CN103179176A - Call method, device and system for web application in cloud/cluster environment - Google Patents
Call method, device and system for web application in cloud/cluster environment Download PDFInfo
- Publication number
- CN103179176A CN103179176A CN2011104422032A CN201110442203A CN103179176A CN 103179176 A CN103179176 A CN 103179176A CN 2011104422032 A CN2011104422032 A CN 2011104422032A CN 201110442203 A CN201110442203 A CN 201110442203A CN 103179176 A CN103179176 A CN 103179176A
- Authority
- CN
- China
- Prior art keywords
- application
- web
- module
- platform
- safety module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention discloses a call method, a device and a system for web application in cloud/cluster environment, wherein the method includes the following steps: an application safety module receives a call request from a web application and ensures that a own store owns an application number of the web application; the application safety module sends a temporary authorization request to a platform safety module and receives the temporary authorization information verified by the platform safety module; and the application safety module sends a web call request with the application number and temporary authorization information to the platform safety module and receives a web call result verified by the platform safety module. The method, the device and the system can provide all kinds of capabilities for developers and are convenient for developers to develop different applications based on these capabilities, thereby facilitating the usage of the web application.
Description
Technical field
The present invention relates to data service technology in the communications field, particularly, relate to web uses under cloud/cluster environment call method, device and system.
Background technology
In the prior art, application number is that 201010544357.8 Chinese patent application discloses based on the business data controllable distribution of cloud computing and fusion application system, and system is that cloud providing end, user terminal are that cloud request end and virtual cloud service center are that middleware forms by cloud computing service resource cluster; The cloud providing end provides corresponding business data resource and application power service by the device clusters of virtual cloud service centre management; The cloud request end proposes service request; The task requests that submit to according to the user at virtual cloud service center is sought the business data resource that meets user's request, and provides on-demand service for the cloud request end; Virtual cloud service center obtains the distribution route according to business data publish/subscribe Service Properties, complete the Data Migration between the cloud cluster server, carry out safe validity checking and the distribution services management of Distribution status by communication interface, encapsulate data the message into consolidation form; Message after encapsulation is added in converged communication platform, realize hierarchical arrangement and the service attribute management of distribution services, strengthen the validity of business data terminal applies.
Application number is the cluster that 201010536544.1 Chinese patent application discloses data security implementation method and a kind of high security under a kind of cluster environment.Comprise CA certificate center, security gateway, hardware accreditation equipment, cryptographic service module, computing node, remote terminal, management node and storage server.In the present invention, each user's file is independent encrypting storing and transmission, stop illegally to check the potential safety hazard of user's significant data, prevented simultaneously in the Internet Transmission possible divulge a secret and a group of planes that the artificial origin causes in divulge a secret.
In reality, the web of developer's exploitation uses and not only operates on the separate unit physical machine, can also be deployed in cloud, cluster environment.Therefore, how under cloud/cluster environment, solve the fail safe of web application call ability, guarantee that fail safe that the user uses web and use, charging fail safe, personal secrets etc. become more and more important, and existing above-mentioned prior art can't solve the problems of the technologies described above effectively.
Summary of the invention
The objective of the invention is for the not high defective of invoked procedure fail safe that in prior art, web uses under cloud/cluster environment, propose a kind of web uses under cloud/cluster environment call method, device and system.
For achieving the above object, according to an aspect of the present invention, provide a kind of call method that web uses under cloud/cluster environment.
Call method according to the web under cloud/cluster environment of the embodiment of the present invention uses comprises:
The application safety module receives the call request that web uses, and confirms self to store application example that this web uses number;
The application safety module sends to the platform safety module with interim authorization requests, and receives the interim authorization message of passing through through the platform safety module verification;
The application safety module sends the web application invocation request carry application example number and interim authorization message to the platform safety module, and receives the web application call result of passing through through the platform safety module verification.
In technique scheme, confirm self to store the step of application example that this web uses number and interim authorization requests sent between the step of platform safety module in the application safety module and also comprise:
Whether the application safety module checks self whether there is interim mandate sign, if exist, check and should authorize sign expired temporarily;
If interim mandate sign does not exist or be out of date, generate the web sign and authorize sign to the request of platform safety module temporarily.
For achieving the above object, according to an aspect of the present invention, provide the another kind of call method that web uses under cloud/cluster environment.
Call method according to the web under cloud/cluster environment of the embodiment of the present invention uses comprises:
The platform safety module receives the interim authorization requests that the application safety module sends, and this interim authorization requests is verified, is verified backward application safety module and sends interim authorization message;
The platform safety module receives that the application safety module sends carries the web application invocation request of application example number and interim authorization message, and this web application invocation request is verified, call the web application by the platform access module after being verified and return to the application safety module.
In technique scheme, when satisfying initialization condition:
The platform access module receives the web application registration request that carries the web sign that the application safety module sends, and this registration request is transmitted to the platform safety module;
The platform safety module verifies web sign and guarantees that this web uses the legitimacy of registration request, generates application example that web uses number;
The platform safety module number returns to the application safety module stores with application example.
In technique scheme, the step that the platform safety module is verified this web application invocation request comprises:
The platform access module receives the web application invocation request that the application safety module sends, and sends to the platform authentication module sign checking request that carries application example number and interim authorization message;
The platform authentication module sends sign checking request to described platform safety module, and the platform safety module is verified the interim mandate sign in described interim authorization message;
After being verified, the platform safety module is returned to the sign the result by the platform authentication module to described platform access module.
In technique scheme, called web by the platform access module and also comprise before using the step that returns to the application safety module after the step that the platform safety module is verified this web application invocation request, after being verified:
The platform access module sends web application call checking request to the platform authentication module;
The platform authentication module is verified according to web application and the order relations of contract signing relationship, user and the web application of application platform;
After being verified, the user that the platform authentication module is used described web carries out withholding fee and processes.
In technique scheme, call web by the platform access module and also comprise after using the step return to the application safety module after being verified:
The platform access module sends the fee deduction treatment notice to the platform authentication module, and carries out fee deduction treatment by the platform authentication module.
For achieving the above object, according to another aspect of the present invention, provide a kind of calling device that web uses under cloud/cluster environment.
Calling device according to the web under cloud/cluster environment of the embodiment of the present invention uses comprises:
The application safety module, be used for receiving the call request that web uses, and confirm self to store application example that this web uses number, interim authorization requests is sent to the platform safety module, and receive the interim authorization message of passing through through the platform safety module verification, and send the web application invocation request carry application example number and interim authorization message to the platform safety module, and receive the web application call result of passing through through the platform safety module verification.
Whether in technique scheme, the application safety module also is used for checking self whether have interim mandate sign, if exist, check and should authorize sign expired temporarily;
If interim mandate sign does not exist or be out of date, generate the web sign and authorize sign to the request of platform safety module temporarily.
For achieving the above object, according to another aspect of the present invention, provide the another kind of calling device that web uses under cloud/cluster environment.
Calling device according to the web under cloud/cluster environment of the embodiment of the present invention uses comprises:
The platform safety module, be used for receiving the interim authorization requests that the application safety module sends, and this interim authorization requests is verified, be verified backward application safety module and send interim authorization message, and the web application invocation request that carries application example number and interim authorization message that receives that the application safety module sends, and this web application invocation request is verified;
The platform access module is used for after the platform safety module is verified the web application invocation request, calls the web application and returns to the application safety module.
In technique scheme, the initialization judge module is used for the initialization condition that judgement web uses, and when satisfying initialization condition, triggers the initialization process flow process;
The platform access module also is used for receiving the web application registration request that carries the web sign that the application safety module sends, and this registration request is transmitted to the platform safety module;
The platform safety module also is used for the web sign is verified and guarantees that this web uses the legitimacy of registration request, generates application example that web uses number, and application example number is returned to the application safety module stores.
In technique scheme, device also comprises:
The platform access module also be used for to receive the web application invocation request that the application safety module sends, and sends to the platform authentication module sign checking request that carries application example number and interim authorization message;
The platform authentication module is used for sending described sign checking request to the platform safety module;
The platform safety module also is used for the interim mandate sign of interim authorization message is verified, after being verified, returns to the sign the result by the platform authentication module to the platform access module.
In technique scheme, device also comprises:
The platform access module also is used for sending web application call checking request to the platform authentication module;
The platform authentication module, for verifying according to web application and the order relations of contract signing relationship, user and the web application of application platform, after being verified, the user that web is used carries out the withholding fee processing.
In technique scheme, the platform access module also is used for sending the fee deduction treatment notice to the platform authentication module;
The platform authentication module is used for carrying out fee deduction treatment.
For achieving the above object, according to another aspect of the present invention, provide the another kind of calling system that web uses under cloud/cluster environment.
Calling system according to the web under cloud/cluster environment of the embodiment of the present invention uses comprises:
The application safety module, be used for receiving the call request that web uses, and confirm self to store application example that this web uses number, interim authorization requests is sent to the platform safety module, and receive the interim authorization message of passing through through described platform safety module verification, and send the web application invocation request carry application example number and interim authorization message to the platform safety module, and receive the web application call result of passing through through the platform safety module verification;
The platform safety module, be used for receiving the interim authorization requests that the application safety module sends, and this interim authorization requests is verified, be verified backward application safety module and send interim authorization message, and the web application invocation request that carries application example number and interim authorization message that receives that the application safety module sends, and this web application invocation request is verified;
The platform access module is used for after the platform safety module is verified the web application invocation request, calls the web application and returns to the application safety module.
In technique scheme, system also comprises the initialization judge module:
The initialization judge module is used for the initialization condition that judgement web uses, and when satisfying initialization condition, triggers the initialization process flow process;
The platform access module also is used for receiving the web application registration request that carries the web sign that the application safety module sends, and this registration request is transmitted to the platform safety module;
The platform safety module also is used for the web sign is verified and guarantees that this web uses the legitimacy of registration request, generates application example that web uses number, and application example number is returned to the application safety module stores;
Whether the application safety module also is used for checking self whether have interim mandate sign, if exist, check and should authorize sign expired temporarily; If interim mandate sign does not exist or be out of date, generate the web sign and authorize sign to the request of platform safety module temporarily.
In technique scheme, system also comprises the platform authentication module:
The platform access module also be used for to receive the web application invocation request that the application safety module sends, and sends to the platform authentication module sign checking request that carries application example number and interim authorization message;
The platform authentication module is used for sending sign checking request to the platform safety module;
The platform safety module also is used for the interim mandate sign of interim authorization message is verified, after being verified, returns to the sign the result by the platform authentication module to the platform access module.
In technique scheme, system also comprises the platform authentication module:
The platform access module also is used for sending web application call checking request to the platform authentication module;
The platform authentication module, for verifying according to web application and the order relations of contract signing relationship, user and the web application of application platform, after being verified, the user that web is used carries out the withholding fee processing.
In technique scheme, the platform access module also is used for sending the fee deduction treatment notice to the platform authentication module;
The platform authentication module is used for carrying out fee deduction treatment.
Call method, device and system that the web under cloud/cluster environment of various embodiments of the present invention uses provide various abilities towards the developer, are convenient to the developer based on the different application of capability development, and then promote the use that web uses; The user is by using the application call ability, and the ability open platform is by authenticating developer, web applications, user etc. and authentication realizes charging that application and ability are called.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from specification, perhaps understand by implementing the present invention.Purpose of the present invention and other advantages can realize and obtain by specifically noted structure in the specification of writing, claims and accompanying drawing.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Accompanying drawing is used to provide a further understanding of the present invention, and consists of the part of specification, is used for together with embodiments of the present invention explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the initial method schematic flow sheet that under cloud/cluster environment of the present invention, web uses;
Fig. 2 is the call method schematic flow sheet that under cloud/cluster environment of the present invention, web uses;
Fig. 3 is the calling device structural representation that under cloud/cluster environment of the present invention, web uses.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein only is used for description and interpretation the present invention, is not intended to limit the present invention.
The present invention provides a kind of method and apparatus that safe ability is called that carries out, this method and device to comprise that two are used flow processs for the web application that operates under cloud/cluster environment, and be respectively: web application initializes, web application power are called.
By the initialization flow process, ability open platform (OMP, Open Mobile Platform) is used web and is carried out authentication, and is that each web application example distributes unique application example number (AppInstanceID).After the application safety module is obtained application example number (AppInstanceID), the storage application example number (AppInstanceID) of safety in the application safety module.
During call capability, the application safety module is to ability open platform OMP transmitting capacity call request, should comprise in request: application example number (AppInstanceID), application identities (APP_ID), user ID (PID), temporarily authorize Token (TmpWebToken), HOTP counter (be applicating counter, the information such as Counter).
Wherein, AppInstanceID is the sign of application example, is used for identifying the different instances of same application.Here " example " sign physically for using, generally can be understood as process.APP_ID and AppInstanceID are the relation of one-to-many, and an application can corresponding Multi-instance.For example, same application deployment is on two physical hosts, and two processes of every same application of host-initiated, each process are examples of using, just corresponding four different " application examples " of same like this application.AppInstanceID and TmpWebToken, Counter are respectively relation one to one, and the OMP platform can the AppInstanceID corresponding according to each application example be verified the validity of TmpWebToken and Counter.
Embodiment of the method
According to the embodiment of the present invention, the initial method that under a kind of cloud/cluster environment, web uses is provided, Fig. 1 is the initial method schematic flow sheet that under cloud/cluster environment of the present invention, web uses.
Any one in following condition all can trigger the initialization flow process that web uses:
1) after the application safety module receives the service request of web application call, find successfully to register by the login state mark of inquiry application safety module local record;
2) before sending the request of web application access authentication, the application safety module detects HOTP (HMAC-Based One Time Password, one-time password based on HMAC) counter has reached greatest measure, be that Counter reaches at 99999999 o'clock, need again initiate the initialization that web uses;
3) before sending the request of web application access authentication, the application safety module does not detect this locality and stores application example number (AppInstanceID).
By the initialization flow process, OMP platform and web use and realize authentication, and the application safety module is distributed unique application example number (AppInstanceID) for each application example.After the application safety module is obtained application example number, safe storage in the application safety module.
Application example number is unique number, generated by the platform safety module, each number that generates is all different, the coding rule of application example number is the numerical character of 18, YYYYMMDDHHMISSXXXX, and wherein front 14 is the date Hour Minute Second, rear 4 is period, recycle example from 0000-9999: 201001101513110022, the platform safety module need guarantee that application example number is for unique.
The initialization flow process comprises:
Step 101: after the application safety module receives the service request of web application call, check that whether this locality stores application example number, if do not have, carries out subsequent step;
Step 103: the application safety module is used HTTPS (Hypertext Transfer Protocol over Secure Socket Layer with registration request, HTTP passage take safety as target) passage mails to the platform access module, and the parameter that comprises in the message of registration request has: the parameters such as web application identities APP_ID, WebToken (being the web sign);
Wherein:
WebToken=HMAC[APPKey,Counter]
Counter is 8 Bytes, adopts ASCII to encode, and form is " XXXXXXXX ", the character of " X " expression " 0 "-" 9 " wherein, the scope of Counter is: " 00000001 "-" 99999999 ", and WebToken of every generation, the numerical value of Counter adds up one automatically.When the Token generating function in concrete the application generated Token at every turn, Counter all will add up one, and no matter the request success or not of last network side.The platform safety module need to keep the last look of Counter in the arbitrary application of arbitrary equipment, and the Counter that receives when ensureing verification next time is up-to-date.
In the initialization flow process that web uses, the Counter value is always 00000001.
Step 105: the platform access module is transmitted to the platform authentication module with this registration request;
Step 107: the platform authentication module sends to the platform safety module with registration request;
Step 109: the platform safety module verifies to guarantee that to WebToken this request comes from legal web and uses, and the web that namely licenses through Virtual network operator uses;
Step 111: platform safety module verification WebToken is by rear generation unique identification one application example number (AppInstanceID);
Step 113: the platform safety module number is returned to application example to the platform authentication module;
Step 115: the platform authentication module number is returned to application example to the platform access module;
Step 117: the platform access module number is returned to application example to the application safety module;
Step 119: the information such as application safety module records Counter, application example number;
Step 121: application safety module notice web uses and succeeds in registration.
According to the embodiment of the present invention, the call method that under a kind of cloud/cluster environment, web uses is provided, Fig. 2 is the call method schematic flow sheet that under cloud/cluster environment of the present invention, web uses.
The present embodiment comprises:
Step 201: when the user used web to use, web browser was to applied logic module transmitting capacity call request, and the applied logic module is called the application safety module, the transfer capability call request;
Step 203: at first the application safety module checks whether this locality stores application example number (AppInstanceID), if the initialization flow process that web uses is initiated in not storage; If store application example number, check first whether this locality has interim mandate Token (namely to authorize sign temporarily, TmpWebToken), if have, check whether this TmpWebToken is expired, if TmpWebToken does not exist or be out of date, authorize Token according to using key A PPKey, counter Counter, time YY-MM generation WebToken (being the web sign) to the request of platform safety module temporarily; If TmpWebToken is not out of date, carry out following step;
Step 205: the application safety module sends the request of obtaining interim mandate Token and arrives the platform access module, and this request comprises: AppInstanceID, APP_ID, WebToken and Counter value etc.;
Step 207: the platform access module forwards the request of obtaining interim mandate Token and arrives the platform authentication module;
Step 209: the platform authentication module is obtained the request of interim mandate Token to the platform safety module in transmission, the platform safety module is verified WebToken, after checking, generate the interim Token (TmpWebToken) of mandate by the platform safety module, and the term of validity length ValidTime of this Token;
Step 211: the platform safety module is returned to the result to the platform authentication module, and this result comprises: TmpWebToken, ValidTime;
Step 213: the platform authentication module is returned to the result to the platform access module;
Step 215: the platform access module is returned to the result to the application safety module, and the application safety module stores TmpWebToken, ValidTime;
Step 217: the application safety module is to platform access module transmitting capacity call request, this ability call request comprises: AppInstanceID, APP_ID, PID (Pseudo ID, pseudo-code), TmpWebToken, Counter value etc., wherein, PID is used for identifying a user, related with user's cell-phone number, using pseudo-code is in order to protect user's real handset number not leak;
Step 219: the platform access module sends Token checking request to the platform authentication module, and this Token checking request comprises: AppInstanceID, APP_ID, PID, TmpWebToken, Counter value etc.;
Step 221: the platform authentication module sends Token checking request to the platform safety module, and platform safety module verification TmpWebToken if be verified, goes to step 223, if checking is not passed through, returns to error code;
Step 223: the platform safety module is returned to message that Token is verified to the platform authentication module;
Step 225: the platform authentication module is returned to message that Token is verified to the platform access module;
Step 227: platform access module transmitting capacity calls checking request (being web application call checking request) to the platform authentication module, wherein, ability is called the checking request and is comprised APP_ID, PID, EID (Enabler ID, ability ID) information such as, the platform authentication module is to order relations, developer's sub-account and user's the account of web application with contract signing relationship, user and the web application product of ability, verify one by one, if be verified, go to step 229, if checking is not passed through, return to error code;
Step 229: the user that the platform authentication module is used web carries out withholding fee and processes, and the object information that is verified is sent to the platform access module, this object information comprises the information such as APP_ID, EID, MSISDN (Mobile Subscriber ISDN Number, mobile subscriber's international number);
Step 231: the platform access module is from ability platform (being application platform) call capability (being that web uses);
Step 233: the ability platform resettability calls response to the platform access module;
Step 235: the platform access module is called result to application safety module resettability;
Step 237: the application safety module is called response message to applied logic module resettability;
Step 239: the applied logic module is called result to the web browser resettability;
Step 241: the platform access module sends the fee deduction treatment notice to the platform authentication module, and notice comprises the information such as APP_ID, MSISDN, and the platform authentication module is carried out fee deduction treatment;
Step 243: the platform authentication module is returned to fee deduction treatment and is responded to the platform access module;
Step 245: the request of platform authentication module transmit telephone bill is to BOSS (business operation support system), and this ticket request comprises the information such as APP_ID, MSISDN;
Step 247:BOSS returns to the result of deducting fees to the platform authentication module.
The call method that under cloud/cluster environment of the present invention, web uses provides various abilities (such as note, multimedia message, position etc.) towards the developer, is convenient to the developer based on the different application of capability development, and then promotes the use that web uses; The user is by using the application call ability, and the ability open platform is by authenticating developer, web applications, user etc. and authentication realizes charging that application and ability are called.
The call method that under cloud/cluster environment of the present invention, web uses, general mode for the web application deployment in cluster, cloud environment, guarantee the fail safe of web application call ability, also guaranteed fail safe, charging fail safe, personal secrets that the user uses web to use.
Device embodiment
According to the embodiment of the present invention, provide a kind of calling device that web uses under cloud/cluster environment.
The present embodiment comprises:
The application safety module, be used for receiving the call request that web uses, and confirm self to store application example that this web uses number, interim authorization requests is sent to the platform safety module, and receive the interim authorization message of passing through through the platform safety module verification, and send the web application invocation request carry application example number and interim authorization message to the platform safety module, and receive the web application call result of passing through through the platform safety module verification.
Wherein:
Whether the application safety module also is used for checking self whether have interim mandate sign, if exist, check and should authorize sign expired temporarily;
If interim mandate sign does not exist or be out of date, generate the web sign and authorize sign to the request of described platform safety module temporarily.
According to the embodiment of the present invention, provide the another kind of calling device that web uses under cloud/cluster environment, as shown in Figure 3.
The present embodiment comprises:
Platform safety module 303, be used for receiving the interim authorization requests that the application safety module sends, and this interim authorization requests is verified, be verified backward application safety module and send interim authorization message, and the web application invocation request that carries application example number and interim authorization message that receives that the application safety module sends, and this web application invocation request is verified;
Platform access module 301 is used for after 303 pairs of web application invocation request of platform safety module are verified, and calls the web application and returns to the application safety module.
Wherein:
Platform access module 301 also is used for receiving the web application registration request that carries the web sign that the application safety module sends, and this registration request is transmitted to platform safety module 303;
Platform safety module 303 also is used for the web sign is verified and guarantees that this web uses the legitimacy of registration request, generates application example that web uses number, and application example number is returned to the application safety module stores.
Need to prove, initialization judge module 304 both can be used as the submodule setting of application safety module, also can be arranged on separately in OMP platform side, application side or other position.
Wherein:
Platform access module 301 also be used for to receive the web application invocation request that the application safety module sends, and sends to platform authentication module 302 the sign checking request that carries application example number and interim authorization message;
Platform authentication module 302 is used for sending sign checking request to platform safety module 303;
Platform safety module 303 also is used for the interim mandate sign of interim authorization message is verified, after being verified, returns to the sign the result by platform authentication module 302 to platform access module 301.
Wherein:
Platform access module 301 also is used for sending web application call checking request to platform authentication module 302;
Platform authentication module 302, for verifying according to web application and the order relations of contract signing relationship, user and the web application of application platform, after being verified, the user that web is used carries out the withholding fee processing.
Wherein:
Platform access module 301 also is used for sending the fee deduction treatment notice to platform authentication module 302;
Platform authentication module 302 is used for carrying out fee deduction treatment.
The calling device that under cloud/cluster environment of the present invention, web uses provides various abilities (such as note, multimedia message, position etc.) towards the developer, is convenient to the developer based on the different application of capability development, and then promotes the use that web uses; The user is by using the application call ability, and the ability open platform is by authenticating developer, web applications, user etc. and authentication realizes charging that application and ability are called.
The calling device that under cloud/cluster environment of the present invention, web uses, general mode for the web application deployment in cluster, cloud environment, guarantee the fail safe of web application call ability, also guaranteed fail safe, charging fail safe, personal secrets that the user uses web to use.
System embodiment
According to the embodiment of the present invention, provide a kind of calling system that web uses under cloud/cluster environment.
The present embodiment comprises:
The application safety module, be used for receiving the call request that web uses, and confirm self to store application example that this web uses number, interim authorization requests is sent to the platform safety module, and receive the interim authorization message of passing through through described platform safety module verification, and send the web application invocation request carry application example number and interim authorization message to the platform safety module, and receive the web application call result of passing through through the platform safety module verification;
The platform safety module, be used for receiving the interim authorization requests that the application safety module sends, and this interim authorization requests is verified, be verified backward application safety module and send interim authorization message, and the web application invocation request that carries application example number and interim authorization message that receives that the application safety module sends, and this web application invocation request is verified;
The platform access module is used for after the platform safety module is verified the web application invocation request, calls the web application and returns to the application safety module.
Wherein, system also comprises the initialization judge module:
The initialization judge module is used for the initialization condition that judgement web uses, and when satisfying initialization condition, triggers the initialization process flow process;
The platform access module also is used for receiving the web application registration request that carries the web sign that the application safety module sends, and this registration request is transmitted to the platform safety module;
The platform safety module also is used for the web sign is verified and guarantees that this web uses the legitimacy of registration request, generates application example that web uses number, and application example number is returned to the application safety module stores;
Whether the application safety module also is used for checking self whether have interim mandate sign, if exist, check and should authorize sign expired temporarily; If interim mandate sign does not exist or be out of date, generate the web sign and authorize sign to the request of platform safety module temporarily.
Wherein, system also comprises the platform authentication module:
The platform access module also be used for to receive the web application invocation request that the application safety module sends, and sends to the platform authentication module sign checking request that carries application example number and interim authorization message;
The platform authentication module is used for sending sign checking request to the platform safety module;
The platform safety module also is used for the interim mandate sign of interim authorization message is verified, after being verified, returns to the sign the result by the platform authentication module to the platform access module.
Wherein, system also comprises the platform authentication module:
The platform access module also is used for sending web application call checking request to the platform authentication module;
The platform authentication module, for verifying according to web application and the order relations of contract signing relationship, user and the web application of application platform, after being verified, the user that web is used carries out the withholding fee processing.
Wherein:
The platform access module also is used for sending the fee deduction treatment notice to the platform authentication module;
The platform authentication module is used for carrying out fee deduction treatment.
The calling system that under cloud/cluster environment of the present invention, web uses, general mode for the web application deployment in cluster, cloud environment, guarantee the fail safe of web application call ability, also guaranteed fail safe, charging fail safe, personal secrets that the user uses web to use.
One of ordinary skill in the art will appreciate that: all or part of step that realizes said method embodiment can be completed by the hardware that program command is correlated with, aforesaid program can be stored in a computer read/write memory medium, this program is carried out the step that comprises said method embodiment when carrying out; And aforesaid storage medium comprises: the various media that can be program code stored such as ROM, RAM, magnetic disc or CD.
It should be noted that at last: the above only is the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment, the present invention is had been described in detail, for a person skilled in the art, it still can be modified to the technical scheme that aforementioned each embodiment puts down in writing, and perhaps part technical characterictic wherein is equal to replacement.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (19)
1. the call method that web uses under cloud/cluster environment, is characterized in that, comprising:
The application safety module receives the call request that web uses, and confirms self to store application example that this web uses number;
Described application safety module sends to the platform safety module with interim authorization requests, and receives the interim authorization message of passing through through described platform safety module verification;
Described application safety module sends the web application invocation request that carries described application example number and interim authorization message to described platform safety module, and receives the web application call result of passing through through described platform safety module verification.
2. method according to claim 1, is characterized in that, confirms self to store the step of application example that this web uses number and interim authorization requests is sent between the step of platform safety module in the application safety module also to comprise:
Whether described application safety module checks self whether there is interim mandate sign, if exist, check and should authorize sign expired temporarily;
If interim mandate sign does not exist or be out of date, generate the web sign and authorize sign to the request of described platform safety module temporarily.
3. the call method that web uses under cloud/cluster environment, is characterized in that, comprising:
The platform safety module receives the interim authorization requests that the application safety module sends, and this interim authorization requests is verified, is verified backward described application safety module and sends interim authorization message;
Described platform safety module receives that described application safety module sends carries the web application invocation request of described application example number and interim authorization message, and this web application invocation request is verified, call the web application by the platform access module after being verified and return to the application safety module.
4. method according to claim 3, is characterized in that, when satisfying initialization condition:
Described platform access module receives the web application registration request that carries the web sign that described application safety module sends, and this registration request is transmitted to described platform safety module;
Described platform safety module verifies described web sign and guarantees that this web uses the legitimacy of registration request, generates the application example number of described web application;
Described platform safety module number returns to described application safety module stores with described application example.
5. method according to claim 3, is characterized in that, the step that the platform safety module is verified this web application invocation request comprises:
Described platform access module receives the web application invocation request that the application safety module sends, and sends to the platform authentication module sign checking request that carries application example number and interim authorization message;
Described platform authentication module sends described sign checking request to described platform safety module, and described platform safety module is verified the interim mandate sign in described interim authorization message;
After being verified, described platform safety module is returned to the sign the result by described platform authentication module to described platform access module.
6. method according to claim 3, it is characterized in that, called web by the platform access module and also comprise before using the step that returns to the application safety module after the step that the platform safety module is verified this web application invocation request, after being verified:
The platform access module sends web application call checking request to the platform authentication module;
Described platform authentication module is verified according to described web application and the order relations of contract signing relationship, user and the web application of application platform;
After being verified, the user that described platform authentication module is used described web carries out withholding fee and processes.
7. method according to claim 6, is characterized in that, calls web by the platform access module and also comprise after using the step return to the application safety module after being verified:
Described platform access module sends the fee deduction treatment notice to described platform authentication module, and carries out fee deduction treatment by described platform authentication module.
8. the calling device that web uses under cloud/cluster environment, is characterized in that, comprising:
The application safety module, be used for receiving the call request that web uses, and confirm self to store application example that this web uses number, interim authorization requests is sent to the platform safety module, and receive the interim authorization message of passing through through described platform safety module verification, and send the web application invocation request that carries described application example number and interim authorization message to described platform safety module, and receive the web application call result of passing through through described platform safety module verification.
9. device according to claim 8, is characterized in that,
Whether described application safety module also is used for checking self whether have interim mandate sign, if exist, check and should authorize sign expired temporarily;
If interim mandate sign does not exist or be out of date, generate the web sign and authorize sign to the request of described platform safety module temporarily.
10. the calling device that web uses under cloud/cluster environment, is characterized in that, comprising:
The platform safety module, be used for receiving the interim authorization requests that the application safety module sends, and this interim authorization requests is verified, be verified backward described application safety module and send interim authorization message, and the web application invocation request that carries described application example number and interim authorization message that receives that described application safety module sends, and this web application invocation request is verified;
The platform access module is used for after described platform safety module is verified the web application invocation request, calls the web application and returns to the application safety module.
11. device according to claim 10 is characterized in that, also comprises the initialization judge module:
Described initialization judge module is used for the initialization condition that judgement web uses, and when satisfying initialization condition, triggers the initialization process flow process;
Described platform access module also is used for receiving the web application registration request that carries the web sign that described application safety module sends, and this registration request is transmitted to described platform safety module;
Described platform safety module also is used for described web sign is verified and guarantees that this web uses the legitimacy of registration request, generates the application example number of described web application, and described application example number is returned to described application safety module stores.
12. device according to claim 10 is characterized in that, also comprises the platform authentication module:
Described platform access module also be used for to receive the web application invocation request that the application safety module sends, and sends to the platform authentication module sign checking request that carries application example number and interim authorization message;
Described platform authentication module is used for sending described sign checking request to described platform safety module;
Described platform safety module also is used for the interim mandate sign of described interim authorization message is verified, after being verified, returns to the sign the result by described platform authentication module to described platform access module.
13. device according to claim 10 is characterized in that, also comprises the platform authentication module:
Described platform access module also is used for sending web application call checking request to the platform authentication module;
Described platform authentication module, for verifying according to described web application and the order relations of contract signing relationship, user and the web application of application platform, after being verified, the user that described web is used carries out the withholding fee processing.
14. device according to claim 13 is characterized in that,
Described platform access module also is used for sending the fee deduction treatment notice to described platform authentication module;
Described platform authentication module is used for carrying out fee deduction treatment.
15. the calling system that web uses under cloud/cluster environment is characterized in that, comprising:
The application safety module, be used for receiving the call request that web uses, and confirm self to store application example that this web uses number, interim authorization requests is sent to the platform safety module, and receive the interim authorization message of passing through through described platform safety module verification, and send the web application invocation request that carries described application example number and interim authorization message to described platform safety module, and receive the web application call result of passing through through described platform safety module verification;
The platform safety module, be used for receiving the interim authorization requests that the application safety module sends, and this interim authorization requests is verified, be verified backward described application safety module and send interim authorization message, and the web application invocation request that carries described application example number and interim authorization message that receives that described application safety module sends, and this web application invocation request is verified;
The platform access module is used for after described platform safety module is verified the web application invocation request, calls the web application and returns to the application safety module.
16. system according to claim 15 is characterized in that, also comprises the initialization judge module:
Described initialization judge module is used for the initialization condition that judgement web uses, and when satisfying initialization condition, triggers the initialization process flow process;
Described platform access module also is used for receiving the web application registration request that carries the web sign that described application safety module sends, and this registration request is transmitted to described platform safety module;
Described platform safety module also is used for described web sign is verified and guarantees that this web uses the legitimacy of registration request, generates the application example number of described web application, and described application example number is returned to described application safety module stores;
Whether described application safety module also is used for checking self whether have interim mandate sign, if exist, check and should authorize sign expired temporarily; If interim mandate sign does not exist or be out of date, generate the web sign and authorize sign to the request of described platform safety module temporarily.
17. system according to claim 15 is characterized in that, also comprises the platform authentication module:
Described platform access module also be used for to receive the web application invocation request that the application safety module sends, and sends to the platform authentication module sign checking request that carries application example number and interim authorization message;
Described platform authentication module is used for sending described sign checking request to described platform safety module;
Described platform safety module also is used for the interim mandate sign of described interim authorization message is verified, after being verified, returns to the sign the result by described platform authentication module to described platform access module.
18. system according to claim 15 is characterized in that, also comprises the platform authentication module:
Described platform access module also is used for sending web application call checking request to the platform authentication module;
Described platform authentication module, for verifying according to described web application and the order relations of contract signing relationship, user and the web application of application platform, after being verified, the user that described web is used carries out the withholding fee processing.
19. system according to claim 18 is characterized in that,
Described platform access module also is used for sending the fee deduction treatment notice to described platform authentication module;
Described platform authentication module is used for carrying out fee deduction treatment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110442203.2A CN103179176B (en) | 2011-12-26 | 2011-12-26 | The call method that web applies under cloud/cluster environment, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110442203.2A CN103179176B (en) | 2011-12-26 | 2011-12-26 | The call method that web applies under cloud/cluster environment, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103179176A true CN103179176A (en) | 2013-06-26 |
| CN103179176B CN103179176B (en) | 2016-01-20 |
Family
ID=48638799
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110442203.2A Active CN103179176B (en) | 2011-12-26 | 2011-12-26 | The call method that web applies under cloud/cluster environment, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103179176B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187449A (en) * | 2015-09-30 | 2015-12-23 | 北京恒华伟业科技股份有限公司 | Interface calling method and device |
| CN106201738A (en) * | 2016-06-27 | 2016-12-07 | 北京小米移动软件有限公司 | System broadcasts call method and device |
| CN106709288A (en) * | 2016-12-22 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Application program review operating authorization processing method and application program review operating authorization processing device |
| CN109255208A (en) * | 2018-09-04 | 2019-01-22 | 山东浪潮云投信息科技有限公司 | A kind of authorization method and system of software service product |
| CN113051541A (en) * | 2021-03-31 | 2021-06-29 | 广州锦行网络科技有限公司 | Logoff method and device of target account, electronic equipment and computer readable medium |
| CN114138368A (en) * | 2021-11-30 | 2022-03-04 | 招商局金融科技有限公司 | Application deployment system, method, device and storage medium based on cloud-native |
| CN114222006A (en) * | 2021-12-20 | 2022-03-22 | 中国电信股份有限公司 | Processing method based on capability open platform and capability open platform |
| WO2022247812A1 (en) * | 2021-05-28 | 2022-12-01 | 华为技术有限公司 | Authentication method, communication device, and system |
| CN114222006B (en) * | 2021-12-20 | 2024-05-10 | 中国电信股份有限公司 | Processing method based on capability open platform and capability open platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771993A (en) * | 2008-12-31 | 2010-07-07 | 中国移动通信集团公司 | System and method thereof for realizing polymerization application based on mobile network |
| CN102148828A (en) * | 2011-02-25 | 2011-08-10 | 中兴通讯股份有限公司 | Network system and method for realizing click to dial service based on capability open platform |
| CN102196006A (en) * | 2010-03-17 | 2011-09-21 | 中国移动通信集团公司 | Open system for providing resources for application program |
| CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
-
2011
- 2011-12-26 CN CN201110442203.2A patent/CN103179176B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771993A (en) * | 2008-12-31 | 2010-07-07 | 中国移动通信集团公司 | System and method thereof for realizing polymerization application based on mobile network |
| CN102196006A (en) * | 2010-03-17 | 2011-09-21 | 中国移动通信集团公司 | Open system for providing resources for application program |
| CN102148828A (en) * | 2011-02-25 | 2011-08-10 | 中兴通讯股份有限公司 | Network system and method for realizing click to dial service based on capability open platform |
| CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
Non-Patent Citations (3)
| Title |
|---|
| 刘为 等: "利用OpenID和OAuth进行安全授权及风险防范的分析", 《武汉商业服务学院学报》 * |
| 刘镝 等: "基于国内开放平台的Oauth认证框架研究", 《信息通信技术》 * |
| 郑侃 等: "IMS中基于REST的wIMS中间件平台设计与实现", 《电信工程技术与标准化》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187449A (en) * | 2015-09-30 | 2015-12-23 | 北京恒华伟业科技股份有限公司 | Interface calling method and device |
| CN105187449B (en) * | 2015-09-30 | 2018-10-02 | 北京恒华伟业科技股份有限公司 | A kind of interface call method and device |
| CN106201738A (en) * | 2016-06-27 | 2016-12-07 | 北京小米移动软件有限公司 | System broadcasts call method and device |
| CN106709288A (en) * | 2016-12-22 | 2017-05-24 | 腾讯科技(深圳)有限公司 | Application program review operating authorization processing method and application program review operating authorization processing device |
| CN106709288B (en) * | 2016-12-22 | 2018-07-24 | 腾讯科技(深圳)有限公司 | Application program review operations permission treating method and apparatus |
| CN109255208B (en) * | 2018-09-04 | 2020-09-01 | 浪潮云信息技术股份公司 | Software service product authorization method and system |
| CN109255208A (en) * | 2018-09-04 | 2019-01-22 | 山东浪潮云投信息科技有限公司 | A kind of authorization method and system of software service product |
| CN113051541A (en) * | 2021-03-31 | 2021-06-29 | 广州锦行网络科技有限公司 | Logoff method and device of target account, electronic equipment and computer readable medium |
| CN113051541B (en) * | 2021-03-31 | 2022-02-01 | 广州锦行网络科技有限公司 | Logoff method and device of target account, electronic equipment and computer readable medium |
| WO2022247812A1 (en) * | 2021-05-28 | 2022-12-01 | 华为技术有限公司 | Authentication method, communication device, and system |
| CN114138368A (en) * | 2021-11-30 | 2022-03-04 | 招商局金融科技有限公司 | Application deployment system, method, device and storage medium based on cloud-native |
| CN114138368B (en) * | 2021-11-30 | 2024-03-19 | 招商局金融科技有限公司 | Application deployment system, method, equipment and storage medium based on cloud protogenesis |
| CN114222006A (en) * | 2021-12-20 | 2022-03-22 | 中国电信股份有限公司 | Processing method based on capability open platform and capability open platform |
| CN114222006B (en) * | 2021-12-20 | 2024-05-10 | 中国电信股份有限公司 | Processing method based on capability open platform and capability open platform |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103179176B (en) | 2016-01-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102378170B (en) | Method, device and system of authentication and service calling | |
| CN103179176B (en) | The call method that web applies under cloud/cluster environment, device and system | |
| CN102394887B (en) | OAuth protocol-based safety certificate method of open platform and system thereof | |
| CN110855791B (en) | Block link point deployment method and related equipment | |
| CN103685138A (en) | Method and system for authenticating application software of Android platform on mobile internet | |
| CN109168139B (en) | WiFi sharing method based on block chain and server | |
| CN102571693A (en) | Capability safety calling method, device and system | |
| CN110535648A (en) | Electronic certificate is generated and verified and key controlling method, device, system and medium | |
| CN101645775A (en) | Over-the-air download-based dynamic password identity authentication system | |
| CN105141460A (en) | Multi-platform based unified account system | |
| WO2023005838A1 (en) | Data sharing method and electronic device | |
| CN103186721B (en) | Digital copyright service control, Apparatus and system | |
| CN110619222A (en) | Authorization processing method, device, system and medium based on block chain | |
| CN102984046A (en) | Processing method of instant messaging business and corresponding network equipment | |
| CN105338000A (en) | Verification method and verification system | |
| CN106696749A (en) | Charging method and system for electric automobile charging pile with Zigbee | |
| CN104301288A (en) | Method and system for online identity authentication, online transaction certification, and online certification protection | |
| CN107819766A (en) | Safety certifying method, system and computer-readable recording medium | |
| CN101789973A (en) | Method and system for constructing Mashup application | |
| KR101120059B1 (en) | Billing verifying apparatus, billing apparatus and method for cloud computing environment | |
| CN104918245B (en) | A kind of identity identifying method, device, server and client | |
| CN104426865A (en) | Method, device and system for controlling presentation of application | |
| CN103124252A (en) | Client application access authentication processing method and device | |
| CN105743651A (en) | Method and apparatus for utilizing card application in chip security domain, and application terminal | |
| CN110766388B (en) | Virtual card generation method and system and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |