, the first and second electrodes may be,
the electronic device includes:
a memory for storing executable instructions;
a processor configured to execute the electronic device to perform the method according to the control of the instruction, wherein the method is as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, in which a computer program is stored which is readable and executable by a computer, and which, when read by the computer, is adapted to perform the method according to any one of claims 1 to 7.
CN202111473196.2A 2021-12-02 2021-12-02 Interface access verification method and device, electronic equipment and readable storage medium Pending CN114357426A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111473196.2A CN114357426A (en) 2021-12-02 2021-12-02 Interface access verification method and device, electronic equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111473196.2A CN114357426A (en) 2021-12-02 2021-12-02 Interface access verification method and device, electronic equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN114357426A true CN114357426A (en) 2022-04-15

Family

ID=81096523

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111473196.2A Pending CN114357426A (en) 2021-12-02 2021-12-02 Interface access verification method and device, electronic equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN114357426A (en)

Similar Documents

Publication Publication Date Title
US9569180B1 (en) Application development in cloud based environment
US8903702B2 (en) Generating specifications for expression language expressions and tag libraries
CN110471728B (en) Method and related device for displaying interface based on user permission
CN111242462A (en) Data processing method and device, computer storage medium and electronic equipment
CN113760306A (en) Method and device for installing software, electronic equipment and storage medium
CN106293849A (en) A kind of application update method and terminal
CN109117153A (en) Processing method, device, terminal and the storage medium of application program
CN114372256A (en) Application program running method, device, equipment and storage medium
CN114398044A (en) Vehicle control and software configuration method, device, electronic equipment and storage medium
US20190149601A1 (en) Device list synchronizing method and apparatus, device, and computer storage medium
US10255057B2 (en) Locale object management
CN110865818B (en) Detection method and device for application associated domain name and electronic equipment
CN111435328B (en) Application testing method and device, electronic equipment and readable storage medium
CN114357426A (en) Interface access verification method and device, electronic equipment and readable storage medium
CN108984391B (en) Application program analysis method and device and electronic equipment
US10061686B2 (en) Method, electronic apparatus, system, and storage medium for automated testing of application user interface
US10831635B2 (en) Preemption of false positives in code scanning
CN115080113A (en) Item code detection method and device, readable storage medium and electronic equipment
CN109933990B (en) Multi-mode matching-based security vulnerability discovery method and device and electronic equipment
CN113010189A (en) Database installation method, device, equipment and storage medium
US9942331B2 (en) Utilization of computing services
CN110716753A (en) Cloud host initialization method and device, storage medium and electronic equipment
CN104268205A (en) Method and device for obtaining information of installed applications in IOS system
CN111382057A (en) Test case generation method, test method and device, server and storage medium
CN114357400A (en) Login verification method and device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination