Invention content
For the above problem present in existing user staged managing, a kind of user's access embedded type web clothes are now provided
The method of business device, the web server are connect with client communication, wherein including:
User security Permission Levels are defined in the web server and are at least ordinary user and advanced level user, and according to peace
At least one security permission Array for structural body is arranged in full Permission Levels, and is preset in the security permission Array for structural body multiple
To the operational motion of web server;
Before the ordinary user carries out operational motion by the client to the web server, web server traversal
The security permission structural array determines the operational motion within the scope of the preset operational motion of security permission structural array
Afterwards, the ordinary user carries out aforesaid operations action to the web server;
The advanced level user directly carries out operational motion by the client to the web server.
The method that above-mentioned user accesses embedded web server, wherein further include:
User sends logging request from the client to the web server, after establishing communication connection, the web clothes
Business device judges whether the client has login record.
The method that above-mentioned user accesses embedded web server, wherein further include:
If the client, without login record, the web server sends login page to the client;
If the client has login record, continue to judge whether the login record meets registration conditions.
The method that above-mentioned user accesses embedded web server, wherein further include:
If the login record meets registration conditions, the web server sends the relative users center page to the client
End, and the login record of the user is updated;
If the login record does not meet registration conditions, the web server sends login page to the client, and clear
Empty login record.
The method that above-mentioned user accesses embedded web server, wherein further include:
The login record includes logging in ip addresses, the login time of user, user security Permission Levels, user name and close
Code;
The landing time is cyclically updated according to user customer operational motion, is set as user customer last time
The time of operational motion;
The registration conditions are absolute value the stepping on less than setting of the login time of the user and the difference of current time
Record time value.
The method that above-mentioned user accesses embedded web server, wherein further include:
User is by the way that after username and password is sent to the web server by login page, the web server is sentenced
Whether the disconnected username and password is correct and corresponding.
If the user name or password bad and/or user name are not correspond to password, the web server, which is sent, to be logged in
The page is to the client;
If the username and password is correct and corresponding, continue to judge whether the login time of the user is empty.
The method that above-mentioned user accesses embedded web server, wherein further include:
If the login time of the user is not sky, login page is sent to the client;
If the login time of the user is sky, continue the security permission for judging the user, and according to the safety judged
Permission, the web server sends the relative users center page to the client, and generates the login record of the user.
The method that above-mentioned user accesses embedded web server, wherein further include:
After the web server sends the relative users center page to the client, the user is in customer center page
When carrying out operational motion in face of the client, after the web server receives the operational motion data of client transmission, first
Judge whether the username and password in the client login record is correct and corresponding.
The method that above-mentioned user accesses embedded web server, wherein further include:
If the user name or password bad and/or user name are not correspond to password, the web server, which is sent, to be logged in
The page empties login record to the client;
If the username and password is correct and corresponding, continue to judge in the client login record login time and
Whether the absolute value of the difference of current time is less than the operating time value of setting.
The method that above-mentioned user accesses embedded web server, wherein further include:
If the absolute value of the difference of login time and current time in the client login record is greater than or equal to operation
Time value, the web server sends login page to the client, and empties login record;
If the absolute difference of login time and current time in the client login record is less than operating time value,
The addresses ip of active client are obtained, and are compared with the addresses login ip in the client login record.
The method that above-mentioned user accesses embedded web server, wherein further include:
If the addresses active client ip are different from the addresses login ip in login record, the web server, which is sent, to be logged in
The page empties the login record in the client to the client;
If the addresses active client ip are identical as the addresses login ip in login record, the web server is according to client
Whether the user security Permission Levels on end in login record judge aforesaid operations action in its security permission opereating specification.
The method that above-mentioned user accesses embedded web server, wherein further include:
If aforesaid operations act in the security permission opereating specification of user security Permission Levels, the web server is held
The row operational motion;
If aforesaid operations act not in the security permission opereating specification of user security Permission Levels, the web server
The operation is not executed, and the web server sends user right prompt message to the client.
The method that above-mentioned user accesses embedded web server, wherein further include:
The user security Permission Levels include ordinary user and advanced level user, and are additionally provided with safety for ordinary user
Purview structure body array is preset with multiple operational motions to web server in the security permission Array for structural body;
If the user security Permission Levels in client in login record are advanced level user, the web server is directly held
The row operational motion;
If the user security Permission Levels in client in login record are ordinary user, the web server traverses institute
Security permission Array for structural body is stated, to judge whether aforesaid operations action is dynamic in its preset multiple operation to web server
Make in range.
The method that above-mentioned user accesses embedded web server, wherein further include:
If whether aforesaid operations act within the scope of its preset multiple operational motion to web server, the web clothes
Business device then executes the operational motion;
If whether aforesaid operations act not within the scope of its preset multiple operational motion to web server, the web
Server does not execute the operational motion then, and the web server sends user right prompt message to the client.
The method that user described in above-mentioned any one accesses embedded web server, wherein the user is from the use
When the page Safe withdrawing of family center, the login record of the user is emptied.
In conclusion the method that user of the present invention accesses embedded web server, by carrying out user point in the server
Grade management avoids it from carrying out user equipment illegal to solve when there is disabled user to input absolute address inside address field
It accesses.
Specific implementation mode
The specific implementation mode of the present invention is further described below in conjunction with the accompanying drawings:
A kind of method that user accesses embedded web server, the embedded web server based on communication connection and client
End:
First, in predefined multiple security permission grades in web server, and each security permission grade is set to web
The opereating specification of server, and set according to user type the security permission grade of each user, and each user can only root
Web server is configured in opereating specification according to the security permission grade regulation of setting;It is common that user type, which is such as arranged,
(user)User and advanced(admin)User, and by setting Permission Levels Array for structural body to user user user is arranged
The privilege feature of user needs to be traversed for Permission Levels Array for structural body when use user operates and such as checks equipment to realize
The operation of the simple functions such as information, easy configuration data, but user user cannot operate some rank higher functionalities, such as
The access of some hidden data cannot be carried out, super-ordinate right cannot be used or Premium Features cannot be configured etc., and admin
User is then not required to setting Permission Levels Array for structural body or sets the functional class highest of Permission Levels Array for structural body, with direct
Setting Permission Levels Array for structural body is skipped, directly executes the operation of admin user, such as in home gateway, admin user can
Carry out the operations such as qos settings, queue setting, communication control, UPNP functions, broadband setting and/or remote management.
Secondly, after setting user gradation and its security permission, user sends to log in from client to web server and ask
It asks, to establish communication connection, web server judges whether the client has login record(It is stored in the cookie of client)
Such as user logs in the addresses ip, the login time of user, user security Permission Levels, username and password;If the client without
Login record, web server then send login page to client, user are prompted to input username and password;If the client
There is login record, then continues to judge whether the login record meets registration conditions;If the login record meets registration conditions, web
Server sends the relative users center page and is updated to client, and to the login record of the user(Such as by login time
It is updated to the time of user customer last time operation);If the login record does not meet registration conditions, web server hair
The reason of sending login page to client, and user prompted not meet registration conditions, such as login-timeout, and by the client
Login record empties.
Further, above-mentioned registration conditions be client login record in user's login time and current time difference
The absolute value of value is less than the login time value d of setting(D > 0), and the username and password in login record is correct and opposite
It answers.
Later, user is by the way that after username and password is sent to web server by login page, web server judges
Whether the username and password is correct and corresponding;If the username and password is correct and corresponding, continue to judge to be somebody's turn to do
Whether the login time of user is empty;If the login time of the user is not sky, login page is sent to client, and prompt
Login failure reason has such as had other users logging in the account under the user name;If the login time of the user is
Sky then continues the security permission for judging the user, and according to the security permission judged, web server is sent in relative users
The heart page generates the login record of the user to client, to be stored in the cookie of client;And if the user name or
Password bad and/or user name are not correspond to password, and web server sends login page to client, and prompts user
Login failure reason such as password bad etc..
Then, after user successfully logs in and enters the relative users center page, user is in the customer center page to client
Operational motion is carried out, for web server after receiving the corresponding operating action data that client is sent, web server judges the visitor
Username and password on the end of family in login record(The user information being stored in cookie)It is whether correct and corresponding:
If the user name or password bad and/or user name are not correspond to password, web server sends login page
To client, and send logon error information such as password bad etc., while emptying login record;
If the username and password is correct and corresponding, continue the difference for judging user's login time and current time
Whether the absolute value of value is less than the operating time value D of setting;
If the absolute value of the difference of user's login time and current time is greater than or equal to operating time value D, web server
Login page is sent to client, sends logon error information to client such as operating time time-out energy, while emptying the client
Login record on end;
If the absolute value of the difference of user's login time and current time is less than operating time value, active client is obtained
The addresses ip, and be compared with the addresses login ip in login record, to prevent disabled user by inputting absolute address to web
Server carries out illegal operation;
If the addresses active client ip are different from the addresses login ip in login record, web server sends login page
To client, and send error message such as the user name has logged in, while this empties login record in client;
If the addresses active client ip are identical as the addresses login ip in login record, web server is according to login record
In user security Permission Levels judge that above-mentioned configuration operates whether in its security permission opereating specification;
If above-mentioned configuration operation is in the security permission opereating specification of user security Permission Levels, web server executes
The configuration operates;
If above-mentioned configuration operation is not in the security permission opereating specification of user security Permission Levels, web server is not
Configuration operation is executed, and web server sends user right prompt message to client.
Finally, user empties the login record of the user when customer center Pages Security exits.
Due to there is a principle in security fields:The permission of minimum service+minimum=maximum safety, the application are based on
Above-mentioned principle, in the terminal of embedded device(Web server)On, client is divided according to permission and the range for obtaining service
For different security permission grades, client is such as divided into ordinary user(user)And advanced level user(admin), with to from low to high
Different permissions is arranged in different secured users, and matching for the different range that embedded device terminal provides is obtained according to respective permission
Set permission, such as ordinary user(user)Advanced level user cannot be entered(admin)Configuration center, and cannot configure advanced level user
The configuration permission possessed, and then to improve the configuration safety of embedded type terminal equipment.
In order to which the more detailed method for accessing embedded web server to user of the present invention illustrates, below with tool
Body embodiment is illustrated:
The http agreements based on TCP/IP establish the communication connection of embedded web server and client in the present embodiment,
And the communication between web server and client is completed using socket, while being ordinary user by user setting(user)With
Advanced level user(admin).
Fig. 1 is communication structure schematic diagram between client and web server in the embodiment of the present invention;As shown in Figure 1, foundation
The principle of TCP/IP completes to send and receive data, and subsequent using Write () and Read () after a connection is established
Interaction is sent and received using two functions;Client Write () request data is to web server, web services
After device Read () request data, the data of reception are parsed according to user demand, and the access rights of the user are sentenced
It is disconnected, to send corresponding respective request data to client, prompt the concrete operations of user's next step.
Fig. 2 is the schematic diagram of security permission grade of being Added User by web server in the embodiment of the present invention;Such as Fig. 2 institutes
Showing, user sends request logon data by computer client, after web server listens to the request of client, parsing visitor
Its header is first sent to computer client, is parsed as requested by the data that family end sends over, with judge to with
The rank at family, and record login time and the addresses ip;Corresponding data are read according to judging result, with transmission data packet to calculating
Machine client.
Fig. 3 is that web server sends respective page to client for the request of client difference in the embodiment of the present invention
Schematic diagram;As shown in figure 3, user sends request data by client to web server, web server is receiving request
After data, the corresponding page is sent to client according to the type of request data;Wherein, the type of request data includes client
After input address acquisition request login interface 101, login page client request login user center 102, user login successfully
Request 103 and Safe withdrawing request 104.
Fig. 4 is the flow diagram of client input address acquisition request login interface in the embodiment of the present invention;Such as Fig. 4 institutes
Show, when client's request data is client input address acquisition request login interface 101, user is on the browser of client
Input address such as http:After // 192.168.1.1 etc., with acquisition request login interface;Web server is receiving client transmission
After the request of data to come over, determination requirement obtains login page, and checks whether the user had logged on, that is, parses the client
Whether the cookie at end contains corresponding username and password, if not just without username and password or username and password
Really, web server sends the login page of user demand, and if the username and password inside cookie is correct,
Continue to judge login time(login_time)Whether it is empty(If being Safe withdrawing, login_ after once being logged in before the user
Time is emptied), web server sends the login page of user demand if login_time is sky;And if login_time
It is not sky, then needs to judge login time again(login_time)Whether the absolute value of the difference between current time is less than rule
Fixed login time value d continues to judge security permission grade if being less than login time value(level)Rank, web services
Device sends corresponding interface to client, the interfaces user is sent to client if user as judged user, and if judging user
The interfaces admin are then sent for admin to client;And if login time(login_time)Difference between current time
Whether absolute value is greater than or equal to defined login time value d, then web server sends corresponding interface to client.
Fig. 5 be in the embodiment of the present invention client from the flow diagram at login page login user center;Such as Fig. 5 institutes
Show, after web server sends login page to client, user inputs username and password by login page, is stepped on request
Record the customer center of web server.
First, the username and password that web server sends client is verified;Web server receives client
After holding the message sended over, username and password is extracted from data field, with the username and password being stored in flash
Verification is compared, if wrong, prompt the input of user's username and password wrong, and returns to login page, with allow user again
Secondary input username and password;If username and password is correct and corresponding, continue to judge login time(login_
time)Whether it is sky, it is online to judge whether there is the user name, to prevent the when of logging in from squeezing out online user;If
Login_time is not that sky then indicates that existing subscriber logs in, and prompts reason and returns to login page.
Secondly, if login_time is sky, to user class(level)Assignment is carried out, and starts timer and note
The addresses ip are recorded, login record is generated(As user logs in the addresses ip, the login time of user, user security Permission Levels, user name
With password etc.)And it stores into the cookie of client;Continue to judge user class(level)To enter corresponding ordinary user
And advanced user interfaces, the interfaces user are sent to client if user as judged user, and sent out if judging user for admin
Send the interfaces admin to client.
Fig. 6 is the flow diagram for carrying out operation requests after user logins successfully in the embodiment of the present invention to web server;
As shown in fig. 6, after user is successfully logged onto corresponding customer center by client, user sends request data(Such as web is taken
Data configuration operation of business device etc.)To web server, web server is after receiving request data:
First, it is determined that whether the username and password stored in the cookie of client is correct, if incorrect will return
Login interface is returned to, client is needed to re-enter user and password and is verified again;And if username and password is equal
Correctly, then continue to login time(login_time)Judged, by the absolute of the difference of login_time and current time
Value and setting operation time value D(D > 0)It is compared;If overtime, login record is emptied login time such as(login_
time), log in user class(level)With the addresses login ip(login_ip)It is set to NULL, and prompts user overtime, hair
Send login page;
Secondly, if the absolute difference of login_time and current time is not more than setting operation time value D, continue
Judge whether the addresses ip of active client consistent with the addresses login ip in login record, if inconsistent explanation has had
User has logged in the account under this user name, prompts had user to log in this user name, and send login page;And if working as
The addresses ip of preceding client are consistent with the addresses login ip in login record, then continue to judge user class level, if user
Level is advanced level user(admin), then the required configuration page of client is returned to according to user demand, if user level
It is ordinary user(user), then the good structure of predefined is traversed, whether the operation to confirm user at this time is fixed in advance
In the extent of competence of justice;If intra vires, not illustrating that the user right is inadequate, sends prompt user right and not enough believe
It ceases to client, if in the extent of competence in defined structure, correctly returning to the information needed for client.
Fig. 7 is the flow diagram that user security exits in the embodiment of the present invention;As shown in fig. 7, user is successfully logging in
To after relative users center, or after configuration is complete, Safe withdrawing request is sent, web server is receiving Safe withdrawing
Information(Web server receives message)Afterwards, the login record in the cookie of client is emptied(Such as by login time
(login_time), log in user class(level), log in ip addresses(login_ip)Deng being set to NULL), and return to
Login interface.
Http agreement of the embodiment of the present invention based on TCP/IP establishes the communication connection of embedded server and client, and
Communication between server and client is completed using socket, i.e., when client needs to send message to server, client
Socket communication channels are first established at end, and using ICP/IP protocol big end syllable sequence such as IPV4 internet domains etc., its message is tied up
Surely grid port to be arrived, and then creates set byte, orderly, reliable, two-way connection-oriented byte stream is set up in realization, and
It completes to send and receive data using send () and Recv (), due to needing client and server-side first to establish TCP connection,
Then the request of data of client could be sent to server-side, so being arranged the part that user is classified in parsing client
It is completed between data and searching data.
In conclusion the application is arranged by the way that user to be classified in flush type WEB server, and then improve communication security
Property, and has the following advantages:
A, two users cannot log in simultaneously, i.e., logged in there are one user, another user cannot log in, it is necessary to
Deng another user exit or time-out after could log in, to prevent two users to be carried out at the same time the identical configuration page, keep away
Exempt to clash.
B, a client(PC)A user can only be logged in, i.e., if the client has logged on a user,
Another client cannot log in the user simultaneously, and the limited time system logged in, time-out cannot access, it is necessary to again
User name and user password are inputted, to re-start verification.
If c, user has logged on, but accidentally browser is turned off, if input address again, server can be examined
User's login time is looked into whether within the effective range time, if within the effective range time, input is no longer needed to and uses
Name in an account book and password, by checking that the cookie of client will automatic jump to the login center of user.
D, when user security exits, server can be by all log-on messages of the user(Login record)It empties, and returns
Login page.
Although specific embodiments of the present invention have been described above, it will be appreciated by those of skill in the art that these
It is process description, protection scope of the present invention is defined by the appended claims.Those skilled in the art without departing substantially from
Under the premise of the principle and substance of the present invention, many changes and modifications may be made, but these change and
Modification each falls within protection scope of the present invention.