CN103067404A - Method for accessing embedded web server by users - Google Patents
Method for accessing embedded web server by users Download PDFInfo
- Publication number
- CN103067404A CN103067404A CN2013100102509A CN201310010250A CN103067404A CN 103067404 A CN103067404 A CN 103067404A CN 2013100102509 A CN2013100102509 A CN 2013100102509A CN 201310010250 A CN201310010250 A CN 201310010250A CN 103067404 A CN103067404 A CN 103067404A
- Authority
- CN
- China
- Prior art keywords
- user
- web server
- login
- client
- security permission
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to a method for accessing a server by users, in particular to the method for accessing an embedded web server by the users. The method includes the steps of defining a plurality of safety permission levels, setting an operating range of each safety permission level to the web server, and setting the safety permission level of each user on the web server according to user types. Each user can only carry out configuration to the web server in the specified operating range according to the set safety permission level, and then user hierarchical management is achieved in the server. Consequently, when an illegal user inputs an absolute address in an address bar, the illegal access to user equipment is prevented.
Description
Technical field
The present invention relates to a kind of method that realizes access server, relate in particular to the method that a kind of user accesses embedded web server.
Background technology
Along with popularizing and the development of embedded system of Internet, the embedded system access network has become the important directions that embedded system is used, and embedded web server is the key component of the embedded internet application.
In the prior art, in order to realize all needing to introduce embedded OS to the better distribution of system resource and/or to the better scheduling of complex task.8 single-chip microcomputers of general employing are processed in traditional embedded OS, but because 8 traditional single-chip microcomputer speeds of service are slow, a little less than the driving force, the problems such as power consumption is large, it more and more can not satisfy the demand of design, arm processor is then with its high-performance, low-power consumption, the abundant functions such as driving have become the ideal chose of new embedded electronic product exploitation, especially ARM-Linux has good transplantability, stability, powerful agreement support function and abundant equipment support function have been widely used in the embedded OS now; Wherein, embedded device refers to have computer function, but is not called equipment or the equipment of computer, such as PDA, Mobile phone top box, automobile, microwave oven, elevator, safety system, automatic vending machine, Medical Instruments, ATM etc.
Because people day by day increase the degree of dependence that Internet uses at present, have promoted accordingly the growth of embedded technology, especially the embedded Internet technology that develops into of information household appliances provides wide space.Embedded Internet technology mainly comprises sensor technology, the communication technology, computer technology and integrated circuit technique etc.
Traditional apparatus control system is generally by carrying out in the private communication line, its communication media, communication protocol, related software and hardware all are special-purpose, and embedded system can be by various wireless (such as WAP, Blue Tooth etc.) and wired form (TCP/IP, PPP etc.) internetwork connection mode carries out communication each other, the development that is the Internet technology makes the Long-distance Control of embedded device and the change that way to manage has had matter, no longer need special-purpose communication line, and the information of transmission not office office in data-signal, sound and image etc. can also be arranged, and the particularly important is its communication protocol is standard and disclosed.
Because the standard uniformity of html language, as long as a micro server is arranged in embedded device, just can use any one Web browser to receive and transmission information, so that more and more based on the application of Web technology, and in order to satisfy supplier to the terminal equipment demand, such as the demand for the different levels user, need to carry out differentiated control to the user, namely according to different users different authorities is set, so that equipment is carried out corresponding configuration operation, as advanced level user is set has more fatal more comprehensively setting, and domestic consumer only has inquiry to wait the shirtsleeve operation authority, preventing that some unprofessional users from carrying out violation configuration, and then cause equipment to work.
Existing user staged managing need to be write a large amount of scripts for parsing in the CGI the inside, and utilize to hide or show and the page is accomplished in classification or utilized Java script to carry out classification etc., and if the disabled user is arranged in address field the inside input absolute address`, just can carry out unauthorized access to subscriber equipment, and then can cause serious adverse consequences.
Summary of the invention
For the problems referred to above that exist in the existing user staged managing, the method that now provides a kind of user to access embedded web server, described web server is connected with client communication, wherein, comprising:
Be at least domestic consumer and advanced level user in described web server definition user security Permission Levels, and according to the security permission grade at least one security permission structure array is set, and be preset with a plurality of operational motions to web server in the described security permission structure array;
Before described domestic consumer carries out operational motion by described client to described web server, web server travels through described security permission structural array, after determining that this operational motion is in the default operational motion scope of described security permission structural array, described domestic consumer carries out the aforesaid operations action to described web server;
Described advanced level user directly carries out operational motion to described web server by described client.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
The user sends logging request from described client to described web server, set up after communication connects, and described web server judges whether this client has login record.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
If this client is without login record, described web server sends login page to described client;
If this client has login record, then continue to judge whether this login record meets registration conditions.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
If this login record meets registration conditions, described web server sends the relative users center page to described client, and this user's login record is upgraded;
If this login record does not meet registration conditions, described web server sends login page to described client, and empties login record.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
Described login record comprises login ip address, user's login time, user security Permission Levels, username and password;
Described landing time is made as the time of the last operational motion of user customer according to user customer operational motion circulation renewal;
Described registration conditions is that the absolute value of described user's login time and the difference of current time is less than the login time value of setting.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
The user is by after being sent to described web server at login page with username and password, and described web server judges whether this username and password is all correct and corresponding.
If this user name or password bad and/or user name are not corresponding with password, described web server sends login page to described client;
If this username and password is all correct and corresponding, continue then to judge whether this user's login time is empty.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
If this user's login time is not empty, then send login page to described client;
If this user's login time is empty, then continue to judge this user's security permission, and according to the security permission of judging, described web server sends the relative users center page to described client, and generate this user's login record.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
Described web server sends the relative users center page to described client, when described user carries out operational motion at the customer center page to described client, described web server judges first whether the username and password in this client login record is all correct and corresponding after receiving the operational motion data of client transmission.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
If this user name or password bad and/or user name are not corresponding with password, described web server sends login page to described client, and empties login record;
If this username and password is all correct and corresponding, whether the absolute value that then continues to judge login time and the difference of current time in this client login record is less than the operating time value of setting.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
If the login time in this client login record and the absolute value of the difference of current time were worth more than or equal to the operating time, described web server sends login page to described client, and empties login record;
If login time and the absolute difference of current time in this client login record were worth less than the operating time, then obtain the ip address of active client, and compare with login ip address in this client login record.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
If active client ip address is different from the login ip address in the login record, described web server sends login page to described client, and empties the login record on this client;
If active client ip address is identical with the login ip address in the login record, described web server judges that according to the user security Permission Levels in the login record on the client aforesaid operations action is whether in its security permission opereating specification.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
If the aforesaid operations action is in the security permission opereating specification of user security Permission Levels, described web server is carried out this operational motion;
If the aforesaid operations action is not in the security permission opereating specification of user security Permission Levels, described web server is not carried out this operation, and described web server sends the user right information to described client.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
Described user security Permission Levels comprise domestic consumer and advanced level user, and also are provided with security permission structure array for domestic consumer, are preset with a plurality of operational motions to web server in this security permission structure array;
If the user security Permission Levels on the client in the login record are advanced level user, described web server is directly carried out this operational motion;
If the user security Permission Levels on the client in the login record are domestic consumer, described web server travels through described security permission structure array, to judge that aforesaid operations action is whether in its default a plurality of operational motion scopes to web server.
Above-mentioned user accesses the method for embedded web server, wherein, also comprises:
If in its default a plurality of operational motion scopes to web server, described web server is then carried out this operational motion for aforesaid operations action;
If not in its default a plurality of operational motion scopes to web server, described web server is not then carried out this operational motion for aforesaid operations action, described web server sends the user right information to described client.
The described user of above-mentioned any one accesses the method for embedded web server, wherein, when described user withdraws from from described customer center Pages Security, empties this user's login record.
In sum, user of the present invention accesses the method for embedded web server, by carry out user staged managing in server, to solve when the disabled user is arranged in address field the inside input absolute address`, avoids it that subscriber equipment is carried out unauthorized access.
Description of drawings
Fig. 1 is communication structure schematic diagram between client and the web server in the embodiment of the invention;
Fig. 2 is by the Add User schematic diagram of security permission grade of web server in the embodiment of the invention;
Fig. 3 is that web server asks to send respective page to the schematic diagram of client for client is different in the embodiment of the invention;
Fig. 4 is the schematic flow sheet of client Input Address acquisition request login interface in the embodiment of the invention;
Fig. 5 be in the embodiment of the invention client from the schematic flow sheet at login page login user center;
Fig. 6 is that the user logins successfully the rear schematic flow sheet that web server is carried out operation requests in the embodiment of the invention;
Fig. 7 is the schematic flow sheet that user security withdraws from the embodiment of the invention.
Embodiment
Below in conjunction with accompanying drawing the specific embodiment of the present invention is further described:
A kind of user accesses the method for embedded web server, based on the communication connection embedded web server and client:
At first, the a plurality of security permission grades of predefine on web server, and each security permission grade is set to the opereating specification of web server, and set each user's security permission grade according to user type, and can only being configured web server in the opereating specification according to the security permission grade regulation of setting of each user; As user type is set is common (user) user and senior (admin) user, and by user user being set Permission Levels structure array so that user user's privilege feature to be set, when operating, use user need to travel through Permission Levels structure array to realize as to check facility information, the operation of the simple functions such as easy configuration data, but user user can not operate some rank higher functionality, as not carrying out the access of some hidden data, can not use that super-ordinate right maybe can not be configured Premium Features etc., the functional class that admin user then need not set Permission Levels structure array or setting Permission Levels structure array is the highest, set Permission Levels structure array directly to skip, directly carry out admin user's operation, as in home gateway, admin user can carry out qos and arrange, formation arranges, Control on Communication, the UPNP function, the operations such as broadband setting and/or telemanagement.
Secondly, after setting user gradation and security permission thereof, the user sends logging request from client to web server, connect to set up communication, web server judges whether this client has login record (being stored among the cookie of client) to login ip address, user's login time, user security Permission Levels, username and password etc. such as the user; If this client is without login record, web server then sends login page to client, prompting user input username and password; If this client has login record, then continue to judge whether this login record meets registration conditions; If this login record meets registration conditions, web server sends the relative users center page to client, and this user's login record is upgraded (as login time being updated to the time of the last operation of user customer); If this login record does not meet registration conditions, web server sends login page to client, and prompting user do not meet the reason of registration conditions, such as login-timeout etc., and the login record of this client is emptied.
Further, above-mentioned registration conditions is that the absolute value of user's login time and the difference of current time in the login record of client is less than the login time value d(d that sets>0), and the username and password in the login record is all correct and corresponding.
Afterwards, the user is by after being sent to web server at login page with username and password, and web server judges whether this username and password is all correct and corresponding; If this username and password is all correct and corresponding, continue then to judge whether this user's login time is empty; If this user's login time is not empty, then send login page to client, and prompting login failure reason is as there being other users logining account under this user name etc.; If this user's login time is empty, then continue to judge this user's security permission, and according to the security permission of judging, web server sends the relative users center page to client, and generate this user's login record, in the cookie that is stored in client; And if this user name or password bad and/or user name are not corresponding with password, web server sends login page to client, and prompting user login failure reason such as password bad etc.
Then, after the user successfully logins and enters the relative users center page, the user carries out operational motion at the customer center page to client, web server is behind the corresponding operating action data that receives the client transmission, and web server judges whether the username and password in the login record on this client (being stored in the user profile among the cookie) is all correct and corresponding:
If this user name or password bad and/or user name are not corresponding with password, web server sends login page to client, and sends logon error information such as password bad etc., empties simultaneously login record;
If this username and password is all correct and corresponding, continue then to judge that whether the absolute value of this user's login time and the difference of current time is less than the operating time value D that sets;
If the absolute value of the difference of user's login time and current time is worth D more than or equal to the operating time, web server sends login page to client, sends logon error information to client such as overtime energy of operating time, empties simultaneously login record on this client;
If the absolute value of the difference of user's login time and current time was worth less than the operating time, then obtain active client ip address, and compare with login ip address in the login record, by the input absolute address` web server is carried out illegal operation to prevent the disabled user;
If active client ip address is different from the login ip address in the login record, web server sends login page to client, and sends error message such as this user name is logined, and this empties login record on the client simultaneously;
If active client ip address is identical with the login ip address in the login record, web server judges that according to the user security Permission Levels in the login record above-mentioned configuration operation is whether in its security permission opereating specification;
If above-mentioned configuration operation is in the security permission opereating specification of user security Permission Levels, then web server is carried out this configuration operation;
If in the security permission opereating specification of user security Permission Levels, then web server is not carried out this configuration operation to above-mentioned configuration operation, and web server sends the user right information to client.
At last, when the user withdraws from the customer center Pages Security, empty this user's login record.
Because, individual principle is arranged: the safety of the authority of minimum service+minimum=maximum in security fields, the application is based on above-mentioned principle, on the terminal (web server) of embedded device, scope according to authority and the service of obtaining is divided into different security permission grades with the client, as the client being divided into domestic consumer (user) and advanced level user (admin), different authorities is set for different secured users from low to high, obtain the configuration authority of the different range that the embedded device terminal provides according to separately authority, can not enter the configuration center of advanced level user (admin) such as domestic consumer (user), and can not dispose the configuration authority that advanced level user just has, and then improve the configuration fail safe of embedded type terminal equipment.
For the more detailed method that user of the present invention is accessed embedded web server describes, the below sets forth with specific embodiment:
Set up the communication connection of embedded web server and client in the present embodiment based on the http agreement of TCP/IP, and adopting socket to finish communicating by letter between web server and the client, the user is set to domestic consumer (user) and advanced level user (admin) simultaneously.
Fig. 1 is communication structure schematic diagram between client and the web server in the embodiment of the invention; As shown in Figure 1, according to the principle of TCP/IP, after connecting, utilize Write () and Read () to finish and transmit and receive data, and follow-up these two functions that all utilize alternately carry out sending and receiving; Client Write () request msg is to web server, after web server the Read () request msg, the data that receive are resolved according to user's request, and this user's access rights are judged, sending corresponding respective request data to client, next step concrete operations of prompting user.
Fig. 2 is by the Add User schematic diagram of security permission grade of web server in the embodiment of the invention; As shown in Figure 2, the user sends the request logon data by computer client, after web server listens to the request of client, resolve the data that client sends over, first its header is sent to computer client, resolve as requested, with the rank of judgement to the usefulness user, and record login time and ip address; Read corresponding data according to judged result, to send packet to computer client.
Fig. 3 is that web server asks to send respective page to the schematic diagram of client for client is different in the embodiment of the invention; As shown in Figure 3, the user sends request msg by client to web server, and web server sends the corresponding page to client according to the type of request msg after receiving request msg; Wherein, the type of request msg comprises request 103 after client Input Address acquisition request login interface 101, login page client-requested login user center 102, user login successfully and the request 104 of Safe withdrawing.
Fig. 4 is the schematic flow sheet of client Input Address acquisition request login interface in the embodiment of the invention; As shown in Figure 4, when the client requests data were client Input Address acquisition request login interface 101, the user is Input Address such as http on the browser of client: behind // the 192.168.1.1 etc., with the acquisition request login interface; Web server is after receiving the request of data that client sends over, judge and require to obtain login page, and check whether this user logined, whether the cookie that namely resolves this client contains corresponding username and password, if do not have username and password or username and password incorrect, web server sends the login page of user's request, if and the username and password of cookie the inside is correct, continue then to judge whether login time (login_time) is empty (if be Safe withdrawing after once logining before this user, then login_time is cleared), if login_time is the login page that empty then web server sends user's request; And if login_time is not empty, need then to judge again that whether the absolute value of login time (login_time) and the difference between the current time is less than the login time value d that stipulates, if then continue to judge the rank of security permission grade (level) less than the login time value, web server sends corresponding interface to client, as judge that the user is that user then sends the user interface to client, if judge that the user then sends the admin interface to client for admin; And if whether the absolute value of login time (login_time) and the difference between the current time more than or equal to the login time value d of regulation, then web server sends corresponding interface to client.
Fig. 5 be in the embodiment of the invention client from the schematic flow sheet at login page login user center; As shown in Figure 5, web server sends login page to client, and the user inputs username and password by login page, with the customer center of request login web server.
At first, web server is verified the username and password that client sends; After web server receives the message that client sends over, from data field, extract username and password, with be stored in the verification of comparing of username and password among the flash, if wrong, the input of prompting user username and password is wrong, and return login page, to allow the user again input username and password; When if username and password is correct and corresponding, continue then to judge whether login time (login_time) is sky, online to have judged whether this user name, online user is squeezed out when preventing from logining; If login_time is not sky then represents that the existing subscriber logins that the prompting reason is also returned login page.
Secondly, if login_time is empty, then user class (level) is carried out assignment, and start timer and record ip address, generate login record (logining ip address, user's login time, user security Permission Levels, username and password etc. such as the user) and be stored among the cookie of client; Continue to judge that user class (level) is to enter corresponding domestic consumer and advanced level user interface, as judging that the user then sends the user interface to client for user, if judge that the user then sends the admin interface to client for admin.
Fig. 6 is that the user logins successfully the rear schematic flow sheet that web server is carried out operation requests in the embodiment of the invention; As shown in Figure 6, after the user successfully signed in to corresponding customer center by client, the user sends request msg (as to data configuration operation of web server etc.), and to web server, web server was after receiving request msg:
At first, judge whether the username and password of storing in the cookie of client is correct, if incorrectly will turn back to login interface, need client to re-enter user and password and again verify; And if username and password is all correct, then continue login time (login_time) is judged, with absolute value and setting operation time value D(D>0 of the difference of login_time and current time) compare; If overtime, then login record is emptied such as user class (level) and login ip address (login_ip) with login time (login_time), login and all be set to NULL, and prompting user be overtime, sends login page;
Secondly, if the absolute difference of login_time and current time is not greater than setting operation time value D, the ip address of then continuing to judge active client whether with login record in login ip address whether consistent, if inconsistent explanation has had the user to login account under this user name, prompting has had the user to login this user name, and sends login page; And if the ip address of active client is consistent with the login ip address in the login record, then continue to judge user class level, if user level is advanced level user (admin), then return the needed configuration page of client according to user's request, if user level is domestic consumer (user), then to travel through the good structure of predefined, with the operation of confirming user's this moment whether in the extent of competence of predefined; If not intra vires, illustrate that then this user right is inadequate, send prompting user Insufficient privilege information to client, if in the extent of competence in defined structure, the correct required information of client of returning then.
Fig. 7 is the schematic flow sheet that user security withdraws from the embodiment of the invention; As shown in Figure 7, the user is after successfully signing in to the relative users center, or after configuration is finished, send the Safe withdrawing request, web server is after receiving the information of Safe withdrawing (web server reception message), login record among the cookie of client is emptied (as login time (login_time), the user class (level) of logining, login ip address (login_ip) etc. all are set to NULL), and turn back to login interface.
The embodiment of the invention is set up the communication connection of embedded server and client based on the http agreement of TCP/IP, and adopt communicating by letter between socket completion service device and the client, namely when client need to send message to server, client is set up first the socket communication channel, and the employing large end syllable sequence of ICP/IP protocol such as IPV4 internet domain etc., so that its message is tied to the grid port, and then establishment cover byte, realization is set up in order, reliably, two-way connection-oriented byte stream, transmit and receive data and utilize send () and Recv () to finish, set up the TCP connection owing to need client to be connected with service end, then could send to service end to the request of data of client, so the part of user's classification is arranged on the data of resolving client and searches between the data and finish.
In sum, the application is by being arranged on user's classification in the flush type WEB server, and then improves communication security, and has the following advantages:
A, two users can not login simultaneously, namely have a user to login, another user just can not the login, must etc. another one user withdraw from or overtime after could login, carry out simultaneously the identical configuration page to prevent two users, avoid clashing.
B, a client (PC) can only be logined a user, if namely this client has been logined a user, another client just can not be logined this user simultaneously so, and the limited time system of login, overtime just can not the access, must re-enter user name and user cipher, to re-start checking.
If c user logins, but because of carelessness browser has been turned off, if Input Address again, server can check that this user's login time is whether in effective range within the time, if in effective range within the time, then need not to input again username and password, will automatically jump to user's login center by the cookie that checks client.
D, when user security withdraws from, server can empty all log-on messages (login record) of this user, and returns login page.
Although more than described the specific embodiment of the present invention, it will be understood by those of skill in the art that these are process descriptions, protection scope of the present invention is limited by appended claims.Those skilled in the art can make various changes or modifications to these execution modes under the prerequisite that does not deviate from principle of the present invention and essence, but these changes and modification all fall into protection scope of the present invention.
Claims (15)
1. a user accesses the method for embedded web server, and described web server is connected with client communication, it is characterized in that, comprising:
Be at least domestic consumer and advanced level user in described web server definition user security Permission Levels, and according to the security permission grade at least one security permission structure array is set, and be preset with a plurality of operational motions to web server in the described security permission structure array;
Before described domestic consumer carries out operational motion by described client to described web server, web server travels through described security permission structural array, after determining that this operational motion is in the default operational motion scope of described security permission structural array, described domestic consumer carries out the aforesaid operations action to described web server;
Described advanced level user directly carries out operational motion to described web server by described client.
2. user according to claim 1 accesses the method for embedded web server, it is characterized in that, also comprises:
The user sends logging request from described client to described web server, set up after communication connects, and described web server judges whether this client has login record.
3. user according to claim 2 accesses the method for embedded web server, it is characterized in that, also comprises:
If this client is without login record, described web server sends login page to described client;
If this client has login record, then continue to judge whether this login record meets registration conditions.
4. user according to claim 3 accesses the method for embedded web server, it is characterized in that, also comprises:
If this login record meets registration conditions, described web server sends the relative users center page to described client, and this user's login record is upgraded;
If this login record does not meet registration conditions, described web server sends login page to described client, and empties login record.
5. user according to claim 4 accesses the method for embedded web server, it is characterized in that, also comprises:
Described login record comprises login ip address, user's login time, user security Permission Levels, username and password;
Described landing time is made as the time of the last operational motion of user customer according to user customer operational motion circulation renewal;
Described registration conditions is that the absolute value of described user's login time and the difference of current time is less than the login time value of setting.
6. user according to claim 4 accesses the method for embedded web server, it is characterized in that, also comprises:
The user is by after being sent to described web server at login page with username and password, and described web server judges whether this username and password is all correct and corresponding;
If this user name or password bad and/or user name are not corresponding with password, described web server sends login page to described client;
If this username and password is all correct and corresponding, continue then to judge whether this user's login time is empty.
7. user according to claim 6 accesses the method for embedded web server, it is characterized in that, also comprises:
If this user's login time is not empty, then send login page to described client;
If this user's login time is empty, then continue to judge this user's security permission, and according to the security permission of judging, described web server sends the relative users center page to described client, and generate this user's login record.
8. user according to claim 7 accesses the method for embedded web server, it is characterized in that, also comprises:
Described web server sends the relative users center page to described client, when described user carries out operational motion at the customer center page to described client, described web server judges first whether the username and password in this client login record is all correct and corresponding after receiving the operational motion data of client transmission.
9. user according to claim 8 accesses the method for embedded web server, it is characterized in that, also comprises:
If this user name or password bad and/or user name are not corresponding with password, described web server sends login page to described client, and empties login record;
If this username and password is all correct and corresponding, whether the absolute value that then continues to judge login time and the difference of current time in this client login record is less than the operating time value of setting.
10. user according to claim 9 accesses the method for embedded web server, it is characterized in that, also comprises:
If the login time in this client login record and the absolute value of the difference of current time were worth more than or equal to the operating time, described web server sends login page to described client, and empties login record;
If login time and the absolute difference of current time in this client login record were worth less than the operating time, then obtain the ip address of active client, and compare with login ip address in this client login record.
11. user according to claim 10 accesses the method for embedded web server, it is characterized in that, also comprises:
If active client ip address is different from the login ip address in the login record, described web server sends login page to described client, and empties the login record on this client;
If active client ip address is identical with the login ip address in the login record, described web server judges that according to the user security Permission Levels in the login record on the client aforesaid operations action is whether in its security permission opereating specification.
12. user according to claim 11 accesses the method for embedded web server, it is characterized in that, also comprises:
If the aforesaid operations action is in the security permission opereating specification of user security Permission Levels, described web server is carried out this operational motion;
If the aforesaid operations action is not in the security permission opereating specification of user security Permission Levels, described web server is not carried out this operation, and described web server sends the user right information to described client.
13. user according to claim 10 accesses the method for embedded web server, it is characterized in that, also comprises:
Described user security Permission Levels comprise domestic consumer and advanced level user, and also are provided with security permission structure array for domestic consumer, are preset with a plurality of operational motions to web server in this security permission structure array;
If the user security Permission Levels on the client in the login record are advanced level user, described web server is directly carried out this operational motion;
If the user security Permission Levels on the client in the login record are domestic consumer, described web server travels through described security permission structure array, to judge that aforesaid operations action is whether in its default a plurality of operational motion scopes to web server.
14. user according to claim 13 accesses the method for embedded web server, it is characterized in that, also comprises:
If in its default a plurality of operational motion scopes to web server, described web server is then carried out this operational motion for aforesaid operations action;
If not in its default a plurality of operational motion scopes to web server, described web server is not then carried out this operational motion for aforesaid operations action, described web server sends the user right information to described client.
15. the described user of any one accesses the method for embedded web server according to claim 4-14, it is characterized in that, when described user withdraws from from described customer center Pages Security, empties this user's login record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310010250.9A CN103067404B (en) | 2013-01-10 | 2013-01-10 | A kind of method that user accesses embedded web server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310010250.9A CN103067404B (en) | 2013-01-10 | 2013-01-10 | A kind of method that user accesses embedded web server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103067404A true CN103067404A (en) | 2013-04-24 |
| CN103067404B CN103067404B (en) | 2018-09-28 |
Family
ID=48109865
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310010250.9A Active CN103067404B (en) | 2013-01-10 | 2013-01-10 | A kind of method that user accesses embedded web server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103067404B (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103812866A (en) * | 2014-01-28 | 2014-05-21 | 深圳市中兴移动通信有限公司 | Operation layer management method, operation layer management device and mobile terminal |
| CN104349179A (en) * | 2013-07-24 | 2015-02-11 | 中兴通讯股份有限公司 | IPTV system login processing method and device |
| CN105282145A (en) * | 2015-09-14 | 2016-01-27 | 浪潮集团有限公司 | Multi-data center user access control method and system |
| CN103763149B (en) * | 2013-12-27 | 2017-01-25 | 北京集奥聚合科技有限公司 | Real-time statistical method for network user number |
| CN107609136A (en) * | 2017-09-19 | 2018-01-19 | 北京许继电气有限公司 | Based on the autonomous controlled data storehouse auditing method and system for accessing feature indication |
| CN108616499A (en) * | 2018-03-02 | 2018-10-02 | 努比亚技术有限公司 | A kind of method for authenticating of application program, terminal and computer readable storage medium |
| CN109379254A (en) * | 2018-11-07 | 2019-02-22 | 视联动力信息技术股份有限公司 | A kind of detection method and system of the network connection based on video conference |
| CN109409104A (en) * | 2018-09-20 | 2019-03-01 | 视联动力信息技术股份有限公司 | A kind of method and system that interface shows |
| CN109977661A (en) * | 2019-04-09 | 2019-07-05 | 福建奇点时空数字科技有限公司 | A kind of network safety protection method and system based on big data platform |
| CN116208378A (en) * | 2023-01-03 | 2023-06-02 | 学银通融(北京)教育科技有限公司 | Method, device and equipment for preventing user from logging in repeatedly |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040213260A1 (en) * | 2003-04-28 | 2004-10-28 | Cisco Technology, Inc. | Methods and apparatus for securing proxy Mobile IP |
| CN101018155A (en) * | 2007-02-08 | 2007-08-15 | 华为技术有限公司 | Network element management method, system and network element |
| CN101388797A (en) * | 2008-11-05 | 2009-03-18 | 杭州华三通信技术有限公司 | Method for realizing authority control in network management and network management system |
| CN101702687A (en) * | 2009-11-27 | 2010-05-05 | 北京傲天动联技术有限公司 | Method for utilizing device with exchange board structure as broadband access server |
| CN102204307A (en) * | 2011-06-15 | 2011-09-28 | 华为技术有限公司 | Wlan authentication method based on MAC address and device thereof |
| CN102739686A (en) * | 2012-07-05 | 2012-10-17 | 无锡中科泛在信息技术研发中心有限公司 | Method for restricting users to login at multiple locations simultaneously |
-
2013
- 2013-01-10 CN CN201310010250.9A patent/CN103067404B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040213260A1 (en) * | 2003-04-28 | 2004-10-28 | Cisco Technology, Inc. | Methods and apparatus for securing proxy Mobile IP |
| CN101018155A (en) * | 2007-02-08 | 2007-08-15 | 华为技术有限公司 | Network element management method, system and network element |
| CN101388797A (en) * | 2008-11-05 | 2009-03-18 | 杭州华三通信技术有限公司 | Method for realizing authority control in network management and network management system |
| CN101702687A (en) * | 2009-11-27 | 2010-05-05 | 北京傲天动联技术有限公司 | Method for utilizing device with exchange board structure as broadband access server |
| CN102204307A (en) * | 2011-06-15 | 2011-09-28 | 华为技术有限公司 | Wlan authentication method based on MAC address and device thereof |
| CN102739686A (en) * | 2012-07-05 | 2012-10-17 | 无锡中科泛在信息技术研发中心有限公司 | Method for restricting users to login at multiple locations simultaneously |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104349179A (en) * | 2013-07-24 | 2015-02-11 | 中兴通讯股份有限公司 | IPTV system login processing method and device |
| CN103763149B (en) * | 2013-12-27 | 2017-01-25 | 北京集奥聚合科技有限公司 | Real-time statistical method for network user number |
| CN103812866A (en) * | 2014-01-28 | 2014-05-21 | 深圳市中兴移动通信有限公司 | Operation layer management method, operation layer management device and mobile terminal |
| CN105282145A (en) * | 2015-09-14 | 2016-01-27 | 浪潮集团有限公司 | Multi-data center user access control method and system |
| CN107609136A (en) * | 2017-09-19 | 2018-01-19 | 北京许继电气有限公司 | Based on the autonomous controlled data storehouse auditing method and system for accessing feature indication |
| CN107609136B (en) * | 2017-09-19 | 2021-03-05 | 北京许继电气有限公司 | Access characteristic marking-based autonomous controllable database auditing method and system |
| CN108616499A (en) * | 2018-03-02 | 2018-10-02 | 努比亚技术有限公司 | A kind of method for authenticating of application program, terminal and computer readable storage medium |
| CN109409104A (en) * | 2018-09-20 | 2019-03-01 | 视联动力信息技术股份有限公司 | A kind of method and system that interface shows |
| CN109379254A (en) * | 2018-11-07 | 2019-02-22 | 视联动力信息技术股份有限公司 | A kind of detection method and system of the network connection based on video conference |
| CN109977661A (en) * | 2019-04-09 | 2019-07-05 | 福建奇点时空数字科技有限公司 | A kind of network safety protection method and system based on big data platform |
| CN116208378A (en) * | 2023-01-03 | 2023-06-02 | 学银通融(北京)教育科技有限公司 | Method, device and equipment for preventing user from logging in repeatedly |
| CN116208378B (en) * | 2023-01-03 | 2023-11-24 | 学银通融(北京)教育科技有限公司 | Method, device and equipment for preventing user from logging in repeatedly |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103067404B (en) | 2018-09-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103067404A (en) | Method for accessing embedded web server by users | |
| CN101075875B (en) | Method and system for realizing monopoint login between gate and system | |
| CN1658593B (en) | Media streaming home network system and method for operating the same | |
| CN101971184B (en) | Client/server system for communicating according to the standard protocol OPC UA and having single sign-on mechanisms for authenticating, and method for performing single sign-on in such a system | |
| CN102611709B (en) | Access control method and system for third party resources | |
| CN103152331B (en) | The method, system and the cloud server that log in/register is carried out by mobile terminal | |
| WO2015102872A1 (en) | Split-application infrastructure | |
| US20150101025A1 (en) | Image forming apparatus, method of controlling the same, and storage medium | |
| CN103944890A (en) | Virtual interaction system and method based on client/server mode | |
| CN104468487A (en) | Communication authentication method and device and terminal device | |
| CN105162802B (en) | Portal authentication method and certificate server | |
| US10425245B2 (en) | Method for setting up a local control channel between a control unit and a building-internal access portal | |
| CN103124267A (en) | Method, system and cloud server for login/registration through mobile terminal | |
| CN103179080B (en) | The cloud computer system of a kind of Internet user and the method for connection cloud computer | |
| US9497270B2 (en) | Federated timeout | |
| CN103618767A (en) | Virtual machine configuration method and related equipment | |
| CN102299945A (en) | Gateway configuration page registration method, system thereof and portal certificate server | |
| CN104753854A (en) | Method for setting uniform Web interface for various authentication/authorization servers | |
| CN102075504A (en) | Method and system for realizing two-layer Portal authentication and Portal server | |
| US20120106399A1 (en) | Identity management system | |
| CN101969426B (en) | Distributed user authentication system and method | |
| CN107800715B (en) | portal authentication method and access equipment | |
| CN103001931A (en) | Communication system of terminals interconnected among different networks | |
| CN106802832B (en) | Jenkins node state management method and device | |
| Cisco | Configuring Terminal Operating Characteristics for Dial-In Sessions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20201106 Address after: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee after: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. Address before: 201616 Shanghai city Songjiang District Guangfulin road 4855 Lane 20, No. 90 Patentee before: Phicomm (Shanghai) Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20130424 Assignee: Hangzhou Bolian Intelligent Technology Co.,Ltd. Assignor: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. Contract record no.: X2021330000761 Denomination of invention: A method for users to access embedded web server Granted publication date: 20180928 License type: Common License Record date: 20211117 Application publication date: 20130424 Assignee: ZHEJIANG SUPCON TECHNOLOGY Co.,Ltd. Assignor: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. Contract record no.: X2021330000762 Denomination of invention: A method for users to access embedded web server Granted publication date: 20180928 License type: Common License Record date: 20211117 |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230511 Address after: Room 115-43, No.160 Xiangyuan Road, Jingjin Technology Valley Industrial Park, Wuqing District, Tianjin, 301721 Patentee after: Tianjin Zhongyi E-commerce Co.,Ltd. Address before: Room 10242, No. 260, Jiangshu Road, Xixing street, Binjiang District, Hangzhou City, Zhejiang Province Patentee before: Hangzhou Jiji Intellectual Property Operation Co.,Ltd. |