CN103179176B - The call method that web applies under cloud/cluster environment, device and system - Google Patents
The call method that web applies under cloud/cluster environment, device and system Download PDFInfo
- Publication number
- CN103179176B CN103179176B CN201110442203.2A CN201110442203A CN103179176B CN 103179176 B CN103179176 B CN 103179176B CN 201110442203 A CN201110442203 A CN 201110442203A CN 103179176 B CN103179176 B CN 103179176B
- Authority
- CN
- China
- Prior art keywords
- application
- module
- platform
- safety module
- web
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of call method of web application under cloud/cluster environment, device and system, wherein, the method comprises: application safety module receives the call request of web application, and confirms the application example number self storing this web application; Temporary Authorization request is sent to platform safety module by application safety module, and receives the temporary Authorization information passed through through platform safety module verification; Application safety module sends the web application invocation request carrying application example number and temporary Authorization information to platform safety module, and receives the web application call result passed through through platform safety module verification.Methods, devices and systems of the present invention, provide various ability towards developer, are convenient to developer based on the different application of capability development, and then promote the use of web application.
Description
Technical field
The present invention relates to data service technology in the communications field, particularly, relate to the call method of web application under cloud/cluster environment, device and system.
Background technology
In the prior art, application number be 201010544357.8 Chinese patent application disclose business data controllable distribution based on cloud computing and fusion application system, system is made up of cloud computing service resource cluster and cloud providing end, user terminal and cloud request end and virtual cloud service centre and middleware; Cloud providing end provides corresponding business data resource and application power service by the device clusters that virtual cloud service centre manages; Cloud request end proposes service request; The task requests that virtual cloud service centre submits to according to user, finds and meets the business data resource of user's request, and provides on-demand service for cloud request end; Virtual cloud service centre obtains distribution route according to business data publish/subscribe Service Properties, complete the Data Migration between cloud cluster server, carried out safe validity checking and the distribution services management of Distribution status by communication interface, encapsulate data the message into consolidation form; Message after encapsulation is added in converged communication platform, realizes hierarchical arrangement and the service attribute management of distribution services, strengthen the validity of business data terminal applies.
Application number be 201010536544.1 Chinese patent application disclose the cluster of data security implementation method and a kind of high security under a kind of cluster environment.Comprise CA certificate center, security gateway, hardware accreditation equipment, cryptographic service module, computing node, remote terminal, management node and storage server.In the present invention, the file of each user is independent encrypting storing and transmission, stops the potential safety hazard of illegally checking user's significant data, prevents possiblely in Internet Transmission to divulge a secret and divulge a secret in a group of planes that artificial origin causes simultaneously.
In reality, the web application of developer's exploitation not only operates in separate unit physical machine, can also be deployed in cloud, cluster environment.Therefore, how under cloud/cluster environment, solve the fail safe of web application call ability, ensure that fail safe, charging fail safe, personal secrets etc. that user uses web to apply become more and more important, and existing above-mentioned prior art effectively cannot solve the problems of the technologies described above.
Summary of the invention
The object of the invention is the defect for the invoked procedure fail safe of web application is not high under cloud/cluster environment in prior art, propose a kind of call method of web application under cloud/cluster environment, device and system.
For achieving the above object, according to an aspect of the present invention, a kind of call method of web application under cloud/cluster environment is provided.
According to the call method that the web under cloud/cluster environment of the embodiment of the present invention applies, comprising:
Application safety module receives the call request of web application, and confirms the application example number self storing this web application;
Temporary Authorization request is sent to platform safety module by application safety module, and receives the temporary Authorization information passed through through platform safety module verification;
Application safety module sends the web application invocation request carrying application example number and temporary Authorization information to platform safety module, and receives the web application call result passed through through platform safety module verification.
In technique scheme, the step and temporary Authorization request being sent between the step of platform safety module confirming self to store the application example number that this web applies in application safety module also comprises:
Application safety module checks self whether to there is temporary Authorization mark, if existed, then checks whether this temporary Authorization mark is expired;
If temporary Authorization mark does not exist or out of date, generate web mark and identify to platform safety module request temporary Authorization.
For achieving the above object, according to an aspect of the present invention, the call method of another kind of web application under cloud/cluster environment is provided.
According to the call method that the web under cloud/cluster environment of the embodiment of the present invention applies, comprising:
Platform safety module receives the temporary Authorization request that application safety module sends, and verifies this temporary Authorization request, sends temporary Authorization information after being verified to application safety module;
The web application invocation request of what platform safety module received that application safety module sends carry application example number and temporary Authorization information, and this web application invocation request is verified, call web application by platform access module after being verified and return to application safety module.
In technique scheme, when meeting initialization condition, then:
Platform access module receives the web application registration request carrying web mark that application safety module sends, and this registration request is transmitted to platform safety module;
Platform safety module verifies to web mark the legitimacy guaranteeing this web application registration request, generates the application example number of web application;
Application example number is returned to application safety module and stores by platform safety module.
In technique scheme, platform safety module comprises the step that this web application invocation request is verified:
Platform access module receives the web application invocation request that application safety module sends, and sends the identity verification request carrying application example number and temporary Authorization information to platform authentication module;
Platform authentication module sends identity verification request to described platform safety module, and platform safety module is verified the temporary Authorization mark in described temporary Authorization information;
After being verified, platform safety module returns identity verification result by platform authentication module to described platform access module.
In technique scheme, called by platform access module after the step that platform safety module is verified this web application invocation request, after being verified before web application returns to the step of application safety module and also comprise:
Platform access module sends web application call checking request to platform authentication module;
Platform authentication module is applied according to web the order relations applied with the contract signing relationship of application platform, user and web and is verified;
After being verified, platform authentication module carries out withholding fee process to the user that described web applies.
In technique scheme, called after web application returns to the step of application safety module by platform access module after being verified and also comprise:
Platform access module sends fee deduction treatment notice to platform authentication module, and performs fee deduction treatment by platform authentication module.
For achieving the above object, according to another aspect of the present invention, a kind of calling device of web application under cloud/cluster environment is provided.
According to the calling device that the web under cloud/cluster environment of the embodiment of the present invention applies, comprising:
Application safety module, for receiving the call request of web application, and confirm the application example number self storing this web application, temporary Authorization request is sent to platform safety module, and receive the temporary Authorization information passed through through platform safety module verification, and send the web application invocation request carrying application example number and temporary Authorization information to platform safety module, and receive the web application call result passed through through platform safety module verification.
In technique scheme, whether application safety module, also self exist temporary Authorization mark for checking, if existed, then checks whether this temporary Authorization mark is expired;
If temporary Authorization mark does not exist or out of date, generate web mark and identify to platform safety module request temporary Authorization.
For achieving the above object, according to another aspect of the present invention, the calling device of another kind of web application under cloud/cluster environment is provided.
According to the calling device that the web under cloud/cluster environment of the embodiment of the present invention applies, comprising:
Platform safety module, for receiving the temporary Authorization request that application safety module sends, and this temporary Authorization request is verified, temporary Authorization information is sent to application safety module after being verified, and receive the web application invocation request carrying application example number and temporary Authorization information that application safety module sends, and this web application invocation request is verified;
Platform access module, for after platform safety module is verified web application invocation request, calls web application and returns to application safety module.
In technique scheme, initialization judge module, for judging the initialization condition that web applies, when meeting initialization condition, toggling init handling process;
Platform access module, also for receiving the web application registration request carrying web mark that application safety module sends, and is transmitted to platform safety module by this registration request;
Platform safety module, also for verifying to web mark the legitimacy guaranteeing this web application registration request, generates the application example number of web application, application example number is returned to application safety module and stores.
In technique scheme, device also comprises:
Platform access module, also for receiving the web application invocation request that application safety module sends, and sends the identity verification request carrying application example number and temporary Authorization information to platform authentication module;
Platform authentication module, for sending described identity verification request to platform safety module;
Platform safety module, also for verifying the temporary Authorization mark in temporary Authorization information, after being verified, returns identity verification result by platform authentication module to platform access module.
In technique scheme, device also comprises:
Platform access module, also for sending web application call checking request to platform authentication module;
Platform authentication module, the order relations applied for the contract signing relationship according to web application and application platform, user and web is verified, after being verified, carries out withholding fee process to the user of web application.
In technique scheme, platform access module, also for sending fee deduction treatment notice to platform authentication module;
Platform authentication module, for performing fee deduction treatment.
For achieving the above object, according to another aspect of the present invention, the calling system of another kind of web application under cloud/cluster environment is provided.
According to the calling system that the web under cloud/cluster environment of the embodiment of the present invention applies, comprising:
Application safety module, for receiving the call request of web application, and confirm the application example number self storing this web application, temporary Authorization request is sent to platform safety module, and receive the temporary Authorization information passed through through described platform safety module verification, and send the web application invocation request carrying application example number and temporary Authorization information to platform safety module, and receive the web application call result passed through through platform safety module verification;
Platform safety module, for receiving the temporary Authorization request that application safety module sends, and this temporary Authorization request is verified, temporary Authorization information is sent to application safety module after being verified, and receive the web application invocation request carrying application example number and temporary Authorization information that application safety module sends, and this web application invocation request is verified;
Platform access module, for after platform safety module is verified web application invocation request, calls web application and returns to application safety module.
In technique scheme, system also comprises initialization judge module:
Initialization judge module, for judging the initialization condition that web applies, when meeting initialization condition, toggling init handling process;
Platform access module, also for receiving the web application registration request carrying web mark that application safety module sends, and is transmitted to platform safety module by this registration request;
Platform safety module, also for verifying to web mark the legitimacy guaranteeing this web application registration request, generates the application example number of web application, application example number is returned to application safety module and stores;
Whether application safety module, also self exist temporary Authorization mark for checking, if existed, then checks whether this temporary Authorization mark is expired; If temporary Authorization mark does not exist or out of date, generate web mark and identify to platform safety module request temporary Authorization.
In technique scheme, system also comprises platform authentication module:
Platform access module, also for receiving the web application invocation request that application safety module sends, and sends the identity verification request carrying application example number and temporary Authorization information to platform authentication module;
Platform authentication module, for sending identity verification request to platform safety module;
Platform safety module, also for verifying the temporary Authorization mark in temporary Authorization information, after being verified, returns identity verification result by platform authentication module to platform access module.
In technique scheme, system also comprises platform authentication module:
Platform access module, also for sending web application call checking request to platform authentication module;
Platform authentication module, the order relations applied for the contract signing relationship according to web application and application platform, user and web is verified, after being verified, carries out withholding fee process to the user of web application.
In technique scheme, platform access module, also for sending fee deduction treatment notice to platform authentication module;
Platform authentication module, for performing fee deduction treatment.
The call method that the web under cloud/cluster environment of various embodiments of the present invention applies, device and system, provide various ability towards developer, is convenient to developer based on the different application of capability development, and then promotes the use of web application; User is by using application call ability, and ability open platform is by carrying out certification and authentication realizes the charging of applying and ability is called to developer, web application, user etc.
Other features and advantages of the present invention will be set forth in the following description, and, partly become apparent from specification, or understand by implementing the present invention.Object of the present invention and other advantages realize by structure specifically noted in write specification, claims and accompanying drawing and obtain.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and forms a part for specification, together with embodiments of the present invention for explaining the present invention, is not construed as limiting the invention.In the accompanying drawings:
Fig. 1 is the initial method schematic flow sheet of web application under cloud/cluster environment of the present invention;
Fig. 2 is the call method schematic flow sheet of web application under cloud/cluster environment of the present invention;
Fig. 3 is the calling device structural representation of web application under cloud/cluster environment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein is only for instruction and explanation of the present invention, is not intended to limit the present invention.
The present invention is that the web application operated under cloud/cluster environment provides a kind of method and apparatus carrying out safe ability and call, and this method and device comprise two and use flow processs, are respectively: web application initializes, web application power are called.
By initialize flow, ability open platform (OMP, OpenMobilePlatform) carries out authentication to web application, and distributes unique application example number (AppInstanceID) for each web application example.After application safety module obtains application example number (AppInstanceID), the storage application example number (AppInstanceID) of safety in application safety module.
During call capability, application safety module is to ability open platform OMP transmitting capacity call request, should comprise in request: the information such as application example number (AppInstanceID), application identities (APP_ID), user ID (PID), temporary Authorization Token (TmpWebToken), HOTP counter (i.e. applicating counter, Counter).
Wherein, AppInstanceID is the mark of application example, is used for identifying the different instances of same application.Here " example " is the mark physically of application, generally can be understood as process.APP_ID and AppInstanceID is the relation of one-to-many, and an application can corresponding Multi-instance.Such as, same application deployment is on two physical hosts, and two processes of the same application of every platform host-initiated, each process is an example of application, same like this application " application example " that just correspondence four is different.AppInstanceID and TmpWebToken, Counter are respectively relation one to one, and OMP platform can verify the validity of TmpWebToken and Counter by the AppInstanceID corresponding according to each application example.
embodiment of the method
According to the embodiment of the present invention, provide the initial method of web application under a kind of cloud/cluster environment, Fig. 1 is the initial method schematic flow sheet of web application under cloud/cluster environment of the present invention.
Any one in following condition all can trigger the initialize flow of web application:
1), after application safety module receives the service request of web application call, find not carry out successful registration mistake by the login state mark of inquiry application safety module local record;
2) before the request of transmission web application access authentication, application safety module detects HOTP (HMAC-BasedOneTimePassword, one-time password based on HMAC) counter reaches greatest measure, namely, when Counter reaches 99999999, the initialization of web application need again be initiated;
3) before the request of transmission web application access authentication, application safety module does not detect that this locality stores application example number (AppInstanceID).
By initialize flow, OMP platform and web apply and realize authentication, and application safety module is each application example distributes unique application example number (AppInstanceID).After application safety module obtains application example number, safe storage in application safety module.
Application example number is unique number, by platform safety CMOS macro cell, the number of each generation is all different, the coding rule of application example number is the numerical character of 18, YYYYMMDDHHMISSXXXX, and wherein first 14 is date Hour Minute Second, latter 4 is period, recycle from 0000-9999, example: 201001101513110022, platform safety module need guarantee that application example number is unique.
Initialize flow comprises:
Step 101: after application safety module receives the service request of web application call, checks whether this locality stores application example number, if do not had, carries out subsequent step;
Step 103: registration request is used HTTPS (HypertextTransferProtocoloverSecureSocketLayer by application safety module, taking safety as the HTTP passage of target) passage mails to platform access module, and the parameter comprised in the message of registration request has: the parameters such as web application identities APP_ID, WebToken (i.e. web mark);
Wherein:
WebToken=HMAC[APPKey,Counter]
Counter is 8 Bytes, and adopt ASCII to encode, form is " XXXXXXXX ", the wherein character of " X " expression " 0 "-" 9 ", the scope of Counter is: " 00000001 "-" 99999999 ", and the numerical value often generating WebToken, a Counter adds up one automatically.When Token generating function in embody rule generates Token at every turn, Counter all will add up one, and the request success or not of no matter last network side.Platform safety module needs the last look retaining Counter in the arbitrary application of arbitrary equipment, and the Counter received during to ensure verification is next time up-to-date.
In the initialize flow of web application, Counter value is always 00000001.
Step 105: this registration request is transmitted to platform authentication module by platform access module;
Step 107: registration request is sent to platform safety module by platform authentication module;
Step 109: platform safety module is verified to guarantee that this request comes from legal web application to WebToken, namely applies through the web that network operator authorizes uses;
Step 111: WebToken is by rear generation unique identification one application example number (AppInstanceID) for the verification of platform safety module;
Step 113: application example number is returned platform authentication module by platform safety module;
Step 115: application example number is returned platform access module by platform authentication module;
Step 117: application example number is returned application safety module by platform access module;
Step 119: the information such as application safety module record Counter, application example number;
Step 121: application safety module notice web application is succeeded in registration.
According to the embodiment of the present invention, provide the call method of web application under a kind of cloud/cluster environment, Fig. 2 is the call method schematic flow sheet of web application under cloud/cluster environment of the present invention.
The present embodiment comprises:
Step 201: when user uses web to apply, web browser is to applied logic module transmitting capacity call request, and applied logic module calls application safety module, transfer capability call request;
Step 203: first application safety module checks whether this locality stores application example number (AppInstanceID), if do not stored, then initiates the initialize flow of web application; If store application example number, first check whether this locality has temporary Authorization Token (i.e. temporary Authorization mark, TmpWebToken), if had, then check that whether this TmpWebToken is expired, if TmpWebToken does not exist or out of date, then generate WebToken (namely web identifies) to platform safety module request temporary Authorization Token according to application key A PPKey, counter Counter, time YY-MM; If TmpWebToken is not out of date, then carry out following step;
Step 205: application safety module sends the request of acquisition temporary Authorization Token to platform access module, and this request comprises: AppInstanceID, APP_ID, WebToken and Counter value etc.;
Step 207: platform access module forwards the request of acquisition temporary Authorization Token to platform authentication module;
Step 209: platform authentication module is sending the request of acquisition temporary Authorization Token to platform safety module, platform safety module is verified WebToken, after checking, by platform safety CMOS macro cell temporary Authorization Token (TmpWebToken), and the term of validity length ValidTime of this Token;
Step 211: platform safety module returns the result to platform authentication module, and this result comprises: TmpWebToken, ValidTime;
Step 213: platform authentication module returns the result to platform access module;
Step 215: platform access module returns the result to application safety module, and TmpWebToken, ValidTime store by application safety module;
Step 217: application safety module is to platform access module transmitting capacity call request, this ability call request comprises: AppInstanceID, APP_ID, PID (PseudoID, pseudo-code), TmpWebToken, Counter value etc., wherein, PID is used for mark user, associating with the cell-phone number of user, using pseudo-code to be to protect user's real handset number not leak;
Step 219: platform access module sends Token checking request to platform authentication module, and this Token verifies that request comprises: AppInstanceID, APP_ID, PID, TmpWebToken, Counter value etc.;
Step 221: platform authentication module sends Token checking request to platform safety module, and platform safety module verification TmpWebToken, if be verified, then goes to step 223, if checking is not passed through, then returns error code;
Step 223: platform safety module returns message that Token is verified to platform authentication module;
Step 225: platform authentication module returns message that Token is verified to platform access module;
Step 227: platform access module transmitting capacity calls checking request (i.e. web application call checking request) to platform authentication module, wherein, ability is called checking request and is comprised APP_ID, PID, EID (EnablerID, ability ID) etc. information, platform authentication module is to the account of web application and the contract signing relationship of ability, user and the order relations of web application product, the sub-account of developer and user, verify one by one, if be verified, then go to step 229, if checking is not passed through, then return error code;
Step 229: platform authentication module carries out withholding fee process to the user that web applies, and the object information be verified is sent to platform access module, this object information comprises the information such as APP_ID, EID, MSISDN (MobileSubscriberISDNNumber, mobile subscriber's international number);
Step 231: platform access module is from ability platform (i.e. application platform) call capability (i.e. web application);
Step 233: ability platform resettability calls response to platform access module;
Step 235: platform access module calls result to application safety module resettability;
Step 237: application safety module calls response message to applied logic module resettability;
Step 239: applied logic module calls result to web browser resettability;
Step 241: platform access module sends fee deduction treatment notice to platform authentication module, and notice comprises the information such as APP_ID, MSISDN, and platform authentication module performs fee deduction treatment;
Step 243: platform authentication module returns fee deduction treatment and responds to platform access module;
Step 245: the request of platform authentication module transmit telephone bill is to BOSS (business operation support system), and this ticket request comprises the information such as APP_ID, MSISDN;
Step 247:BOSS returns result of deducting fees to platform authentication module.
The call method of web application under cloud/cluster environment of the present invention, provides various ability (such as: note, multimedia message, position etc.) towards developer, is convenient to developer based on the different application of capability development, and then promotes the use of web application; User is by using application call ability, and ability open platform is by carrying out certification and authentication realizes the charging of applying and ability is called to developer, web application, user etc.
The call method of web application under cloud/cluster environment of the present invention, for the generic way of web application deployment in cluster, cloud environment, ensure that the fail safe of web application call ability, also ensure that fail safe that user uses web to apply, charging fail safe, personal secrets.
device embodiment
According to the embodiment of the present invention, provide a kind of calling device of web application under cloud/cluster environment.
The present embodiment comprises:
Application safety module, for receiving the call request of web application, and confirm the application example number self storing this web application, temporary Authorization request is sent to platform safety module, and receive the temporary Authorization information passed through through platform safety module verification, and send the web application invocation request carrying application example number and temporary Authorization information to platform safety module, and receive the web application call result passed through through platform safety module verification.
Wherein:
Whether application safety module, also self exist temporary Authorization mark for checking, if existed, then checks whether this temporary Authorization mark is expired;
If temporary Authorization mark does not exist or out of date, generate web mark to described platform safety module request temporary Authorization mark.
According to the embodiment of the present invention, provide the calling device of another kind of web application under cloud/cluster environment, as shown in Figure 3.
The present embodiment comprises:
Platform safety module 303, for receiving the temporary Authorization request that application safety module sends, and this temporary Authorization request is verified, temporary Authorization information is sent to application safety module after being verified, and receive the web application invocation request carrying application example number and temporary Authorization information that application safety module sends, and this web application invocation request is verified;
Platform access module 301, for after platform safety module 303 pairs of web application invocation request are verified, call web application and returns to application safety module.
Wherein:
Initialization judge module 304, for judging the initialization condition that web applies, when meeting initialization condition, triggering platform access module 301, being transmitted to platform safety module 303, carrying out initialization process by platform safety module 303 by platform access module 301;
Platform access module 301, also for receiving the web application registration request carrying web mark that application safety module sends, and is transmitted to platform safety module 303 by this registration request;
Platform safety module 303, also for verifying to web mark the legitimacy guaranteeing this web application registration request, generates the application example number of web application, application example number is returned to application safety module and stores.
It should be noted that, initialization judge module 304 both can be arranged as the submodule of application safety module, also can be arranged on separately in OMP platform side, application side or other position.
Wherein:
Platform access module 301, also for receiving the web application invocation request that application safety module sends, and sends the identity verification request carrying application example number and temporary Authorization information to platform authentication module 302;
Platform authentication module 302, for sending identity verification request to platform safety module 303;
Platform safety module 303, also for verifying the temporary Authorization mark in temporary Authorization information, after being verified, returns identity verification result by platform authentication module 302 to platform access module 301.
Wherein:
Platform access module 301, also for sending web application call checking request to platform authentication module 302;
Platform authentication module 302, the order relations applied for the contract signing relationship according to web application and application platform, user and web is verified, after being verified, carries out withholding fee process to the user of web application.
Wherein:
Platform access module 301, also for sending fee deduction treatment notice to platform authentication module 302;
Platform authentication module 302, for performing fee deduction treatment.
The calling device of web application under cloud/cluster environment of the present invention, provides various ability (such as: note, multimedia message, position etc.) towards developer, is convenient to developer based on the different application of capability development, and then promotes the use of web application; User is by using application call ability, and ability open platform is by carrying out certification and authentication realizes the charging of applying and ability is called to developer, web application, user etc.
The calling device of web application under cloud/cluster environment of the present invention, for the generic way of web application deployment in cluster, cloud environment, ensure that the fail safe of web application call ability, also ensure that fail safe that user uses web to apply, charging fail safe, personal secrets.
system embodiment
According to the embodiment of the present invention, provide a kind of calling system of web application under cloud/cluster environment.
The present embodiment comprises:
Application safety module, for receiving the call request of web application, and confirm the application example number self storing this web application, temporary Authorization request is sent to platform safety module, and receive the temporary Authorization information passed through through described platform safety module verification, and send the web application invocation request carrying application example number and temporary Authorization information to platform safety module, and receive the web application call result passed through through platform safety module verification;
Platform safety module, for receiving the temporary Authorization request that application safety module sends, and this temporary Authorization request is verified, temporary Authorization information is sent to application safety module after being verified, and receive the web application invocation request carrying application example number and temporary Authorization information that application safety module sends, and this web application invocation request is verified;
Platform access module, for after platform safety module is verified web application invocation request, calls web application and returns to application safety module.
Wherein, system also comprises initialization judge module:
Initialization judge module, for judging the initialization condition that web applies, when meeting initialization condition, toggling init handling process;
Platform access module, also for receiving the web application registration request carrying web mark that application safety module sends, and is transmitted to platform safety module by this registration request;
Platform safety module, also for verifying to web mark the legitimacy guaranteeing this web application registration request, generates the application example number of web application, application example number is returned to application safety module and stores;
Whether application safety module, also self exist temporary Authorization mark for checking, if existed, then checks whether this temporary Authorization mark is expired; If temporary Authorization mark does not exist or out of date, generate web mark and identify to platform safety module request temporary Authorization.
Wherein, system also comprises platform authentication module:
Platform access module, also for receiving the web application invocation request that application safety module sends, and sends the identity verification request carrying application example number and temporary Authorization information to platform authentication module;
Platform authentication module, for sending identity verification request to platform safety module;
Platform safety module, also for verifying the temporary Authorization mark in temporary Authorization information, after being verified, returns identity verification result by platform authentication module to platform access module.
Wherein, system also comprises platform authentication module:
Platform access module, also for sending web application call checking request to platform authentication module;
Platform authentication module, the order relations applied for the contract signing relationship according to web application and application platform, user and web is verified, after being verified, carries out withholding fee process to the user of web application.
Wherein:
Platform access module, also for sending fee deduction treatment notice to platform authentication module;
Platform authentication module, for performing fee deduction treatment.
The calling system of web application under cloud/cluster environment of the present invention, for the generic way of web application deployment in cluster, cloud environment, ensure that the fail safe of web application call ability, also ensure that fail safe that user uses web to apply, charging fail safe, personal secrets.
One of ordinary skill in the art will appreciate that: all or part of step realizing said method embodiment can have been come by the hardware that program command is relevant, aforesaid program can be stored in a computer read/write memory medium, this program, when performing, performs the step comprising said method embodiment; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (19)
1. a call method for web application under cloud/cluster environment, is characterized in that, comprising:
Application safety module receives the call request of web application, and confirms the application example number self storing this web application;
Described application safety module uses HTTPS passage, and temporary Authorization request is sent to platform safety module, and receives the temporary Authorization information passed through through described platform safety module verification;
Described application safety module sends the web application invocation request carrying described application example number and temporary Authorization information to described platform safety module, and receives the web application call result passed through through described platform safety module verification.
2. method according to claim 1, is characterized in that, the step and temporary Authorization request being sent between the step of platform safety module confirming self to store the application example number that this web applies in application safety module also comprises:
Described application safety module checks self whether to there is temporary Authorization mark, if existed, then checks whether this temporary Authorization mark is expired;
If temporary Authorization mark does not exist or out of date, generate web mark to described platform safety module request temporary Authorization mark.
3. a call method for web application under cloud/cluster environment, is characterized in that, comprising:
Platform safety module receives the temporary Authorization request that application safety module uses HTTPS passage to send, and verifies this temporary Authorization request, sends temporary Authorization information after being verified to described application safety module;
Described platform safety module receives the web application invocation request carrying described application example number and temporary Authorization information that described application safety module sends, and this web application invocation request is verified, call web application by platform access module after being verified and return to application safety module.
4. method according to claim 3, is characterized in that, when meeting initialization condition, then:
Described platform access module receives the web application registration request carrying web mark that described application safety module sends, and this registration request is transmitted to described platform safety module;
Described platform safety module verifies to described web mark the legitimacy guaranteeing this web application registration request, generates the application example number that described web applies;
Described application example number is returned to described application safety module and stores by described platform safety module.
5. method according to claim 3, is characterized in that, platform safety module comprises the step that this web application invocation request is verified:
Described platform access module receives the web application invocation request that application safety module sends, and sends the identity verification request carrying application example number and temporary Authorization information to platform authentication module;
Described platform authentication module sends described identity verification request to described platform safety module, and described platform safety module is verified the temporary Authorization mark in described temporary Authorization information;
After being verified, described platform safety module returns identity verification result by described platform authentication module to described platform access module.
6. method according to claim 3, it is characterized in that, called by platform access module after the step that platform safety module is verified this web application invocation request, after being verified before web application returns to the step of application safety module and also comprise:
Platform access module sends web application call checking request to platform authentication module;
Described platform authentication module is applied according to described web the order relations applied with the contract signing relationship of application platform, user and web and is verified;
After being verified, described platform authentication module carries out withholding fee process to the user that described web applies.
7. method according to claim 6, is characterized in that, is called after web application returns to the step of application safety module also comprise after being verified by platform access module:
Described platform access module sends fee deduction treatment notice to described platform authentication module, and performs fee deduction treatment by described platform authentication module.
8. a calling device for web application under cloud/cluster environment, is characterized in that, comprising:
Application safety module, for receiving the call request of web application, and confirm the application example number self storing this web application, use HTTPS passage, temporary Authorization request is sent to platform safety module, and receive the temporary Authorization information passed through through described platform safety module verification, and the web application invocation request carrying described application example number and temporary Authorization information is sent to described platform safety module, and receive the web application call result passed through through described platform safety module verification.
9. device according to claim 8, is characterized in that,
Whether described application safety module, also self exist temporary Authorization mark for checking, if existed, then checks whether this temporary Authorization mark is expired;
If temporary Authorization mark does not exist or out of date, generate web mark to described platform safety module request temporary Authorization mark.
10. a calling device for web application under cloud/cluster environment, is characterized in that, comprising:
Platform safety module, for receiving the temporary Authorization request that application safety module uses HTTPS passage to send, and this temporary Authorization request is verified, temporary Authorization information is sent to described application safety module after being verified, and receive the web application invocation request carrying described application example number and temporary Authorization information that described application safety module sends, and this web application invocation request is verified;
Platform access module, for after described platform safety module is verified web application invocation request, calls web application and returns to application safety module.
11. devices according to claim 10, is characterized in that, also comprise initialization judge module:
Described initialization judge module, for judging the initialization condition that web applies, when meeting initialization condition, toggling init handling process;
Described platform access module, also for receiving the web application registration request carrying web mark that described application safety module sends, and is transmitted to described platform safety module by this registration request;
Described platform safety module, also for verifying to described web mark the legitimacy guaranteeing this web application registration request, generating the application example number that described web applies, described application example number being returned to described application safety module and storing.
12. devices according to claim 10, is characterized in that, also comprise platform authentication module:
Described platform access module, also for receiving the web application invocation request that application safety module sends, and sends the identity verification request carrying application example number and temporary Authorization information to platform authentication module;
Described platform authentication module, for sending described identity verification request to described platform safety module;
Described platform safety module, also for verifying the temporary Authorization mark in described temporary Authorization information, after being verified, returns identity verification result by described platform authentication module to described platform access module.
13. devices according to claim 10, is characterized in that, also comprise platform authentication module:
Described platform access module, also for sending web application call checking request to platform authentication module;
Described platform authentication module, the order relations applied for the contract signing relationship according to described web application and application platform, user and web is verified, after being verified, carries out withholding fee process to the user that described web applies.
14. devices according to claim 13, is characterized in that,
Described platform access module, also for sending fee deduction treatment notice to described platform authentication module;
Described platform authentication module, for performing fee deduction treatment.
The calling system of 15. 1 kinds of web application under cloud/cluster environment, is characterized in that, comprising:
Application safety module, for receiving the call request of web application, and confirm the application example number self storing this web application, use HTTPS passage that temporary Authorization request is sent to platform safety module, and receive the temporary Authorization information passed through through described platform safety module verification, and send the web application invocation request carrying described application example number and temporary Authorization information to described platform safety module, and receive the web application call result passed through through described platform safety module verification;
Platform safety module, for receiving the temporary Authorization request that application safety module uses HTTPS passage to send, and this temporary Authorization request is verified, temporary Authorization information is sent to described application safety module after being verified, and receive the web application invocation request carrying described application example number and temporary Authorization information that described application safety module sends, and this web application invocation request is verified;
Platform access module, for after described platform safety module is verified web application invocation request, calls web application and returns to application safety module.
16. systems according to claim 15, is characterized in that, also comprise initialization judge module:
Described initialization judge module, for judging the initialization condition that web applies, when meeting initialization condition, toggling init handling process;
Described platform access module, also for receiving the web application registration request carrying web mark that described application safety module sends, and is transmitted to described platform safety module by this registration request;
Described platform safety module, also for verifying to described web mark the legitimacy guaranteeing this web application registration request, generating the application example number that described web applies, described application example number being returned to described application safety module and storing;
Whether described application safety module, also self exist temporary Authorization mark for checking, if existed, then checks whether this temporary Authorization mark is expired; If temporary Authorization mark does not exist or out of date, generate web mark to described platform safety module request temporary Authorization mark.
17. systems according to claim 15, is characterized in that, also comprise platform authentication module:
Described platform access module, also for receiving the web application invocation request that application safety module sends, and sends the identity verification request carrying application example number and temporary Authorization information to platform authentication module;
Described platform authentication module, for sending described identity verification request to described platform safety module;
Described platform safety module, also for verifying the temporary Authorization mark in described temporary Authorization information, after being verified, returns identity verification result by described platform authentication module to described platform access module.
18. systems according to claim 15, is characterized in that, also comprise platform authentication module:
Described platform access module, also for sending web application call checking request to platform authentication module;
Described platform authentication module, the order relations applied for the contract signing relationship according to described web application and application platform, user and web is verified, after being verified, carries out withholding fee process to the user that described web applies.
19. systems according to claim 18, is characterized in that,
Described platform access module, also for sending fee deduction treatment notice to described platform authentication module;
Described platform authentication module, for performing fee deduction treatment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110442203.2A CN103179176B (en) | 2011-12-26 | 2011-12-26 | The call method that web applies under cloud/cluster environment, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110442203.2A CN103179176B (en) | 2011-12-26 | 2011-12-26 | The call method that web applies under cloud/cluster environment, device and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103179176A CN103179176A (en) | 2013-06-26 |
| CN103179176B true CN103179176B (en) | 2016-01-20 |
Family
ID=48638799
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201110442203.2A Active CN103179176B (en) | 2011-12-26 | 2011-12-26 | The call method that web applies under cloud/cluster environment, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103179176B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187449B (en) * | 2015-09-30 | 2018-10-02 | 北京恒华伟业科技股份有限公司 | A kind of interface call method and device |
| CN106201738B (en) * | 2016-06-27 | 2020-09-29 | 北京小米移动软件有限公司 | System broadcast calling method and device |
| CN106709288B (en) * | 2016-12-22 | 2018-07-24 | 腾讯科技(深圳)有限公司 | Application program review operations permission treating method and apparatus |
| CN109255208B (en) * | 2018-09-04 | 2020-09-01 | 浪潮云信息技术股份公司 | Software service product authorization method and system |
| CN113051541B (en) * | 2021-03-31 | 2022-02-01 | 广州锦行网络科技有限公司 | Logoff method and device of target account, electronic equipment and computer readable medium |
| CN115412911A (en) * | 2021-05-28 | 2022-11-29 | 华为技术有限公司 | Authentication method, communication device and system |
| CN114138368B (en) * | 2021-11-30 | 2024-03-19 | 招商局金融科技有限公司 | Application deployment system, method, equipment and storage medium based on cloud protogenesis |
| CN114222006B (en) * | 2021-12-20 | 2024-05-10 | 中国电信股份有限公司 | Processing method based on capability open platform and capability open platform |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771993A (en) * | 2008-12-31 | 2010-07-07 | 中国移动通信集团公司 | System and method thereof for realizing polymerization application based on mobile network |
| CN102148828A (en) * | 2011-02-25 | 2011-08-10 | 中兴通讯股份有限公司 | Network system and method for realizing click to dial service based on capability open platform |
| CN102196006A (en) * | 2010-03-17 | 2011-09-21 | 中国移动通信集团公司 | Open system for providing resources for application program |
| CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
-
2011
- 2011-12-26 CN CN201110442203.2A patent/CN103179176B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771993A (en) * | 2008-12-31 | 2010-07-07 | 中国移动通信集团公司 | System and method thereof for realizing polymerization application based on mobile network |
| CN102196006A (en) * | 2010-03-17 | 2011-09-21 | 中国移动通信集团公司 | Open system for providing resources for application program |
| CN102148828A (en) * | 2011-02-25 | 2011-08-10 | 中兴通讯股份有限公司 | Network system and method for realizing click to dial service based on capability open platform |
| CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
Non-Patent Citations (1)
| Title |
|---|
| IMS中基于REST的wIMS中间件平台设计与实现;郑侃 等;《电信工程技术与标准化》;20100815(第8期);第77-82页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103179176A (en) | 2013-06-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103179176B (en) | The call method that web applies under cloud/cluster environment, device and system | |
| CN102378170B (en) | Method, device and system of authentication and service calling | |
| CN101978675B (en) | System and method for securely issuing subscription credentials to communication devices | |
| CN108848496B (en) | TEE-based virtual eSIM card authentication method, TEE terminal and management platform | |
| CN102546532B (en) | Capacity calling method, request unit, platform and system | |
| CN102572815B (en) | Method, system and device for processing terminal application request | |
| CN103685138A (en) | Method and system for authenticating application software of Android platform on mobile internet | |
| CN104125565A (en) | Method for realizing terminal authentication based on OMA DM, terminal and server | |
| CN104753674B (en) | A kind of verification method and equipment of application identity | |
| CN102843669B (en) | Data access method and device | |
| CN101438530A (en) | Authentication method for wireless transactions | |
| CN102571693A (en) | Capability safety calling method, device and system | |
| CN101351027A (en) | Method and system for processing service authentication | |
| CN101645775A (en) | Over-the-air download-based dynamic password identity authentication system | |
| CN103974248A (en) | Terminal security protection method, device and system in ability open system | |
| CN103974250A (en) | Configuration method and equipment | |
| CN104717648A (en) | Unified authentication method and device based on SIM card | |
| CN102567903B (en) | A kind of Web applications subscribe method, Apparatus and system | |
| CN105338000A (en) | Verification method and verification system | |
| CN106696749A (en) | Charging method and system for electric automobile charging pile with Zigbee | |
| CN107819766A (en) | Safety certifying method, system and computer-readable recording medium | |
| CN107645474B (en) | Method and device for logging in open platform | |
| CN110766388B (en) | Virtual card generation method and system and electronic equipment | |
| CN105743651A (en) | Method and apparatus for utilizing card application in chip security domain, and application terminal | |
| CN104918245B (en) | A kind of identity identifying method, device, server and client |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |