CN104580211B - SOA architecture-based intrusive system - Google Patents
SOA architecture-based intrusive system Download PDFInfo
- Publication number
- CN104580211B CN104580211B CN201510008505.7A CN201510008505A CN104580211B CN 104580211 B CN104580211 B CN 104580211B CN 201510008505 A CN201510008505 A CN 201510008505A CN 104580211 B CN104580211 B CN 104580211B
- Authority
- CN
- China
- Prior art keywords
- interface
- integration platform
- user
- service
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000010354 integration Effects 0.000 claims abstract description 53
- 235000014510 cooky Nutrition 0.000 claims description 12
- 230000036651 mood Effects 0.000 claims description 10
- 238000004088 simulation Methods 0.000 claims description 4
- 230000001360 synchronised effect Effects 0.000 claims description 4
- 238000010200 validation analysis Methods 0.000 claims description 4
- 239000004744 fabric Substances 0.000 claims 1
- 230000006870 function Effects 0.000 abstract description 12
- 238000000034 method Methods 0.000 abstract description 2
- 230000008520 organization Effects 0.000 abstract 2
- 230000009191 jumping Effects 0.000 abstract 1
- 238000007726 management method Methods 0.000 description 26
- 230000000694 effects Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000007935 neutral effect Effects 0.000 description 1
- 230000001737 promoting effect Effects 0.000 description 1
- 230000009897 systematic effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses an SOA architecture-based intrusive system, which comprises three parts: an integrated management platform, an ESB and an integration platform SDK; the integrated management platform comprises login, unified authentication, a unified interface, unified user management, organization and organization management, unified resource management and menu management functions; the ESB is used for issuing main data synchronization service, task message service and login authentication service in the integration platform; the integration platform SDK mainly comprises three parts: resource access controllers, local interfaces, and other tools. The invention has the following characteristics: the user can see the functional modules of all systems in the authority range of the user only by logging in once, so that direct access operation can be performed, and frequent jumping among different systems is avoided; higher safety guarantee is provided, the possibility of illegal interception and damage to user information synchronization between systems is reduced, and the safety is correspondingly improved; preventing abuse of rights after information sharing; and the method provides specifications for the development of various service systems.
Description
Technical field
The present invention relates to technical field of information management, specifically a kind of intrusive mood system based on SOA framework.
Background technology
At present, the informatization of various regions tax system flourishes, some self-built operation systems, such as the electronics source of tax revenue
The decision-making inquiry class system of management, tax administrator system platform and some other auxiliary, subsequently will also develop some new industry
Business system.System exposes some problems in use at present, is concentrated mainly on following three aspects:
1)Because system is each independent, a global function view can not be formed, user is using each application system
It must all be logged in before according to corresponding system identity, for this, user must remember the user name of each system and close
Code, this brings many troubles to user.
2)Each system is separate, in use repeatedly when multiple systems carry out business processing, it is necessary to not
Frequently redirected between homologous ray, so bring many inconvenience to practical operation.
3)Independently developed system has played effective effect in work in every, it is necessary to by practice effect it is good, have
The application experience of promotional value, which absorbs, to be incorporated into platform, plays bigger effect.At present, independently developed system lacks unified
, larger second-time development workload in integration process be present in user interface, user management and the rights management of planning.In order to save
About resource, improve efficiency, it is necessary to propose unified exploitation standards and norms, instruct the transformation of existed system and newly-built system
Exploitation.
The content of the invention
The technical assignment of the present invention is to provide a kind of intrusive mood system based on SOA framework.
The technical assignment of the present invention realizes that the system is made up of three parts in the following manner:Integrated Management Platform,
ESB and integration platform SDK;
Integrated Management Platform includes login, unified certification, unified interface, Union user management, information department management, uniformly
Resource management, menu management function;Master data in Integrated Management Platform is provided from body and other systems use;
ESB is used to issue master data synchronous service, task message service and the login authentication service in integration platform, system
Two kinds of interface protocols of EJB and WebService are provided;
Mainly include three parts in integration platform SDK:Resource access controller, local interface and other instruments;Resource is visited
Ask controller, the access control safety of protection operation system in itself;Local interface encapsulates the access to remote service, facilitates industry
The exploitation of business system;The simulation login interface that other instruments are debugged for convenience of operation system exploitation.
The flow of described login authentication service is as follows:
1)User is logged in by browser from integration;The login service of integration receives request, the certification of calling platform
Service obtains the operating right information of user, and sessionID is created if if certification and is saved in database;Integration platform
Create in platform Cookie, Cookie and include sessionID information;
2)In homepage, user clicks on menu corresponding to some operation system function, then the request is directly sent to pair
The operation system answered, and received by the resource access controller of operation system;
3)Cookie information of the resource access controller of operation system in request is recalled in Interface.jar
Login authentication interface;Login authentication interface in interface.jar calls certification to connect according to the interface protocol of system configuration
Mouthful;
4)Call the authentication service of integration platform issue in business end;
5)SessionID in EJB interface interchange integration platforms is verified, after being verified, being created for the user should
Session in service application, while again function pages corresponding to request steering:The resource of the direct access service system of user, visit
Ask that link can be forwarded to integration platform and be authenticated servicing by controller;Access controller will access url, sessionID, system
ID and user id is spliced to integration platform and accessed in link, returns to browser;Link is forwarded to integration platform by browser;It is whole
After closing platform validation success, link is forwarded to business platform;After business platform checking, the resource that user accesses is returned to clear
Look at device.
Described step 3)Login authentication interface in middle interface.jar calls according to the interface protocol of system configuration
Authentication interface in EjbClient.jar or WebService.jar.
Compared to the prior art a kind of intrusive mood system based on SOA framework of the present invention, has the characteristics that:
User only need to once log in the systematic functional module of institute that can be seen in his extent of competence, can carry out directly
Access operation, avoid between different system frequently redirecting;Higher safety guarantee is provided, is effectively reduced between system
The possibility illegally intercepted and captured and destroyed suffered by user profile synchronization, accordingly improves security;To each application system in platform
Authority distribution and permission modification carry out effective unitized management, the service condition for various authorities of auditing, prevent information sharing
Privilege abuse afterwards;Exploitation for following all kinds of operation systems provides specification.
Brief description of the drawings
Accompanying drawing 1 is a kind of block architecture diagram of the intrusive mood system based on SOA framework.
Accompanying drawing 2 is a kind of login authentication schematic flow sheet of the intrusive mood system based on SOA framework.
Embodiment
Embodiment 1:
The intrusive mood system based on SOA framework is made up of three parts:Integrated Management Platform, ESB and integration platform SDK;
Integrated Management Platform includes login, unified certification, unified interface, Union user management, information department management, uniformly
Resource management, menu management function;Master data in Integrated Management Platform is provided from body and other systems use;
ESB is used to issue master data synchronous service, task message service and the login authentication service in integration platform, system
Two kinds of interface protocols of EJB and WebService are provided;
Mainly include three parts in integration platform SDK:Resource access controller, local interface and other instruments;Resource is visited
Ask controller, the access control safety of protection operation system in itself;Local interface encapsulates the access to remote service, facilitates industry
The exploitation of business system;The simulation login interface that other instruments are debugged for convenience of operation system exploitation.
The flow of described login authentication service is as follows:
1)User is logged in by browser from integration;The login service of integration receives request, the certification of calling platform
Service obtains the operating right information of user, and sessionID is created if if certification and is saved in database;Integration platform
Create in platform Cookie, Cookie and include sessionID information;
2)In homepage, user clicks on menu corresponding to some operation system function, then the request is directly sent to pair
The operation system answered, and received by the resource access controller of operation system;
3)Cookie information of the resource access controller of operation system in request is recalled in Interface.jar
Login authentication interface;Login authentication interface in interface.jar calls according to the interface protocol of system configuration
Authentication interface in WebService.jar;
4)Call the authentication service of integration platform issue in business end;
5)SessionID in EJB interface interchange integration platforms is verified, after being verified, being created for the user should
Session in service application, while again function pages corresponding to request steering:The resource of the direct access service system of user, visit
Ask that link can be forwarded to integration platform and be authenticated servicing by controller;Access controller will access url, sessionID, system
ID and user id is spliced to integration platform and accessed in link, returns to browser;Link is forwarded to integration platform by browser;It is whole
After closing platform validation success, link is forwarded to business platform;After business platform checking, the resource that user accesses is returned to clear
Look at device.
Embodiment 2:
The intrusive mood system based on SOA framework is made up of three parts:Integrated Management Platform, ESB and integration platform SDK;
Integrated Management Platform includes login, unified certification, unified interface, Union user management, information department management, uniformly
Resource management, menu management function;Master data in Integrated Management Platform is provided from body and other systems use;
ESB is used to issue master data synchronous service, task message service and the login authentication service in integration platform, system
Two kinds of interface protocols of EJB and WebService are provided;
Mainly include three parts in integration platform SDK:Resource access controller, local interface and other instruments;Resource is visited
Ask controller, the access control safety of protection operation system in itself;Local interface encapsulates the access to remote service, facilitates industry
The exploitation of business system;The simulation login interface that other instruments are debugged for convenience of operation system exploitation.
The flow of described login authentication service is as follows:
1)User is logged in by browser from integration;The login service of integration receives request, the certification of calling platform
Service obtains the operating right information of user, and sessionID is created if if certification and is saved in database;Integration platform
Create in platform Cookie, Cookie and include sessionID information;
2)In homepage, user clicks on menu corresponding to some operation system function, then the request is directly sent to pair
The operation system answered, and received by the resource access controller of operation system;
3)Cookie information of the resource access controller of operation system in request is recalled in Interface.jar
Login authentication interface;Login authentication interface in interface.jar calls according to the interface protocol of system configuration
Authentication interface in EjbClient.jar;
4)Call the authentication service of integration platform issue in business end;
5)SessionID in EJB interface interchange integration platforms is verified, after being verified, being created for the user should
Session in service application, while again function pages corresponding to request steering:The resource of the direct access service system of user, visit
Ask that link can be forwarded to integration platform and be authenticated servicing by controller;Access controller will access url, sessionID, system
ID and user id is spliced to integration platform and accessed in link, returns to browser;Link is forwarded to integration platform by browser;It is whole
After closing platform validation success, link is forwarded to business platform;After business platform checking, the resource that user accesses is returned to clear
Look at device.
SOA framework is Services Oriented Achitecture, is a component model, and it is by the different function units of application program
(Referred to as service)Good interface is defined between being serviced by these and contract connects.Interface is entered by the way of neutral
Row definition, it should be independently of hardware platform, operating system and the programming language for realizing service.This causes structure various each
Service in the system of sample can use a kind of unification and general mode to interact.
By embodiment above, the those skilled in the art can readily realize the present invention.But should
Work as understanding, the present invention is not limited to above-mentioned several embodiments.On the basis of disclosed embodiment, the technology
The technical staff in field can be combined different technical characteristics, so as to realize different technical schemes.
Claims (2)
1. a kind of intrusive mood system based on SOA framework, it is characterised in that the system is made up of three parts:Integration platform, ESB
With the SDK of integration platform;
Integration platform includes login, unified certification, unified interface, Union user management, information department management, unified resource pipe
Reason, menu management function;Master data in integration platform is provided from body and other systems use;
ESB is used to issue master data synchronous service, task message service and the login authentication service in integration platform, and system provides
Two kinds of interface protocols of EJB and WebService;
Mainly include three parts in the SDK of integration platform:Resource access controller, local interface and other instruments;Resource accesses
Controller, the access control safety of protection operation system in itself;Local interface encapsulates the access to remote service, facilitates business
The exploitation of system;The simulation login interface that other instruments are debugged for convenience of operation system exploitation;
The flow of described login authentication service is as follows:
1)User is logged in by browser from integration platform;Login service receives request, calls the certification of integration platform to take
Business obtains the operating right information of user, and sessionID is created if if certification and is saved in database;Integration platform is created
Build and sessionID information is included in integration platform Cookie, Cookie;
2)In homepage, user clicks on menu corresponding to some operation system function, then the request is directly sent to corresponding
Operation system, and received by the SDK of the integration platform of operation system resource access controller;
3)Cookie information of the resource access controller of operation system in request recalls stepping in Interface.jar
Record authentication interface;Login authentication interface in interface.jar calls integration platform hair according to the interface protocol of system configuration
The authentication service of cloth;
4)SessionID in login authentication interface interchange integration platform is verified, after being verified, being created for the user should
Session in operation system, while again function pages corresponding to request steering;The resource of the direct access service system of user, visit
Ask that link can be forwarded to integration platform and be authenticated servicing by controller;Access controller will access url, sessionID, system
ID and user id is spliced to integration platform and accessed in link, returns to browser;Link is forwarded to integration platform by browser;It is whole
After closing platform validation success, link is forwarded to operation system;After operation system checking, the resource that user accesses is returned to clear
Look at device.
2. a kind of intrusive mood system based on SOA framework according to claim 1, it is characterised in that described
Login authentication interface in interface.jar according to the interface protocol of system configuration call EjbClient.jar or
Authentication interface in WebService.jar.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510008505.7A CN104580211B (en) | 2015-01-08 | 2015-01-08 | SOA architecture-based intrusive system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510008505.7A CN104580211B (en) | 2015-01-08 | 2015-01-08 | SOA architecture-based intrusive system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104580211A CN104580211A (en) | 2015-04-29 |
| CN104580211B true CN104580211B (en) | 2018-02-23 |
Family
ID=53095392
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510008505.7A Active CN104580211B (en) | 2015-01-08 | 2015-01-08 | SOA architecture-based intrusive system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104580211B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109462601B (en) * | 2018-12-13 | 2020-12-22 | 中国联合网络通信集团有限公司 | Multi-platform access method and device based on eSIM |
| CN110198235B (en) * | 2019-05-16 | 2022-11-11 | 成都品果科技有限公司 | Transfer system and method applied to multi-system server-side interface calling |
| CN111008888A (en) * | 2019-12-07 | 2020-04-14 | 烟台海颐软件股份有限公司 | Electricity selling platform management system based on master control service |
| CN111210194A (en) * | 2019-12-26 | 2020-05-29 | 大象慧云信息技术有限公司 | Business support system and method special for enterprise tax system |
| CN111382421B (en) * | 2020-03-19 | 2024-04-09 | 深信服科技股份有限公司 | Service access control method, system, electronic equipment and storage medium |
| CN113238736A (en) * | 2021-05-28 | 2021-08-10 | 中核检修有限公司 | Method for generating integrated platform |
| CN113973017B (en) * | 2021-10-26 | 2022-06-07 | 北京华品博睿网络技术有限公司 | Business intelligent platform data processing system and method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118030A (en) * | 2013-02-22 | 2013-05-22 | 浪潮电子信息产业股份有限公司 | Desktop cloud based identity authentication method |
| CN103839138A (en) * | 2014-03-08 | 2014-06-04 | 成都文昊科技有限公司 | System for supporting interaction of multiple heterogeneous systems |
| CN104049601A (en) * | 2014-03-19 | 2014-09-17 | 杨明 | Intelligent life centralized management integrated method, device and platform |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080120380A1 (en) * | 2006-11-17 | 2008-05-22 | International Business Machines Corporation | Internet relay chat (irc) framework for a global enterprise service bus (esb) |
-
2015
- 2015-01-08 CN CN201510008505.7A patent/CN104580211B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103118030A (en) * | 2013-02-22 | 2013-05-22 | 浪潮电子信息产业股份有限公司 | Desktop cloud based identity authentication method |
| CN103839138A (en) * | 2014-03-08 | 2014-06-04 | 成都文昊科技有限公司 | System for supporting interaction of multiple heterogeneous systems |
| CN104049601A (en) * | 2014-03-19 | 2014-09-17 | 杨明 | Intelligent life centralized management integrated method, device and platform |
Non-Patent Citations (1)
| Title |
|---|
| 《基于SOA的企业应用集成框架研究》;隋宏伟;《中国优秀硕士论文全文数据库(硕士)信息科技辑》;20061015;论文正文第13页-第14页,第2.4.3节,第28页-第32页第4.3.1节 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104580211A (en) | 2015-04-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104580211B (en) | SOA architecture-based intrusive system | |
| CN104320423B (en) | Single-sign-on lightweight implementation method based on Cookie | |
| CN108200050A (en) | Single logging-on server, method and computer readable storage medium | |
| CN102638454B (en) | Plug-in type SSO (single signon) integration method oriented to HTTP (hypertext transfer protocol) identity authentication protocol | |
| US9210160B2 (en) | Establishing and maintaining an improved single sign-on (SSO) facility | |
| CN102447677B (en) | Resource access control method, system and equipment | |
| CN100464518C (en) | Green internet-accessing system based on concentrated management and dictributed control, and method therefor | |
| CN101399671B (en) | Cross-domain authentication method and system thereof | |
| CN106612246A (en) | Unified authentication method for simulation identity | |
| CN106936853A (en) | A kind of system-oriented integrated cross-domain single login system and method | |
| CN102281311A (en) | Method, system and device for implementing network service based on open application programming interface | |
| CN105007280A (en) | Application sign-on method and device | |
| CN105188060A (en) | Mobile terminal-oriented single sign-on (SSO) authentication method and system | |
| CN107070894A (en) | A kind of software integrating method based on enterprise's cloud service platform | |
| CN105956143B (en) | Data bank access method and database broker node | |
| CN101552780B (en) | Verification method and verification device | |
| CN105141580B (en) | A kind of resource access control method based on the domain AD | |
| JP2003296277A5 (en) | ||
| CN105282095A (en) | Login verification method and device of virtual desktop | |
| US7496761B2 (en) | Method and system for batch task creation and execution | |
| CN107819570A (en) | A kind of cross-domain single login method based on variable C ookie | |
| CN105959278B (en) | A kind of method, apparatus and system for calling VPN | |
| CN105100068A (en) | System and method for realizing single sign-on | |
| WO2007078037A1 (en) | Web page protection method employing security appliance and set-top box having the security appliance built therein | |
| CN104813607B (en) | The two-level access control method and apparatus based on electronic collection for dedicated network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200602 Address after: 250100 Inspur Science Park, No. 1036, Inspur Road, high tech Zone, Jinan City, Shandong Province Patentee after: Inspur Software Technology Co.,Ltd. Address before: 250100, No. 2877, fairway, Sun Town, Ji'nan hi tech Zone, Shandong Patentee before: INSPUR GROUP Co.,Ltd. |
|
| TR01 | Transfer of patent right |