CN115203672A - Information access control method and device, computer equipment and medium - Google Patents

Information access control method and device, computer equipment and medium Download PDF

Info

Publication number
CN115203672A
CN115203672A CN202210591177.8A CN202210591177A CN115203672A CN 115203672 A CN115203672 A CN 115203672A CN 202210591177 A CN202210591177 A CN 202210591177A CN 115203672 A CN115203672 A CN 115203672A
Authority
CN
China
Prior art keywords
access
authority
information
uniform resource
resource identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210591177.8A
Other languages
Chinese (zh)
Inventor
陈旃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cormorant Technology Shenzhen Co ltd
Original Assignee
Cormorant Technology Shenzhen Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cormorant Technology Shenzhen Co ltd filed Critical Cormorant Technology Shenzhen Co ltd
Priority to CN202210591177.8A priority Critical patent/CN115203672A/en
Publication of CN115203672A publication Critical patent/CN115203672A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method, a device, equipment and a storage medium for managing and controlling information access, wherein the method comprises the following steps: when an information access request sent by a client user is received, a uniform resource identifier contained in the information access request is obtained, identity information of the client user is obtained, the authority of accessing the uniform resource identifier is determined based on a preset authority mapping relation to serve as a first access authority, a user group to which the client user belongs is determined based on the identity information to serve as a target user group, the authority of the target user group is obtained to serve as a second access authority, whether the second access authority comprises the first access authority or not is judged based on a space search algorithm, a judgment result is obtained, if the judgment result is that the second access authority comprises the first access authority, the uniform resource identifier is redirected to the uniform resource identifier, and if the judgment result is that the second access authority does not comprise the first access authority, the uniform resource identifier is refused to be accessed, and the management and control efficiency of information access is improved.

Description

Information access control method and device, computer equipment and medium
Technical Field
The present invention relates to the field of data processing, and in particular, to a method and an apparatus for managing and controlling information access, a computer device, and a medium.
Background
With the rapid development of computer technology, more and more transactions are processed through a network, and access to the internet to obtain information becomes a common thing in daily life, some large-scale enterprises often have a plurality of different services, and different user groups have different permissions for different contents.
In order to control the authority of the user, the current mode is mainly to set different display pages for different users, but in this mode, when the users are grouped more, a plurality of display pages need to be generated, so that the management of data access is more complex.
Disclosure of Invention
The embodiment of the invention provides a method and a device for managing and controlling information access, computer equipment and a storage medium, so as to improve the management and control efficiency of the information access.
In order to solve the above technical problem, an embodiment of the present application provides a method for managing and controlling information access, including:
when an information access request sent by a client user is received, acquiring a uniform resource identifier contained in the information access request, and acquiring identity information of the client user;
determining the authority for accessing the uniform resource identifier as a first access authority based on a preset authority mapping relation;
determining a user group to which the client user belongs based on the identity information, wherein the user group serves as a target user group, and acquiring the authority of the target user group, and the authority serves as a second access authority;
judging whether the second access right comprises the first access right or not based on a space search algorithm to obtain a judgment result;
if the second access permission includes the first access permission, the uniform resource identifier is redirected, and if the second access permission does not include the first access permission, the uniform resource identifier is refused to be accessed.
Optionally, before the determining, based on the preset authority mapping relationship, the authority to access the uniform resource identifier as the first access authority, the method further includes:
generating an authority node tree based on all the authorities;
acquiring each basic uniform resource identifier in an information access page;
and generating the preset authority mapping relation of each uniform resource identifier based on the authority node tree.
Optionally, the first access right comprises at least one right information.
Optionally, the determining, based on the space search algorithm, whether the second access right includes the first access right includes, and obtaining a determination result includes:
generating a spatial index of the second access permission based on an R-tree mode;
acquiring each authority node in the first access authority as a target node;
and sequentially inquiring each target node in the spatial index of the second access right, if the inquiry result of each time is successful, determining that the judgment result is that the second access right comprises the first access right, otherwise, determining that the judgment result is that the second access right does not comprise the first access right.
Optionally, before the obtaining, when receiving an information access request sent by a client user, the identity information of the client user and a uniform resource identifier included in the information access request, the information access control method further includes:
receiving a login request of the client user, and acquiring user identity information from the login request;
distributing access nodes for the client user based on the user identity information to obtain target access nodes;
and managing and controlling the information access request of the client user based on the target access node.
In order to solve the above technical problem, an embodiment of the present application further provides an information access control device, including:
the access request receiving module is used for acquiring a uniform resource identifier contained in an information access request and acquiring identity information of a client user when the information access request sent by the client user is received;
the first permission determining module is used for determining the permission for accessing the uniform resource identifier as a first access permission based on a preset permission mapping relation;
the first permission determining module is used for determining a user group to which the client user belongs as a target user group based on the identity information, and acquiring the permission of the target user group as a second access permission;
the authority judgment module is used for judging whether the second access authority comprises the first access authority or not based on a space search algorithm to obtain a judgment result;
and the access control module is used for redirecting to the uniform resource identifier if the judgment result shows that the second access authority comprises the first access authority, and refusing to access the uniform resource identifier if the judgment result shows that the second access authority does not comprise the first access authority.
Optionally, the apparatus further comprises:
the node tree generating module is used for generating an authority node tree based on all the authorities;
the uniform resource identifier acquisition module is used for acquiring each basic uniform resource identifier in the information access page;
and the mapping relation generating module is used for generating the preset authority mapping relation of each uniform resource identifier based on the authority node tree.
Optionally, the permission judging module includes:
the index generating unit is used for generating a spatial index of the second access right based on an R-tree mode;
a target node obtaining unit, configured to obtain each permission node in the first access permission as a target node;
and the authority judgment unit is used for sequentially inquiring each target node in the spatial index of the second access authority, if the inquiry result is successful, the judgment result is determined that the second access authority comprises the first access authority, and otherwise, the judgment result is determined that the second access authority does not comprise the first access authority.
Optionally, the apparatus for managing and controlling information access further includes:
the identity information acquisition module is used for receiving a login request of the client user and acquiring user identity information from the login request;
the access node fragmentation module is used for distributing access nodes for the client user based on the user identity information to obtain a target access node;
and the access request management and control module is used for managing and controlling the information access request of the client user based on the target access node.
In order to solve the technical problem, an embodiment of the present application further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the above method for managing and controlling information access when executing the computer program.
In order to solve the above technical problem, an embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps of the above method for managing and controlling information access.
According to the information access control method, the information access control device, the computer equipment and the storage medium, when an information access request sent by a client user is received, a uniform resource identifier contained in the information access request is obtained, identity information of the client user is obtained, the authority for accessing the uniform resource identifier is determined based on a preset authority mapping relation and is used as a first access authority, a user group to which the client user belongs is determined based on the identity information and is used as a target user group, the authority of the target user group is obtained and is used as a second access authority, whether the second access authority comprises the first access authority is judged based on a space search algorithm, a judgment result is obtained, if the judgment result is that the second access authority comprises the first access authority, the uniform resource identifier is redirected, if the judgment result is that the second access authority does not comprise the first access authority, the access to the uniform resource identifier is denied, different user access control through a uniform page is achieved, and the information access control efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a schematic diagram of an application environment of the present application;
FIG. 2 is a flow diagram of one embodiment of a method for regulating information access of the present application;
fig. 3 is a schematic structural diagram of an embodiment of an information access management and control device according to the present application;
FIG. 4 is a schematic block diagram of one embodiment of a computer device according to the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the application herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "including" and "having," and any variations thereof, in the description and claims of this application and the description of the above figures are intended to cover non-exclusive inclusions. The terms "first," "second," and the like in the description and claims of this application or in the above-described drawings are used for distinguishing between different objects and not for describing a particular order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, as shown in fig. 1, a system architecture 100 may include terminal devices 101, 102, 103, a network 104 and a server 105. The network 104 serves as a medium for providing communication links between the terminal devices 101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 101, 102, 103 to interact with the server 105 via the network 104 to receive or send messages or the like.
The terminal devices 101, 102, 103 may be various electronic devices having display screens and supporting web browsing, including but not limited to smart phones, tablet computers, E-book readers, MP3 players (Moving Picture E interface displays the properties Group Audio Layer III, mpeg compression standard Audio Layer 3), MP4 players (Moving Picture E interface displays the properties Group Audio Layer IV, mpeg compression standard Audio Layer 4), laptop portable computers, desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
The face image super-resolution reconstruction method provided by the embodiment of the application is executed by a server, and accordingly, a face image super-resolution reconstruction device is arranged in the server.
It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. Any number of terminal devices, networks and servers may be provided according to implementation needs, and the terminal devices 101, 102 and 103 in this embodiment may specifically correspond to an application system in actual production.
Referring to fig. 2, fig. 2 shows a method for managing and controlling information access according to an embodiment of the present invention, which is described by taking the method applied to the server in fig. 1 as an example, and is detailed as follows:
s201: when an information access request sent by a client user is received, a uniform resource identifier contained in the information access request is obtained, and identity information of the client user is obtained.
The Uniform Resource Identifier (URL) is a string used to identify a name of an internet Resource. Each Resource document, image, available on the Web can be located by a Uniform Resource Identifier (URL).
Specifically, when the client needs to acquire the access information, the corresponding page element is clicked, an information access request is generated and sent to the server, and after the server receives the information access request sent by the client user, the uniform resource identifier included in the information access request is acquired, and the identity information of the client user is acquired.
It should be noted that, different access information and corresponding permissions are different, and the permissions in this embodiment specifically include but are not limited to: the system comprises a user, a server, a user terminal, a user management module and a user management module.
In a specific optional embodiment, before step S201, that is, before determining the right to access the uniform resource identifier based on the preset right mapping relationship, as the first access right, the method further includes:
generating an authority node tree based on all the authorities;
acquiring each basic uniform resource identifier in an information access page;
and generating a preset authority mapping relation of each uniform resource identifier based on the authority node tree.
The node tree is a tree structure based on an XML document, and all nodes can be accessed through the tree. Their content may be modified or deleted and new elements may be created. This node tree shows the collection of nodes, and the connections between them. The tree starts with a root node and branches are grown towards text nodes at the lowest level of the tree, the nodes in the node tree all have a hierarchical relationship with each other, and parent, child and sibling nodes are used for describing the relationship. The parent node owns the child node, and the child nodes on the same level are called siblings (siblings or sisters). In the node tree, each node except the top node which becomes the root node has a parent node, so that any number of child nodes and leaves can be provided, the peer node without the child node is a picture under the node with the same parent node, the part of the node tree is shown, and the relationship among the nodes is shown.
Specifically, in this embodiment, a user, roles, and a permission chain are used to set permissions, different permissions are assigned to each role, identity information of each user corresponds to at least one role, dynamic permission control is implemented, a permission node tree is generated based on correspondence between all permissions and roles preset in a database, access permission information corresponding to each basic uniform resource identifier in an information access page is further obtained, and a preset permission mapping relationship of each uniform resource identifier is determined based on the access permission information corresponding to each basic uniform resource identifier and the permission node tree.
S202: and determining the authority for accessing the uniform resource identifier as a first access authority based on a preset authority mapping relation.
The preset authority mapping relationship is an authority relationship corresponding to each uniform resource identifier of the access page preset in advance by the server according to actual application, and the authority includes but is not limited to: browse, modify, download, delete, mark and hide operations, and the like.
S203: and determining a user group to which the client user belongs as a target user group based on the identity information, and acquiring the authority of the target user group as a second access authority.
S204: and judging whether the second access authority comprises the first access authority or not based on a space search algorithm to obtain a judgment result.
In the embodiment, considering that the first access right usually relates to multiple rights, and the user group corresponding to the second access right has a fixed right range, when the spatial search algorithm is adopted and has more rights, the association between the first access right and the second access right can be judged more quickly, so that the efficiency of information access control is improved.
In a specific optional embodiment, in step S204, based on the space search algorithm, determining whether the second access right includes the first access right, and obtaining a determination result includes:
generating a spatial index of a second access right based on an R-tree mode;
acquiring each authority node in the first access authority as a target node;
and sequentially inquiring each target node in the spatial index of the second access right, if the inquiry result of each time is successful, determining that the judgment result is that the second access right comprises the first access right, otherwise, determining that the judgment result is that the second access right does not comprise the first access right.
The R-tree is also called as an R-tree and is another form of development of a B-tree to a multi-dimensional space, an object space is divided according to ranges, each node corresponds to one region and one disk page, the disk page of a non-leaf node stores the region ranges of all sub-nodes of the node, and the regions of all sub-nodes of the non-leaf node fall within the region ranges of the node; the disk pages of the leaf nodes store the circumscribed rectangles of all the space objects within the region range. The R-tree is a dynamic index structure.
S205: if the judgment result is that the second access authority comprises the first access authority, the uniform resource identifier is redirected, and if the judgment result is that the second access authority does not comprise the first access authority, the uniform resource identifier is refused to be accessed.
Optionally, the first access right comprises at least one right information.
In the embodiment, when an information access request sent by a client user is received, a uniform resource identifier included in the information access request is obtained, identity information of the client user is obtained, the authority of accessing the uniform resource identifier is determined based on a preset authority mapping relation to serve as a first access authority, a user group to which the client user belongs is determined based on the identity information to serve as a target user group, the authority of the target user group is obtained to serve as a second access authority, whether the second access authority includes a first access authority or not is judged based on a space search algorithm, a judgment result is obtained, if the judgment result is that the second access authority includes the first access authority, the second access authority is redirected to the uniform resource identifier, if the judgment result is that the second access authority does not include the first access authority, access to the uniform resource identifier is denied, user access control of different authorities is achieved through a uniform page, and control efficiency of information access is improved.
In a specific optional implementation, before obtaining the identity information of the client user and the uniform resource identifier included in the information access request when receiving the information access request sent by the client user, the method for managing and controlling information access further includes:
receiving a login request of a client user, and acquiring user identity information from the login request;
distributing access nodes for the client users based on the user identity information to obtain target access nodes;
and managing and controlling the information access request of the client user based on the target access node.
In this embodiment, user groups of users are obtained based on the user identity information, and then the target access nodes are allocated and determined based on the user groups, so that the user groups corresponding to the same target access node are the same, that is, the user permissions corresponding to the same target access node are the same, which is beneficial to improving the efficiency and accuracy of permission control and ensuring the efficiency and security of information access.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 3 shows a schematic block diagram of an information access control device in one-to-one correspondence with the information access control method according to the above embodiment. As shown in fig. 3, the information access management and control device includes an access request receiving module 31, a first authority determination module 32, a first authority determination module 33, an authority judgment module 34, and an access management and control module 35. The functional modules are explained in detail as follows:
an access request receiving module 31, configured to, when receiving an information access request sent by a client user, obtain a uniform resource identifier included in the information access request, and obtain identity information of the client user;
a first permission determining module 32, configured to determine, based on a preset permission mapping relationship, a permission to access the uniform resource identifier, as a first access permission;
the first permission determining module 33 is configured to determine, based on the identity information, a user group to which the client user belongs, as a target user group, and obtain a permission of the target user group, as a second access permission;
the authority judgment module 34 is configured to judge whether the second access authority includes the first access authority based on a space search algorithm, and obtain a judgment result;
the access control module 35 is configured to redirect to the uniform resource identifier if the determination result indicates that the second access right includes the first access right, and deny access to the uniform resource identifier if the determination result indicates that the second access right does not include the first access right.
Optionally, the apparatus further comprises:
the node tree generating module is used for generating an authority node tree based on all the authorities;
the uniform resource identifier acquisition module is used for acquiring each basic uniform resource identifier in the information access page;
and the mapping relation generation module is used for generating a preset authority mapping relation of each uniform resource identifier based on the authority node tree.
Optionally, the permission judging module 34 includes:
the index generating unit is used for generating a spatial index of the second access right based on an R-tree mode;
a target node obtaining unit, configured to obtain each authority node in the first access authority as a target node;
and the authority judgment unit is used for sequentially inquiring each target node in the spatial index of the second access authority, if the inquiry result of each time is successful, the judgment result is determined that the second access authority comprises the first access authority, and otherwise, the judgment result is determined that the second access authority does not comprise the first access authority.
Optionally, the information access control device further includes:
the identity information acquisition module is used for receiving a login request of a client user and acquiring user identity information from the login request;
the access node fragmentation module is used for distributing access nodes for the client user based on the user identity information to obtain a target access node;
and the access request management and control module is used for managing and controlling the information access request of the client user based on the target access node.
The specific limitations of the regulating device for information access may refer to the limitations of the regulating method for information access, which are not described herein again. The modules in the information access management device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In order to solve the technical problem, an embodiment of the present application further provides a computer device. Referring to fig. 4, fig. 4 is a block diagram of a basic structure of a computer device according to the present embodiment.
The computer device 4 comprises a memory 41, a processor 42, a network interface 43 communicatively connected to each other via a system bus. It is noted that only the computer device 4 having the components connection memory 41, processor 42, network interface 43 is shown, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead. As will be understood by those skilled in the art, the computer device is a device capable of automatically performing numerical calculation and/or information processing according to a preset or stored instruction, and the hardware includes, but is not limited to, a microprocessor, an Application Specific Integrated Circuit (ASIC), a Programmable Gate Array (FPGA), a Digital Signal Processor (DSP), an embedded device, and the like.
The computer device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The computer equipment can carry out man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch panel or voice control equipment and the like.
The memory 41 includes at least one type of readable storage medium including a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or D interface display memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the memory 41 may be an internal storage unit of the computer device 4, such as a hard disk or a memory of the computer device 4. In other embodiments, the memory 41 may also be an external storage device of the computer device 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the computer device 4. Of course, the memory 41 may also include both internal and external storage devices of the computer device 4. In this embodiment, the memory 41 is generally used for storing an operating system installed in the computer device 4 and various types of application software, such as program codes for controlling electronic files. Further, the memory 41 may also be used to temporarily store various types of data that have been output or are to be output.
The processor 42 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 42 is typically used to control the overall operation of the computer device 4. In this embodiment, the processor 42 is configured to execute the program code stored in the memory 41 or process data, for example, execute the program code for data access.
The network interface 43 may comprise a wireless network interface or a wired network interface, and the network interface 43 is generally used for establishing a communication connection between the computer device 4 and other electronic devices.
The present application further provides another embodiment, which is to provide a computer-readable storage medium storing a data access program, where the data access program is executable by at least one processor to cause the at least one processor to execute the steps of the method for regulating information access as described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present application.
It is to be understood that the above-described embodiments are merely illustrative of some, but not restrictive, of the broad invention, and that the appended drawings illustrate preferred embodiments of the invention and do not limit the scope of the invention. This application is capable of embodiments in many different forms and is provided for the purpose of enabling a thorough understanding of the disclosure of the application. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to one skilled in the art that the present application may be practiced without modification or with equivalents of some of the features described in the foregoing embodiments. All equivalent structures made by using the contents of the specification and the drawings of the present application are directly or indirectly applied to other related technical fields and are within the protection scope of the present application.

Claims (10)

1. A method for managing and controlling information access is characterized by comprising the following steps:
when an information access request sent by a client user is received, acquiring a uniform resource identifier contained in the information access request, and acquiring identity information of the client user;
determining the authority for accessing the uniform resource identifier based on a preset authority mapping relation, wherein the authority is used as a first access authority;
determining a user group to which the client user belongs based on the identity information, wherein the user group serves as a target user group, and acquiring the authority of the target user group, and the authority serves as a second access authority;
judging whether the second access right comprises the first access right or not based on a space search algorithm to obtain a judgment result;
if the second access permission includes the first access permission, the uniform resource identifier is redirected, and if the second access permission does not include the first access permission, the uniform resource identifier is refused to be accessed.
2. The method for managing and controlling information access according to claim 1, wherein before determining the right to access the uniform resource identifier based on the preset right mapping relationship as the first access right, the method further comprises:
generating an authority node tree based on all the authorities;
acquiring each basic uniform resource identifier in an information access page;
and generating the preset authority mapping relation of each uniform resource identifier based on the authority node tree.
3. A method for regulating access to information according to claim 1 or 2, characterized in that said first access right comprises at least one right information.
4. The method for managing and controlling information access according to claim 1 or 2, wherein the determining whether the second access right includes the first access right based on the space search algorithm includes:
generating a spatial index of the second access permission based on an R-tree mode;
acquiring each authority node in the first access authority as a target node;
and sequentially inquiring each target node in the spatial index of the second access right, if the inquiry result of each time is successful, determining that the judgment result is that the second access right comprises the first access right, otherwise, determining that the judgment result is that the second access right does not comprise the first access right.
5. The method for regulating information access according to any one of claims 1 to 4, wherein before acquiring, when receiving an information access request sent by a client user, identity information of the client user and a uniform resource identifier included in the information access request, the method for regulating information access further comprises:
receiving a login request of the client user, and acquiring user identity information from the login request;
distributing access nodes for the client user based on the user identity information to obtain target access nodes;
and managing and controlling the information access request of the client user based on the target access node.
6. An information access management and control device, characterized in that the information access management and control device comprises:
the access request receiving module is used for acquiring a uniform resource identifier contained in an information access request and acquiring identity information of a client user when the information access request sent by the client user is received;
the first permission determining module is used for determining the permission for accessing the uniform resource identifier as a first access permission based on a preset permission mapping relation;
the first permission determining module is used for determining a user group to which the client user belongs as a target user group based on the identity information, and acquiring the permission of the target user group as a second access permission;
the authority judgment module is used for judging whether the second access authority comprises the first access authority or not based on a space search algorithm to obtain a judgment result;
and the access control module is used for redirecting to the uniform resource identifier if the judgment result shows that the second access authority comprises the first access authority, and refusing to access the uniform resource identifier if the judgment result shows that the second access authority does not comprise the first access authority.
7. The apparatus for regulating information access according to claim 6, further comprising:
the node tree generating module is used for generating an authority node tree based on all the authorities;
the uniform resource identifier acquisition module is used for acquiring each basic uniform resource identifier in the information access page;
and the mapping relation generating module is used for generating the preset authority mapping relation of each uniform resource identifier based on the authority node tree.
8. The apparatus for managing and controlling information access according to claim 6, wherein the permission determination module includes:
the index generating unit is used for generating a spatial index of the second access right based on an R-tree mode;
a target node obtaining unit, configured to obtain each permission node in the first access permission as a target node;
and the authority judgment unit is used for sequentially inquiring each target node in the spatial index of the second access authority, if the inquiry result of each time is successful, the judgment result is determined that the second access authority comprises the first access authority, otherwise, the judgment result is determined that the second access authority does not comprise the first access authority.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements a method of regulating information access according to any one of claims 1 to 5 when executing the computer program.
10. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements a method of regulating information access according to any one of claims 1 to 5.
CN202210591177.8A 2022-05-27 2022-05-27 Information access control method and device, computer equipment and medium Pending CN115203672A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210591177.8A CN115203672A (en) 2022-05-27 2022-05-27 Information access control method and device, computer equipment and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210591177.8A CN115203672A (en) 2022-05-27 2022-05-27 Information access control method and device, computer equipment and medium

Publications (1)

Publication Number Publication Date
CN115203672A true CN115203672A (en) 2022-10-18

Family

ID=83576012

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210591177.8A Pending CN115203672A (en) 2022-05-27 2022-05-27 Information access control method and device, computer equipment and medium

Country Status (1)

Country Link
CN (1) CN115203672A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117077120A (en) * 2023-10-18 2023-11-17 深圳竹云科技股份有限公司 Application system authority analysis method, device, computer equipment and medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117077120A (en) * 2023-10-18 2023-11-17 深圳竹云科技股份有限公司 Application system authority analysis method, device, computer equipment and medium
CN117077120B (en) * 2023-10-18 2024-02-09 深圳竹云科技股份有限公司 Application system authority analysis method, device, computer equipment and medium

Similar Documents

Publication Publication Date Title
US11294983B2 (en) Inferred user identity in content distribution
CN112765271B (en) Block chain transaction index storage method and device, computer equipment and medium
CN111414407A (en) Data query method and device of database, computer equipment and storage medium
US20150033327A1 (en) Systems and methodologies for managing document access permissions
CN109522751B (en) Access right control method and device, electronic equipment and computer readable medium
CN114070583B (en) Information access control method, device, computer equipment and medium
WO2022095518A1 (en) Automatic interface test method and apparatus, and computer device and storage medium
CN113259342A (en) Login verification method, device, computer equipment and medium
CN115757492A (en) Hotspot data processing method and device, computer equipment and storage medium
CN113282591B (en) Authority filtering method, authority filtering device, computer equipment and storage medium
CN115203672A (en) Information access control method and device, computer equipment and medium
CN112436943B (en) Request deduplication method, device, equipment and storage medium based on big data
CN113791735A (en) Video data storage method and device, computer equipment and storage medium
CN112559866A (en) College book reading recommendation method, device, equipment and storage medium
CN112416934A (en) hive table incremental data synchronization method and device, computer equipment and storage medium
CN111552663A (en) File consistency verification method and device, computer equipment and storage medium
CN116842012A (en) Method, device, equipment and storage medium for storing Redis cluster in fragments
CN114124883B (en) Data access method and device based on cloud storage address, computer equipment and medium
CN113283759B (en) Account risk portrait updating method, device, equipment and storage medium
CN115543428A (en) Simulated data generation method and device based on strategy template
CN113254106B (en) Task execution method and device based on Flink, computer equipment and storage medium
CN114912003A (en) Document searching method and device, computer equipment and storage medium
CN114626352A (en) Report automatic generation method and device, computer equipment and storage medium
CN112416875A (en) Log management method and device, computer equipment and storage medium
CN112632192A (en) Node maintenance method and device, computer equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination