CN115001755B - API authorization and access control method, system, electronic equipment and storage medium - Google Patents
API authorization and access control method, system, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN115001755B CN115001755B CN202210523328.6A CN202210523328A CN115001755B CN 115001755 B CN115001755 B CN 115001755B CN 202210523328 A CN202210523328 A CN 202210523328A CN 115001755 B CN115001755 B CN 115001755B
- Authority
- CN
- China
- Prior art keywords
- access
- control software
- token code
- authorization
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an API authorization and access control method, a system, an electronic device and a storage medium, wherein the method comprises the following steps: the method comprises the steps that orbit control software receives an access request sent by a user through a browser; the orbit control software checks the authorization condition of the access request; if the access request is not authorized, the orbit control software sends the access request to an authentication system to obtain an authorization code; the track control software carries an authorization code to an authentication system to obtain an access token code; the orbit control software carries an access request and an access token code to access the database or the message bus to obtain corresponding access data, and returns the access data to a user through a browser, so that the safe access to the protected data in the message bus and the database stored in the satellite control center subsystem can be realized under the condition that the orbit control software and the authentication system do not share a password, the safety of the data is enhanced through the limitation of the access token code, and the data in the message bus and the database is effectively protected.
Description
Technical Field
The invention relates to the technical field of data access, in particular to an API authorization and access control method, an API authorization and access control system, electronic equipment and a storage medium.
Background
The satellite control center subsystem is mainly responsible for performing orbit analysis on a satellite, monitoring the state of the satellite and performing on-orbit operation control on the satellite, and comprises a plurality of functions of task planning and scheduling, orbit determination and prediction, telemetering management, remote control management, measurement and control information real-time monitoring, alarming and fault diagnosis, measurement and control data management, collision avoidance calculation and the like. The satellite orbit control software (namely orbit control software) is used as a core function of a satellite control center subsystem and is responsible for the functions of orbit control strategy formulation, orbit process analysis and evaluation and the like, and interfaces exist with orbit determination and prediction, satellite remote measurement management, collision avoidance calculation, real-time monitoring of measurement and control information, measurement and control data management and system configuration of the satellite control center subsystem. Because the orbit control software is a part of the satellite control center subsystem and cannot share the password with the authentication system of the satellite control center subsystem, the problem that protected data stored in a message bus and a database of the satellite control center subsystem are safely accessed from the orbit control software under the condition that the password cannot be shared needs to be solved.
Disclosure of Invention
The invention aims to provide an API authorization and access control method, an API authorization and access control system, electronic equipment and a storage medium, so as to overcome the defect that in the prior art, protected data cannot be safely acquired under the condition that the track control software and an authentication system do not share a password.
The process of the invention is further illustrated in five aspects below:
in a first aspect, an API authorization and access control method is provided, which is applied to a tracking control software terminal, and includes the following steps:
the method comprises the steps that orbit control software receives an access request sent by a user through a browser;
the orbit control software checks the authorization condition of the access request;
if the access request is not authorized, the orbit control software sends the access request to an authentication system to obtain an authorization code;
the track control software carries an authorization code to an authentication system to obtain an access token code;
and the orbit control software carries an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to the user through the browser.
With reference to the first aspect, the access token code is provided with an access limit switch, and the access limit switch includes one or a combination of a duration limit switch and a frequency limit switch.
With reference to the first aspect, the time limit switch may be configured to turn on the time switch after the access request is started, and when the time exceeds a certain threshold, the access cannot be performed any more, that is, the access token code is invalid.
With reference to the first aspect, the number limiting switch includes turning on a number counting switch after the first access request is started, the access times of the access token code are accumulated, and when the total access times of the access token code is equal to the access times set by the access token code, no access can be performed, that is, the access token code is invalid.
With reference to the first aspect, when the time length limiting switch and the number limiting switch are combined, the timing and number counting switch is turned on after the first access request is started, a certain number of accesses can be performed within a set time period, and when the set time length is exceeded or the set number of accesses is exceeded, the access cannot be performed any more, that is, the access token code is invalid.
In a second aspect, an API authorization and access control method is provided, which is applied to an authentication system side, and the method includes the following steps:
the authentication system receives an access request sent by the rail control software and returns an authorization code, wherein the access request is sent to the rail control software by a user through a browser;
and the authentication system receives an authorization code sent by the rail control software and returns an access token code, wherein the access token code is used for accessing the database or the message bus.
In combination with the second aspect, the access token code is provided with an access limiting switch, and the access limiting switch includes one or a combination of a duration limiting switch and a frequency limiting switch.
In a third aspect, an API authorization and access control system is provided, where the API authorization and access control system is applied to a tracking control software terminal, and the system includes:
a receiving module: the method comprises the steps that orbit control software receives an access request sent by a user through a browser;
the query module: the authorization condition of the access request is checked by the orbit control software;
a first request module: if the access request is not authorized, the orbit control software sends the access request to the authentication system to obtain an authorization code;
a second request module: the authorization code is carried by the rail control software to the authentication system to obtain an access token code;
a data access module: the method is used for the orbit control software to carry an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to a user through a browser.
In a fourth aspect, an electronic device is provided, the electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to perform the API authorization and access control method of the first aspect or to perform the API authorization and access control method of the second aspect.
In a fifth aspect, a computer-readable storage medium is provided, on which a computer program is stored, which, when being executed by a processor, implements the API authorization and access control method according to the first aspect or implements the API authorization and access control method according to the second aspect.
The invention has the advantages that: the API authorization and access control method, the system, the electronic equipment and the storage medium can safely access protected data in a message bus and a database stored in a satellite control center subsystem under the condition that orbit control software and an authentication system do not share a password, and effectively limit the access duration and the access times by the access token code, thereby enhancing the safety of the data and effectively protecting the data in the message bus and the database.
Drawings
Fig. 1 is a schematic flow chart of a method applied to an orbit control software end in the invention.
FIG. 2 is a schematic flow chart of the method of the present invention.
Fig. 3 is a schematic structural diagram of a user access flow in the present invention.
Fig. 4 is a schematic diagram illustrating a refresh flow of the access token code according to the present invention.
Fig. 5 is a flow chart illustrating an access request according to the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further described with the specific embodiments.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or to implicitly indicate a number of the indicated technical features. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
The orbit of the low-orbit sun synchronous orbit optical remote sensing satellite is greatly influenced by atmospheric perturbation and solar attraction perturbation. According to the orbit evolution characteristic of a sun synchronous orbit and the requirement of an optical remote sensing task, an orbit control scene of a satellite mainly comprises a satellite point holding mode, a rising intersection point right ascension holding mode, an orbit maneuvering mode at the initial stage of orbit entering, a temporary maneuvering mode during a long pipe period and the like, wherein the satellite point holding mode is used for resisting the orbit drift of the satellite point caused by atmospheric perturbation, and a main control mode is a main orbit holding control mode in a task stage; the rising intersection point right ascension is mainly used for resisting local time deviation overrun of a falling intersection point caused by solar attraction perturbation, and the main control mode is inclination angle adjustment and correction; the control mode of the orbit maneuver is flexibly selected according to a specific task target.
The orbit control software is totally called as satellite orbit control software, and the computed injection orbit and orbit control parameters directly influence the on-orbit state of the satellite, so that extremely high requirements on the accuracy and reliability of the software are provided.
The process of the invention is further illustrated by the following four examples:
example 1
As shown in fig. 1, fig. 3, fig. 4, and fig. 5, an API authorization and access control method is applied to a tracking control software end, and the method includes the following steps:
s1: receiving an access request sent by a user through a browser by the orbit control software;
a user logs in a browser through electronic equipment, accesses the rail control software through the browser and sends a request for accessing data to the rail control software;
s2: the orbit control software checks the authorization condition of the access request;
the orbit control software needs to check whether the sent access request is authorized;
s3: if the access request is not authorized, the orbit control software sends the access request to an authentication system to obtain an authorization code;
if the access request is authorized, directly entering the next step;
if the access request is not authorized, the orbit control software sends the access request which is not authorized to the authentication system, and the authentication system is required to provide an authorization code;
s4: the track control software carries an authorization code to an authentication system to obtain an access token code;
s5: and the orbit control software carries an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to the user through the browser.
An access limit switch is arranged on the access token code, and the access limit switch comprises a duration limit switch; the time limit switch comprises a timing switch which is turned on after the access request is started, and the access cannot be performed any more after the time exceeds a certain threshold value, namely, the access token code is invalid;
FIG. 4 is a schematic diagram illustrating a refresh process of an access token code according to the present invention; wherein, the first and the second end of the pipe are connected with each other,
the first step is as follows: the orbit control software acquires authorization information from an authentication system (namely API);
the second step is that: the authentication system returns an access token according to the authorization information, namely, the access token code is refreshed;
the third step: the orbit control software carries an access token code to access a message bus;
the fourth step: the message bus responds to an access request of the rail control software and sends required data to the rail control software;
the fifth step: the orbit control software continues to access the message bus;
and a sixth step: the access time length of the access token code exceeds the set time length, the access token code is invalid, and the message bus refuses the access;
the seventh step: the orbit control software requests the authentication system to refresh the access token code;
the eighth step: the authentication system issues a new access token code to the orbit control software;
as shown in fig. 3, which is a schematic structural diagram of a user access flow in the present invention, wherein 1 is that a user logs in a browser through an electronic device, accesses a tracking control software through the browser, and sends a request for accessing data to the tracking control software; 2, checking whether the access request of the user is authorized or not by the orbit control software, if not, skipping to an authentication system, and starting authorization; 3, confirming the authorization of the orbit control software for the user; 4, the authentication system sends the authorization code to the rail control software according to the access request; 5, requesting an access token code from an authentication system by the rail control software carrying an authorization code; 6, the authentication system returns the access token code to the orbit control software; 7, the orbit control software carries an access token code to access the database; and 8, displaying the protected data to the user for the database through a browser.
FIG. 5 is a flow chart illustrating an access request according to the present invention; wherein the content of the first and second substances,
the first step is as follows: the orbit control software sends an access request to the database after obtaining the authorization of the user;
the second step is that: the database responds to the access request sent by the orbit control software;
the third step: the orbit control software sends a request for authorizing access to the token code to the authentication system;
the fourth step: the authentication system replies the access token code of the orbit control software according to the request of the access token code;
the fifth step: the orbit control software carries the obtained access token code to send a data access request to a message bus;
and a sixth step: the message bus replies corresponding data according to the access token code and the access request;
an API authorization and access control method is applied to an authentication system end, and comprises the following steps:
the authentication system receives an access request sent by the rail control software and returns an authorization code, wherein the access request is sent to the rail control software by a user through a browser;
a user logs in a browser through electronic equipment, accesses the orbit control software through the browser and sends a request for accessing data to the orbit control software;
and the authentication system receives an authorization code sent by the rail control software and returns an access token code, wherein the access token code is used for accessing the database or the message bus.
An API authorization and access control system applied to an orbit control software terminal, the system comprising:
a receiving module: the method comprises the steps that orbit control software receives an access request sent by a user through a browser;
the query module: checking authorization of the access request by the rail control software;
a first request module: if the access request is not authorized, the track control software sends the access request to the authentication system to obtain an authorization code;
a second request module: the authorization code is carried by the rail control software to the authentication system to obtain an access token code;
a data access module: the method is used for the orbit control software to carry an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to a user through a browser.
An electronic device, the electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executed by the at least one processor to cause the at least one processor to execute the API authorization and access control method applied to the tracking control software side or the API authorization and access control method applied to the authentication system side.
A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the API authorization and access control method as applied to the tracking control software side as described above, or implements the API authorization and access control method as applied to an authentication system side as described above.
Example 2
As shown in fig. 1, fig. 3, fig. 4, and fig. 5, an API authorization and access control method is applied to a tracking control software side, and the method includes the following steps:
s1: receiving an access request sent by a user through a browser by the orbit control software;
a user logs in a browser through electronic equipment, accesses the orbit control software through the browser and sends a request for accessing data to the orbit control software;
s2: the orbit control software checks the authorization condition of the access request;
the orbit control software needs to check whether the sent access request is authorized;
s3: if the access request is not authorized, the track control software sends the access request to an authentication system to obtain an authorization code;
if the access request is authorized, directly entering the next step;
if the access request is not authorized, the track control software sends the access request which is not authorized to the authentication system, and the authentication system is required to provide an authorization code;
s4: the track control software carries an authorization code to an authentication system to obtain an access token code;
s5: and the orbit control software carries an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to the user through the browser.
The access token code is provided with an access limit switch, the access limit switch comprises a frequency limit switch, the frequency limit switch comprises a counting switch which is opened after a first access request is started, the access frequency of the access token code is accumulated, when the total access frequency of the access token code is equal to the access frequency set by the access token code, the access can not be carried out any more, namely, the access token code is invalid, and the frequency of the data access of a user can be limited through the access limit switch, so that the data jam or the data leakage caused by the multiple times of data access of the user can be avoided;
FIG. 4 is a schematic diagram illustrating a refresh process of an access token code according to the present invention; wherein the content of the first and second substances,
the first step is as follows: the orbit control software acquires authorization information from an authentication system (namely API);
the second step is that: the authentication system returns an access token according to the authorization information, namely, the access token code is refreshed;
the third step: the orbit control software carries an access token code to access a message bus;
the fourth step: the message bus responds to an access request of the rail control software and sends required data to the rail control software;
the fifth step: the orbit control software continues to access the message bus;
and a sixth step: if the access times of the access token code exceed the access threshold, the access token code is invalid, and the message bus refuses access;
the seventh step: the orbit control software requests the authentication system for refreshing the access token code;
the eighth step: the authentication system issues a new access token code to the orbit control software;
as shown in fig. 3, which is a schematic structural diagram of a user access flow in the present invention, wherein 1 is that a user logs in a browser through an electronic device, accesses a tracking control software through the browser, and sends a request for accessing data to the tracking control software; 2, checking whether the access request of the user is authorized or not by the orbit control software, if not, skipping to an authentication system, and starting authorization; 3, confirming the authorization of the orbit control software for the user; 4, the authentication system sends an authorization code to the track control software according to the access request; 5, the track control software carries an authorization code to request an access token code from an authentication system; 6, the authentication system returns the access token code to the orbit control software; 7, the orbit control software carries an access token code to access the database; and 8, displaying the protected data to the user for the database through a browser.
FIG. 5 is a schematic flow chart of an access request according to the present invention; wherein the content of the first and second substances,
the first step is as follows: the orbit control software sends an access request to the database after obtaining the authorization of the user;
the second step: the database responds to the access request sent by the orbit control software;
the third step: the orbit control software sends a request for authorizing access to the token code to the authentication system;
the fourth step: the authentication system replies the access token code of the orbit control software according to the request of the access token code;
the fifth step: the orbit control software carries the obtained access token code to send a data access request to a message bus;
and a sixth step: the message bus replies corresponding data according to the access token code and the access request;
an API authorization and access control method is applied to an authentication system end, and comprises the following steps:
the authentication system receives an access request sent by the rail control software and returns an authorization code, wherein the access request is sent to the rail control software by a user through a browser;
a user logs in a browser through electronic equipment, accesses the orbit control software through the browser and sends a request for accessing data to the orbit control software;
and the authentication system receives an authorization code sent by the rail control software and returns an access token code, wherein the access token code is used for accessing the database or the message bus.
An API authorization and access control system applied to an orbit control software terminal, the system comprising:
a receiving module: the method comprises the steps that orbit control software receives an access request sent by a user through a browser;
the query module: checking authorization of the access request by the rail control software;
a first request module: if the access request is not authorized, the track control software sends the access request to the authentication system to obtain an authorization code;
a second request module: the authorization code is carried by the rail control software to the authentication system to obtain an access token code;
a data access module: the method is used for the orbit control software to carry an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to a user through a browser.
An electronic device, the electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to execute the API authorization and access control method applied to the tracking software side or the API authorization and access control method applied to the authentication system side.
A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the API authorization and access control method as applied to the tracking control software side, or implements the API authorization and access control method as applied to the authentication system side.
Example 3
As shown in fig. 1, fig. 3, fig. 4, and fig. 5, an API authorization and access control method is applied to a tracking control software side, and the method includes the following steps:
s1: receiving an access request sent by a user through a browser by the orbit control software;
a user logs in a browser through electronic equipment, accesses the orbit control software through the browser and sends a request for accessing data to the orbit control software;
s2: the orbit control software checks the authorization condition of the access request;
the orbit control software needs to check whether the sent access request is authorized;
s3: if the access request is not authorized, the track control software sends the access request to an authentication system to obtain an authorization code;
if the access request is authorized, directly entering the next step;
if the access request is not authorized, the orbit control software sends the access request which is not authorized to the authentication system, and the authentication system is required to provide an authorization code;
s4: the track control software carries an authorization code to an authentication system to obtain an access token code;
s5: and the orbit control software carries an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to the user through the browser.
The access token code is provided with an access limit switch, and the access limit switch comprises a combination of a duration limit switch and a frequency limit switch;
the combination of the time length limiting switch and the time number limiting switch comprises the steps that the timing and time counting switch is turned on after the first access request is started, a certain number of accesses can be performed within a set time period, and when the set time length is exceeded or the set access time number is exceeded, the access can not be performed any more, namely, the access token code is invalid;
FIG. 4 is a schematic diagram illustrating a refresh process of an access token code according to the present invention; wherein, the first and the second end of the pipe are connected with each other,
the first step is as follows: the orbit control software acquires authorization information from an authentication system (namely API);
the second step: the authentication system returns an access token according to the authorization information, namely, the access token code is refreshed;
the third step: the orbit control software carries an access token code to access a message bus;
the fourth step: the message bus responds to an access request of the rail control software and sends required data to the rail control software;
the fifth step: the orbit control software continues to access the message bus;
and a sixth step: the access time length of the access token code exceeds the set time length or the access times of the access token code exceeds the access threshold value, the access token code is invalid, and the message bus refuses the access;
the seventh step: the orbit control software requests the authentication system to refresh the access token code;
the eighth step: the authentication system issues a new access token code to the orbit control software;
as shown in fig. 3, which is a schematic structural diagram of a user access flow in the present invention, wherein 1 is that a user logs in a browser through an electronic device, accesses a tracking control software through the browser, and sends a request for accessing data to the tracking control software; 2, the orbit control software checks whether the access request of the user is authorized, if not, the user jumps to an authentication system to start authorization; 3, confirming the authorization of the orbit control software for the user; 4, the authentication system sends an authorization code to the track control software according to the access request; 5, requesting an access token code from an authentication system by the rail control software carrying an authorization code; 6, the authentication system returns the access token code to the orbit control software; 7, the orbit control software carries an access token code to access the database; and 8, displaying the protected data to the user for the database through a browser.
FIG. 5 is a flow chart illustrating an access request according to the present invention; wherein the content of the first and second substances,
the first step is as follows: the orbit control software sends an access request to the database after obtaining the authorization of the user;
the second step is that: the database responds to the access request sent by the orbit control software;
the third step: the orbit control software sends a request for authorizing access to the token code to the authentication system;
the fourth step: the authentication system replies the access token code of the orbit control software according to the request of the access token code;
the fifth step: the orbit control software carries the obtained access token code to send a data access request to a message bus;
and a sixth step: the message bus replies corresponding data according to the access token code and the access request;
an API authorization and access control method is applied to an authentication system end, and comprises the following steps:
the authentication system receives an access request sent by the rail control software and returns an authorization code, wherein the access request is sent to the rail control software by a user through a browser;
a user logs in a browser through electronic equipment, accesses the rail control software through the browser and sends a request for accessing data to the rail control software;
and the authentication system receives an authorization code sent by the rail control software and returns an access token code, wherein the access token code is used for accessing the database or the message bus.
An API authorization and access control system applied to an orbit control software terminal, the system comprising:
a receiving module: the method comprises the steps that orbit control software receives an access request sent by a user through a browser;
the query module: checking authorization of the access request by the rail control software;
a first request module: if the access request is not authorized, the track control software sends the access request to the authentication system to obtain an authorization code;
a second request module: the authorization code is carried by the rail control software to the authentication system to obtain an access token code;
a data access module: the method is used for the orbit control software to carry an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to a user through a browser.
An electronic device, the electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to execute the API authorization and access control method applied to the tracking software side or the API authorization and access control method applied to the authentication system side.
A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the API authorization and access control method as applied to the tracking control software side, or implements the API authorization and access control method as applied to the authentication system side.
Example 4
As shown in fig. 2 to 5, an API authorization and access control method includes the following steps:
the method comprises the following steps: the method comprises the steps that orbit control software receives an access request sent by a user through a browser;
a user logs in a browser through electronic equipment, accesses the rail control software through the browser and sends a request for accessing data to the rail control software;
step two: the orbit control software checks the authorization condition of the access request;
step three: if the access request is not authorized, the orbit control software sends the access request to an authentication system to obtain an authorization code;
if the access request is authorized, directly entering the next step;
if the access request is not authorized, the track control software sends the access request which is not authorized to the authentication system, and the authentication system is required to provide an authorization code;
step four: the authentication system receives an access request sent by the rail control software and returns an authorization code;
step five: the track control software carries an authorization code to an authentication system to obtain an access token code;
step six: the authentication system receives an authorization code sent by the rail control software and returns an access token code;
step seven: and the orbit control software carries an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to the user through the browser.
The access token code is provided with an access limit switch, the access limit switch comprises a combination of a time length limit switch and a time number limit switch, the combination of the time length limit switch and the time number limit switch comprises that a timing switch and a time number switch are turned on after a first access request starts, a certain number of accesses can be performed within a set time period, and when the set time length is exceeded or the set access time number is exceeded, the access cannot be performed any more, namely, the access token code fails;
FIG. 4 is a schematic diagram illustrating a refresh process of an access token code according to the present invention; wherein, the first and the second end of the pipe are connected with each other,
the first step is as follows: the rail control software acquires authorization information from an authentication system (namely API);
the second step is that: the authentication system returns an access token according to the authorization information, namely, the access token code is refreshed;
the third step: the orbit control software carries an access token code to access a message bus;
the fourth step: the message bus responds to an access request of the rail control software and sends required data to the rail control software;
the fifth step: the orbit control software continues to access the message bus;
and a sixth step: the access time length of the access token code exceeds the set time length or the access times of the access token code exceeds the access threshold value, the access token code is invalid, and the message bus refuses the access;
the seventh step: the orbit control software requests the authentication system to refresh the access token code;
eighth step: the authentication system issues a new access token code to the orbit control software;
as shown in fig. 3, which is a schematic structural diagram of a user access flow in the present invention, wherein 1 is that a user logs in a browser through an electronic device, accesses a tracking control software through the browser, and sends a request for accessing data to the tracking control software; 2, the orbit control software checks whether the access request of the user is authorized, if not, the user jumps to an authentication system to start authorization; 3, confirming the authorization of the orbit control software for the user; 4, the authentication system sends the authorization code to the rail control software according to the access request; 5, requesting an access token code from an authentication system by the rail control software carrying an authorization code; 6, the authentication system returns the access token code to the orbit control software; 7, the orbit control software carries an access token code to access the database; and 8, displaying the protected data to the user for the database through a browser.
FIG. 5 is a schematic flow chart of an access request according to the present invention; wherein the content of the first and second substances,
the first step is as follows: the orbit control software sends an access request to the database after obtaining the authorization of the user;
the second step is that: the database responds to the access request sent by the rail control software;
the third step: the orbit control software sends a request for authorizing access to the token code to the authentication system;
the fourth step: the authentication system replies the access token code of the orbit control software according to the request of the access token code;
the fifth step: the orbit control software carries the obtained access token code to send a data access request to a message bus;
and a sixth step: the message bus replies corresponding data according to the access token code and the access request;
an API authorization and access control system, which is applied to an orbit control software terminal, the system comprises:
a receiving module: the method comprises the steps that orbit control software receives an access request sent by a user through a browser;
the query module: the authorization condition of the access request is checked by the orbit control software;
a first request module: if the access request is not authorized, the track control software sends the access request to the authentication system to obtain an authorization code;
a second request module: the authorization code is carried by the rail control software to the authentication system to obtain an access token code;
a data access module: the method is used for the orbit control software to carry an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to a user through a browser.
An electronic device, the electronic device comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executed by the at least one processor to cause the at least one processor to execute the API authorization and access control method applied to the tracking control software side or the API authorization and access control method applied to the authentication system side.
A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the API authorization and access control method as applied to the tracking control software side, or implements the API authorization and access control method as applied to the authentication system side.
It will be appreciated by those skilled in the art that the invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The embodiments disclosed above are therefore to be considered in all respects as illustrative and not restrictive. All changes which come within the scope of or equivalence to the invention are intended to be embraced therein.
Claims (5)
1. An API authorization and access control method is applied to a rail control software end, and is characterized by comprising the following steps:
receiving an access request sent by a user through a browser by the orbit control software;
the orbit control software checks the authorization condition of the access request;
if the access request is not authorized, the track control software sends the access request to an authentication system to obtain an authorization code;
the orbit control software carries an authorization code to an authentication system to obtain an access token code;
the orbit control software carries an access request and an access token code to access a database or a message bus, corresponding access data is obtained, and the access data is returned to a user through a browser;
the access token code is provided with an access limiting switch, and the access limiting switch comprises one or the combination of a duration limiting switch and a frequency limiting switch;
the time limit switch comprises a time switch which is opened after the access request is started, and the access can not be carried out after the time of a certain threshold value is exceeded, namely, the access token code is invalid;
the number limiting switch comprises a number counting switch which is opened after the first access request is started, the access times of the access token code are accumulated, and when the total access times of the access token code is equal to the access times set by the access token code, the access can not be carried out any more, namely, the access token code is invalid;
the combination of the time length limiting switch and the time number limiting switch comprises the steps that the timing and time counting switch is turned on after the first access request starts, a certain number of accesses can be performed within a set time period, and when the set time length is exceeded or the set access time number is exceeded, the accesses cannot be performed any more, namely, the access token code is invalid.
2. An API authorization and access control method is applied to an authentication system end, and is characterized in that the method comprises the following steps:
the authentication system receives an access request sent by the rail control software and returns an authorization code, wherein the access request is sent to the rail control software by a user through a browser;
the authentication system receives an authorization code sent by the rail control software and returns an access token code, wherein the access token code is used for accessing a database or a message bus;
the access token code is provided with an access limiting switch, and the access limiting switch comprises one or the combination of a duration limiting switch and a frequency limiting switch;
the time length limiting switch comprises a timing switch which is turned on after the access request starts, and the access can not be carried out any more after the time length exceeds a certain threshold value, namely, the access token code is invalid;
the number limiting switch comprises a number counting switch which is opened after the first access request is started, the access times of the access token code are accumulated, and when the total access times of the access token code is equal to the access times set by the access token code, the access can not be carried out any more, namely, the access token code is invalid;
the combination of the time length limiting switch and the time limiting switch comprises that the timing and counting switch is turned on after the first access request is started, a certain number of accesses can be performed in a set time period, and when the set time length is exceeded or the set access time is exceeded, the access can not be performed any more, namely, the access token code is invalid.
3. An API authorization and access control system is applied to a rail control software end and is characterized in that: the system comprises:
a receiving module: the method comprises the steps that orbit control software receives an access request sent by a user through a browser;
the query module: checking authorization of the access request by the rail control software;
a first request module: if the access request is not authorized, the track control software sends the access request to the authentication system to obtain an authorization code;
a second request module: the authorization code is carried by the orbit control software to an authentication system to obtain an access token code;
a data access module: the system is used for the orbit control software to carry an access request and an access token code to access a database or a message bus, obtain corresponding access data and return the access data to a user through a browser;
the access token code is provided with an access limiting switch, and the access limiting switch comprises one or the combination of a duration limiting switch and a frequency limiting switch;
the time length limiting switch comprises a timing switch which is turned on after the access request starts, and the access can not be carried out any more after the time length exceeds a certain threshold value, namely, the access token code is invalid;
the number limiting switch comprises a number counting switch which is opened after the first access request is started, the access times of the access token code are accumulated, and when the total access times of the access token code is equal to the access times set by the access token code, the access can not be carried out any more, namely, the access token code is invalid;
the combination of the time length limiting switch and the time number limiting switch comprises the steps that the timing and time counting switch is turned on after the first access request starts, a certain number of accesses can be performed within a set time period, and when the set time length is exceeded or the set access time number is exceeded, the accesses cannot be performed any more, namely, the access token code is invalid.
4. An electronic device, characterized in that the electronic device comprises: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores a computer program executable by the at least one processor, the computer program being executable by the at least one processor to cause the at least one processor to perform the API authorization and access control method of claim 1 or to perform the API authorization and access control method of claim 2.
5. A computer-readable storage medium characterized by: the storage medium has stored thereon a computer program which, when executed by a processor, implements the API authorization and access control method of claim 1 or implements the API authorization and access control method of claim 2.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210523328.6A CN115001755B (en) | 2022-05-13 | 2022-05-13 | API authorization and access control method, system, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210523328.6A CN115001755B (en) | 2022-05-13 | 2022-05-13 | API authorization and access control method, system, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115001755A CN115001755A (en) | 2022-09-02 |
| CN115001755B true CN115001755B (en) | 2023-02-03 |
Family
ID=83027119
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210523328.6A Active CN115001755B (en) | 2022-05-13 | 2022-05-13 | API authorization and access control method, system, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115001755B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8793509B1 (en) * | 2008-02-12 | 2014-07-29 | Google Inc. | Web authorization with reduced user interaction |
| CN106295394A (en) * | 2016-07-22 | 2017-01-04 | 飞天诚信科技股份有限公司 | Resource authorization method and system and authorization server and method of work |
| CN106534175A (en) * | 2016-12-07 | 2017-03-22 | 西安电子科技大学 | Open platform authorization and authentication system and method based on OAuth protocol |
| CN108234448A (en) * | 2016-12-12 | 2018-06-29 | Sap欧洲公司 | A kind of mandate code stream for being applied in browser |
| CN111770088A (en) * | 2020-06-29 | 2020-10-13 | 南方电网科学研究院有限责任公司 | Data authentication method, device, electronic equipment and computer readable storage medium |
| CN113312653A (en) * | 2021-06-25 | 2021-08-27 | 中国农业银行股份有限公司 | Open platform authentication and authorization method, device and storage medium |
-
2022
- 2022-05-13 CN CN202210523328.6A patent/CN115001755B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8793509B1 (en) * | 2008-02-12 | 2014-07-29 | Google Inc. | Web authorization with reduced user interaction |
| CN106295394A (en) * | 2016-07-22 | 2017-01-04 | 飞天诚信科技股份有限公司 | Resource authorization method and system and authorization server and method of work |
| CN106534175A (en) * | 2016-12-07 | 2017-03-22 | 西安电子科技大学 | Open platform authorization and authentication system and method based on OAuth protocol |
| CN108234448A (en) * | 2016-12-12 | 2018-06-29 | Sap欧洲公司 | A kind of mandate code stream for being applied in browser |
| CN111770088A (en) * | 2020-06-29 | 2020-10-13 | 南方电网科学研究院有限责任公司 | Data authentication method, device, electronic equipment and computer readable storage medium |
| CN113312653A (en) * | 2021-06-25 | 2021-08-27 | 中国农业银行股份有限公司 | Open platform authentication and authorization method, device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115001755A (en) | 2022-09-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106875731B (en) | Method and device for guiding vehicle parking | |
| US20190108750A1 (en) | Vehicle management system and vehicle management method | |
| CN115001755B (en) | API authorization and access control method, system, electronic equipment and storage medium | |
| CN112463609A (en) | Function test method and device for transverse control fault of control system, controller and computer readable storage medium | |
| CN108183763B (en) | A kind of clock correcting method, device and system | |
| CN108242180A (en) | Stop management-control method and parking managing and control system | |
| CN108645532A (en) | A kind of temperature testing device and temperature testing method with test temperature alarm function | |
| CN108248417A (en) | A kind of charging pile control device of dual processor | |
| CN110912786B (en) | Gateway pressure testing method and device, computer equipment and storage medium | |
| CN101522457B (en) | Method for scanning the surroundings of a vehicle and unit | |
| CN103888465A (en) | Method and device for detecting webpage hijacking | |
| US8819775B2 (en) | Secure method of accessing an information system of an aircraft | |
| CN115690990A (en) | Method for automatically detecting placement angle of shared bicycle | |
| CN108153610B (en) | Image security detection method based on hardware heterogeneous multi-core | |
| EP3142078B1 (en) | Central unit, road toll system and methods for operating a road toll system and a central unit | |
| CN115291262A (en) | Satellite positioning data correction method and device, electronic equipment and storage medium | |
| CN114895705A (en) | Method and device for calculating turning radius of airplane in ground taxiing stage | |
| CN114218513A (en) | Method for automatically replying token at web front end | |
| CN114038072A (en) | Camera-free automatic parking charging method and system for parking lot | |
| CN113037692A (en) | Website anti-blocking method and system with limited access times | |
| CN109856590B (en) | Verification method and device | |
| EP3660794B1 (en) | Method and device for protecting a technical system | |
| CN117272315A (en) | Trusted time judging method, device, equipment and storage medium | |
| KR20200079268A (en) | Systems and methods for date-stamping events detected in vehicles | |
| US20230169799A1 (en) | Method and Device for Monitoring a Vehicle |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230220 Address after: 755000 office building and TT & C center 101 of antenna array project of Satellite TT & C ground station on the south side of Fengyun Road, Zhongwei Industrial Park, Ningxia Hui Autonomous Region Patentee after: Ningxia Yuxing Aerospace Technology Co.,Ltd. Address before: 100094 room A601, 6th floor, building 1, plot T01, Shengjing Pioneer Park, tujing village, south side of Dengzhuang South Road and west side of Youyi Road, Xibeiwang Town, Haidian District, Beijing Patentee before: BEIJING AEROSPACE SATELLITEHERD SCIENCE AND TECHNOLOGY CO.,LTD. |