CN114598490A

CN114598490A - Method, device and equipment for redirecting page based on API gateway and storage medium

Info

Publication number: CN114598490A
Application number: CN202110383186.3A
Authority: CN
Inventors: 尤光伟
Original assignee: Asiainfo Technology Nanjing Co ltd
Current assignee: Asiainfo Technology Nanjing Co ltd
Priority date: 2021-04-09
Filing date: 2021-04-09
Publication date: 2022-06-07
Anticipated expiration: 2041-04-09
Also published as: CN114598490B

Abstract

The embodiment of the application provides a method, a device, equipment and a storage medium for redirecting a page based on an API gateway, and relates to the field of network security and open service. The method is executed by an API gateway and comprises the following steps: responding to a first request sent by a client, and performing identity authentication on the client; responding to a second request sent by the client after the identity authentication is passed, and acquiring and processing a first entrance ticket corresponding to the page so as to perform first entrance ticket authentication and second entrance ticket authentication; responding to a third request sent by the client, performing first ticket authentication, performing page authentication after the first ticket authentication is passed, and sending a redirection instruction to the client after the page authentication is passed; and responding to a fourth request sent by the gateway corresponding to the page based on the redirection instruction, and performing second ticket authentication to determine whether to redirect the page. Unified management and authentication are carried out through the API gateway, and the problem that an effective management mechanism is lacked when a client accesses a page is solved.

Description

Method, device and equipment for redirecting page based on API gateway and storage medium

Technical Field

The present application relates to the field of network security and open services, and in particular, to a method and an apparatus for redirecting a page based on an API gateway, an electronic device, and a computer-readable storage medium.

Background

Currently, besides the open interface service implemented by the open API interface, the open service may be implemented by other forms. For example, a plurality of service operations are packaged into a single-page application and opened in the form of a page, and a client embeds URLs of the page according to specifications, so that access to the page can be realized in a plurality of scenes, and page opening service is realized.

The page service is opened in the form of the URL embedded in the page for the client to use, and the page service provider cannot manage the process of using the page service by the client. Specifically, when a client initiates a page access, whether the identity of the client is in accordance with the specification, whether the client can access the page, how to specify the access operation of the client when accessing the page, and the like. That is, there is no effective management mechanism for the problems existing when the client accesses the page.

Disclosure of Invention

The application provides a method, a device, electronic equipment and a computer readable storage medium for redirecting a page based on an API gateway, which can solve the problem that an effective management mechanism is lacked when a client accesses the page. The technical scheme is as follows:

according to a first aspect of the present application, there is provided a method for redirecting a page based on an API gateway, applied to the API gateway, the method including:

responding to a first request sent by a client, and performing identity authentication on the client;

responding to a second request sent by the client after the identity authentication is passed, and acquiring and processing a first entrance ticket corresponding to the page so as to perform first entrance ticket authentication and second entrance ticket authentication;

responding to a third request sent by the client, performing first ticket authentication, performing page authentication after the first ticket authentication is passed, and sending a redirection instruction to the client after the page authentication is passed;

and responding to a fourth request sent by the gateway corresponding to the page based on the redirection instruction, and performing second ticket authentication to determine whether to redirect the page.

According to a second aspect of the present application, there is provided another method for redirecting a page based on an API gateway, applied to a rights server, the method including:

and responding to an identity authentication request which is sent by the API gateway and carries an account and a password corresponding to the client, authenticating the identity of the client according to the account and the password, and feeding back an identity authentication result to the API gateway.

According to a third aspect of the present application, there is provided another method for redirecting a page based on an API gateway, which is applied to a gateway corresponding to the page, and the method includes:

and responding to a redirection authentication request sent by the client after receiving the redirection instruction, and sending a fourth request carrying a third ticket and the real website to the API gateway, wherein the fourth request is used for indicating the API gateway to perform second ticket authentication according to the third ticket so as to determine whether to redirect the page to a page corresponding to the real website.

According to a fourth aspect of the present application, there is provided an API gateway apparatus, the apparatus comprising: a transceiver module, a processing module, a first authentication module, a second authentication module, and a third authentication module,

the receiving and sending module is used for receiving a first request sent by a client;

the first authentication module is used for responding to the first request and authenticating the identity of the client;

the transceiver module is further configured to receive a second request sent by the client after the identity authentication is passed;

the processing module is used for responding to the second request, acquiring and processing a first entrance ticket corresponding to the page so as to perform first entrance ticket authentication and second entrance ticket authentication;

the transceiver module is further configured to receive a third request sent by the client;

the second authentication module is used for responding to the third request and performing first ticket authentication;

the third authentication module is used for performing page authentication after the first ticket authentication is passed;

the receiving and sending module is further used for sending a redirection instruction to the client after the page authentication is passed;

the transceiver module is further configured to receive a fourth request sent by the gateway corresponding to the page based on the redirection instruction;

the second authentication module is further configured to perform a second ticket authentication to determine whether to redirect the page in response to the fourth request.

According to a fifth aspect of the present application, there is provided an authority device including:

the receiving and sending module is used for receiving an identity authentication request which is sent by the API gateway and carries an account and a password corresponding to the client;

the authentication module is used for responding to the identity authentication request and authenticating the identity of the client according to the account and the password;

and the transceiver module is also used for feeding back the identity authentication result to the API gateway.

According to a sixth aspect of the present application, there is provided another API gateway apparatus, comprising:

and the transceiver module is used for receiving a redirection authentication request sent by the client after receiving the redirection instruction, and sending a fourth request carrying a third ticket and a real website to the API gateway in response to the redirection authentication request, wherein the fourth request is used for indicating the API gateway to perform second ticket authentication according to the third ticket so as to determine whether to redirect the page to a page corresponding to the real website.

According to a seventh aspect of the present application, there is provided an electronic apparatus comprising: a memory, a transceiver, a processor, wherein,

the memory for storing a computer program;

the transceiver is used for receiving a first request sent by a client under the control of the processor;

the processor is used for reading the computer program in the memory and executing the following operations: responding to the first request, and authenticating the client;

the transceiver is further used for receiving a second request sent by the client after identity authentication is passed under the control of the processor;

the processor is further configured to read the computer program in the memory and perform the following operations: responding to the second request, and acquiring and processing a first ticket corresponding to the page to perform first ticket authentication and second ticket authentication;

the transceiver is further used for receiving a third request sent by the client under the control of the processor;

the processor is further configured to read the computer program in the memory and perform the following operations: responding to the third request, performing first ticket authentication, performing page authentication after the first ticket authentication is passed, and after the page authentication is passed, the transceiver is further configured to send a redirection instruction to the client under the control of the processor;

the transceiver is further configured to receive, under the control of the processor, a fourth request sent by a gateway corresponding to the page based on the redirection instruction;

the processor is further configured to read the computer program in the memory and perform the following operations: in response to the fourth request, performing a second ticket authentication to determine whether to redirect the page.

According to an eighth aspect of the present application, there is provided another electronic apparatus including: a memory, a transceiver, a processor, wherein,

a memory for storing a computer program;

the system comprises a transceiver and a processor, wherein the transceiver is used for receiving an identity authentication request which is sent by an API gateway and carries an account and a password corresponding to a client under the control of the processor;

a processor further operable to read the computer program in the memory and perform the following: responding to the identity authentication request, and performing identity authentication on the client according to the account and the password;

and the transceiver is also used for feeding back the identity authentication result to the API gateway under the control of the processor.

According to a ninth aspect of the present application, there is provided still another electronic device including: a memory, a transceiver, a processor, wherein,

a memory for storing a computer program;

and the transceiver is used for receiving a redirection authentication request sent by the client after receiving the redirection instruction under the control of the processor, and sending a fourth request carrying a third ticket and a real website to the API gateway in response to the redirection authentication request, wherein the fourth request is used for indicating the API gateway to carry out second ticket authentication according to the third ticket so as to determine whether to redirect the page to a page corresponding to the real website.

According to a tenth aspect of the present application, there is provided a computer storage medium having stored thereon a computer program which, when executed by a processor, implements the method for redirecting pages based on an API gateway as shown in the first aspect of the present application.

According to an eleventh aspect of the present application, there is provided another computer storage medium having stored thereon a computer program which, when executed by a processor, implements the method for redirecting pages based on an API gateway as shown in the second aspect of the present application.

According to a twelfth aspect of the present application, there is provided a further computer storage medium having stored thereon a computer program which, when executed by a processor, implements the method for redirecting pages based on an API gateway as shown in the third aspect of the present application.

The technical scheme provided by the application brings the beneficial effects that:

the application provides a method for redirecting pages based on an API gateway, which is executed by the API gateway and comprises the following steps: the identity authentication operation is carried out on the client, so that the control of the page access entrance at the API gateway is realized; the method comprises the steps of establishing a first ticket according to a first request sent by a client, and respectively carrying out two times of ticket authentication on an API gateway according to the first ticket according to a third request sent by the client and a fourth request sent by a gateway corresponding to a page, and determining whether the page is redirected or not after the second time of ticket authentication is passed, so that unified management and authentication are realized through the API gateway. Unified management and authentication are performed through the API gateway, and the problem that an effective management mechanism is lacked when a client accesses a page is solved.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments of the present application will be briefly described as follows:

fig. 1 is a schematic flowchart of a method for redirecting a page based on an API gateway according to an embodiment of the present application;

fig. 2 is a schematic flowchart of another method for redirecting a page based on an API gateway according to an embodiment of the present application;

fig. 3 is a schematic flowchart of another method for redirecting a page based on an API gateway according to an embodiment of the present application;

fig. 4a is a schematic view of an application scenario of a method for redirecting a page based on an API gateway according to an embodiment of the present application;

fig. 4b is a schematic view of an application scenario of another method for redirecting a page based on an API gateway according to an embodiment of the present application;

fig. 5 is a schematic structural diagram of an API gateway device according to an embodiment of the present application;

fig. 6 is a schematic structural diagram of a rights management device according to an embodiment of the present application;

fig. 7 is a schematic structural diagram of another API gateway device according to an embodiment of the present application.

Detailed Description

Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.

As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.

To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

The terms referred to in this application will first be introduced and explained:

(1) with and without account mode

A client accesses a page in two ways, namely, an account is carried, namely the account is not null; the other is that the account is not carried, i.e. the account is blank, and the way of blank account is called guest access way in the field.

(2) And (4) interaction credentials.

In the art, interactive credentials typically include token credentials and session credentials. The method is applied specifically, the two interactive parties comprise an initiator and a receiver, the initiator initiates a request to the receiver for the first time, and the receiver generates an interactive certificate according to the initiation request, caches and feeds back the interactive certificate to the initiator; after receiving the certificate, the initiator caches the certificate; subsequently, when the initiator initiates a new request to the receiver, the cached certificate is carried, and when the receiver receives the new request again, the verification is carried out according to the certificate in the new request and the locally cached certificate; when the two are confirmed to be equal, the new request is processed, and when the two are confirmed to be unequal, the certificate held by the initiator is determined to be invalid or invalid possibly, and the new request is determined not to be processed.

(3) API gateway

The API gateway related in the implementation of the application comprises a main body service, a permission service and a configuration center.

The configuration center can configure a page authority configuration list, an interface authority configuration list and the like. The configuration center also configures the functions of the subject service and configures the functions of the authority service.

The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.

The embodiment of the application provides a method for redirecting a page based on an API gateway, which is applied to the API gateway, and as shown in figure 1, the method comprises the following steps:

s101, responding to a first request sent by a client, and authenticating the identity of the client;

s102, responding to a second request sent by the client after the identity authentication is passed, and acquiring and processing a first entrance ticket corresponding to the page to perform first entrance ticket authentication and second entrance ticket authentication;

s103, responding to a third request sent by the client, performing first ticket authentication, performing page authentication after the first ticket authentication is passed, and sending a redirection instruction to the client after the page authentication is passed;

and S104, responding to a fourth request sent by the gateway corresponding to the page based on the redirection instruction, and performing second ticket authentication to determine whether the page is redirected.

The page to be accessed by the client, or the page after redirection, may be a target page. However, the current page displayed on the client is not the target page, and the page displayed on the client is made to be the target page by jumping from the current page to the target page through a redirection operation. The current page can comprise an account number and password input box so that a user can input the account number and the password conveniently; or, the current page may be a prompt page to prompt for an account number and a password; or the current page does not have input prompt information of the account and the password, and the account and the password can be automatically obtained from a cache region of the client. The embodiment of the application does not limit the content displayed on the current page. When the scheme provided by the embodiment of the present application is implemented, a person skilled in the art can adjust the current page by himself.

The application provides a method for redirecting pages based on an API gateway, which is executed by the API gateway and comprises the following steps: the identity authentication operation is carried out on the client, so that the control of the page access entrance at the API gateway is realized; the method comprises the steps of establishing a first ticket according to a first request sent by a client, and respectively carrying out two times of ticket authentication on an API gateway according to the first ticket according to a third request sent by the client and a fourth request sent by a gateway corresponding to a page, and determining whether the page is redirected or not after the second time of ticket authentication is passed, so that unified management and authentication are realized through the API gateway. Unified management and authentication are carried out through the API gateway, and the problem that an effective management mechanism is lacked when a client accesses a page is solved.

In the embodiment of the present application, a possible implementation manner is provided, where the first request carries page information of an account and a password corresponding to the client, and the page information specifically includes Sa1 (not shown in the figure) and Sb1 (not shown in the figure), where:

sa1, when the account is not empty, the identity of the client is authenticated according to the account and the password;

when the client requests to access the page in a user identity mode, the account carried in the sent first request is not empty.

Or;

and Sb1, when the account is empty, performing identity authentication on the client according to the page information.

When the client requests to access the page in a tourist mode, the account carried in the sent first request is null.

It should be noted that the page information is used to record the relevant content of the page accessed by the client. The page information may include the coding of the page, i.e., the page coding; the method can also comprise the coding of the page plate to which the page belongs, namely the coding of the page plate corresponding to the page; the method may further include encoding of the page application to which the page plate belongs, that is, encoding of the page application corresponding to the page. The page information in the embodiment of the present application includes the above information, and will not be described again for simplicity and convenience of description.

It should be noted that the account number may include a primary account number and a secondary account number, that is, the account number is composed of a plurality of account numbers; the account number may also include a single account number, i.e., consist of one account number. The account number related to the scheme provided in the embodiment of the present application is only used for example to illustrate the embodiment of the present application, and is not used to limit the scheme of the present application. The adjustment can be carried out by the person skilled in the art according to the actual situation.

In this embodiment, Sa1 specifically includes:

sending an identity authentication request carrying an account number and a password to an authority server, and receiving an identity authentication result fed back by the authority server;

the identity authentication request is used for indicating the authority server to perform identity authentication on the client according to the account and the password.

And after the authority server performs identity authentication on the client according to the account and the password, sending an identity authentication result to the client.

The authority server can be a server and comprises a first server and a second server; and the first server performs identity authentication on the client according to the account and the password, and creates and caches a session credential according to the account and the password after the authentication is passed. The authentication result also includes the session credentials.

And when the received identity authentication result fed back by the authority server is an identity authentication passing message, sending a token determined according to the account number and the password and the identity authentication passing message to the client.

The API gateway may create and cache the token according to the account number, the password, and the application code. The API gateway sends an identity authentication passing message to the client, wherein the identity authentication passing message comprises a token and a session certificate

It should be understood that the token is an interaction credential between the client and the API gateway. After the API gateway sends the token to the client, the client receives and caches the token. The client needs to carry the cached token when initiating a request to the API gateway every time; after receiving the request, the API gateway verifies the token carried in the request and the cached token pair; the API gateway processes client-initiated requests after the authentication passes. In the embodiment of the present application, except for the first request, when the client initiates another request to the API gateway, the token cached by the client should be carried, and for simplicity and convenience of description, details about the token verification process will not be repeated.

It should be understood that a session credential is a credential of an interaction between a rights server and a client. After the API gateway sends the session credentials to the client, the client receives and caches the session credentials. When the client interacts with the authority server through the API gateway, that is, the client initiates a request to the API gateway, and the API gateway initiates a request to the authority server according to the request, the session credential needs to be carried in the request initiated by the client, and the session credential needs to be carried in the request initiated by the API gateway. And the authority server performs identity authentication on the client according to the session certificate carried in the request and the cached session certificate, and processes the request initiated by the API gateway after the authentication is passed. In the embodiment of the application, the client needs to carry the session credential when initiating a request to the API gateway, and the API gateway needs to carry the session credential sent by the client when initiating another request to the rights server. For simplicity of description, the session credentials and the verification logic thereof carried by the other requests in this embodiment will not be described again.

In this embodiment, Sb1 specifically includes:

when the page information is not empty, determining that the identity authentication is passed;

when the application code included in the page information is not null, the client is determined to access the page by the identity of the tourist, namely the client is authenticated as the identity of the tourist.

And sending the token determined according to the page information and the identity authentication passing message to the client.

The page information comprises an application code corresponding to the page, and after the application code in the page information is determined not to be empty, a key cached by the API gateway is obtained, and a token can be created and cached according to the key and the application code.

The embodiment of the application provides a method for redirecting a page based on an API gateway, which aims at setting different authentications for different scenes. When a client accesses a page in an account mode, because the diversification of account models corresponding to the client exceeds the processing capacity of a gateway, the identity authentication service is forwarded to an authority server storing various account models to process and receive the processing result of the authority server, so that the unified authentication of the client identity is realized, and the burden of the gateway is reduced; when the client accesses the page with the identity of the tourist, the authentication is carried out on the API gateway through the page information, and the identity of the tourist is confirmed. The method realizes the authentication requirement of adapting to diversified complex scenes.

In this embodiment, another possible implementation manner is provided, where the second request carries a token corresponding to the client, page information of the page, and an account corresponding to the client, and then, in response to the second request sent by the client after the identity authentication passes, a first ticket corresponding to the page is obtained and processed, where the second request includes Sa2 (not shown in the figure) and Sb2 (not shown in the figure):

the Sa2 is used for acquiring and caching the first ticket according to the token, the page information and the account corresponding to the client when the account is not empty, and issuing the first ticket to the client;

the API gateway may create the first ticket according to the token, the application code included in the page information, and the account number.

Or;

and Sb2, when the account number is empty, acquiring and caching a first ticket according to the token and the page information corresponding to the client, and issuing the first ticket to the client.

The API gateway may create the first ticket according to the application code included in the token and the page information.

After the first ticket is successfully created, the API caches the first ticket and is used for performing first ticket authentication and second ticket authentication, and the first ticket authentication and the second ticket authentication are performed in sequence;

after the second ticket authentication is complete, the first ticket is removed from the cache.

And after the second ticket authentication is completed, the life cycle of the first ticket is ended. The life cycle of the first entrance ticket exists before the page accessed by the client is redirected to a new page from the beginning of creation, if the first entrance ticket exists continuously after the page is opened, the client possibly carries the cached entrance ticket again to request for accessing the page, the API gateway verifies based on the entrance ticket, and after the first entrance ticket passes the verification, the client opens the page again, so that the behavior of the client accessing the target page cannot be limited; removing the first ticket may restrict the client's access to the target page.

The embodiment of the application provides a method for redirecting a page based on an API gateway, which is used for creating and caching a first entrance ticket so that when a client carries the entrance ticket to request to access a target page, the API gateway sequentially performs first entrance ticket authentication and second entrance ticket authentication according to the first entrance ticket and the entrance ticket carried by the client. Therefore, the first ticket is the key for realizing the unified authentication management of the client to access the target page through the API gateway. And after the second ticket authentication is finished, removing the first ticket, and further perfecting the operation of unified authentication and management.

The embodiment of the present application further provides another possible implementation manner, where the third request carries a second ticket and a page code, and then the first ticket authentication is performed in response to the third request sent by the client, and the page authentication is performed after the first ticket authentication is passed, where the method includes:

performing first ticket authentication according to the first ticket and the second ticket;

when the first ticket passes the authentication, acquiring a page authority configuration list;

and performing page authentication according to the page authority configuration list and the page codes.

In this embodiment, the first ticket authentication specifically includes:

and the API gateway acquires the cached first ticket, judges whether the first ticket and the second ticket are equal or not, and determines a first ticket authentication result according to a judgment result.

And when the first ticket and the second ticket are equal, determining that the first ticket passes the authentication.

When the first ticket and the second ticket are not equal, it may be determined that the second ticket has expired or that a client holding the second ticket has no permission to access the page.

In this embodiment, when the page permission configuration list contains the page code, it is determined that the page authentication is passed.

In this embodiment, the third request further carries an account corresponding to the client, and when the ticket authentication for the first time passes, the page permission configuration list is obtained, which includes Sa3 (not shown in the figure) and Sb3 (not shown in the figure), specifically:

sa3, when the account is not empty, the API gateway acquires a page permission configuration list from the cache region according to the account;

when the page permission configuration list is not found in the cache region, sending a page permission configuration request carrying an account to a permission server, wherein the page permission configuration request is used for requesting to acquire the page permission configuration list corresponding to the account;

and receiving and caching a page authority configuration list fed back by the authority server.

Sb3, when the account is empty, after the API gateway confirms the identity of the guest of the client, obtain the corresponding page permission configuration list from the cache region.

At least one page authority configuration list is configured in advance in a cache region of the API gateway, and the list is mainly used for verifying an access request of a client accessing a page in a tourist mode.

The page authority configuration list comprises the corresponding relation between the page code and the real address of the page.

In this embodiment, sending a redirection instruction to the client after the page authentication passes specifically includes:

acquiring a real website corresponding to a page code in a page permission configuration list;

and sending a redirection instruction to the client, wherein the redirection instruction carries a real website and is used for indicating the redirection page to a page corresponding to the real website.

And searching a real address corresponding to the page code from the page authority configuration list according to the page code carried in the third request. Specifically, it may be determined whether the page code exists in the page permission configuration list:

if yes, acquiring a real website corresponding to the page code according to the page code;

if the second ticket does not exist, the authority list corresponding to the page code cannot be acquired, and the client with the second ticket cannot be determined to have access to the page.

The redirection instruction comprises a temporary redirection instruction which is used for indicating that the current page is redirected to the page corresponding to the real website temporarily.

The embodiment of the present application further provides another possible implementation manner, where the fourth request carries a third ticket and a real website, and then the second ticket authentication is performed to determine whether to redirect the page in response to the fourth request sent by the gateway corresponding to the page based on the redirection instruction, where the fourth request includes:

performing second ticket authentication according to the first ticket and the third ticket;

and when the ticket passes the second time of ticket authentication, determining to redirect the page to the page corresponding to the real website.

After the API gateway sends a redirection instruction to the client, the client may send a redirection authentication request to the gateway corresponding to the page according to the redirection instruction, where the request carries a real website and a third ticket; after receiving the redirection authentication request, the gateway corresponding to the page may send a fourth request to the API gateway, and carry a third ticket and a real website.

In this embodiment, the second ticket authentication specifically includes:

and the API gateway acquires the cached first ticket, judges whether the first ticket and the third ticket are equal, and determines a second ticket authentication result according to the judgment result.

And when the first ticket and the third ticket are equal, determining that the second ticket passes the authentication.

When the first ticket and the third ticket are not equal, it may be determined that the third ticket has expired or that a client holding the third ticket has no permission to access the page.

In this embodiment, when the second ticket authentication is passed, determining to redirect the page to a page corresponding to the real website includes:

the API gateway feeds back a second ticket authentication passing message to a gateway corresponding to the page; after receiving the message, the gateway corresponding to the page feeds back a second ticket authentication passing message to the client; after receiving the message, the client triggers a redirection operation to redirect the current page to a page corresponding to the real website.

The embodiment of the present application further provides another possible implementation manner, where when the current page is a page corresponding to the real website, and the client initiates a fifth request through the page, the method further includes:

responding to a fifth request which is sent by the client and carries interface information, and acquiring an interface authority configuration list;

the fifth request carries page information, and the page information comprises page codes; the fifth request also carries an account corresponding to the client;

the interface authority configuration list can correspond to an interface code corresponding to each interface under one page application, can also correspond to an interface code corresponding to each interface under a certain page block in the page application, and can also correspond to an interface code corresponding to each interface in a certain page in the page block; the interface permission configuration list at least includes an interface code corresponding to at least one interface, a page code corresponding to a page where the interface is located, a page block code corresponding to a page block where the page is located, and a page application code corresponding to an application where the page block is located.

According to the interface authority configuration list and the interface information, interface authentication is carried out;

and when the interface authority configuration list contains the interface code, determining that the interface passes the authentication.

And when the interface authentication is passed, sending a sixth request carrying interface information to the interface server, wherein the sixth request is used for indicating the interface server to provide interface service for the client according to the interface information.

In this embodiment, if the interface information includes a page code, an interface right configuration list is obtained, which includes Sa4 (not shown) and Sb4 (not shown):

sa4, when the account is not empty, acquiring an interface authority configuration list corresponding to the page code from a cache region of the API according to the account and the page code;

when the interface authority configuration list corresponding to the page code is not found in the cache region, sending an interface authority configuration request carrying the page code to an authority server;

the interface authority configuration request is used for requesting to acquire an interface authority configuration list corresponding to the page code and carrying an account number and the page code corresponding to the client; the account corresponding to the client may be obtained from the fifth request.

And receiving and caching an interface authority configuration list fed back by the authority server.

And the authority server inquires an interface authority configuration list corresponding to the page according to the account number and the page code.

And Sb4, when the account number is empty, acquiring an interface authority configuration list corresponding to the page code from the API cache region.

At least one interface authority configuration list is configured in advance in a cache region of the API gateway, and the list is mainly used for verifying an access request of a client accessing a page in a tourist mode.

Another method for redirecting a page based on an API gateway is provided in this embodiment of the present application, and is applied to a rights server, as shown in fig. 2, the method includes:

s201, receiving an identity authentication request which is sent by an API gateway and carries an account and a password corresponding to a client;

the authority server comprises a first server and a second server; the first server is used for receiving and processing the identity authentication request sent by the API gateway;

wherein, the authority server and the client are in a corresponding relationship; the client accesses the account carried by the page and is stored on a first server of the authority server at ordinary times; the authority server can configure the function authority of the account, including the authority of whether the page application can be accessed;

wherein, the identity authentication request also carries page information;

the account number may include a primary account number and a secondary account number;

s202, authenticating the identity of the client according to the account and the password;

the first server firstly verifies the account and the password, and the result at least comprises the following steps:

when the account and the password are verified to be correct and the account is not locked, the first server verifies whether the account has the right to access the page or not according to the right configured by the account;

when the account number and the password are verified to be correct, but the account number is locked, and the identity authentication is not confirmed to pass;

when the verification is wrong, the user confirms that the account number or the password is wrong, and the identity authentication is not passed;

s203, feeding back an identity authentication result to the API gateway, wherein the identity authentication result comprises:

when the verification account number can access the page application corresponding to the page, the identity authentication is confirmed to pass;

and when the verification account number cannot access the page application corresponding to the page, confirming that the identity authentication is unsuccessful.

The embodiment of the application provides a possible implementation manner, and the method further comprises the following steps:

responding to a page permission configuration request which is sent by an API gateway and carries an account corresponding to a client, acquiring a page permission configuration list corresponding to the account according to the account and feeding back the page permission configuration list to the API gateway;

a second server of the authority server processes the page authority configuration request; the second server inquires a page authority configuration list corresponding to the account according to the account and feeds the page authority configuration list back to the API gateway;

alternatively, the first and second liquid crystal display panels may be,

and responding to an interface authority configuration request which is sent by the API gateway and carries interface information comprising the page code, acquiring an interface authority configuration list corresponding to the page code according to the page code, and feeding back the interface authority configuration list to the API gateway.

The second server of the authority server processes the interface authority configuration request; and the second server inquires a page authority configuration list corresponding to the account according to the account and feeds the page authority configuration list back to the API gateway.

In the embodiment of the present application, another method for redirecting a page based on an API gateway is provided, as shown in fig. 3, the method includes:

s301, receiving a redirection authentication request sent by a client after receiving a redirection instruction;

the redirection authentication request carries page information, a third ticket and a real website.

And S302, sending a fourth request carrying a third ticket and the real website to the API gateway, wherein the fourth request is used for indicating the API gateway to carry out second ticket authentication according to the third ticket so as to determine whether to redirect the page to the page corresponding to the real website.

The method for redirecting the page based on the API gateway provided by the embodiment of the present application is described above with reference to fig. 1 to 3 from the perspective of the API gateway, the permission server, and the gateway corresponding to the page, respectively. An embodiment of a specific application scenario of the method for redirecting a page based on an API gateway according to the embodiment of the present application is described in detail below with reference to fig. 4a and 4 b. FIG. 4a is a process of redirecting a page, including S1001-S1026; FIG. 4b is a process of handling interface services, including S2001-S2012. Specifically, the method comprises the following steps:

1. the process of redirecting pages specifically comprises the following steps:

and S1001, initiating an access request by the client.

The access request carries page information, an account and a password. The page information specifically comprises a code APPCODE of a page application corresponding to the page, a code APICODE of a page plate where the page is located, and a page code PageCode of the page; the account number specifically includes a primary account number SysOpId and a secondary account number OpId.

The specific content of the page information and the account number related in the following steps will not be described again.

And S1002, the API gateway verifies the account number.

After receiving the access request, the API gateway starts an authorization service, and verifies an account number through the authorization service, specifically:

if the account information is not null, starting to execute from S1003;

if the account information is null, continuously judging whether the APPCODE is null or not; when the account information is null and the appcommand is not null, it indicates that the client accesses the page in a guest manner. The client can access a specified page in the page application, the specified page is pre-stored in the API gateway, and the page pre-stored in the API gateway in a unified manner can also be accessed. When the APPCODE is empty, the identity of the client is determined to be failed, and the API gateway feeds back identity authentication failure information to the client.

Generating a token (an interactive certificate of the client and the API gateway) corresponding to the client according to the APPCODE;

when the key is built in the API gateway, the token may be generated from the appcommand and the built-in key.

And feeding back the token and the information passing the identity authentication to the client.

S1003, the API gateway sends an identity authentication request to the authority server.

When the account information is not empty, the client accesses the page in the form of an account, and an identity authentication request carrying the account and the password needs to be sent to the authority server.

S1004, the authority server performs identity authentication.

The authority server comprises a first server and a second server, receives an identity authentication request through the first server and processes identity authentication service. Specifically, the first server verifies the account and the password, and the verification result includes: when the account and the password are correct and the account is not locked, further, the first server verifies whether the account has the authority to access the page according to the authority configured by the account, and when the account has the authority to access the page, the identity authentication is passed; when the account number and the password are correct, but the account number is locked, the identity authentication is not passed; and when the account number and the password are wrong, confirming that the identity authentication is not passed.

After the identity authentication is passed, acquiring a department number OrgId of a department to which the account belongs based on the account; based on the account number and password, a SessId session (SessionId, session credentials for the client and the rights server) is generated.

S1005, the first server feeds back the identity authentication passing message to the API gateway.

When the identity authentication result is that the identity authentication passes, the identity authentication result also carries other information: SessId, OrgId.

And S1006, the API gateway generates a token according to the account and the password.

And after receiving the identity authentication passing message, the API gateway generates a token according to the account and the password through the authority service.

S1007, the API gateway caches token.

The API gateway caches token through the permission service.

And S1008, the API gateway feeds back the identity authentication passing message to the client.

The API gateway feeds back token and identity authentication passing information through the authority service;

when the API gateway receives the identity authentication passing message fed back by the first server, the message fed back to the client further comprises OrgId and SessId.

S1009, the client receives the identity authentication pass message.

The client caches token according to the identity authentication passing message;

when the message comprises OrgId and SessId, the message also needs to be cached;

wherein, the function of the buffer token: subsequently, when the client sends a request to the API gateway, the token needs to be carried, and the API gateway verifies the validity of the request through the cached token and the token carried in the request; the API gateway does not begin processing requests until the authentication is successful.

Wherein, the role of the buffer SessId is as follows: subsequently, when the client interacts with the authority server through the API gateway, that is, the client sends a request to the API, and the API needs to send a request to the authority server to process the request initiated by the client, the request initiated by the client needs to carry the SessId, and the request initiated by the API gateway also needs to carry the SessId; and the authority server verifies the legality of the request sent by the API gateway according to the SessId, and the authority server starts to process the request sent by the API gateway after the request is successfully verified.

In the following steps, token and SessId are taken by default if the client is involved in sending a request to the API gateway. For simplicity of description, the token or the SessId and the verification process thereof will not be described repeatedly in the following process.

And S1010, the client sends a ticket request to the API gateway.

The token, the page information and the account number are carried in the request.

S1011, the API gateway creates ticket1 (first ticket above).

After receiving the ticket request sent by the client, the API gateway:

when the account is not empty, creating and caching ticket1 according to the (token + page information + account) through the authority service;

when the account is empty, creating and caching ticket1 according to the application code included in the token + page information;

ticket1 is issued to the client.

The API gateway caching ticket1 functions as: the client will perform the first ticket authentication and the second ticket authentication in sequence through ticket1 before redirecting to the real page.

After the second ticket authentication is complete, ticket1 is removed from the cache.

S1012: the client receives and caches ticket 1.

And S1013, the client sends a request for accessing the real page to the API gateway.

The request carries page information, an account number, and ticket2 (the second ticket in the above) obtained from the cache area;

in general, ticket2 is the ticket1 cached by the client if ticket1 of the client has not failed.

S1014: the API gateway receives and verifies the validity of ticket 2.

After receiving the request for obtaining the real page through the authority service, the API gateway obtains cached ticket1, and performs first ticket authentication according to ticket1 and ticket 2.

The first ticket authentication specifically comprises: it is determined whether ticket1 and ticket2 are equal. When ticket1 and ticket2 are equal, it is determined that the first ticket authentication passed. Otherwise, ticket2 may have failed or been in error the first time ticket authentication failed.

After the first ticket authentication is passed, whether the page authority configuration list is cached locally or not is confirmed. Specifically, the method comprises the following steps: when the account is not empty, acquiring a cached page permission configuration list from the local according to the account, and if the page permission configuration list corresponding to the account does not exist locally, starting to execute from S1015; and when the account number is empty, namely the client accesses the page by the identity of the tourist, acquiring a pre-configured page permission configuration list from the buffer area.

S1015, the API gateway sends a page permission configuration request to the permission server.

The API gateway sends a page permission configuration request through a permission service, and the request carries an account number.

S1016, the authority server receives and processes the page authority configuration request.

And after the permission server receives the page permission configuration request, inquiring a page permission configuration list through a second server according to the account number.

After the second server inquires the page authority configuration list, feeding back the list to the API gateway;

and when the second server does not inquire the page authority configuration list, confirming that the account is not configured with any page access authority temporarily, feeding back the page access authority to the API gateway, and feeding back the information to the client by the API gateway.

S1017: the API gateway receives and caches the page permission configuration list.

S1018, the API gateway executes page authentication.

The API gateway determines the page authentication result by determining whether the page permission configuration list includes a PageCode (corresponding to the above page code). Specifically, the method comprises the following steps: when the page permission configuration list comprises the PageCode, the page authentication is passed; acquiring a real website URL corresponding to the PageCode in the list according to the PageCode; when the PageCode is not included in the page permission configuration list, the page authentication is not passed.

And S1019, the API gateway feeds a redirection instruction back to the client.

And the API gateway feeds back the redirection instruction through the authority service.

The redirection instruction comprises a real website URL and a 302 instruction; the instruction 302 is a temporary redirect instruction, and a cache cached ticket3 (third ticket above).

The redirection instruction is used for instructing the client to temporarily redirect the current page to the page corresponding to the real URL.

S1020, the client sends a redirection authentication request to a page gateway corresponding to the page.

And after receiving the redirection instruction, the client sends a redirection authentication request to the page gateway. The redirection authentication request carries the URL, ticket3 and account information.

And S1021, the page gateway sends an authentication request to the API gateway.

After receiving the redirected authentication request sent by the client, the page gateway sends an authentication request to the API gateway, and carries the URL and ticket 3.

And S1022, carrying out second ticket authentication by the API gateway.

And after receiving the authentication request, the API gateway performs second ticket authentication. The authentication request carries the URL and ticket 3. The API gateway obtains the cached ticket1 through the authority service, and performs a second ticket authentication according to ticket1 and ticket 3.

The second ticket authentication comprises: it is determined whether ticket1 and ticket3 are equal.

When ticket1 and ticket3 are equal, it is determined that the ticket passes the second time of authentication, i.e., the authentication passes.

S1023, the API gateway removes ticket1 from the cache.

Ticket1 is removed from the cache after the second ticket authentication is complete.

Ticket1 exists to authenticate the client request to redirect page before redirecting to the real page, and thus limit the client from opening the same page multiple times.

And S1024, the API gateway returns an authentication passing message to the page gateway through the authority service.

And S1025, after receiving the authentication passing message, the page gateway forwards the authentication passing message to the client.

And S1026, the client executes redirection operation.

And the client redirects the current page to the page corresponding to the real URL.

Therefore, the client acquires the real page, and the user can browse or continue to use the interface service provided on the page according to the acquired page of the client.

2. The process of processing the interface service specifically includes:

s2001, the client sends an interface service request to the API gateway;

the interface service request carries page information and an interface ID;

and S2002, the API gateway starts a main body service and an authority service and receives an interface service request.

And receiving the interface service request through the main body service, and forwarding the interface service request to the authority service so as to perform interface authentication on the interface service request.

The API gateway obtains an interface authority configuration list according to the account, and when the interface authority configuration list is cached in the API gateway, the process goes to step S2007; if the API gateway does not cache the interface right configuration list, the process goes to step S2003.

The API gateway pre-stores an interface authority configuration list so as to respond to an interface service request sent by a client accessing a page in a tourist mode. In the scenario of guest access, after the interface authority configuration list is acquired, the process proceeds to step S2007.

And S2003, the API gateway sends an interface authority configuration request to the authentication center through the authority service.

And the interface authority configuration request carries page information.

And S2004-2005, inquiring an interface authority configuration list of the authority server.

And after receiving the interface permission configuration request, the second server queries an interface permission configuration list according to the PageCode in the page information and feeds the interface permission configuration list back to the API gateway.

And S2006, after receiving the interface authority configuration list, the API gateway caches the list.

S2007, the API gateway conducts interface authentication through the authority service.

And judging whether the interface authority configuration list contains an interface ID. If yes, the interface passes the authentication; if not, the interface authentication is not passed.

And S2008, the authority service of the API gateway informs the main body service of the API gateway of the message that the interface authentication passes.

And S2009, the API gateway forwards the interface service request to the interface server.

The API gateway forwards the interface service request to the interface server through the main body service.

And S2010, the interface server receives and responds to the interface service request.

After receiving the interface service request, the interface server responds to the request and executes corresponding operation to obtain data.

S2011, the interface server forwards the result of the processing to the API gateway.

Specifically, the interface server sends data required for the interface service request to the API gateway, and the API gateway receives the data through the body service.

S2012, the API gateway returns the data needed by the interface to the client.

The API gateway feeds back data through the subject service.

And after receiving the data, the client executes corresponding operation according to the data.

At this point, the client completes one interface access based on the opened page, namely, one page service is used.

An API gateway apparatus is further provided in an embodiment of the present application, as shown in fig. 5, the apparatus 50 may include: a transceiver module 501, a processing module 502, a first authentication module 503, a second authentication module 504, and a third authentication module 505. Wherein the content of the first and second substances,

a transceiver module 501, configured to receive a first request sent by a client;

a first authentication module 503, configured to perform identity authentication on the client in response to the first request;

the transceiver module 501 is further configured to receive a second request sent by the client after the identity authentication is passed;

the processing module 502 is configured to, in response to the second request, obtain and process a first ticket corresponding to the page, so as to perform first ticket authentication and second ticket authentication;

the transceiver module 501 is further configured to receive a third request sent by the client;

a second authentication module 504, configured to perform a first ticket authentication in response to the third request;

a third authentication module 505, configured to perform page authentication after the first ticket authentication passes;

the transceiver module 501 is further configured to send a redirection instruction to the client after the page authentication is passed;

the transceiver module 501 is further configured to receive a fourth request sent by the gateway corresponding to the page based on the redirection instruction;

the second authentication module 504 is further configured to perform a second ticket authentication in response to the fourth request to determine whether to redirect the page.

In the embodiment of the present application, a possible implementation manner is provided, where the first request carries an account, a password, and page information of a page corresponding to the client, and the first authentication module 503 is specifically configured to, in response to the first request, perform identity authentication on the client:

when the account is not empty, performing identity authentication on the client according to the account and the password; alternatively, the first and second electrodes may be,

and when the account number is empty, performing identity authentication on the client according to the page information.

In this embodiment, when the account is not empty, the first authentication module 503 is specifically configured to perform identity authentication on the client according to the account and the password:

and sending an identity authentication request carrying an account and a password to the authority server, and receiving an identity authentication result fed back by the authority server, wherein the identity authentication request is used for indicating the authority server to perform identity authentication on the client according to the account and the password.

The transceiver module 501 is further configured to receive an identity authentication result fed back by the authority server as an identity authentication passing message, and send a token determined according to the account number and the password and the identity authentication passing message to the client.

In this embodiment, when the account is empty, the first authentication module 503 is specifically configured to, in performing identity authentication on the client according to the page information:

and when the page information is not null, determining that the identity authentication is passed.

The transceiver module 501 is further configured to send a token determined according to the page information and an identity authentication pass message to the client.

In the embodiment of the present application, a possible implementation manner is provided, where the second request carries a token corresponding to the client, page information of the page, and an account corresponding to the client, and the processing module 502 is configured to, in response to the second request, obtain and process a first ticket corresponding to the page, specifically:

when the account is not empty, acquiring and caching a first ticket according to a token, page information and the account corresponding to the client, and issuing the first ticket to the client; alternatively, the first and second electrodes may be,

and when the account is empty, acquiring and caching a first ticket according to the token and the page information corresponding to the client, and issuing the first ticket to the client.

In the embodiment of the present application, a possible implementation manner is provided, where the third request carries a second ticket and a page code, and the second authentication module 504 is specifically configured to, in response to the third request, perform the first ticket authentication:

specifically, whether a first ticket and a second ticket are equal is judged, and a first ticket authentication result is determined according to the judgment result;

when the first entrance ticket is equal to the second entrance ticket, determining that the first entrance ticket passes the authentication;

after the first ticket authentication is passed, the third authentication module 505 is specifically configured to:

acquiring a page authority configuration list;

And when the page authority configuration list contains the page code, determining that the page authentication is passed.

In this embodiment, the third request further carries an account corresponding to the client, and the third authentication module 505 is specifically configured to, in the obtaining of the page permission configuration list:

when the account is not empty, the API gateway acquires a page permission configuration list from the cache region according to the account;

when the account is not empty and the page permission configuration list corresponding to the account is not found in the cache region, the transceiver module 501 is further configured to send a page permission configuration request carrying the account to the permission server, where the page permission configuration request is used to request to obtain the page permission configuration list corresponding to the account;

the transceiver module 501 is further configured to receive and cache a page permission configuration list fed back by the permission server;

when the account number is empty, after the API gateway confirms the identity of the tourist of the client, acquiring a corresponding page permission configuration list from the cache region;

in this embodiment, after the page authentication passes, the transceiver module 501, in sending a redirection instruction to the client, is specifically configured to:

In the embodiment of the present application, a possible implementation manner is provided, where the fourth request carries a third ticket and a real website, and the second authentication module 504, in responding to the fourth request to perform second ticket authentication to determine whether to redirect a page, is specifically configured to:

In this embodiment, the second authentication module 504 is further configured to remove the first ticket from the cache after the second ticket authentication is completed.

In the embodiment of the present application, a possible implementation manner is provided, and the transceiver module 501 is further configured to receive a fifth request;

the third authentication module 505 is further configured to, in response to the fifth request, obtain an interface permission configuration list, and perform interface authentication according to the interface permission configuration list and the interface information;

when the interface authority configuration list contains an interface code, determining that the interface passes the authentication;

the transceiver module 501 is further configured to send a sixth request carrying interface information to the interface server when the interface authentication passes, where the sixth request is used to instruct the interface server to provide an interface service to the client according to the interface information.

In this embodiment, the interface information includes a page code, and the third authentication module 505 is specifically configured to, in the acquisition interface authority configuration list:

when the interface authority configuration list corresponding to the page code is not found in the cache region, sending an interface authority configuration request carrying the page code to an authority server through the transceiving module 501, wherein the interface authority configuration request is used for requesting to acquire the interface authority configuration list corresponding to the page code;

and receiving and caching the interface authority configuration list fed back by the authority server through the transceiver module.

An embodiment of the present application provides a rights device, as shown in fig. 6, the device 60 may include: a transceiver module 601 and an authentication module 602. Wherein the content of the first and second substances,

the receiving and sending module 601 is configured to receive an identity authentication request which is sent by the API gateway and carries an account and a password corresponding to the client;

the authentication module 602 is configured to perform identity authentication on the client according to the account and the password in response to the identity authentication request;

the transceiver module 601 is further configured to feed back an identity authentication result to the API gateway.

In this embodiment, the apparatus further includes an inquiry module 603 (not shown in the figure), configured to, in response to a page permission configuration request carrying an account corresponding to the client and sent by the API gateway, obtain a page permission configuration list corresponding to the account according to the account, and feed back the page permission configuration list to the API gateway through the transceiver module 601.

Or;

the query module 603 is further configured to, in response to an interface permission configuration request that is sent by the API gateway and carries interface information including the page code, obtain an interface permission configuration list corresponding to the page code according to the page code, and feed back the interface permission configuration list to the API gateway through the transceiver module 601.

In another embodiment of the present application, as shown in fig. 7, the API gateway apparatus 70 may include:

the transceiver module 701 is configured to receive a redirection authentication request sent by the client after receiving the redirection instruction, and send a fourth request carrying a third ticket and a real website to the API gateway in response to the redirection authentication request, where the fourth request is used to instruct the API gateway to perform second ticket authentication according to the third ticket to determine whether to redirect the page to a page corresponding to the real website.

An embodiment of the present application further provides an electronic device, including: a memory, a processor, and a transceiver; wherein, the first and the second end of the pipe are connected with each other,

a memory for storing a computer program;

the transceiver is used for receiving a first request sent by the client under the control of the processor;

a processor for reading the computer program in the memory and performing the following operations: responding to the first request, and authenticating the identity of the client;

the transceiver is also used for receiving a second request sent by the client after the identity authentication is passed under the control of the processor;

a processor further operable to read the computer program in the memory and perform the following: responding to the second request, and acquiring and processing a first ticket corresponding to the page to perform first ticket authentication and second ticket authentication;

the transceiver is also used for receiving a third request sent by the client under the control of the processor;

a processor further operable to read the computer program in the memory and perform the following: responding to the third request, performing first ticket authentication, and performing page authentication after the first ticket authentication is passed;

after the page authentication is passed, the transceiver is also used for sending a redirection instruction to the client under the control of the processor;

the transceiver is also used for receiving a fourth request sent by the gateway corresponding to the page based on the redirection instruction under the control of the processor;

a processor further operable to read the computer program in the memory and perform the following: in response to the fourth request, a second ticket authentication is performed to determine whether to redirect the page.

An embodiment of the present application provides another electronic device, including: a memory, a processor, and a transceiver; wherein the content of the first and second substances,

a memory for storing a computer program;

the transceiver is used for receiving an identity authentication request which is sent by the API gateway and carries an account and a password corresponding to the client under the control of the processor;

In an embodiment of the present application, another electronic device is provided, including: a memory, a processor, and a transceiver; wherein the content of the first and second substances,

a memory for storing a computer program;

The embodiment of the present application further provides a computer storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the computer may execute the method for redirecting a page based on an API gateway provided in the embodiment of the present application.

Another computer storage medium is provided in an embodiment of the present application, and a computer program is stored on the computer storage medium, and when the computer program is executed by a processor, the computer program may enable a computer to perform another method for redirecting a page based on an API gateway provided in an embodiment of the present application.

Still another computer storage medium is provided in an embodiment of the present application, and has a computer program stored thereon, where the computer program, when executed by a processor, enables a computer to perform still another method for redirecting a page based on an API gateway provided in an embodiment of the present application.

It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless otherwise indicated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.

The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims

1. A method for redirecting a page based on an API gateway is applied to the API gateway and comprises the following steps:

responding to a second request sent by the client after the identity authentication is passed, and acquiring and processing a first entrance ticket corresponding to a page so as to perform first entrance ticket authentication and second entrance ticket authentication;

2. The method according to claim 1, wherein the first request carries an account, a password, and page information of the page corresponding to the client, and the performing identity authentication on the client in response to the first request sent by the client comprises:

and when the account is empty, performing identity authentication on the client according to the page information.

3. The method of claim 2, wherein authenticating the client according to the account and the password when the account is not empty comprises:

and sending an identity authentication request carrying the account number and the password to an authority server, and receiving an identity authentication result fed back by the authority server, wherein the identity authentication request is used for indicating the authority server to perform identity authentication on the client according to the account number and the password.

4. The method of claim 3, further comprising:

5. The method according to claim 2, wherein the authenticating the client according to the page information when the account is empty comprises:

and when the page information is not empty, determining that the identity authentication is passed.

6. The method of claim 5, further comprising:

and sending a token determined according to the page information and an identity authentication passing message to the client.

7. The method according to any one of claims 1 to 6, wherein the second request carries a token corresponding to the client, page information of the page, and an account corresponding to the client, and the obtaining and processing a first ticket corresponding to the page in response to the second request sent by the client after the client passes the identity authentication comprises:

when the account is not empty, acquiring and caching the first ticket according to the token corresponding to the client, the page information and the account, and issuing the first ticket to the client; alternatively, the first and second electrodes may be,

and when the account is empty, acquiring and caching the first ticket according to the token corresponding to the client and the page information, and issuing the first ticket to the client.

8. The method according to any one of claims 1-6, wherein the third request carries a second ticket and a page code, and the performing a first ticket authentication in response to the third request sent by the client and performing a page authentication after the first ticket authentication is passed comprises:

and performing page authentication according to the page authority configuration list and the page code.

9. The method of claim 8, wherein the page authentication comprises:

10. The method according to claim 8, wherein the third request further carries an account corresponding to the client, and the obtaining of the page permission configuration list when the first ticket authentication is passed includes:

when the account is not empty and a page permission configuration list corresponding to the account is not found in a cache region, sending a page permission configuration request carrying the account to a permission server, wherein the page permission configuration request is used for requesting to acquire the page permission configuration list corresponding to the account;

and receiving and caching the page permission configuration list fed back by the permission server.

11. The method of claim 8, wherein sending redirection instructions to the client after page authentication is passed comprises:

acquiring a real website corresponding to the page code in the page permission configuration list;

and sending a redirection instruction to the client, wherein the redirection instruction carries the real website and is used for indicating to redirect the page to a page corresponding to the real website.

12. The method of claim 11, wherein the fourth request carries a third ticket and the real website, and the performing a second ticket authentication to determine whether to redirect the page in response to the fourth request sent by the gateway corresponding to the page based on the redirection instruction comprises:

and when the second ticket authentication is passed, determining to redirect the page to the page corresponding to the real website.

13. The method of claim 1, further comprising:

removing the first ticket from the cache after the second ticket authentication is complete.

14. The method according to any one of claims 1-6, further comprising:

performing interface authentication according to the interface authority configuration list and the interface information;

and when the interface authentication is passed, sending a sixth request carrying interface information to an interface server, wherein the sixth request is used for indicating the interface server to provide interface service for the client according to the interface information.

15. The method of claim 14, wherein the interface information comprises a page code, and wherein obtaining the interface permission configuration list comprises:

when an interface authority configuration list corresponding to the page code is not found in a cache region, sending an interface authority configuration request carrying the page code to an authority server, wherein the interface authority configuration request is used for requesting to acquire the interface authority configuration list corresponding to the page code;

and receiving and caching the interface authority configuration list fed back by the authority server.

16. The method of claim 14, wherein the interface information further includes an interface code, and the performing interface authentication according to the interface authority configuration list and the interface information includes:

and when the interface authority configuration list contains the interface code, determining that the interface authentication is passed.

17. A method for redirecting a page based on an API gateway is applied to a permission server and comprises the following steps:

responding to an identity authentication request which is sent by the API gateway and carries an account and a password corresponding to the client, performing identity authentication on the client according to the account and the password, and feeding back an identity authentication result to the API gateway.

18. The method of claim 17, further comprising:

responding to a page permission configuration request which is sent by the API gateway and carries an account corresponding to the client, acquiring a page permission configuration list corresponding to the account according to the account, and feeding back the page permission configuration list to the API gateway; alternatively, the first and second electrodes may be,

and responding to an interface authority configuration request which is sent by the API gateway and carries interface information comprising page codes, acquiring an interface authority configuration list corresponding to the page codes according to the page codes, and feeding back the interface authority configuration list to the API gateway.

19. A method for redirecting a page based on an API gateway is characterized in that the method is applied to a gateway corresponding to the page and comprises the following steps:

and responding to a redirection authentication request sent by the client after receiving the redirection instruction, and sending a fourth request carrying a third ticket and the real website to the API gateway, wherein the fourth request is used for indicating the API gateway to perform second ticket authentication according to the third ticket so as to determine whether to redirect the page to the page corresponding to the real website.

20. An API gateway apparatus, comprising: a transceiver module, a processing module, a first authentication module, a second authentication module, and a third authentication module,

21. An authorization apparatus, comprising:

the transceiver module is further configured to feed back an identity authentication result to the API gateway.

22. An API gateway apparatus, comprising:

the receiving and sending module is used for receiving a redirection authentication request sent by a client after receiving a redirection instruction, and sending a fourth request carrying a third ticket and a real website to the API gateway in response to the redirection authentication request, wherein the fourth request is used for indicating the API gateway to perform second ticket authentication according to the third ticket so as to determine whether to redirect the page to the page corresponding to the real website.

23. An electronic device, comprising: a memory, a transceiver, a processor, wherein,

the memory for storing a computer program;

24. An electronic device, comprising: a memory, a transceiver, a processor, wherein,

the memory for storing a computer program;

the processor is further configured to read the computer program in the memory and perform the following operations: responding to the identity authentication request, and performing identity authentication on the client according to the account and the password;

the transceiver is further configured to feed back an identity authentication result to the API gateway under the control of the processor.

25. An electronic device, comprising: a memory, a transceiver, a processor, wherein,

the memory for storing a computer program;

the transceiver is used for receiving a redirection authentication request sent by a client after receiving a redirection instruction under the control of the processor, and sending a fourth request carrying a third ticket and a real website to the API gateway in response to the redirection authentication request, wherein the fourth request is used for indicating the API gateway to perform second ticket authentication according to the third ticket so as to determine whether to redirect the page to a page corresponding to the real website.

26. A computer storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements the method for API gateway redirection of pages as recited in any of claims 1-16.

27. A computer storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method for API gateway redirection based pages of any of claims 17-18.

28. A computer storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the method for API gateway redirection-based pages of claim 19.