CN108924115B - Space service authority control method and system - Google Patents
Space service authority control method and system Download PDFInfo
- Publication number
- CN108924115B CN108924115B CN201810664098.9A CN201810664098A CN108924115B CN 108924115 B CN108924115 B CN 108924115B CN 201810664098 A CN201810664098 A CN 201810664098A CN 108924115 B CN108924115 B CN 108924115B
- Authority
- CN
- China
- Prior art keywords
- service
- client
- party
- layer
- range
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to a spatial service authority control method and a system, which realize the control and the sharing of geographic information data through a service authority control process on the basis of services such as map service, element service, slicing service and the like, can utilize a service containing all spatial data to control the authority of the spatial data such as the range, the layer, the field, the executable function and the like of different roles, do not need to establish the service respectively and then authorize the services, and reduce the complexity of spatial service authority management; and certain service data allowed to be accessed are selectively transmitted to the client through the service access control flow, so that the safety of the spatial information is improved.
Description
Technical Field
The invention relates to the technical field of geographic information, in particular to a space service authority control method and a space service authority control system.
Background
With the rapid development of technologies such as computer, communication, network and the like and technologies for mapping geographic information, the utilization of network publishing space services to provide functions such as space data browsing, query, analysis and the like for users is an important transformation of geographic information data application modes in recent years, geographic information application software does not need to integrate geographic information data such as electronic maps and the like at present, and only needs to initiate a request for accessing a map service by a client, so that the online geographic information service provides great convenience and has certain worry, and the most important point is access security control. Since the data set of the geographic information service is usually generated by processing mapping results, and has a certain specificity, some mapping results may have a confidential requirement, and can only be used within a certain range or only by specific users. Server-side software commonly used in the geographic information industry at present mainly includes ArcGIS Server, MapGIS service software, SuperMAP map service software, MapServer, GeoServer and other open-source map service software, and an authority management module of these software can set the access authority of the service, specify which users can access the service, but authorized users can access all information of the corresponding service, including complete spatial range, image layers and data fields; when different users are controlled to access different spatial ranges, layers and field information, the users need to respectively create services aiming at different spatial range data or layers in advance and then authorize each service one by one according to roles, and the method is easy to increase the number of the services and the complexity of service management and increase the consumption of server resources.
Disclosure of Invention
Aiming at the technical problems in the prior art, the invention provides a spatial service authority control method and a spatial service authority control system, which can control the authority of the accessed service such as spatial range, image layer, field and the like for different user roles on the basis of the service released by other platforms.
The technical scheme for solving the technical problems is as follows:
on one hand, the invention provides a space service authority control method, which comprises a service authority control flow and a service access control flow;
the service authority control flow comprises the following steps:
a1, registering a third party service;
a2, service authority distribution, granting the access authority of the registered service to each role;
a3, packaging and sharing service, according to the space range, the layer, the field and the executable function which are actually required to be accessed in the service by each role, packaging and sharing the registered service after setting the filter condition;
further, in the service authority control process, the third-party service in step a1 includes an ArcGIS mapping service ArcGIS MapServer, an ArcGIS element service ArcGIS FeatureServer, an OGC mapping service WMS, an OGC element service WFS, an ArcGIS slicing service, and an OGC slicing service WMTS.
Further, in step a3, setting a filtering condition for the registration service, including picking up a spatial range, and selecting an image layer and a field that the service needs to include; the picking mode of the space range supports administrative division picking, history range picking, rectangular picking and polygonal picking.
Further, in step a3, the registered service is packaged and shared after setting the filter condition, and different service tokens need to be set for different roles.
The service access control flow comprises the following steps:
b1, the client sends a service access request to the space service authority control system;
b2, the space service authority control system judges whether the client has the access authority of the service; if yes, go to step B3; if not, rejecting the service access request of the client;
b3, the spatial service authority control system analyzes the spatial relationship and the layer relationship between the client request service and the third-party service, and if the spatial relationship and the layer relationship are completely disjoint or the layers are not intersected, the step B4 is skipped; if the two are spatially intersected and the image layers have an intersection, jumping to step B5;
b4, the space service authority control system returns an access prohibition prompt to the client;
b5, the space service authority control system correspondingly processes the service access request sent by the client, and then sends the processed service access request to the third-party service to request to acquire the required third-party service;
b6, the space service authority control system outputs the acquired third-party service; and returning the output processed result to the client.
Further, if the third-party service in step B5 of the service access control flow is a mapping service and an element service of the ArcGIS Server, that is, ArcGIS MapServer and ArcGIS FeatureServer, step B5 specifically includes:
1) modifying the space range of the service requested to be accessed into the range of an intersected polygon of the client request service and the third-party service, and deriving a bbox parameter in an Export Map interface by modifying a Map of the service to obtain the range of the service into the range of the intersected polygon;
2) modifying the Layer of the service requested to be accessed as the Layer intersection of the client request service and the third-party service, deriving the layerDes parameter and the layers parameter in the Export Map interface, identifying the layers parameter in the Identify interface, searching the layers parameter and the Layer/Table interface in the Find interface to obtain the Layer of the service as the Layer intersection of the client request service and the third-party service;
3) modifying a field of a Layer of the Service requested to be accessed as a field intersection of layers of the client request Service and the third-party Service, and modifying a field of a Layer of the Service obtained by searching search fields parameters in a Find interface and inquiring outfield parameters in a Map Service \ Layer interface of the Service to be the field intersection of layers of the client request Service and the third-party Service;
4) and modifying the metadata information of the service requesting to be accessed, namely modifying the spatial range Full extend attribute, the layer attributes and the field attributes in the layer attributes of the service metadata.
Further, if the third-party service in step B5 of the service access control flow is a Web map service of OGC, that is, WMS, step B5 specifically includes:
1) modifying the space range of the service requested to be accessed as the range of an intersected polygon of the client request service and the third-party service, and modifying the bbox parameter in the GetMap interface of the service to obtain the range of the service as the range of the intersected polygon;
2) modifying the layer of the service requested to be accessed as the layer intersection of the client request service and the third-party service, and modifying the layer parameter in the GetMap interface of the service to realize that the obtained layer of the service is the layer intersection of the client request service and the third-party service;
3) and modifying the GetCapabilities interface of the service to modify the acquired service metadata information.
Further, if the third-party service in step B5 of the service access control flow is a Web factor service of OGC, that is, WFS, step B5 specifically includes:
1) modifying a field of a layer of the service requested to be accessed into a field intersection of layers of the client request service and a third party service, and realizing that the field of the layer of the service acquired by modifying a DescribeFeatureType interface and a GetFeature interface of the service is the field intersection of the layers of the client request service and the third party service;
2) and modifying the GetCapabilities interface of the service to modify the acquired service metadata information.
Further, if the third-party service in step B5 of the service access control flow is a slicing service, that is, an ArcGIS slicing service or a WMTS, step B5 specifically includes: and the space service authority control system requests to acquire and register a third party slicing service intersected with the client request service space.
Further, in the step B6, if the third-party service is a map service and an element service, the method specifically includes:
and merging the acquired service range of the intersecting range and the service range requested by the client, so that the output service range is the service range requested by the client, but only the service content in the intersecting range is displayed, namely the service content which the client has access to is output to the client, and the service content which the client does not have access to is displayed in a blank space.
Further, in the step B6, if the third-party service is a slicing service, the method specifically includes: and erasing the content outside the client request service range in the acquired slicing service, and only displaying the service content in the client request range.
On the other hand, the invention also provides a space service authority control system, which comprises:
the client interface is used for establishing communication connection with the client and receiving a service access request of the client;
the third-party service interface is used for establishing communication connection with a third-party service and sending a service access request;
the client request analysis module is used for analyzing the received spatial relationship and layer relationship between a service access request sent by a client and a third-party service, wherein the request comprises address information and type information of the required third-party service;
the service request processing module is used for modifying the range and the layer of the request sent to the third-party service according to the type of the client request service and the spatial relationship and the layer relationship with the third-party service;
the service registration module is used for acquiring and registering the third-party service through the address information and the type information of the third-party service;
the third-party service output processing module is used for performing corresponding output processing on the acquired third-party service according to the type of the client request service, and comprises service field screening and display content processing of slicing service;
the service sharing module is used for setting filtering conditions for the registration service and then packaging and sharing the registration service according to the space range, the layer, the field and the executable function which are actually required to be accessed by each role in the service;
the service returning module is used for returning the requested service to the client;
and the authority control module is used for allocating the access authority of the registered service to different user roles in the service authority control process and judging the service access authority of the client in the service access control process.
Further, the system also comprises a service consulting module which is used for managing the registered third-party service and the shared service, including viewing service information and starting, stopping, deleting and locking the service.
The invention has the beneficial effects that: on the basis of services such as map service, element service, slicing service and the like, the geographic information data are controlled and shared through the service authority control process, the authority of the spatial data in different roles, such as the range, the layer, the field, the executable function and the like can be controlled by using one service containing all spatial data, the service is not required to be established respectively and then authorized one by one, and the complexity of spatial service authority management is reduced; and certain service data allowed to be accessed are selectively transmitted to the client through the service access control flow, so that the safety of the spatial information is improved.
Drawings
FIG. 1 is a service right control flow chart of a space service right control method according to the present invention;
FIG. 2 is a flowchart illustrating a service access control method according to a spatial service right control method of the present invention;
FIG. 3 is a diagram of a spatial service privilege control system according to the present invention;
FIG. 4 is a schematic view of access control for a map service and a factor service;
fig. 5 is a diagram illustrating access control of the slicing service.
Detailed Description
The principles and features of this invention are described below in conjunction with the following drawings, which are set forth by way of illustration only and are not intended to limit the scope of the invention.
On one hand, the invention provides a space service authority control method, which comprises a service authority control flow and a service access control flow;
the service authority control flow, as shown in fig. 1, includes the following steps:
a1, registering a third party service;
a2, service authority distribution, granting the access authority of the registered service to each role;
a3, packaging and sharing service, according to the space range, the layer, the field and the executable function which are actually required to be accessed in the service by each role, packaging and sharing the registered service after setting the filter condition;
further, in the service authority control process, the third-party service in step a1 includes an ArcGIS mapping service ArcGIS MapServer, an ArcGIS element service ArcGIS FeatureServer, an OGC mapping service WMS, an OGC element service WFS, an ArcGIS slicing service, and an OGC slicing service WMTS.
Further, in step a3, setting a filtering condition for the registration service, including picking up a spatial range, and selecting an image layer and a field that the service needs to include; the picking mode of the space range supports administrative division picking, history range picking, rectangular picking and polygonal picking.
Further, in step a3, the registered service is packaged and shared after setting the filter condition, and different service tokens need to be set for different roles.
The service access control process, as shown in fig. 2, includes the following steps:
b1, the client sends a service access request to the space service authority control system;
b2, the space service authority control system judges whether the client has the access authority of the service; if yes, go to step B3; if not, rejecting the service access request of the client;
b3, the spatial service authority control system analyzes the spatial relationship and the layer relationship between the client request service and the third-party service, and if the spatial relationship and the layer relationship are completely disjoint or the layers are not intersected, the step B4 is skipped; if the two are spatially intersected and the image layers have an intersection, jumping to step B5;
b4, the space service authority control system returns an access prohibition prompt to the client;
b5, the space service authority control system correspondingly processes the service access request sent by the client, and then sends the processed service access request to the third-party service to request to acquire the required third-party service;
b6, the space service authority control system outputs the acquired third-party service; and returning the output processed result to the client.
Further, if the third-party service in step B5 of the service access control flow is a mapping service and an element service of the ArcGIS Server, that is, ArcGIS MapServer and ArcGIS FeatureServer, step B5 specifically includes:
1) modifying the space range of the service requested to be accessed into the range of an intersected polygon of the client request service and the third-party service, and deriving a bbox parameter in an Export Map interface by modifying a Map of the service to obtain the range of the service into the range of the intersected polygon;
2) modifying the Layer of the service requested to be accessed as the Layer intersection of the client request service and the third-party service, deriving the layerDes parameter and the layers parameter in the Export Map interface, identifying the layers parameter in the Identify interface, searching the layers parameter and the Layer/Table interface in the Find interface to obtain the Layer of the service as the Layer intersection of the client request service and the third-party service;
3) modifying a field of a Layer of the Service requested to be accessed as a field intersection of layers of the client request Service and the third-party Service, and modifying a field of a Layer of the Service obtained by searching search fields parameters in a Find interface and inquiring outfield parameters in a Map Service \ Layer interface of the Service to be the field intersection of layers of the client request Service and the third-party Service;
4) and modifying the metadata information of the service requesting to be accessed, namely modifying the spatial range Full extend attribute, the layer attributes and the field attributes in the layer attributes of the service metadata.
Further, if the third-party service in step B5 of the service access control flow is a Web map service of OGC, that is, WMS, step B5 specifically includes:
1) modifying the space range of the service requested to be accessed as the range of an intersected polygon of the client request service and the third-party service, and modifying the bbox parameter in the GetMap interface of the service to obtain the range of the service as the range of the intersected polygon;
2) modifying the layer of the service requested to be accessed as the layer intersection of the client request service and the third-party service, and modifying the layer parameter in the GetMap interface of the service to realize that the obtained layer of the service is the layer intersection of the client request service and the third-party service;
3) and modifying the GetCapabilities interface of the service to modify the acquired service metadata information.
Further, if the third-party service in step B5 of the service access control flow is a Web factor service of OGC, that is, WFS, step B5 specifically includes:
1) modifying a field of a layer of the service requested to be accessed into a field intersection of layers of the client request service and a third party service, and realizing that the field of the layer of the service acquired by modifying a DescribeFeatureType interface and a GetFeature interface of the service is the field intersection of the layers of the client request service and the third party service;
2) and modifying the GetCapabilities interface of the service to modify the acquired service metadata information.
Further, if the third-party service in step B5 of the service access control flow is a slicing service, that is, an ArcGIS slicing service or a WMTS, step B5 specifically includes: and the space service authority control system requests to acquire and register a third party slicing service intersected with the client request service space.
Further, in the step B6, if the third-party service is a map service and an element service, the method specifically includes:
and merging the acquired service range of the intersecting range and the service range requested by the client, so that the output service range is the service range requested by the client, but only the service content in the intersecting range is displayed, namely the service content which the client has access to is output to the client, and the service content which the client does not have access to is displayed in a blank space.
Further, in the step B6, if the third-party service is a slicing service, the method specifically includes: and erasing the content outside the client request service range in the acquired slicing service, and only displaying the service content in the client request range.
Specifically, a specific implementation of access control for map services and element services (ArcGIS MapServer, ArcGIS FeatureServer, WMS, WFS) is shown in fig. 4:
(1) the client sends a service access request to the space service authority control system;
(2) the space service authority control system judges whether the client has the access authority of the service. If yes, skipping to the step (3); if not, rejecting the service access request of the client;
(3) the spatial service authority control system analyzes the spatial relationship and the layer relationship between the client request service and a third-party service, wherein the third-party service is a native service which the client actually has access to; if the two are completely disjoint in space or the layers are not intersected, skipping to the step (4); if the two are intersected in space and the image layers have intersection, skipping to the step (5);
(4) the space service authority control system returns an access prohibition prompt to the client;
(5) the space service authority control system correspondingly processes a service access request sent by a client, then sends the processed service access request to a third-party service, and requests to acquire the required third-party service, and the method specifically comprises the following steps:
1) modifying the spatial range of the service requested to be accessed into an intersecting polygon range of the client request service and the third-party service: for ArcGIS MapServer and ArcGIS FeatureServer services, deriving a bbox parameter in an Export Map interface by modifying a Map of the services to obtain a range of the services as an intersecting polygon range; for WMS service, the range of the obtained service is an intersecting polygon range by modifying a bbox parameter in a GetMap interface of the service;
2) modifying the layer of the service requested to be accessed into the layer intersection of the client request service and the third-party service: for ArcGIS MapServer and ArcGIS FeatureServer services, deriving layerDes parameters and layers parameters in an Export Map interface, identifying the layers parameters in an Identify interface, searching the layers parameters and the Layer/Table interface in a Find interface to obtain a Layer of the service, which is a Layer intersection of a client request service and a third-party service, by modifying a Map of the service; for WMS service, the layer of the service obtained by modifying the layer parameter in the GetMap interface of the service is the layer intersection of the client request service and the third-party service;
3) modifying the field of the layer of the service requested to be accessed into the field intersection of the layer of the client request service and the third-party service: for ArcGIS MapServer and ArcGIS FeatureServer services, the field of the Layer of the obtained Service is the field intersection of the Layer of the client request Service and the Layer of the third-party Service by modifying the searchFields parameter in the Find field interface of the Service and inquiring the outFields parameter in the Map Service \ Layer interface; for WFS service, the field of the layer of the service obtained by modifying the DescriptFeatureType interface and the GetFeatureinterface of the service is the field intersection of the layer of the client request service and the layer of the third-party service;
4) modifying metadata information of the service requesting access: for ArcGIS MapServer and ArcGIS FeatureServer services, modifying the spatial range Full extend attribute, the layer attribute and the field attributes in the layer of the service metadata; for WMS service and WFS service, modifying GetCapabilities interface of service;
(6) the space service authority control system outputs and processes the acquired required third-party service: merging the acquired service in the intersecting range with the service range requested by the client, so that the output service range is the service range requested by the client, but only the service content in the intersecting range is displayed, namely the service content which the client has access to is output to the client, and the service content which the client does not have access to is displayed in a blank state;
(7) and the space service authority control system returns the output processed result to the client.
A specific implementation of access control for slicing service (ArcGIS slicing service, WMTS) is shown in fig. 5:
(1) the client sends a service access request to the space service authority control system;
(2) the space service authority control system judges whether the client has the access authority of the service. If yes, skipping to the step (3); if not, rejecting the service access request of the client;
(3) the spatial service authority control system analyzes the spatial relationship and the layer relationship between the client request service and the third-party slicing service; if the two are completely disjoint in space or the layers are not intersected, skipping to the step (4); if the two are intersected in space and the image layers have intersection, skipping to the step (5);
(4) the space service authority control system returns an access prohibition prompt to the client;
(5) the space service authority control system requests to acquire and register a third party slicing service intersected with the service space requested by the client;
(6) the space service authority control system performs output processing on the acquired third-party slicing service, and specifically comprises the following steps:
erasing contents outside the client request service range in the acquired slicing service, and only displaying the service contents in the client request range;
(7) and the space service authority control system returns the output processed result to the client.
On the other hand, the present invention further provides a space service authority control system, as shown in fig. 3, including:
the client interface is used for establishing communication connection with the client and receiving a service access request of the client;
the third-party service interface is used for establishing communication connection with a third-party service and sending a service access request;
the client request analysis module is used for analyzing the received spatial relationship and layer relationship between a service access request sent by a client and a third-party service, wherein the request comprises address information and type information of the required third-party service;
the service request processing module is used for modifying the range and the layer of the request sent to the third-party service according to the type of the client request service and the spatial relationship and the layer relationship with the third-party service;
the service registration module is used for acquiring and registering the third-party service through the address information and the type information of the third-party service;
the third-party service output processing module is used for performing corresponding output processing on the acquired third-party service according to the type of the client request service, and comprises service field screening and display content processing of slicing service;
the service sharing module is used for setting filtering conditions for the registration service and then packaging and sharing the registration service according to the space range, the layer, the field and the executable function which are actually required to be accessed by each role in the service;
the service returning module is used for returning the requested service to the client;
and the authority control module is used for allocating the access authority of the registered service to different user roles in the service authority control process and judging the service access authority of the client in the service access control process.
And the service consulting module is used for managing the registered third-party service and the shared service, and comprises the steps of viewing service information and starting, stopping, deleting and locking the service.
On the basis of services such as map service, element service, slicing service and the like, the geographic information data are controlled and shared through the service authority control process, the authority of the spatial data in different roles, such as the range, the layer, the field, the executable function and the like can be controlled by using one service containing all spatial data, the service is not required to be established respectively and then authorized one by one, and the complexity of spatial service authority management is reduced; and certain service data allowed to be accessed are selectively transmitted to the client through the service access control flow, so that the safety of the spatial information is improved.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (9)
1. A space service authority control method is characterized by comprising a service authority control flow and a service access control flow;
the service authority control flow comprises the following steps:
a1, registering a third party service;
a2, service authority distribution, granting the access authority of the registered service to each role;
a3, packaging and sharing service, according to the space range, the layer, the field and the executable function which are actually required to be accessed in the service by each role, packaging and sharing the registered service after setting the filter condition;
the service access control flow comprises the following steps:
b1, the client sends a service access request to the space service authority control system;
b2, the space service authority control system judges whether the client has the access authority of the service; if yes, go to step B3; if not, rejecting the service access request of the client;
b3, the spatial service authority control system analyzes the spatial relationship and the layer relationship between the client request service and the third-party service, and if the spatial relationship and the layer relationship are completely disjoint or the layers are not intersected, the step B4 is skipped; if the two are spatially intersected and the image layers have an intersection, jumping to step B5;
b4, the space service authority control system returns an access prohibition prompt to the client;
b5, the space service authority control system correspondingly processes the service access request sent by the client, and then sends the processed service access request to the third-party service to request to acquire the required third-party service;
b6, the space service authority control system outputs the acquired third-party service; and returning the output processed result to the client.
2. The spatial service authority control method according to claim 1, wherein the service authority control process, the third-party service in step a1 includes ArcGIS mapping service ArcGIS MapServer, ArcGIS element service ArcGIS FeatureServer, OGC mapping service WMS, OGC element service WFS, ArcGIS slicing service, and OGC slicing service WMTS.
3. The spatial service authority control method according to claim 2, wherein if the third-party service in step B5 of the service access control process is a map service and an element service of an ArcGIS Server, that is, an ArcGIS MapServer or an ArcGIS FeatureServer, step B5 specifically includes:
1) modifying the space range of the service requested to be accessed into the range of an intersected polygon of the client request service and the third-party service, and deriving a bbox parameter in an Export Map interface by modifying a Map of the service to obtain the range of the service into the range of the intersected polygon;
2) modifying the Layer of the service requested to be accessed as the Layer intersection of the client request service and the third-party service, deriving the layerDes parameter and the layers parameter in the Export Map interface, identifying the layers parameter in the Identify interface, searching the layers parameter and the Layer/Table interface in the Find interface to obtain the Layer of the service as the Layer intersection of the client request service and the third-party service;
3) modifying a field of a Layer of the Service requested to be accessed as a field intersection of layers of the client request Service and the third-party Service, and modifying a field of a Layer of the Service obtained by searching search fields parameters in a Find interface and inquiring outfield parameters in a Map Service \ Layer interface of the Service to be the field intersection of layers of the client request Service and the third-party Service;
4) and modifying the metadata information of the service requesting to be accessed, namely modifying the spatial range Full extend attribute and the layer attributes of the service metadata.
4. The method as claimed in claim 2, wherein if the third-party service in step B5 of the service access control process is a Web Map Service (WMS) of OGC, step B5 specifically includes:
1) modifying the space range of the service requested to be accessed as the range of an intersected polygon of the client request service and the third-party service, and modifying the bbox parameter in the GetMap interface of the service to obtain the range of the service as the range of the intersected polygon;
2) modifying the layer of the service requested to be accessed as the layer intersection of the client request service and the third-party service, and modifying the layer parameter in the GetMap interface of the service to realize that the obtained layer of the service is the layer intersection of the client request service and the third-party service;
3) and modifying the GetCapabilities interface of the service to modify the acquired service metadata information.
5. The method as claimed in claim 2, wherein if the third-party service in step B5 of the service access control process is a Web element service (WFS) of OGC, step B5 specifically includes:
1) modifying a field of a layer of the service requested to be accessed into a field intersection of layers of the client request service and a third party service, and realizing that the field of the layer of the service acquired by modifying a DescribeFeatureType interface and a GetFeature interface of the service is the field intersection of the layers of the client request service and the third party service;
2) and modifying the GetCapabilities interface of the service to modify the acquired service metadata information.
6. The method as claimed in claim 2, wherein if the third-party service in step B5 of the service access control process is a slicing service, that is, an ArcGIS slicing service or a WMTS, step B5 specifically includes: and the space service authority control system requests to acquire and register a third party slicing service intersected with the client request service space.
7. The method for controlling spatial service authority according to claim 2, wherein in the step B6, if the third-party service is a map service and an element service, the method specifically includes:
and merging the acquired service range of the intersecting range and the service range requested by the client, so that the output service range is the service range requested by the client, but only the service content in the intersecting range is displayed, namely the service content which the client has access to is output to the client, and the service content which the client does not have access to is displayed in a blank space.
8. The method for controlling spatial service right according to claim 2, wherein in the step B6, if the third-party service is a slicing service, the method specifically includes: and erasing the content outside the client request service range in the acquired slicing service, and only displaying the service content in the client request range.
9. A space service entitlement control system, comprising:
the client interface is used for establishing communication connection with the client and receiving a service access request of the client;
the third-party service interface is used for establishing communication connection with a third-party service and sending a service access request;
the client request analysis module is used for analyzing the received spatial relationship and layer relationship between a service access request sent by a client and a third-party service, wherein the request comprises address information and type information of the required third-party service;
the service request processing module is used for modifying the range and the layer of the request sent to the third-party service according to the type of the client request service and the spatial relationship and the layer relationship with the third-party service;
the service registration module is used for acquiring and registering the third-party service through the address information and the type information of the third-party service;
the third-party service output processing module is used for performing corresponding output processing on the acquired third-party service according to the type of the client request service, and comprises service field screening and display content processing of slicing service;
the service sharing module is used for setting filtering conditions for the registration service and then packaging and sharing the registration service according to the space range, the layer, the field and the executable function which are actually required to be accessed by each role in the service;
the service returning module is used for returning the requested service to the client;
and the authority control module is used for allocating the access authority of the registered service to different user roles in the service authority control process and judging the service access authority of the client in the service access control process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810664098.9A CN108924115B (en) | 2018-06-25 | 2018-06-25 | Space service authority control method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810664098.9A CN108924115B (en) | 2018-06-25 | 2018-06-25 | Space service authority control method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108924115A CN108924115A (en) | 2018-11-30 |
CN108924115B true CN108924115B (en) | 2020-12-01 |
Family
ID=64422452
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810664098.9A Active CN108924115B (en) | 2018-06-25 | 2018-06-25 | Space service authority control method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108924115B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110704399B (en) * | 2019-10-08 | 2020-09-15 | 四川省地质工程勘察院集团有限公司 | Distributed authority management method based on geographic spatial position |
CN111611338A (en) * | 2020-05-15 | 2020-09-01 | 交通运输部规划研究院 | Dynamic map clipping method and device and storage medium |
CN112364111A (en) * | 2020-08-21 | 2021-02-12 | 福建师范大学地理研究所 | WebGIS (Web geographic information System) -based information management system and implementation method |
CN113971005A (en) * | 2021-10-28 | 2022-01-25 | 上海数慧系统技术有限公司 | Control method, device and system for space application permission |
CN114465751A (en) * | 2021-12-03 | 2022-05-10 | 自然资源部信息中心 | Access control method and device for map service information |
CN115794539B (en) * | 2022-09-20 | 2023-09-01 | 北京世纪国源科技股份有限公司 | Log incremental monitoring method, device and equipment for space-time data API service |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101075248A (en) * | 2007-06-22 | 2007-11-21 | 上海众恒信息产业有限公司 | System and method for providing geographical information system interface service |
CN104301354A (en) * | 2013-07-16 | 2015-01-21 | 杭州鹏信科技有限公司 | Space type business data GIS service realization method and system based on cloud calculation |
CN105989276A (en) * | 2015-02-12 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Role optimization method and apparatus in RBAC permission system |
CN106230801A (en) * | 2016-07-26 | 2016-12-14 | 北京超图软件股份有限公司 | The access control method of registration service and device in GIS door |
CN106685994A (en) * | 2017-02-22 | 2017-05-17 | 河海大学 | Cloud GIS (Geographic Information System) resource access control method based on GIS role grade permission |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101388904B (en) * | 2008-07-29 | 2011-08-03 | 北京超图软件股份有限公司 | GIS service aggregating method, device and system |
US20170024412A1 (en) * | 2015-07-17 | 2017-01-26 | Environmental Systems Research Institute (ESRI) | Geo-event processor |
CN107065794A (en) * | 2017-03-24 | 2017-08-18 | 广州劲联智能科技有限公司 | A kind of intelligent safety supervision management system and implementation method based on GIS geographical information platforms |
-
2018
- 2018-06-25 CN CN201810664098.9A patent/CN108924115B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101075248A (en) * | 2007-06-22 | 2007-11-21 | 上海众恒信息产业有限公司 | System and method for providing geographical information system interface service |
CN104301354A (en) * | 2013-07-16 | 2015-01-21 | 杭州鹏信科技有限公司 | Space type business data GIS service realization method and system based on cloud calculation |
CN105989276A (en) * | 2015-02-12 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Role optimization method and apparatus in RBAC permission system |
CN106230801A (en) * | 2016-07-26 | 2016-12-14 | 北京超图软件股份有限公司 | The access control method of registration service and device in GIS door |
CN106685994A (en) * | 2017-02-22 | 2017-05-17 | 河海大学 | Cloud GIS (Geographic Information System) resource access control method based on GIS role grade permission |
Non-Patent Citations (1)
Title |
---|
"空间信息资源共享与互操作技术";龚健雅;《国土资源信息化》;20031015;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN108924115A (en) | 2018-11-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108924115B (en) | Space service authority control method and system | |
US8924361B2 (en) | Monitoring entitlement usage in an on-demand system | |
US8959114B2 (en) | Entitlement management in an on-demand system | |
US8590003B2 (en) | Controlling access to resources by hosted entities | |
US7672483B2 (en) | Controlling and customizing access to spatial information | |
RU2387003C2 (en) | Method, system and device for detecting data sources and connection to data sources | |
US20060206931A1 (en) | Access control policy engine controlling access to resource based on any of multiple received types of security tokens | |
US10069838B2 (en) | Controlling consumption of hierarchical repository data | |
KR102090982B1 (en) | How to identify malicious websites, devices and computer storage media | |
AU2014400621B2 (en) | System and method for providing contextual analytics data | |
EP3232335B1 (en) | Method and device for providing authentication information on web page | |
AU2014208184A1 (en) | Systems and methodologies for managing document access permissions | |
CN109639643A (en) | Customer manager's information sharing method, electronic device and readable storage medium storing program for executing based on block chain | |
US20110270885A1 (en) | Security configuration systems and methods for portal users in a multi-tenant database environment | |
US20120246705A1 (en) | Object-Based Access Control for Map Data | |
US20160269446A1 (en) | Template representation of security resources | |
US20090172567A1 (en) | Dynamically added navigation widget for loose integration of web pages across different web applications | |
Carminati et al. | Trust and share: Trusted information sharing in online social networks | |
CN114238935A (en) | Method and device for managing and controlling spatial data in user-defined range | |
US9600582B2 (en) | Blocking objectionable content in service provider storage systems | |
CN112084021A (en) | Interface configuration method, device and equipment of education system and readable storage medium | |
CN107291829B (en) | LBS-based information resource authority management method | |
CN115643093A (en) | Authority management and control method, system, equipment and medium based on organization architecture | |
US20210026981A1 (en) | Methods and apparatuses for processing data requests and data protection | |
KR101304452B1 (en) | A cloud system for document management using location |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A Space Service Permission Control Method and System Effective date of registration: 20230613 Granted publication date: 20201201 Pledgee: Wuhan area branch of Hubei pilot free trade zone of Bank of China Ltd. Pledgor: WUHAN ZHONGZHI HONGTU TECHNOLOGY CO.,LTD. Registration number: Y2023420000231 |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right |