CN113132394A - Request processing system, method and device, storage medium and electronic equipment - Google Patents

Request processing system, method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN113132394A
CN113132394A CN202110436444.XA CN202110436444A CN113132394A CN 113132394 A CN113132394 A CN 113132394A CN 202110436444 A CN202110436444 A CN 202110436444A CN 113132394 A CN113132394 A CN 113132394A
Authority
CN
China
Prior art keywords
request
message
access
processing
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110436444.XA
Other languages
Chinese (zh)
Other versions
CN113132394B (en
Inventor
郑岸以
陈盛林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202110436444.XA priority Critical patent/CN113132394B/en
Publication of CN113132394A publication Critical patent/CN113132394A/en
Application granted granted Critical
Publication of CN113132394B publication Critical patent/CN113132394B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/22Parsing or analysis of headers

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of mobile interconnection, and discloses a request processing system, a request processing method, a request processing device, a storage medium and electronic equipment. The request processing system comprises a client, a content distribution network and a server, wherein the client is used for acquiring a request message, encrypting the request message to obtain an access request and sending the access request to the content distribution network; the content distribution network is used for distributing the access request to the corresponding server; and the server is used for decrypting the received access request to obtain a decrypted request message, adaptively packaging the decrypted request message based on the access interface of the access request, and transmitting the packaged request message to the target service through the access interface. In the embodiment, by adding the process of performing adaptation encapsulation on the decrypted request message, code transformation is not required, the high efficiency of access request distribution is improved by accessing the content distribution network, and the low cost of adapting the access interface of the back-end micro-service is realized.

Description

Request processing system, method and device, storage medium and electronic equipment
Technical Field
The embodiment of the invention relates to the technical field of mobile interconnection, in particular to a request processing system, a request processing method, a request processing device, a storage medium and electronic equipment.
Background
The message transmission is carried out between the client and the server in the form of the access request, the access request needs to be accelerated by means of the content distribution network along with the continuous increase of the number of the access requests, but the content distribution network is not considered to be set during the construction of platforms of a plurality of servers, so that a large amount of code transformation is needed when the back-end micro-service is required to receive parameters for message encryption and decryption adaptation during the subsequent access to the content distribution network, and the enterprise development and operation cost is greatly increased.
Disclosure of Invention
Embodiments of the present invention provide a request processing system, method, apparatus, storage medium, and electronic device, so as to reduce modification cost when accessing a content distribution network.
In a first aspect, an embodiment of the present invention provides a request processing system, including a client, a content distribution network, and a server, where the client is configured to obtain a request packet, encrypt the request packet to obtain an access request, and send the access request to the content distribution network;
the content distribution network is used for distributing the access request to the corresponding server;
the server is used for decrypting the received access request to obtain a decrypted request message, adaptively packaging the decrypted request message based on an access interface of the access request, and transmitting the packaged request message to a target service through the access interface.
In a second aspect, an embodiment of the present invention further provides a request processing method, which is applied to a client, where the method includes:
acquiring a request message to be processed and a processing type of the request message, wherein the processing type comprises file uploading, file downloading, non-file uploading and non-file downloading;
setting a request head of the request message based on the processing type;
and determining an encryption mode corresponding to the processing type, encrypting the request message based on the determined encryption mode, and forming an access request based on the encrypted request message and the request header.
In a third aspect, an embodiment of the present invention further provides a request processing method, which is applied to a server, and the method includes:
acquiring an access request, identifying a request header of the request message, and determining a processing type of the access request based on the request, wherein the processing type comprises file uploading, file downloading, non-file uploading and non-file downloading;
determining a decryption mode corresponding to the processing type, and decrypting the encrypted request message in the access request based on the determined decryption mode;
and performing adaptation packaging on the decrypted request message based on the access interface of the access request, and transmitting the packaged request message to a target service through the access interface.
In a fourth aspect, an embodiment of the present invention further provides a request processing apparatus, configured at a client, where the apparatus includes:
the processing type determining module is used for acquiring a request message to be processed and the processing type of the request message, wherein the processing type comprises file uploading, file downloading, non-file uploading and non-file downloading;
a request header setting module, configured to set a request header of the request packet based on the processing type;
and the encryption module is used for determining an encryption mode corresponding to the processing type, encrypting the request message based on the determined encryption mode and forming an access request based on the encrypted request message and the request header.
In a fifth aspect, an embodiment of the present invention further provides a request processing apparatus, configured at a server, where the apparatus includes:
the processing type identification module is used for acquiring an access request, identifying a request head of the request message and determining the processing type of the access request based on the request, wherein the processing type comprises file uploading, file downloading, non-file uploading and non-file downloading;
the decryption module is used for determining a decryption mode corresponding to the processing type and decrypting the encrypted request message in the access request based on the determined decryption mode;
and the message packaging module is used for adaptively packaging the decrypted request message based on the access interface of the access request and transmitting the packaged request message to a target service through the access interface.
In a sixth aspect, an embodiment of the present invention further provides a client, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor, when executing the program, implements the request processing method applied to the client according to the embodiment of the present invention or the request processing method applied to the server according to the embodiment of the present invention.
In a seventh aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program is configured to, when executed by a processor, implement a request processing method applied to a client according to an embodiment of the present invention or a request processing method applied to a server according to an embodiment of the present invention.
According to the technical scheme provided by the embodiment, the client side encrypts the request message to form the access request, the access request sent by each client side is subjected to accelerated distribution through the content distribution network and sent to the corresponding access side, the server side decrypts the received access request, and the decrypted request message is subjected to adaptive packaging based on the access interface of the access request so as to adapt to the parameter transmission mode of the access interface. In the embodiment, after the server analyzes the original request message, the process of performing adaptive encapsulation on the decrypted request message is added, code transformation is not needed, the cost caused by the fact that a large amount of code transformation is needed when the back-end micro-service receives parameters after the back-end micro-service accesses the content distribution network is reduced, the high efficiency of access request distribution is improved by accessing the content distribution network, and the low cost of an access interface of the back-end micro-service is adapted.
Drawings
Fig. 1 is a schematic structural diagram of a request processing system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating processing of an access request by a request processing system according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a request processing method according to a second embodiment of the present invention;
FIG. 4 is a flow chart illustrating another request processing method according to an embodiment of the present invention;
fig. 5 is a flowchart illustrating a request processing method according to a third embodiment of the present invention;
FIG. 6 is a flow chart illustrating another request processing method provided by the present invention;
fig. 7 is a schematic structural diagram of a request processing apparatus according to a fourth embodiment of the present invention;
fig. 8 is a schematic structural diagram of a request processing apparatus according to a fifth embodiment of the present invention;
fig. 9 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a schematic structural diagram of a request processing system according to an embodiment of the present invention, where the system includes: a client 110, a content distribution network 120, and a server 130, wherein,
the client 110 is configured to obtain a request message, encrypt the request message to obtain an access request, and send the access request to a content distribution network;
a content distribution network 120, configured to distribute the access request to the corresponding server;
the server 130 is configured to decrypt the received access request to obtain a decrypted request packet, perform adaptive encapsulation on the decrypted request packet based on an access interface of the access request, and transmit the encapsulated request packet to the target service through the access interface.
In this embodiment, a client generates an access request, where the access request includes a request header and a request packet, the access request is accelerated and transmitted through a Content Delivery Network (CDN) 120 and transmitted to a server 130, the server 130 parses the request packet in the access request to obtain an original request packet, and performs adaptation encapsulation on the parsed original request packet according to an access interface of a target service to which the access request is accessed, so as to obtain a packet format adapted to the access interface, and transmits the encapsulated request packet to the target service through the access interface, so that the target service processes the request packet in the access request.
Optionally, the different access interfaces may respectively correspond to different encapsulation manners, the server 130 is preset with encapsulation manners corresponding to the access interfaces of each type, and the corresponding encapsulation manner is determined according to the access interface corresponding to the access request. In some embodiments, the encapsulation manner of each access interface may be to encapsulate the request packet into different objects, for example, including but not limited to a class object, and the different objects may correspond to different encapsulation manners, and correspondingly, the encapsulation manner of each access interface may be determined according to an object that each access interface can adapt to. And packaging the request message to adapt to the parameter transmission mode of the access interface.
It should be noted that, in order to improve the security of the request message in the transmission process, the client 110 encrypts the request message in the access request, and correspondingly, the server 130 decrypts the request message in the received access request to obtain the original request message, and performs adaptation encapsulation on the original request message.
Optionally, the server 130 includes a gateway, and the gateway is specifically configured to: extracting a request message in the access request, and decrypting the request message to obtain a decrypted request message; and determining a packaging mode corresponding to the access interface of the access request, and performing adaptive packaging on the decrypted request message based on the packaging mode. In this embodiment, the purpose of the parameter transmission mode of each adaptive access interface is achieved by adding a process of performing adaptive encapsulation on the decrypted request packet in the gateway in the server 130.
According to the technical scheme of the embodiment, the client side encrypts the request message to form the access request, the access request sent by each client side is subjected to accelerated distribution through the content distribution network and sent to the corresponding access side, the server side decrypts the received access request, and the decrypted request message is subjected to adaptive packaging based on the access interface of the access request so as to adapt to the parameter transmission mode of the access interface. In the embodiment, after the server analyzes the original request message, the process of performing adaptive encapsulation on the decrypted request message is added, code transformation is not needed, the cost caused by the fact that a large amount of code transformation is needed when the back-end micro-service receives parameters after the back-end micro-service accesses the content distribution network is reduced, the high efficiency of access request distribution is improved by accessing the content distribution network, and the low cost of an access interface of the back-end micro-service is adapted.
On the basis of the above embodiments, the message encryption and decryption of the internet platform mostly use an asymmetric encryption and decryption algorithm (such as RSA or national secret sm2, etc.) to negotiate a symmetric encryption key, and the negotiated symmetric encryption key is used to encrypt and decrypt the message by using a symmetric encryption and decryption algorithm (such as AES or national secret sm4, etc.). These methods are only suitable for encryption and decryption with a small message body, and once the method is used for a message (such as a file) with a size exceeding 1M, the problem of too long encryption and decryption time exists, and the encryption and decryption speed cannot meet the service requirements.
In this embodiment, the client 110 encrypts the request packet, which may be dividing the content of the request packet into at least two partial packets, and encrypting one or more partial packets in the at least two partial packets, where the number of the encrypted partial packets is less than the total number of the partial packets. And forming a request message based on the encrypted partial message and the unencrypted partial message, wherein the request message and the request header form an access request. By encrypting the local request message, the encrypted request message is reduced, so that the encryption efficiency of the request message (especially the request message with a larger message body) is improved. Optionally, the content of the request message is divided into two partial messages, the first partial message is encrypted, and the request message is formed based on the encrypted first partial message and the unencrypted second partial message.
Optionally, the size of the content of the request message is determined based on a preset threshold, if the size of the content of the request message is greater than or equal to the preset threshold (for example, may be 1M), the content of the request message is divided into at least two partial messages, and encryption processing is performed on part of the partial messages to improve encryption processing efficiency, and if the size of the content of the request message is smaller than the preset threshold, encryption processing is performed on the whole content of the request message. It should be noted that each local message may form a request message in a form of a key value pair, where keys of the encrypted local message and the unencrypted local message may be different, so as to distinguish whether encryption processing is performed.
Accordingly, the server 130 extracts the request message in the access request to obtain the encrypted partial message and the unencrypted partial message, for example, the corresponding value may be determined to be the encrypted partial message or the unencrypted partial message by the key of the key value pair in the request message. The encrypted local message is decrypted, the original request message is determined based on the decrypted local message and the unencrypted local message, and only the local message is decrypted in the decryption process, so that the decryption speed of the request message is increased, and the processing efficiency of the access request is improved.
Because the request messages in different types of access requests are different, in this embodiment, encryption and decryption processing in different modes is performed on the request message according to the type of the access request, and encryption and decryption modes in different modes are set in a targeted manner according to the requirements of different access requests, so that the flexibility of encryption and decryption processing is improved, and the efficiency of encryption and decryption processing is improved by the encryption and decryption modes suitable for different types of access requests.
In some optional embodiments, the client 110 is specifically configured to: and setting a request head corresponding to the processing type according to the processing type corresponding to the request message, and performing first encryption processing on the request message based on the encryption mode corresponding to the processing type to obtain an initial access request. The processing types include file uploading, file downloading, non-file uploading and non-file downloading, and may be distinguished from the processing type information of each access object by setting a request header corresponding to each processing type. For example, the file uploading and downloading may be to request a header ifEncryptFile, and the value is true, and the file uploading uses the http request method of POST, and the content-type is multipart/form-data; file downloading uses the http request method of GET, and if parameters are included, the parameters are placed in the URL part. The non-file uploading and non-file downloading can be requests with a value of true, the non-file uploading is a request with a http request method of POST, parameters are transmitted in the form of JSON strings, the content-Type is application/JSON, the non-file downloading is a request with an http request method of GET, the parameters are placed in a URL part, and the requests with few parameters such as query are usually adopted.
In some embodiments, the request headers for file upload, file download, non-file upload, and non-file download may be different, respectively, for quickly identifying the processing type of the access request. It should be noted that, for a request packet that does not need to be encrypted, a request header including the identifier does not need to be set.
Optionally, different processing types correspond to different encryption manners, the client 110 and the server 130 have agreed the encryption and decryption manner for each processing type in advance, and the client 110 invokes the corresponding encryption manner according to the processing type of the access request to encrypt the request packet to be processed. Correspondingly, the gateway in the server 130 is specifically configured to: identifying a request head of a received access request, determining a processing type of the access request based on the request head, and performing first decryption processing on an encryption request message in the access request based on a decryption mode corresponding to the processing type. Similarly, the server 130 stores decryption manners corresponding to the processing types, determines the processing types through the request header of the access request and the request method of the access request, and invokes the decryption methods corresponding to the processing types to decrypt the request message in the access request.
It should be noted that, in this embodiment, the key and the Encryption/decryption manner for performing Encryption processing and decryption processing on the request packet of each processing type may be determined in advance according to a pre-agreement between the client 110 and the server 130, for example, the Encryption/decryption manner may include, but is not limited to, AES (Advanced Encryption Standard), national secret sm4, national secret sm2, and the like, which is not limited thereto.
On the basis of the above embodiment, the client 110 is further configured to: and performing second encryption processing on the initial access request obtained by the first encryption processing to obtain a request for the first access, wherein the second encryption processing can be https encryption processing. The security of the request message in the transmission process is improved by carrying out secondary encryption on the request message.
The content distribution network 120 is further configured to perform second decoding processing on the first access request to obtain a first access request, add the traceability information to the request header in the first access request to obtain a second access request, perform second encryption processing on the second access request to obtain a third access request, and distribute the third access request to the corresponding server; the second decoding process is a decryption process that is a process different from the second encryption process, and may be an https decryption process, for example. The content distribution network 120 decrypts the first access request to obtain the request header and the encrypted request packet subjected to the first encryption, where the first access request is subjected to the second encryption, so that the security of the request packet after the first access request is decrypted for the first time is ensured, and the problem of leakage of the request packet is avoided. The content distribution network 120 sets the tracing information in the decrypted request header, so as to trace the source of the access request and send the feedback information of the access request to the original client. The tracing information may be IP information of the client sending the access request. And performing second encryption processing on the request header added with the tracing information and the encrypted request message subjected to the first encryption processing again to obtain the server 130 for transmitting to the server 130.
The server 130 is further configured to perform a second decoding process on the third access request to obtain a second access request, and perform a first decryption process on the encrypted request packet in the second access request to obtain a decrypted request packet. Similarly, the second decoding process is https decryption process to obtain an encrypted request packet that is subjected to the first encryption process, and the first decryption process is performed on the encrypted request packet to obtain a decrypted request packet, where the first decryption process may be a decryption process corresponding to the first encryption process.
According to the technical scheme of the embodiment, the source tracing request is added to the access request through the content distribution network, so that the access request is conveniently traced, and the feedback information of the access request is sent to the original client. Meanwhile, the request message is encrypted for the second time through the client, so that the security of the request message is ensured and the leakage of the request message is avoided when the content distribution network decrypts the received access request and adds the tracing request.
A preferred example of a request processing system is further provided on the basis of the foregoing embodiments, and referring to fig. 2, fig. 2 is a schematic diagram of processing an access request by a request processing system according to an embodiment of the present invention. The client is used for encrypting the request message body P0 according to an agreed algorithm to obtain an encrypted request message P1, and performing https encryption on a first access request formed by the encrypted request message P1 again according to an https key negotiation mechanism to obtain a second access request P2. cdn node, namely content distribution network, for cdn acceleration of source station, cdn node after receiving second access request P2 because of source station https certificate private key, can use https to decrypt message, after decryption, add tracing source to request head to get P1 ', then use https to encrypt access request to add tracing source to get third access request P2 ' (at this time, the message P2 ' is the same as original message P2 except for the head); the server comprises a server web and a server gateway, wherein the server web is used for performing operations such as server load balancing and the like, such as nginx and the like, and the server web is used for mounting a server certificate and decrypting the https message to obtain a message P1 'and transmitting the message P1' to the server gateway. The server side gateway is realized by zuul based on spring group and a series of custom filters, and after receiving the https decryption message P1 ', the https decryption message P1' is decrypted by using a convention algorithm to obtain the original request message P0, and then the original request message P0 is packaged into an object Pobj which can receive the parameters of the back-end interface again and is transmitted to the back-end micro service, namely the target service. And applying micro service, which is realized based on spring boot, and performing subsequent service logic processing after receiving Pobj.
Example two
Fig. 3 is a flowchart of a request processing method according to a second embodiment of the present invention, where this embodiment is applicable to a case where a request packet is encrypted in a process of generating an access request by a client, and the method may be executed by a request processing apparatus according to the second embodiment of the present invention, where the request processing apparatus may be implemented by software and/or hardware, and the user classification apparatus may be configured on a client device such as a computer or a mobile phone. The method specifically comprises the following steps:
s210, obtaining a request message to be processed and a processing type of the request message, wherein the processing type comprises file uploading, file downloading, non-file uploading and non-file downloading.
S220, setting a request head of the request message based on the processing type.
S230, determining an encryption mode corresponding to the processing type, encrypting the request message based on the determined encryption mode, and forming an access request based on the encrypted request message and the request header.
In this embodiment, the processing type of the request packet may be input by a user, or may be determined by identifying a user operation and/or a type of the request packet. For example, the touch operation of the user or information input through an input device such as a mouse, a keyboard, etc. is collected, and the touch operation may be a click operation on a control such as "download", "upload", etc., or a selection operation on a control such as "download", "upload", etc. through an input device such as a mouse, a keyboard, etc. Further, whether the request message is in a file format is identified, if so, the access request corresponding to the request message is uploading/downloading of the file, and if not, the access request corresponding to the request message is uploading/downloading of the non-file. And determining the processing type by combining the operation of the downloading control and the uploading control and the format of the request message.
Optionally, the request header for file upload/download is set to ifEncryptFile and value is true, and the request header for non-file upload/download is set to ifEncrypt and value is true. The request method corresponding to the uploading operation is POST, and the request method corresponding to the downloading operation is GET. The identification of the processing type of the access request is facilitated by setting the request header of the request message.
In this embodiment, the encryption mode of the request packet corresponding to each processing type is preset, and the corresponding encryption mode is called according to the processing type corresponding to the current request packet to perform encryption processing.
Optionally, the encrypting the request packet based on the determined encryption manner includes: if the processing type is file uploading, encoding the request message to obtain an encoded character string, and encrypting a first character string in the encoded character string based on a first preset key to obtain a first encrypted character string; and forming an encryption request message based on the first encryption character string and a second character string in the coding character string. In this embodiment, the encoding character string obtained by encoding the original request packet is encrypted instead of encrypting the original file, so that the complexity of encryption is increased to request the security of the packet. Meanwhile, the original request message is converted into a character string format in an encoding mode, so that the whole message content can be divided into different local messages conveniently.
In this embodiment, the encoded character string is divided into a first character string and a second character string, where the encoded character string may be divided into the first character string and the second character string on the average according to the number of digits of the character string, the character string with the preset number of digits in the encoded character string may be determined as the first character string, and the remaining character strings may be determined as the second character string, the first character string may be the character string with the preset number of digits located at the front end of the encoded character string, the character string with the preset number of digits located at the tail end of the encoded character string, or the character string with the preset number of digits located at the middle position of the encoded character string, and the first character string and the second character string are not limited as long as the client and the server are engaged. Wherein the preset number of bits may be, but is not limited to, 1000 bits.
In this embodiment, each local message forms a request message in a form of a key-value pair, that is, a first encrypted character string and a second character string are respectively stored in a form of a key-value pair, where the first key-value pair includes a first key and a first value, the first value is the first encrypted character string, the second key-value pair includes a second key and a second value, the second value is the second character string, the first key and the second key are different, and a processing manner of the first value and the second value can be determined by whether the character strings in the values respectively corresponding to the first key and the second key are encrypted, that is, by identifying the first key and the second key.
In some optional embodiments, further processing a second character string may be further performed, and specifically, forming an encryption request packet based on the first encryption character string and the second character string in the encoding character string includes: restoring a second character string in the coded character string into an uncoded message; an encrypted request message is formed based on the first encrypted string and the unencoded message. The second character string is restored into the uncoded message, so that the processing difference between the first character string and the second character string is increased, the processing complexity of the encryption request message is further increased, and the security of the encryption request message is improved.
Correspondingly, the key value pair forms respectively based on the uncoded messages corresponding to the first encryption character string and the second character string so as to obtain the encryption request message.
In this embodiment, when the file is uploaded, the local character string in the request message to be uploaded is encrypted, so that the number of encrypted character strings is reduced, and the encryption processing speed is increased. Meanwhile, different types of processing are carried out on each local character string, the processing complexity of the encryption request message is increased, and the security of the encryption request message is improved.
In some optional embodiments, if the processing type is file downloading, converting the request parameter in the request message to be processed into a first preset format to obtain the request parameter in the first preset format; and encrypting the request parameter in the first preset format based on a second preset key to obtain a first encryption request parameter, wherein the encryption request parameter is used as a request parameter of a file downloading request.
For the pending request message for file downloading, the request message includes a request URL parameter, i.e., a request parameter, where the request URL is http:// www.example.comexampleKey ═ exampleValue, and the request URL parameter is exampleKey ═ exampleValue. The request URL parameter is converted into a request parameter in a first preset format, which may be a json format, for example. And encrypting the request parameter in the first preset format through a preset request parameter to obtain a first encryption request parameter, and using the first encryption request parameter as a request parameter in the file downloading request, namely setting the first encryption request parameter as the request parameter in the file downloading request in a key-value pair mode.
In some optional embodiments, if the processing type is non-file downloading, the request parameter of the request packet to be processed is obtained, the request parameter is analyzed into at least one key value pair, and each key value pair is encrypted based on a third preset key to obtain each encrypted key value pair, where each encrypted key value pair is used as a request parameter of a non-file uploading request.
Extracting a request URL parameter in a pending request message downloaded without a file, analyzing at least one key value pair in the request URL parameter analysis, for example, if the request URL is http:// www.example.comk1 ═ v1& k2 ═ v2, then the request URL parameter part is k1 ═ v1& k2 ═ v2, after the request URL is analyzed into the key value pair form, the request URL parameter part is params [ k1] ═ v1, and the params [ k2] ═ v2, and performing encryption processing on each analyzed key value pair respectively based on a third preset key, for example, the params [ k1 ]. v1 is encrypted into params [ k1] ═ encryptData (v1), and the params [ k2] ═ v2 is encrypted into params [ k2] ═ encryptData (v2), and obtaining the encrypted request message as the key value pair obtained through encryption processing.
In some optional embodiments, if the processing type is non-file upload, the request parameter of the request packet to be processed is analyzed as a character string, and each key value pair is encrypted based on a fourth preset key to obtain a second encryption request parameter, where the second encryption request parameter is used as a request parameter of a non-file download request.
In the same way, after the request parameters in the request message to be processed uploaded by the non-file are analyzed into the character strings of the preset type (for example, json format), the encryption processing is performed based on the fourth preset secret key to obtain the second encryption request parameters, and the original request parameters are replaced based on the second encryption request parameters to obtain the encryption request message.
In this embodiment, the first preset key, the second preset key, the third preset key, and the fourth preset key are pre-agreed by the client and the server, and the first preset key, the second preset key, the third preset key, and the fourth preset key may be the same or different, which is not limited herein. Meanwhile, the encryption algorithm for encrypting the request parameters of each processing type may be the same or different, and may be, for example, but not limited to, AES, national secret sm4, and national secret sm2, which is not limited thereto.
On the basis of the above embodiments, a preferred example of a request processing method is also provided, and referring to fig. 4, fig. 4 is a schematic flow diagram of another request processing method provided in the embodiments of the present invention. Receiving user input information or input operation, determining whether a processing type corresponding to a request message to be processed is file uploading/downloading, if so, setting a request header of the request message to be processed to be ifEncryptFile and value to true, and if not, setting the request header of the request message to be processed to be ifEncrypt and value to true. Judging whether the file is uploaded or not for uploading/downloading the file, if so, executing the following encryption processing: coding a file, namely a message to be processed, by using base64 to obtain a base64 character string base64Str (configured as a coded character string), intercepting the first 1000 bits of the base64Str to obtain a first character string base64StrA (if the length is less than 1000, the base64StrA is base64Str), encrypting the base64StrA by using a negotiated key (namely a first preset key) to obtain a first encrypted character string encStr, putting the encStr into a key value pair formData parameter, wherein the formkey is fileDes and the value is encStr; and restoring the second character string base64Str B of the rest part of the base64Str back to the file base64StrBFile, namely an uncoded message corresponding to the second character string, and putting the base64StrBFile into a key value pair formData parameter, wherein the formData key is file and the value is base64 StrBFile. And forming an encryption request message based on the two key value pairs.
If the processing type of the request message to be processed is file downloading, executing the following encryption processing: converting the request URL parameter into a json format to obtain a request parameter parameterJson in a first preset format; for example, if the URL requested is http:// www.example.comexampleKey ═ exampleValue, then the URL parameter is exampleKey ═ exampleValue, and after conversion to json format, it is "exampleKey ═ exampleValue"; encrypting the parameterJson by using a negotiation key (namely a second preset key) to obtain a first encryption request parameter enParamstr; and placing the enParamstr into a GET request URL parameter, wherein the URL parameter key is encrypttVal, and the value is enParamstr, so as to obtain an encryption request message.
If the processing type of the request message to be processed is non-file downloading, executing the following encryption processing: reading the original request URL parameter part orgUrlst and resolving the original request URL parameter part orgUrlst into a key value pair form; if the original URL is http:// www.example.comk1 ═ v1& k2 ═ v2, the URL parameter part is k1 ═ v1& k2 ═ v2, after the URL parameter part is analyzed into a key pair form, the URL parameter part is params [ k1] ═ v1, and params [ k2] ═ v 2; encrypting the value of each key-value pair using a negotiation key (i.e., a third preset key); for example, if the URL parameter is partially resolved into a key-value pair format, which is params [ k1] ═ v1, params [ k2] ═ v2, and the encryption function is encryptData (), the encrypted key-value pair format is params [ k1] ═ encryptData (v1), and params [ k2] ═ encryptData (v 2); and replacing the value of each original URL parameter key value pair by using the encrypted value, wherein the URL parameter part is changed into encUrlst at the moment, and the encryption request message is obtained. For example, the original URL parameter portion is k1 ═ v1& k2 ═ v2, and after the above steps, the URL parameter portion becomes k1 ═ encryptData (v1) & k2 ═ encryptData (v 2).
If the processing type of the request message to be processed is non-file uploading, executing the following encryption processing: resolving the request parameter into a json string to obtain orgJsonStr; encrypting orgJsonStr by using a negotiation key (namely a fourth preset key) to obtain encOrgJsonStr; the request is initiated with encOrgJsonStr as the request parameter.
EXAMPLE III
Fig. 5 is a flowchart of a request processing method provided in the third embodiment of the present invention, where this embodiment is applicable to a case where a server decrypts a request packet in a received access request, and the method may be executed by a request processing apparatus provided in the third embodiment of the present invention, where the request processing apparatus may be implemented by software and/or hardware, and the user classification apparatus may be configured on a server device such as a server.
S310, obtaining an access request, identifying a request head of the request message, and determining a processing type of the access request based on the request, wherein the processing type comprises file uploading, file downloading, non-file uploading and non-file downloading.
S320, determining a decryption mode corresponding to the processing type, and decrypting the encrypted request message in the access request based on the determined decryption mode.
S330, the decrypted request message is subjected to adaptive packaging based on the access interface of the access request, and the packaged request message is transmitted to a target service through the access interface.
The server receives the access request transmitted by the content distribution network, and decrypts the access request to obtain the original request message. In some embodiments, the server performs https decryption on the received access request to obtain a request header and an encrypted request packet.
Determining a processing type through a request header and a request mode, wherein if the request header ifEncryptFile is true and the request method is not POST (GET), determining that the processing type is file downloading; if the request header ifEncryptFile is true and the request method is POST, determining that the processing type is file uploading; if the request header ifEncryptFile is not true, the request header ifEncrypt is true, and the request method is GET, determining that the processing type is non-file downloading; and if the request header ifEncryptFile is not true, the request header ifEncrypt is true, and the request method is POST, determining that the processing type is non-file uploading.
And decrypting the encrypted request message by calling a decryption mode of each processing type to obtain the original request message, wherein the decryption mode of each processing type is opposite to the encryption mode of the same processing type.
In some optional embodiments, decrypting the encrypted request packet in the access request based on the determined decryption manner includes: if the processing type is file uploading, acquiring a first message and a second message in the access request; and decrypting the first message based on a first decryption key, and analyzing the decrypted first message and the second message to obtain an original message. In this embodiment, the request message for uploading the file includes at least two partial messages, which are a first message and a second message, and specifically, the encrypted message and the unencrypted message may be determined by keys in the first message and the second message. The encrypted first message is decrypted to obtain a decrypted first message, the decrypted first message and the decrypted second message are analyzed to obtain an original message, specifically, the decrypted first message and the decrypted second message are encoded messages, and the message obtained by splicing the decrypted first message and the decrypted second message is restored to obtain the original message. And the decryption efficiency is improved by decrypting only part of the message.
In some embodiments, the second packet is obtained by recovering the encoded packet, and correspondingly, the analyzing the decrypted first packet and the second packet to obtain the original packet includes: and coding and restoring the coded message formed by the decoded first message and the coded second message to obtain the original message. The first message and the second message are processed to obtain the message with the same format, and the message with the same format is analyzed into the original message, so that the processing quality of the original message is ensured.
In some optional embodiments, if the processing type is file downloading, the request parameter in the access request is obtained, the request parameter is decrypted based on a second decryption key to obtain an original request parameter, and the original request parameter is converted into a key-value pair form. The request parameter comprises at least one encrypted key value pair, and each key value pair is decrypted based on the second decryption key to obtain the key value pair in the original request parameter, wherein the key value pair is used as the request parameter and is used for being transmitted to the back-end service for processing.
And if the processing type is non-file downloading, acquiring the request parameter in the access request, traversing each key value pair in the request parameter, and decrypting each key value pair based on a third decryption key to obtain each original key value pair in the original request parameter. Similarly, the request parameter includes at least one encrypted key value pair, and each key value pair is decrypted based on the third decryption key to obtain each original key value pair in the original request parameter, and the key value pair is used as the request parameter and is transmitted to the back-end service for processing.
And if the processing type is non-file uploading, acquiring the request parameter in the access request, and decrypting the request parameter based on a fourth decryption key to obtain the original request parameter.
In this embodiment, the first decryption key, the second decryption key, the third decryption key, and the fourth decryption key are pre-agreed by the client and the server, and the first decryption key, the second decryption key, the third decryption key, and the fourth decryption key may be the same or different, which is not limited herein.
According to the technical scheme of the embodiment, the received access request is subjected to decryption processing in different modes according to the processing type, so that the method is suitable for different types of access requests, and the message obtained by decryption is subjected to adaptive packaging to meet the transmission requirements of the access interface and is suitable for various types of access interfaces.
A preferred example of a request processing method is also provided on the basis of the above-mentioned embodiment, and referring to fig. 6, fig. 6 is a schematic flow diagram of another request processing method provided by the present invention. The server web decrypts https for the received access request to obtain an encrypted request message and a request header, and transmits the encrypted request message and the request header to the server gateway, the server gateway is provided with two filters for decrypting the request message, and the two filters are set as FileDecryptFilter for uploading and downloading a decryption client request for a file and a NormalDecryptFilter for decrypting a client request for non-file uploading and downloading.
Whether the request header ifEncryptFile is true and whether ifEncrypt is true are identified to determine the processing type of the access request. If the request header ifEncryptFile is true and the request method is not POST (GET), determining that the processing type is file downloading, executing the following decryption processing: acquiring a URL parameter of which the key is encryptVal, acquiring a corresponding value enParamstr, decrypting the key value pair by using a negotiation key (namely a second preset decryption key) enParamstr, and acquiring an original request parameter parameterJson; the parameterJson is converted to the form of a map, and then the map is traversed, placing the key and value of the map into the parameterMap sent to the downstream microservice request.
If the request header ifEncryptFile is true and the request method is POST, determining that the processing type is file uploading, and executing the following decryption processing: reading a first message encStr of a fileDes parameter of a form-data form, and decrypting by using a negotiation key to obtain a decrypted base64StrA character string; reading a file parameter of a form-data form to obtain a second file message base64StrBFile, coding the base64StrBFile by adopting base64 to obtain base64StrB, and if no file parameter exists, the base64StrB is empty; reducing the base64StrA + base64StrB to obtain base64 coded base64Str of the original file; base64Str is restored back to the file and put into a request sent to the downstream microservice.
If the request header ifEncryptFile is not true, the request header ifEncrypt is true, and the request method is GET, determining that the processing type is non-file downloading, and executing the following decryption processing: reading a client request URL parameter part encUrlst; resolving the encUrlStr into a map, wherein the key of each element in the map is the key of the URL parameter, and the value is the value of the URL parameter, so as to obtain the encUrlMap; traversing the encUrlMap, decrypting the value of each entry of the encUrlMap by using a negotiation key, and obtaining the value corresponding to the original URL parameter key; the restored URL parameter keys and values are placed in a parameterMap that is sent to downstream microservice requests.
If the request header ifEncryptFile is not true, the request header ifEncrypt is true, and the request method is POST, determining that the processing type is non-file uploading, and executing the following decryption processing: reading a client request parameter encOrgJsonStr; decrypting encOrgJsonStr by using the negotiation key to obtain an original request json string orgJsonStr; orgJsonStr is placed in a request sent to a downstream microservice.
Example four
Fig. 7 is a schematic structural diagram of a request processing apparatus according to a fourth embodiment of the present invention, where the apparatus is configured at a client, and includes:
a processing type determining module 410, configured to obtain a request packet to be processed and a processing type of the request packet, where the processing type includes file upload, file download, non-file upload, and non-file download;
a request header setting module 420, configured to set a request header of the request packet based on the processing type;
an encryption module 430, configured to determine an encryption manner corresponding to the processing type, encrypt the request packet based on the determined encryption manner, and form an access request based on the encrypted request packet and the request header.
On the basis of the above embodiment, the encryption module 430 includes:
the first encryption unit is used for encoding the request message to obtain an encoded character string if the processing type is file uploading, and encrypting a first character string in the encoded character string based on a first preset key to obtain a first encrypted character string; and forming an encryption request message based on the first encryption character string and a second character string in the coding character string.
Optionally, the first encryption unit is configured to:
restoring a second character string in the coded character string into an uncoded message;
an encrypted request message is formed based on the first encrypted string and the unencoded message.
On the basis of the above embodiment, the encryption module 430 includes:
the second encryption unit is used for converting the request parameters in the request message to be processed into a first preset format if the processing type is file downloading, so as to obtain the request parameters in the first preset format; encrypting the request parameter in the first preset format based on a second preset key to obtain a first encryption request parameter, wherein the encryption request parameter is used as a request parameter of a file downloading request;
a third encryption unit, configured to, if the processing type is non-file downloading, obtain a request parameter of the request packet to be processed, analyze the request parameter into at least one key value pair, and encrypt each key value pair based on a third preset key to obtain each encrypted key value pair, where each encrypted key value pair is used as a request parameter of a non-file uploading request;
and the fourth encryption unit is used for analyzing the request parameter of the request message to be processed into a character string if the processing type is non-file uploading, and encrypting each key value pair based on a fourth preset key to obtain a second encryption request parameter, wherein the second encryption request parameter is used as the request parameter of the non-file downloading request.
The product can execute the method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE five
Fig. 8 is a schematic structural diagram of a request processing apparatus according to a fifth embodiment of the present invention, the apparatus being configured at a server, and the apparatus including:
a processing type identification module 510, configured to obtain an access request, identify a request header of the request packet, and determine a processing type of the access request based on the request, where the processing type includes file upload, file download, non-file upload, and non-file download;
a decryption module 520, configured to determine a decryption manner corresponding to the processing type, and decrypt the encrypted request packet in the access request based on the determined decryption manner;
a message encapsulation module 530, configured to perform adaptive encapsulation on the decrypted request message based on the access interface of the access request, and transmit the encapsulated request message to a target service through the access interface.
On the basis of the above embodiment, the decryption module 520 includes:
the first decryption unit is used for acquiring a first message and a second message in the access request if the processing type is file uploading; and decrypting the first message based on a first decryption key, and analyzing the decrypted first message and the second message to obtain an original message.
Optionally, the first decryption unit is configured to:
and coding and restoring the coded message formed by the decoded first message and the coded second message to obtain the original message.
On the basis of the above embodiment, the decryption module 520 includes:
the second decryption unit is used for acquiring the request parameter in the access request if the processing type is file downloading, decrypting the request parameter based on a second decryption key to obtain an original request parameter, and converting the original request parameter into a key value pair form;
a third decryption unit, configured to, if the processing type is non-file downloading, obtain a request parameter in the access request, traverse each key-value pair in the request parameter, and decrypt each key-value pair based on a third decryption key to obtain each original key-value pair in an original request parameter;
and the fourth decryption unit is used for acquiring the request parameter in the access request if the processing type is non-file uploading, and decrypting the request parameter based on a fourth decryption key to obtain the original request parameter.
The product can execute the method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE six
Fig. 9 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention, where the electronic device may be a client or a server. Fig. 9 shows a block diagram of a client 12 suitable for use in implementing embodiments of the present invention. The client 12 shown in fig. 9 is only an example, and should not bring any limitation to the function and the scope of use of the embodiments of the present invention. The device 12 is typically a client that undertakes image classification functions.
As shown in fig. 9, the client 12 is in the form of a general purpose computing device. The components of the client 12 may include, but are not limited to: one or more processors 16, a memory device 28, and a bus 18 that connects the various system components (including the memory device 28 and the processors 16).
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, an Industry Standard Architecture (ISA) bus, a Micro Channel Architecture (MCA) bus, an enhanced ISA bus, a Video Electronics Standards Association (VESA) local bus, and a Peripheral Component Interconnect (PCI) bus.
The client 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by client 12 and includes both volatile and nonvolatile media, removable and non-removable media.
Storage 28 may include computer system readable media in the form of volatile Memory, such as Random Access Memory (RAM) 30 and/or cache Memory 32. The client 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 9, and commonly referred to as a "hard drive"). Although not shown in FIG. 9, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a Compact disk-Read Only Memory (CD-ROM), a Digital Video disk (DVD-ROM), or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. Storage 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program 36 having a set (at least one) of program modules 26 may be stored, for example, in storage 28, such program modules 26 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may include an implementation of a gateway environment. Program modules 26 generally perform the functions and/or methodologies of the described embodiments of the invention.
The client 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, camera, display 24, etc.), with one or more devices that enable a user to interact with the client 12, and/or with any devices (e.g., network card, modem, etc.) that enable the client 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, the client 12 may communicate with one or more gateways (e.g., Local Area Network (LAN), Wide Area Network (WAN), and/or a public gateway, such as the internet) through the gateway adapter 20. As shown, the gateway adapter 20 communicates with the other modules of the client 12 over the bus 18. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the client 12, including but not limited to: microcode, device drivers, Redundant processing units, external disk drive Arrays, disk array (RAID) systems, tape drives, and data backup storage systems, to name a few.
The processor 16 executes various functional applications and data processing by executing programs stored in the storage device 28, for example, implementing the request processing method applied to the client or the request processing method applied to the server provided by the above-described embodiment of the present invention.
EXAMPLE seven
The seventh embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the request processing method applied to the client or the request processing method applied to the server according to the seventh embodiment of the present invention.
Of course, the computer program stored on the computer-readable storage medium provided by the embodiment of the present invention is not limited to the method operations described above, and may also perform the user classification method provided by any embodiment of the present invention.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable source code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Source code embodied on a computer-readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer source code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The source code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of gateway, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (17)

1. A request processing system is characterized by comprising a client, a content distribution network and a server, wherein the client is used for acquiring a request message, encrypting the request message to obtain an access request and sending the access request to the content distribution network;
the content distribution network is used for distributing the access request to the corresponding server;
the server is used for decrypting the received access request to obtain a decrypted request message, adaptively packaging the decrypted request message based on an access interface of the access request, and transmitting the packaged request message to a target service through the access interface.
2. The request processing system of claim 1, wherein the client is specifically configured to: and setting a request header corresponding to the processing type according to the processing type corresponding to the request message, and performing first encryption processing on the request message based on an encryption mode corresponding to the processing type to obtain an initial access request.
3. The request processing system of claim 2, wherein the processing types include file upload, file download, non-file upload, and non-file download.
4. The request processing system of claim 2, wherein the server comprises a gateway, the gateway being specifically configured to: identifying a request head of a received access request, determining a processing type of the access request based on the request head, and performing first decryption processing on an encrypted request message in the access request based on a decryption mode corresponding to the processing type to obtain a decrypted request message;
determining a packaging mode corresponding to an access interface of the access request, and performing adaptive packaging on the decrypted request message based on the packaging mode.
5. The request processing system of claim 2, wherein the client is further configured to:
performing second encryption processing on the initial access request to obtain a first access request;
the content distribution network is further configured to perform second decoding processing on the first access request to obtain the first access request, add traceability information to a request header in the first access request to obtain a second access request, perform second encryption processing on the second access request to obtain a third access request, and distribute the third access request to a corresponding server;
and the server is further used for performing second decoding processing on the third access request to obtain a second access request, and performing first decryption processing on an encrypted request message in the second access request to obtain a decrypted request message.
6. A request processing method is applied to a client, and comprises the following steps:
acquiring a request message to be processed and a processing type of the request message, wherein the processing type comprises file uploading, file downloading, non-file uploading and non-file downloading;
setting a request head of the request message based on the processing type;
and determining an encryption mode corresponding to the processing type, encrypting the request message based on the determined encryption mode, and forming an access request based on the encrypted request message and the request header.
7. The method according to claim 6, wherein the encrypting the request packet based on the determined encryption manner comprises:
if the processing type is file uploading, encoding the request message to obtain an encoded character string, and encrypting a first character string in the encoded character string based on a first preset key to obtain a first encrypted character string;
and forming an encryption request message based on the first encryption character string and a second character string in the coding character string.
8. The method according to claim 7, wherein forming an encryption request message based on the first encryption string and a second string in the encoding string comprises:
restoring a second character string in the coded character string into an uncoded message;
an encrypted request message is formed based on the first encrypted string and the unencoded message.
9. The method according to claim 6, wherein the encrypting the request packet based on the determined encryption manner comprises:
if the processing type is file downloading, converting the request parameters in the request message to be processed into a first preset format to obtain the request parameters in the first preset format; encrypting the request parameter in the first preset format based on a second preset key to obtain a first encryption request parameter, wherein the encryption request parameter is used as a request parameter of a file downloading request;
if the processing type is non-file downloading, acquiring request parameters of the request message to be processed, analyzing the request parameters into at least one key value pair, and encrypting each key value pair based on a third preset key to obtain each encrypted key value pair, wherein each encrypted key value pair is used as the request parameter of the non-file uploading request;
and if the processing type is non-file uploading, analyzing the request parameters of the request message to be processed into character strings, and encrypting each key value pair based on a fourth preset key to obtain second encryption request parameters, wherein the second encryption request parameters are used as the request parameters of the non-file downloading request.
10. A request processing method is applied to a server side, and the method comprises the following steps:
acquiring an access request, identifying a request header of a request message, and determining a processing type of the access request based on the request, wherein the processing type comprises file uploading, file downloading, non-file uploading and non-file downloading;
determining a decryption mode corresponding to the processing type, and decrypting the encrypted request message in the access request based on the determined decryption mode;
and performing adaptation packaging on the decrypted request message based on the access interface of the access request, and transmitting the packaged request message to a target service through the access interface.
11. The method according to claim 10, wherein decrypting the encrypted request message in the access request based on the determined decryption manner comprises:
if the processing type is file uploading, acquiring a first message and a second message in the access request;
and decrypting the first message based on a first decryption key, and analyzing the decrypted first message and the second message to obtain an original message.
12. The method according to claim 11, wherein the parsing the decrypted first packet and the second packet to obtain an original packet comprises:
and coding and restoring the coded message formed by the decoded first message and the coded second message to obtain the original message.
13. The method according to claim 10, wherein decrypting the encrypted request message in the access request based on the determined decryption manner comprises:
if the processing type is file downloading, acquiring a request parameter in the access request, decrypting the request parameter based on a second decryption key to obtain an original request parameter, and converting the original request parameter into a key value pair form;
if the processing type is non-file downloading, acquiring request parameters in the access request, traversing each key value pair in the request parameters, and decrypting each key value pair based on a third decryption key to obtain each original key value pair in the original request parameters;
and if the processing type is non-file uploading, acquiring the request parameter in the access request, and decrypting the request parameter based on a fourth decryption key to obtain the original request parameter.
14. A request processing apparatus, configured at a client, the apparatus comprising:
the processing type determining module is used for acquiring a request message to be processed and the processing type of the request message, wherein the processing type comprises file uploading, file downloading, non-file uploading and non-file downloading;
a request header setting module, configured to set a request header of the request packet based on the processing type;
and the encryption module is used for determining an encryption mode corresponding to the processing type, encrypting the request message based on the determined encryption mode and forming an access request based on the encrypted request message and the request header.
15. A request processing apparatus, configured to a server, the apparatus comprising:
the processing type identification module is used for acquiring an access request, identifying a request head of a request message, and determining the processing type of the access request based on the request, wherein the processing type comprises file uploading, file downloading, non-file uploading and non-file downloading;
the decryption module is used for determining a decryption mode corresponding to the processing type and decrypting the encrypted request message in the access request based on the determined decryption mode;
and the message packaging module is used for adaptively packaging the decrypted request message based on the access interface of the access request and transmitting the packaged request message to a target service through the access interface.
16. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the request processing method according to any one of claims 6 to 9 or the request processing method according to any one of claims 10 to 13 when executing the program.
17. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out a request processing method according to any one of claims 6 to 9, or a request processing method according to any one of claims 10 to 13.
CN202110436444.XA 2021-04-22 2021-04-22 Request processing system, method and device, storage medium and electronic equipment Active CN113132394B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110436444.XA CN113132394B (en) 2021-04-22 2021-04-22 Request processing system, method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110436444.XA CN113132394B (en) 2021-04-22 2021-04-22 Request processing system, method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN113132394A true CN113132394A (en) 2021-07-16
CN113132394B CN113132394B (en) 2023-02-03

Family

ID=76779112

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110436444.XA Active CN113132394B (en) 2021-04-22 2021-04-22 Request processing system, method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113132394B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113992432A (en) * 2021-12-24 2022-01-28 南京中孚信息技术有限公司 Message processing method, message bus system, computer device, and storage medium
CN114285833A (en) * 2021-12-15 2022-04-05 中国建设银行股份有限公司 WEB terminal resource file access system, device and method
CN115150153A (en) * 2022-06-30 2022-10-04 中国工商银行股份有限公司 Message processing method, device, equipment, storage medium and computer program product
CN117395084A (en) * 2023-12-11 2024-01-12 中国联合网络通信集团有限公司 Cloud storage resource access method, device, equipment and storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101764757A (en) * 2010-01-20 2010-06-30 华为技术有限公司 Method, device and system for content accessing
CN103095609A (en) * 2013-01-09 2013-05-08 大唐软件技术股份有限公司 Access adaptive method and device based on Internet of things terminals
US20170295144A1 (en) * 2016-04-11 2017-10-12 Facebook, Inc. Data security for content delivery networks
CN108737343A (en) * 2017-04-20 2018-11-02 苏宁云商集团股份有限公司 A kind of implementation method and device of secure access network
CN108900584A (en) * 2018-06-15 2018-11-27 网宿科技股份有限公司 The data transmission method and system of content distributing network
CN109889510A (en) * 2019-01-30 2019-06-14 重庆农村商业银行股份有限公司 Multiple encryption method for service provider transmission services message
CN111600909A (en) * 2020-06-24 2020-08-28 腾讯科技(深圳)有限公司 Data processing method, device, protocol conversion equipment and storage medium
CN111614757A (en) * 2020-05-20 2020-09-01 中国建设银行股份有限公司 Message interaction method, device, equipment and medium for client and server
CN112637177A (en) * 2020-12-17 2021-04-09 下一代互联网重大应用技术(北京)工程研究中心有限公司 Data encryption transmission method, device, equipment and medium
CN112671705A (en) * 2020-11-23 2021-04-16 中信银行股份有限公司 Message processing method and device, electronic equipment and computer readable storage medium

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101764757A (en) * 2010-01-20 2010-06-30 华为技术有限公司 Method, device and system for content accessing
CN103095609A (en) * 2013-01-09 2013-05-08 大唐软件技术股份有限公司 Access adaptive method and device based on Internet of things terminals
US20170295144A1 (en) * 2016-04-11 2017-10-12 Facebook, Inc. Data security for content delivery networks
CN108737343A (en) * 2017-04-20 2018-11-02 苏宁云商集团股份有限公司 A kind of implementation method and device of secure access network
CN108900584A (en) * 2018-06-15 2018-11-27 网宿科技股份有限公司 The data transmission method and system of content distributing network
CN109889510A (en) * 2019-01-30 2019-06-14 重庆农村商业银行股份有限公司 Multiple encryption method for service provider transmission services message
CN111614757A (en) * 2020-05-20 2020-09-01 中国建设银行股份有限公司 Message interaction method, device, equipment and medium for client and server
CN111600909A (en) * 2020-06-24 2020-08-28 腾讯科技(深圳)有限公司 Data processing method, device, protocol conversion equipment and storage medium
CN112671705A (en) * 2020-11-23 2021-04-16 中信银行股份有限公司 Message processing method and device, electronic equipment and computer readable storage medium
CN112637177A (en) * 2020-12-17 2021-04-09 下一代互联网重大应用技术(北京)工程研究中心有限公司 Data encryption transmission method, device, equipment and medium

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285833A (en) * 2021-12-15 2022-04-05 中国建设银行股份有限公司 WEB terminal resource file access system, device and method
CN114285833B (en) * 2021-12-15 2024-04-09 中国建设银行股份有限公司 WEB terminal resource file access system, device and method
CN113992432A (en) * 2021-12-24 2022-01-28 南京中孚信息技术有限公司 Message processing method, message bus system, computer device, and storage medium
CN115150153A (en) * 2022-06-30 2022-10-04 中国工商银行股份有限公司 Message processing method, device, equipment, storage medium and computer program product
CN117395084A (en) * 2023-12-11 2024-01-12 中国联合网络通信集团有限公司 Cloud storage resource access method, device, equipment and storage medium
CN117395084B (en) * 2023-12-11 2024-04-09 中国联合网络通信集团有限公司 Cloud storage resource access method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN113132394B (en) 2023-02-03

Similar Documents

Publication Publication Date Title
CN113132394B (en) Request processing system, method and device, storage medium and electronic equipment
CN110933118B (en) Edge computing gateway secure communication method, system, terminal equipment and server
US10110613B2 (en) Decrypting content samples including distinct encryption chains
US8527750B2 (en) System and method for generating multiple protected content formats without redundant encryption of content
WO2021120831A1 (en) Streaming media data encryption method and apparatus, streaming media data decryption method and apparatus, electronic device and storage medium
CN111556340B (en) Safe cross-platform video stream playing method
CN110401677B (en) Method and device for acquiring digital copyright key, storage medium and electronic equipment
US20170171166A1 (en) Anti-hotlinking method and electronic device
CN104602238A (en) Wireless network connecting method, device and system
CN111698576B (en) Information encryption method, decryption method, server, client, and medium
CN111600914B (en) Data transmission method, server and client
US10127396B2 (en) System and method for local generation of streaming content with a hint track
US11349820B2 (en) Selective encryption of tunneled encrypted traffic
CN114785524A (en) Electronic seal generation method, device, equipment and medium
CN107222473B (en) Method and system for encrypting and decrypting API service data at transport layer
CN104506530A (en) Network data processing method and device and data transmission method and device
US10231004B2 (en) Network recording service
CN114978769A (en) Unidirectional lead-in device, method, medium, and apparatus
CN114978485A (en) Voice data transmission method, system, electronic device and storage medium
CN110517045B (en) Block chain data processing method, device, equipment and storage medium
WO2017035018A1 (en) Method and system for efficient encryption, transmission, and decryption of video data
CN112217810A (en) Request response method, device, equipment and medium
CN116318686B (en) Data encryption transmission method and device, electronic equipment and storage medium
CN116405711B (en) System for encrypting and decrypting real-time audio and video stream and audio and video stream encryption method
CN110768808A (en) Terminal configuration method, device, server and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant