Summary of the invention
Purpose of the present invention is exactly to provide a kind of disposal route and device that is applicable to the application integration of To enterprises information resources for the defective that overcomes above-mentioned prior art existence.
Purpose of the present invention can be achieved through the following technical solutions:
A kind of disposal route that is applicable to the application integration of To enterprises information resources, it is characterized in that this method has defined enterprise's unified resource, comprise the overall situation user of enterprise, enterprise's global role and enterprises information system access resource, and integrate application on its basis, concrete steps are as follows:
1) unified resource platform registration;
2) user side login unified resource platform, the unified resource platform is verified its identity in conjunction with the enterprise content server zone;
3) behind the user side login unified resource platform, the addressable resource of unified resource platform display and information system, the first front end blocker is caught the URL information of user side;
4) verify the authority of this user side to this resource;
5) if yes, execution in step 6), if deny execution in step 10)
6) whether the second front end blocker judges this visit for visiting first, if yes, and execution in step 7), if deny execution in step 8);
7) create user session, and enter step 8);
8) page of request access resources is played up;
9) use the resource of this infosystem;
10) the prompting resource is had no right visit information.
Described step 1) unified resource platform registration may further comprise the steps:
1) the front end blocker is tackled transformation to internal enterprise resources;
2) internal enterprise resources through transforming is registered in the unified resource platform;
3) the unified resource platform distributes the resource after registering according to user account different rights grade.
The user side identity is verified described step 2) may further comprise the steps:
1) user side carries out encryption with password, and the password after user name and the encryption is input to the unified resource platform;
2) the unified resource platform is decrypted the password after encrypting, and is transferred to the enterprise content server zone together with user name;
3) the enterprise content server zone accept user name and the deciphering after password, by with enterprise content data in server storehouse in information mate;
4), handle relevant return message according to user side credential match result;
5) obtain user side identity documents checking result and relevant information.
This device comprises user terminal, unified resource platform, enterprise content server zone, infosystem, described unified resource platform is provided with the first front end blocker, described infosystem is provided with the second front end blocker, described user side is connected with the first front end blocker, described unified resource platform is connected with the enterprise content server zone, and described unified resource platform is connected with the second front end blocker.
Compared with prior art, the present invention has the following advantages:
1, more effectively realizes the enterprises information system management, can better solve the isolated separately each other problem of enterprises infosystem;
2, the employee repeatedly logins different infosystems, repeatedly carries out the application system Authentication Questions;
3, simplified the application system of right assignment problem enterprise information management person causes to(for) job transfers such as employee's registration, transfer-position and leaving office;
4, based on the uniform authorization service, the IT managerial personnel can easily manage concentratedly and safeguard for the employee's of intra-company account number;
5, the self-defined classification of resource and unified visit have made things convenient for employee's using system, have improved employee work efficient, have solved the management drawback of bringing in the IT application in enterprises progress.
Embodiment
The present invention is described in detail below in conjunction with the drawings and specific embodiments.
Embodiment 1
As shown in Figure 1 and Figure 2, a kind of disposal route and device that is applicable to the application integration of To enterprises information resources, it is characterized in that, this method comprises unified resource platform 2, enterprise content server zone 3, infosystem 4, described unified resource platform 2 comprises the first front end blocker, authorization module, described infosystem 4 is provided with the second front end blocker, described authorization module carries out uniform authorization to user account, carry out the Permission Levels setting by the personnel's responsibility that inserts the unified resource platform, this disposal route may further comprise the steps:
Step 101,2 registrations of unified resource platform;
Step 102, user side 1 login unified resource platform 2, unified resource platform 2 is verified its identity in conjunction with enterprise content server zone 3;
Step 103, behind the user side 1 login unified resource platform 2, the addressable resource of unified resource platform 2 display and information systems, the first front end blocker is caught the URL information of user side;
Step 104 is verified the authority of this user side to this resource;
Step 105, if yes, execution in step 106 is if deny execution in step 110
Whether step 106, the second front end blocker judge this visit for visiting first, and if yes, execution in step 107 is if deny execution in step 108;
Step 107 is created user session, and is entered step 108;
Step 108 is played up the page of request access resources;
Step 109 is used the resource of this infosystem 4;
Step 110, the prompting resource is had no right visit information.
Described step 101 unified resource platform 2 registrations may further comprise the steps:
1) the front end blocker is tackled transformation to internal enterprise resources;
2) internal enterprise resources through transforming is registered in the unified resource platform 2;
3) unified resource platform 2 distributes the resource after registering according to user account different rights grade.
As shown in Figure 3, the user side identity is verified in the described step 102 may further comprise the steps:
Step 201, user side carries out encryption with password, and the password after user name and the encryption is input to the unified resource platform;
Step 202, the unified resource platform is decrypted the password after encrypting, and is transferred to the enterprise content server zone together with user name;
Step 203, enterprise content server zone accept user name and the deciphering after password, by with enterprise content data in server storehouse in information mate;
Step 204 according to user side credential match result, is handled relevant return message;
Step 205 is obtained user side identity documents checking result and relevant information.
The present invention is incorporated into the operation system of a plurality of independent utility on the uniform platform, realizes the integration of enterprise's internal information application resource, the loaded down with trivial details process when solving the isolated separately each other problem of enterprise operation system, employee and using a plurality of enterprise operation system.The employee just can easily visit authorized resource, and need not repeatedly to login and authenticate as long as once sign in on this platform, these authorization resources, and what the employee can be according to oneself likes self-defined organizing together.
System adopts the development language of JAVA as system based on the J2EE platform, realizes unified resource platform personnel, institutional unified management in conjunction with enterprise content bundle of services 3 (LDAP), realizes the number of the account uniqueness of each infosystem of enterprises employee.
Unified resource platform 2 provides following major function:
1) provides organization of unity mechanism of enterprise interface;
2) provide enterprise to unify personnel's view and Account Administration;
3) provide the Unified Identity checking;
4) provide the unified resource service;
5) provide the uniform authorization service.
System provides the licensing scheme of the access control (RBAC) based on the role, according to different duties, adopts different authority measures; Personnel to all access information systems carry out the Permission Levels setting, delimit necessary minimum authorization scope by its responsibility, limit the different system function that each Permission Levels operating personnel can carry out in detail.Based on the uniform authorization service, the IT managerial personnel can easily manage concentratedly and safeguard for enterprises employee's number of the account.
Embodiment 2
The unified resource platform of my company is mainly in Shanghai Jiulong Information Technology Engineering Co., Ltd. at present, and Shanghai Jiulong Electric Power group uses.Along with effectively carrying out of intra-company's informatization, various infosystems have been built successively in intra-company.There is the situation of inconvenience in the infosystem of a plurality of dispersions in information management, and also comes very big inconvenience for employee's work, for the further developing of informatization of company brought certain obstruction and be stranded rich.
Based on above problem, unified resource platform construction requirement has been proposed by company, promptly realizes the unified menu of built-in system, unified user, uniform authorization management and unified identity authentication.
After adopting the unified resource platform, solved following problem:
1) OA system of company, mailing system, attendance checking system, reimbursement system, human resources platform, department's work centre, project information system, project cost control system, project management system, logistics service platform and inner website delivery system etc. have been integrated, and can in informatization subsequently, integrate more multisystem according to certain interface specification;
2) (Identity Management Domino) is unified configuration management to the user cipher of three directory services for AD, SUN iPlanet to have integrated three directory services;
3) after the user landed from unified inlet, addressable any integration system also switched between each system, need not to repeat to land;
4) use the Intranet network, the unified resource platform has used two HP blade servers on disposing, and directory service and each application system are kept deployed environment separately, do not adjust.In actual applications, the influence of the normal operation of existing system is accomplished to minimize.
Mainly run into the integration problem of authority in the application process, by gathering and redefining, technical employing role-security is inherited at last, finally the distribution that solves overall authority preferably.
This system has promoted the use of more than a year, during this, new registration employee, the employee is transferred and promoted, labor turnover brings operation system account number and the adjustment problem of authority have obtained good solution, implementing the new business system in the integration access of being undertaken by interface specification, progress also relatively smoothly.