CN111339507A - Method, system, equipment and readable storage medium for processing access request - Google Patents
Method, system, equipment and readable storage medium for processing access request Download PDFInfo
- Publication number
- CN111339507A CN111339507A CN202010112323.5A CN202010112323A CN111339507A CN 111339507 A CN111339507 A CN 111339507A CN 202010112323 A CN202010112323 A CN 202010112323A CN 111339507 A CN111339507 A CN 111339507A
- Authority
- CN
- China
- Prior art keywords
- access
- access request
- user
- level
- access level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000012545 processing Methods 0.000 title claims abstract description 40
- 238000004590 computer program Methods 0.000 claims description 6
- 230000009286 beneficial effect Effects 0.000 abstract description 2
- 230000008569 process Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 239000003999 initiator Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a method for processing an access request, which comprises the following steps: intercepting an access request sent by a user; determining a first access level of an instance corresponding to the access request; acquiring a second access level of the user, and judging whether the second access level is greater than or equal to the first access level; and if so, executing the operation corresponding to the access request. According to the method and the device, the first access level of the instance corresponding to the access request is compared with the second access level of the user, and when the second access level is larger than or equal to the first access level, the operation corresponding to the access request is executed. The scheme does not need to realize the control of the access request based on the role, but realizes the control through the self attribute of the user without being limited by the number of the roles of the system; meanwhile, the security access control is refined to the instance level, and the security of the cloud platform product is greatly improved. The application also provides a system, a device and a readable storage medium for processing the access request, which have the beneficial effects.
Description
Technical Field
The present application relates to the field of access request processing, and in particular, to a method, a system, a device, and a readable storage medium for processing an access request.
Background
Mandatory Access Control (MAC) refers to an Access Control restricted by an operating system in the field of computer security, and aims to limit the ability of a subject or an initiator to Access or perform some operation on an object or a target, and is widely applied to operating systems and databases. Different product examples on the cloud platform have different purposes, wherein some examples are used for development and testing, and some examples are in a production environment, so that the safety level of the examples is different. To improve the security of product usage, it is necessary to make a strong security access control, i.e. different user levels and different security levels of the instances that are allowed to access.
At present, when a user accesses a product instance, role-based access control is generally adopted, that is, permissions are set for various functions of a system, one group of permissions corresponds to one role, and the role is bound to an account. When the number of system roles is limited, the security access control is difficult to be refined to an instance level, so that the security of a cloud platform product is low.
Therefore, how to improve the security of cloud platform products is a technical problem that needs to be solved by those skilled in the art at present.
Disclosure of Invention
The application aims to provide an access request processing method, system, device and readable storage medium, which are used for improving the safety of cloud platform products.
In order to solve the above technical problem, the present application provides a method for processing an access request, including:
intercepting an access request sent by a user;
determining a first access level of an instance corresponding to the access request;
acquiring a second access level of a user, and judging whether the second access level is greater than or equal to the first access level;
and if so, executing the operation corresponding to the access request.
Optionally, the executing the operation corresponding to the access request includes:
judging whether a user has the user authority for carrying out the operation on the instance;
if not, refusing to execute the operation corresponding to the access request;
and if so, executing the operation corresponding to the access request.
Optionally, after intercepting the access request sent by the user, the method further includes:
acquiring an environment variable parameter;
judging whether a mandatory access mode is started or not according to the environment variable parameter;
if yes, executing the step of determining the first access level of the instance corresponding to the access request;
if not, executing a step of judging whether the user has the user authority for carrying out the operation on the example.
Optionally, before intercepting the access request sent by the user, the method further includes:
acquiring interception parameters and generating an interceptor according to the interception parameters.
Optionally, the intercepting an access request sent by a user includes:
and calling the interceptor to intercept the access request corresponding to the interception parameter.
Optionally, when the second access level is less than the first access level, the method further includes:
and outputting prompt information of current access abnormity.
The present application further provides a system for processing an access request, the system comprising:
the intercepting module is used for intercepting an access request sent by a user;
a determining module, configured to determine a first access level of an instance corresponding to the access request;
the acquisition and judgment module is used for acquiring a second access level of the user and judging whether the second access level is greater than or equal to the first access level;
and the execution module is used for executing the operation corresponding to the access request when the second access level is greater than or equal to the first access level.
Optionally, the executing module includes:
the judging submodule is used for judging whether a user has the user authority for carrying out the operation on the example;
the access refusing submodule is used for refusing to execute the operation corresponding to the access request when the user does not have the user right for carrying out the operation on the instance;
and the access permission submodule is used for executing the operation corresponding to the access request when the user has the user right of performing the operation on the instance.
The present application also provides an access request processing apparatus, including:
a memory for storing a computer program;
a processor for implementing the steps of the method of access request processing according to any one of the preceding claims when executing the computer program.
The present application also provides a readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the method of access request processing according to any one of the preceding claims.
The method for processing the access request comprises the following steps: intercepting an access request sent by a user; determining a first access level of an instance corresponding to the access request; acquiring a second access level of the user, and judging whether the second access level is greater than or equal to the first access level; and if so, executing the operation corresponding to the access request.
According to the technical scheme, the access request sent by the user is intercepted, then the first access level of the instance corresponding to the access request is compared with the second access level of the user, and when the second access level is larger than or equal to the first access level, the operation corresponding to the access request is executed. The scheme does not need to realize the control of the access request based on the role, but realizes the control through the self attribute of the user without being limited by the number of the roles of the system; meanwhile, the security access control is refined to the instance level, and the security of the cloud platform product is greatly improved. The present application also provides a system, a device and a readable storage medium for processing an access request, which have the above beneficial effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for processing an access request according to an embodiment of the present application;
FIG. 2 is a flow chart of an actual representation of S104 of a method of access request processing provided in FIG. 1;
fig. 3 is a flowchart of another method for processing an access request according to an embodiment of the present application;
fig. 4 is a block diagram of a system for processing an access request according to an embodiment of the present application;
fig. 5 is a block diagram of an access request processing device according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a method, a system, equipment and a readable storage medium for processing an access request, which are used for improving the security of a cloud platform product.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
When a user accesses a product instance, the product instances accessed by users within the same organization (department) are the same since there is no differentiation made as to the security level of the product instances. In an actual application scene, a client requires that users in the same department access different product examples, for example, users in several database example departments opened for development can use the product examples, developers opened for testing and in a user production environment can not use the product examples, and at the moment, the security level is required to be directly defined on the user instead of being defined in a role form; in the prior art, role-based access control is adopted, namely, permissions are set for various functions of a system, one group of permissions corresponds to one role, and the role is bound to an account. When the number of system roles is limited, the security access control is difficult to be refined to an instance level, so that the security of a cloud platform product is low; the present application therefore provides a method for processing an access request to solve the above-mentioned problems.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for processing an access request according to an embodiment of the present disclosure.
The method specifically comprises the following steps:
s101: intercepting an access request sent by a user;
the access request mentioned here is a request sent by a user to access the instance, and based on different product instances on the cloud platform, the applications are different, and the corresponding access levels are also different;
optionally, as mentioned herein, the access request sent by the user is intercepted, and it may specifically intercept all access requests sent by the current user, so as to avoid a situation that the access request is directly executed;
preferably, before intercepting the access request sent by the user, the interception parameter may also be obtained, and an interceptor is generated according to the interception parameter, so that the access request sent by the user is intercepted in step S101, specifically, the interceptor is invoked to intercept the access request corresponding to the interception parameter, thereby implementing accurate interception of the access request; further, the interception parameter may include, but is not limited to, an interface access right parameter, a method acquisition parameter, and the like;
for example, a point can be buried by using a custom note @ prvillee at a RestController method requiring security control, and then a Spring section Aspect is defined in the system, and the Spring section intercepts the method of burying the point in the RestController, so that the interception of the access request is realized.
S102: determining a first access level of an instance corresponding to the access request;
the first access level mentioned here is the minimum access level required to access the instance corresponding to the access request, and the user can only access the instance if the access level is higher than the first access level.
S103: acquiring a second access level of the user, and judging whether the second access level is greater than or equal to the first access level;
if yes, go to step S104;
when the second access level is greater than or equal to the first access level, step S104 is executed to execute the operation corresponding to the access request, and the processing of the access request is completed;
for example, when the first access level of the instance corresponding to the access request is three levels and the second access level of the user is four levels, the operation corresponding to the access request is executed because four is greater than three.
Optionally, when the second access level is lower than the first access level, prompt information of current access abnormality may be output, so that the user may modify the access request correspondingly according to the abnormal access information.
S104: and executing the operation corresponding to the access request.
When the second access level is greater than or equal to the first access level, the operation corresponding to the access request can be directly executed, and the processing of the access request is completed.
Based on the technical scheme, the method for processing the access request provided by the application intercepts the access request sent by the user, then compares the first access level of the instance corresponding to the access request with the second access level of the user, and executes the operation corresponding to the access request when the second access level is greater than or equal to the first access level. The scheme does not need to realize the control of the access request based on the role, but realizes the control through the self attribute of the user without being limited by the number of the roles of the system; meanwhile, the security access control is refined to the instance level, and the security of the cloud platform product is greatly improved.
With respect to step S104 of the previous embodiment, the operation performed according to the access request described in the above embodiment may specifically be a step shown in fig. 2, which is described below with reference to fig. 2.
Referring to fig. 2, fig. 2 is a flowchart illustrating an actual representation of S104 in the method for processing an access request of fig. 1.
The method specifically comprises the following steps:
s201: judging whether the user has the user authority for operating the instance or not;
if not, executing step S202; if yes, go to step S203.
S202: refusing to execute the operation corresponding to the access request;
and when the user does not have the user right for operating the instance, the access request of the user is proved to be an illegal request, and the operation corresponding to the access request is refused to be executed.
S203: and executing the operation corresponding to the access request.
Preferably, on the basis of the above embodiment, the present application may further determine whether to execute step S102 according to the environment variable parameter, that is, after executing step S101, the present application may further execute the steps shown in fig. 3, referring to fig. 3, where fig. 3 is a flowchart of another method for processing an access request provided in the embodiment of the present application, and specifically includes the following steps:
s301: acquiring an environment variable parameter;
s302: judging whether a mandatory access mode is started or not according to the environment variable parameters;
if yes, go to step S102; if not, the process proceeds to step S201.
Based on the technical scheme, whether the operation corresponding to the access request is executed or not can be determined by judging whether the user has the access authority and the operation authority of the example, and the safety of the cloud platform product is further improved.
Referring to fig. 4, fig. 4 is a block diagram of a system for processing an access request according to an embodiment of the present disclosure.
The system may include:
an interception module 100, configured to intercept an access request sent by a user;
a determining module 200, configured to determine a first access level of an instance corresponding to the access request;
the obtaining and judging module 300 is configured to obtain a second access level of the user, and judge whether the second access level is greater than or equal to the first access level;
and the execution module 400 is configured to execute an operation corresponding to the access request when the second access level is greater than or equal to the first access level.
In a preferred embodiment, the execution module 400 may include:
the judging submodule is used for judging whether the user has the user authority for operating the example;
the access refusing submodule is used for refusing to execute the operation corresponding to the access request when the user does not have the user right for operating the instance;
and the access permission submodule is used for executing the operation corresponding to the access request when the user has the user right of operating the instance.
On this basis, the system can also comprise:
the acquisition module is used for acquiring the environment variable parameters;
the judging module is used for judging whether the mandatory access mode is started or not according to the environment variable parameters;
a first execution module, configured to, when the mandatory access mode is turned on, return to the confirmation module 100 to execute a step of determining a first access level of an instance corresponding to the access request;
and the second execution module is used for returning to the first judgment submodule to execute the step of judging whether the user has the user authority for operating the example or not when the mandatory access mode is not started.
In a preferred embodiment, the system may further comprise:
and the generating module is used for acquiring the interception parameters and generating the interceptor according to the interception parameters.
On this basis, the intercepting module 100 may correspondingly include:
and the calling submodule is used for calling an interceptor to intercept the access request corresponding to the interception parameter.
In a preferred embodiment, the system may further comprise:
and the output module is used for outputting the prompt information of the current access abnormity when the second access level is less than the first access level.
Since the embodiment of the system part corresponds to the embodiment of the method part, the embodiment of the system part is described with reference to the embodiment of the method part, and is not repeated here.
Referring to fig. 5, fig. 5 is a structural diagram of an access request processing device according to an embodiment of the present application.
The access request processing device 500 may vary significantly depending on configuration or performance, and may include one or more processors (CPUs) 522 (e.g., one or more processors) and memory 532, one or more storage media 530 (e.g., one or more mass storage devices) storing applications 542 or data 544. Memory 532 and storage media 530 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 530 may include one or more modules (not shown), each of which may include a sequence of instruction operations for the device. Still further, the processor 522 may be configured to communicate with the storage medium 530 to execute a series of instruction operations in the storage medium 530 on the access request processing device 500.
The access request processing apparatus 500 may also include one or more power supplies 525, one or more wired or wireless network interfaces 550, one or more input-output interfaces 558, and/or one or more operating systems 541, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
The steps in the method of access request processing described above in fig. 1 to 3 are implemented by the access request processing device based on the structure shown in fig. 5.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the apparatus and the module described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus, device and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of modules is merely a division of logical functions, and an actual implementation may have another division, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
Modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present application may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a function calling device, or a network device) to execute all or part of the steps of the method of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
A method, a system, a device and a readable storage medium for processing an access request provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A method of access request processing, comprising:
intercepting an access request sent by a user;
determining a first access level of an instance corresponding to the access request;
acquiring a second access level of a user, and judging whether the second access level is greater than or equal to the first access level;
and if so, executing the operation corresponding to the access request.
2. The method of claim 1, wherein performing the operation corresponding to the access request comprises:
judging whether a user has the user authority for carrying out the operation on the instance;
if not, refusing to execute the operation corresponding to the access request;
and if so, executing the operation corresponding to the access request.
3. The method of claim 2, further comprising, after intercepting the access request sent by the user:
acquiring an environment variable parameter;
judging whether a mandatory access mode is started or not according to the environment variable parameter;
if yes, executing the step of determining the first access level of the instance corresponding to the access request;
if not, executing a step of judging whether the user has the user authority for carrying out the operation on the example.
4. The method of claim 1, further comprising, prior to intercepting the access request sent by the user:
acquiring interception parameters and generating an interceptor according to the interception parameters.
5. The method of claim 4, wherein intercepting the access request sent by the user comprises:
and calling the interceptor to intercept the access request corresponding to the interception parameter.
6. The method of claim 1, wherein when the second access level is less than the first access level, further comprising:
and outputting prompt information of current access abnormity.
7. A system for access request processing, comprising:
the intercepting module is used for intercepting an access request sent by a user;
a determining module, configured to determine a first access level of an instance corresponding to the access request;
the acquisition and judgment module is used for acquiring a second access level of the user and judging whether the second access level is greater than or equal to the first access level;
and the execution module is used for executing the operation corresponding to the access request when the second access level is greater than or equal to the first access level.
8. The system of claim 7, wherein the execution module comprises:
the judging submodule is used for judging whether a user has the user authority for carrying out the operation on the example;
the access refusing submodule is used for refusing to execute the operation corresponding to the access request when the user does not have the user right for carrying out the operation on the instance;
and the access permission submodule is used for executing the operation corresponding to the access request when the user has the user right of performing the operation on the instance.
9. An access request processing apparatus, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method of access request processing according to any one of claims 1 to 6 when executing the computer program.
10. A readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of access request processing according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010112323.5A CN111339507A (en) | 2020-02-24 | 2020-02-24 | Method, system, equipment and readable storage medium for processing access request |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010112323.5A CN111339507A (en) | 2020-02-24 | 2020-02-24 | Method, system, equipment and readable storage medium for processing access request |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111339507A true CN111339507A (en) | 2020-06-26 |
Family
ID=71185540
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010112323.5A Pending CN111339507A (en) | 2020-02-24 | 2020-02-24 | Method, system, equipment and readable storage medium for processing access request |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111339507A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111930752A (en) * | 2020-09-01 | 2020-11-13 | 上海泛微软件有限公司 | Data processing method and related equipment |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1729469A (en) * | 2002-09-04 | 2006-02-01 | 国际商业机器公司 | Method for carrying out access control on a relational database |
| CN101546261A (en) * | 2008-10-10 | 2009-09-30 | 华中科技大学 | Secure web page tag library system supported by multiple strategies |
| CN102495988A (en) * | 2011-12-19 | 2012-06-13 | 北京诺思恒信科技有限公司 | Domain-based access control method and system |
| CN103049684A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Data authority control method and data authority control system based on RBAC (role-based access control) model extension |
| CN105912949A (en) * | 2016-04-13 | 2016-08-31 | 北京京东尚科信息技术有限公司 | Data permission management method, data permission management system and service management system |
| US20160306963A1 (en) * | 2015-04-14 | 2016-10-20 | Avecto Limited | Computer device and method for controlling untrusted access to a peripheral device |
| CN106302492A (en) * | 2016-08-23 | 2017-01-04 | 唐山新质点科技有限公司 | A kind of access control method and system |
| US20170223057A1 (en) * | 2016-02-01 | 2017-08-03 | General Electric Company | System and method for access control services |
| CN107612880A (en) * | 2017-07-28 | 2018-01-19 | 深圳竹云科技有限公司 | One kind applies access method and device |
| CN107818024A (en) * | 2017-11-22 | 2018-03-20 | 北京汇通金财信息科技有限公司 | A kind of request ID transmission methods and system based on spring blockers |
| CN110502224A (en) * | 2019-08-22 | 2019-11-26 | 深圳前海环融联易信息科技服务有限公司 | Interface analogy method, device and computer equipment based on HTTP request |
-
2020
- 2020-02-24 CN CN202010112323.5A patent/CN111339507A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1729469A (en) * | 2002-09-04 | 2006-02-01 | 国际商业机器公司 | Method for carrying out access control on a relational database |
| CN101546261A (en) * | 2008-10-10 | 2009-09-30 | 华中科技大学 | Secure web page tag library system supported by multiple strategies |
| CN102495988A (en) * | 2011-12-19 | 2012-06-13 | 北京诺思恒信科技有限公司 | Domain-based access control method and system |
| CN103049684A (en) * | 2012-12-21 | 2013-04-17 | 大唐软件技术股份有限公司 | Data authority control method and data authority control system based on RBAC (role-based access control) model extension |
| US20160306963A1 (en) * | 2015-04-14 | 2016-10-20 | Avecto Limited | Computer device and method for controlling untrusted access to a peripheral device |
| US20170223057A1 (en) * | 2016-02-01 | 2017-08-03 | General Electric Company | System and method for access control services |
| CN105912949A (en) * | 2016-04-13 | 2016-08-31 | 北京京东尚科信息技术有限公司 | Data permission management method, data permission management system and service management system |
| CN106302492A (en) * | 2016-08-23 | 2017-01-04 | 唐山新质点科技有限公司 | A kind of access control method and system |
| CN107612880A (en) * | 2017-07-28 | 2018-01-19 | 深圳竹云科技有限公司 | One kind applies access method and device |
| CN107818024A (en) * | 2017-11-22 | 2018-03-20 | 北京汇通金财信息科技有限公司 | A kind of request ID transmission methods and system based on spring blockers |
| CN110502224A (en) * | 2019-08-22 | 2019-11-26 | 深圳前海环融联易信息科技服务有限公司 | Interface analogy method, device and computer equipment based on HTTP request |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111930752A (en) * | 2020-09-01 | 2020-11-13 | 上海泛微软件有限公司 | Data processing method and related equipment |
| CN111930752B (en) * | 2020-09-01 | 2024-05-07 | 上海泛微软件有限公司 | Data processing method and related equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109711168B (en) | Behavior-based service identification method, behavior-based service identification device, behavior-based service identification equipment and readable storage medium | |
| US9935971B2 (en) | Mitigation of virtual machine security breaches | |
| US9465955B1 (en) | System for and methods of controlling user access to applications and/or programs of a computer | |
| US20190097807A1 (en) | Network access control based on distributed ledger | |
| EP2867820B1 (en) | Devices, systems, and methods for monitoring and asserting trust level using persistent trust log | |
| CN111404923A (en) | Control method and system for access authority of container cluster | |
| US11379621B2 (en) | Apparatus and method for tracking access permissions over multiple execution environments | |
| GB2573491A (en) | Managing privilege delegation on a computer device | |
| CN110990798B (en) | Application program permission configuration method and device, electronic equipment and storage medium | |
| KR20130120893A (en) | System and method for providing cloud computing service using virtual machine | |
| CN111177703A (en) | Method and device for determining data integrity of operating system | |
| CN111339507A (en) | Method, system, equipment and readable storage medium for processing access request | |
| CN108092946B (en) | Method and system for safely accessing network | |
| CN111274595A (en) | Resource access control method and device | |
| US9871873B2 (en) | Adapter for communication between web applications within a browser | |
| CN109495436B (en) | Trusted cloud platform measurement system and method | |
| CN115879156A (en) | Dynamic desensitization method, device, electronic equipment and storage medium | |
| US10613901B1 (en) | Context-aware resource allocation | |
| CN112417402B (en) | Authority control method, authority control device, authority control equipment and storage medium | |
| CN114666140A (en) | Method, device, computer equipment and medium for accessing form | |
| CN114372078A (en) | Data security protection method and device | |
| CN113946816A (en) | Cloud service-based authentication method and device, electronic equipment and storage medium | |
| US11128653B1 (en) | Automatically generating a machine-readable threat model using a template associated with an application or service | |
| CN113779562A (en) | Zero trust based computer virus protection method, device, equipment and medium | |
| CN106095495B (en) | Dynamic generation method and device of SELinux strategy and terminal equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200626 |