CN106027639A - WAN (Wide Area Network) access method and apparatus for PAAS (Platform-as-a-Service) platform - Google Patents
WAN (Wide Area Network) access method and apparatus for PAAS (Platform-as-a-Service) platform Download PDFInfo
- Publication number
- CN106027639A CN106027639A CN201610331736.6A CN201610331736A CN106027639A CN 106027639 A CN106027639 A CN 106027639A CN 201610331736 A CN201610331736 A CN 201610331736A CN 106027639 A CN106027639 A CN 106027639A
- Authority
- CN
- China
- Prior art keywords
- access request
- checking information
- area network
- wide area
- application program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/289—Intermediate processing functionally located close to the data consumer application, e.g. in same machine, in same home or in same sub-network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/2895—Intermediate processing functionally located close to the data provider application, e.g. reverse proxies
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a WAN (Wide Area Network) access method for a PAAS (Platform-as-a-Service) platform, which is used for solving the problem that in the prior art, in order to enable an application on the PAAS platform to access a WAN, a code of the application needs to be modified. The method comprises the steps of: by the PAAS platform, receiving a first access request sent by the application, wherein the first access request comprises a WAN address; enabling the application to operate on the PAAS platform; generating verification information corresponding to the first access request; calling an API (Application Programming Interface) preset on the PAAS platform, and sending the first access request and the verification information to a proxy server by the API, so that after verification on the verification information is passed, the proxy server accesses the WAN address according to the WAN address included in the first access request. The application further discloses a WAN access apparatus for the PAAS platform.
Description
Technical field
The application relates to field of computer technology, particularly relates to a kind of wide-area network access method of PAAS platform
And device.
Background technology
User Exploitation application program for convenience, occur in that " platform i.e. services " (Platform-as-a-service,
PAAS) pattern, in such a mode, the most just creates PAAS platform.So-called PAAS platform refers to
By the basic platform of application program (such as, website or office system) developing operation (such as, in application
Data base used in program development process or server, etc.) as a kind of service, it is provided that give and use
Family, user passes through PAAS platform, can be in the case of not considering bottom hardware, the journey of exploitation application easily
Sequence.
Usually, local is passed through between the server on PAAS platform, data base or other hardware devices
Net is connected, in order to ensure the safety of application program that user develops on PAAS platform or run, PAAS
LAN on platform does not sets up with wide area network and is connected, thus, user develops application journey on PAAS platform
Often wide area network cannot be conducted interviews during sequence.
As it is shown in figure 1, be the Organization Chart of a kind of common PAAS platform in prior art, user passes through generation
PAAS platform is conducted interviews by reason server 1, and runs exploitation application program on PAAS platform, and
User is when using PAAS platform, it may be desirable to conduct interviews wide area network, in this case, for
Make the application program operating on PAAS platform can access wide area network, generally require this application program
The code of this application program is modified by developer, and in the code of this application program, write is used for connecting
The application programming interface (Application Programming Interface, API) of proxy server,
The most now, application program can be sent to proxy server by the wide area network address that expectation is accessed by this API
2, and access wide area network by described proxy server 2.
But, the proxy server for accessing wide area network that different PAAS platforms is provided is usually
Different, thus developer to be the most also only applicable to this application program for the API that application program writes current
The PAAS platform run, when this application program is migrated to other PAAS platforms, in order to make this application
Program is able to access that wide area network, then need developer again to modify the code of this application program.
Said process is relatively complicated as can be seen here, and the longest, the most how to ensure on PAAS platform
On the premise of the application security of exploitation, make the application program on PAAS platform can be easily to wide area
Net conducts interviews, and becomes prior art problem demanding prompt solution.
Summary of the invention
The embodiment of the present application provides the wide-area network access method and device of a kind of PAAS platform, existing in order to solve
There is technology cannot make PAAS platform on the premise of ensureing the application security developed on PAAS platform
On the problem that can easily wide area network be conducted interviews of application program.
The embodiment of the present application employing following technical proposals:
A kind of wide-area network access method of PAAS platform, including:
PAAS platform receives the first access request that application program sends;Described first access request comprises
Wide area network address;Described application program operates on described PAAS platform;
Generate the checking information corresponding with described first access request;
Call application programming interface API being set in advance on described PAAS platform, by described
API, sends described first access request and described checking information to proxy server, so that described generation
Reason server is after passing through described checking Information Authentication, according to the wide area comprised in described first access request
Net address, conducts interviews to described wide area network address.
A kind of wide-area network access method of PAAS platform, including:
Proxy server receives the first access request of being sent by API of PAAS platform and with described first
The checking information that access request is corresponding, wherein, described API is set in advance on described PAAS platform, institute
Stating the first access request is that the application program operated on described PAAS platform sends to described PAAS platform
, described first access request comprises wide area network address;
Described checking information is verified;
After described checking information is verified, according to the wide area entoilage comprised in described access request
Location, conducts interviews to described wide area network address.
A kind of wide-area network access device of PAAS platform, including:
Access request receives unit, for receiving the first access request that application program sends;Described first visits
Ask and request comprises wide area network address;Described application program operates on described PAAS platform;
Checking information generating unit, for generating the checking information corresponding with described first access request;
Access request transmitting element, compiles for calling the application program being set in advance on described PAAS platform
Journey interface API, by described API, sends described first access request and described checking information to agency
Server, so that described proxy server is after passing through described checking Information Authentication, according to described first
The wide area network address comprised in access request, conducts interviews to described wide area network address.
A kind of wide-area network access device of PAAS platform, including:
Checking information receiving unit, for receive the first access request that PAAS platform sent by API with
And the checking information corresponding with described first access request, wherein, described API is set in advance in described PAAS
On platform, described first access request is that the application program operated on described PAAS platform sends to described
PAAS platform, described first access request comprises wide area network address;
Authentication unit, for verifying described checking information;
Access unit, for after described checking information is verified, wrap according in described access request
The wide area network address contained, conducts interviews to described wide area network address.
At least one technical scheme above-mentioned that the embodiment of the present application uses can reach following beneficial effect:
During owing to needing to access wide area network when the application program operated on PAAS platform, PAAS platform can
To call the API being set in advance on PAAS platform, by described API, send to proxy server and visit
Ask request, so that proxy server is according to the wide area network address comprised in described access request, to wide area network
Conduct interviews, such that it is able in the case of not code to application program is modified, reach application program
The purpose of convenient access wide area network.The checking information corresponding with access request can be generated simultaneously, and please with accessing
Ask sent along to proxy server, so that proxy server is after passing through described checking Information Authentication,
Just wide area network can be conducted interviews, thereby may be ensured that the application security of exploitation on PAAS platform.
Accompanying drawing explanation
Accompanying drawing described herein is used for providing further understanding of the present application, constitutes of the application
Point, the schematic description and description of the application is used for explaining the application, is not intended that to the application not
Work as restriction.In the accompanying drawings:
Fig. 1 is the Organization Chart of a kind of PAAS platform in prior art;
The Organization Chart of a kind of PAAS platform that Fig. 2 provides for the embodiment of the present application;
Implementing of the wide-area network access method of a kind of PAAS platform that Fig. 3 provides for the embodiment of the present application
Flow chart;
The schematic diagram of a kind of network address inputting interface that Fig. 4 provides for the embodiment of the present application;
Implementing of the wide-area network access method of a kind of PAAS platform that Fig. 5 provides for the embodiment of the present application
Flow chart;
The concrete structure of the wide-area network access device of a kind of PAAS platform that Fig. 6 provides for the embodiment of the present application
Schematic diagram;
The concrete structure of the wide-area network access device of a kind of PAAS platform that Fig. 7 provides for the embodiment of the present application
Schematic diagram.
Detailed description of the invention
For making the purpose of the application, technical scheme and advantage clearer, specifically real below in conjunction with the application
Execute example and technical scheme is clearly and completely described by corresponding accompanying drawing.Obviously, described
Embodiment is only some embodiments of the present application rather than whole embodiments.Based on the enforcement in the application
Example, the every other enforcement that those of ordinary skill in the art are obtained under not making creative work premise
Example, broadly falls into the scope of the application protection.
In order to the application program run on PAAS platform can be made to access wide area network easily, the application implements
In example, PAAS platform pre-sets the API for connecting proxy server, as in figure 2 it is shown,
The Organization Chart of a kind of PAAS platform provided for the embodiment of the present application, wherein, pre-on described PAAS platform
First it is provided with for setting up, with proxy server 2, the API being connected, when user's expectation operates in PAAS platform
On application program when accessing wide area network, described application program can by the API on described PAAS platform,
Access request is sent, such that it is able to reach application program by described proxy server 2 to proxy server 2
Access the purpose of wide area network.
Based on PAAS platform as shown in Figure 2, a kind of PAAS platform that the embodiment of the present application provides wide
Territory net access method implement flow process as it is shown on figure 3, can comprise the steps:
Step 11, PAAS platform receives the first access request that application program sends;
Described application program operates on described PAAS platform.Usually, described PAAS platform often by
Multiple servers, data base and other hardware devices composition, when user expects to use PAAS platform development
Application program time, PAAS platform can be according to the needs of user, by one or multiple servers, number
It is supplied to user according to storehouse and other hardware devices use, then the service that user can provide at PAAS platform
Develop on device and run application program.
Described application program can be the software developed on PAAS platform or run, or described application
Program can also be the system or website developed on PAAS platform or run.
Described first access request comprises wide area network address.So-called wide area network, generally may refer to cover very
Big scope, connects multiple city or country, or across several continents and be provided that telecommunication, international
The telecommunication network of property.
At present, LAN is passed through between the server on PAAS platform, data base or other hardware devices
It is connected, and in order to ensure the safety of application program that user develops on PAAS platform or run, PAAS
LAN on platform does not sets up with wide area network and is connected, thus, PAAS platform is developed or runs
Wide area network often cannot directly be conducted interviews by application program.
Usually, operate in the application program on PAAS platform to need to be completed wide area by proxy server
The access of net.
When user's expectation operates in the application program access wide area network on PAAS platform, user can answer
Need the wide area network address accessed with input in the specific interface of program, such as, user can be such as Fig. 4 institute
The network address inputting interface shown inputs the wide area network address that needs access, and clicks on " submitting to ", then this application
The access request of the wide area network address comprising user's input that program can send to PAAS platform.
Or, user can choose the wide area that expectation accesses from the wide area network address that application program pre-saves
Net address, and the access request comprising the wide area network address that user chooses is sent to PAAS platform.
Step 12, generates the checking information corresponding with described first access request;
In order to ensure the safety of application program on PAAS platform, it is to avoid application data on PAAS platform
Leakage, in one embodiment, PAAS platform receive application program send access request after,
Corresponding checking information can be generated for the access request that receives, and by the checking information of generation with receive
Access request is sent along to proxy server, and follow-up proxy server is only testing of carrying out checking information
The access request corresponding with this checking information, by rear, just can be processed by card.
In one embodiment, the specific implementation of step 12 can be: pre-sets by calling
Application programming interface on described PAAS platform (Application Programming Interface,
API), the checking information corresponding with described first access request is generated.Wherein, described API is for set in advance
Put on PAAS platform, for connecting the interface of proxy server.
Concrete, by calling described API, generate the checking information corresponding with described access request, permissible
Including: receive the key corresponding with described application program of user's input;Use and apply described in described double secret key
The mark of program, timestamp, described wide area network address are signed, and obtain character string of signing;By described label
Name character string and the mark of described application program, timestamp, described wide area network address as generate with institute
State the checking information that the first access request is corresponding.
Wherein, described timestamp, it is used for representing that PAAS platform receives described application program and sends described the
In the moment of one access request, PAAS platform can carry out record to the time receiving access request, and generate
For representing the timestamp in the moment receiving described access request.
Usually, PAAS platform can provide one for each application program run on the platform and should answer
With key corresponding to program, or PAAS platform can for each user provide one with this user use should
The key that the account that used during PAAS platform is corresponding, at PAAS platform by the described API called,
When generating the checking information corresponding with described access request, user inputs and this application program can be received
The corresponding key account counterpart keys of this user (or with), and use the mark of this double secret key application program
The wide area network address comprised in knowledge, timestamp and described access request is signed, and obtains character string of signing.
The embodiment of the present application does not limits for according to which kind of algorithm carrying out signing, and such as can calculate according to informative abstract
Method is signed.Owing to key is the most corresponding with application program, such that it is able to avoid disabled user to pretend to be PAAS
Application program on platform.
For example, it is assumed that receive the wide area network comprised in the access request that application program sends on PAAS platform
Address is: " http://www.baidu.com/test/hello.html ", sends the application program of this access request
Being designated on described PAAS platform: " abc ", PAAS platform is according to receiving this access request
The timestamp that moment generates is " 145 ", and the key corresponding with this application program of user's input is " a1b2 ",
Then PAAS platform can be by calling the API pre-set, according to described wide area network address, application program
Mark and timestamp, generate character string: " http://www.baidu.com/test/hello.html_
Abc_145 ", and use the key " a1b2 " character string to generating
" http://www.baidu.com/test/hello.html_abc_145 " signs, it is assumed that the signature word obtained
Symbol string is: " 001c019f3f244 ", then can be by: " http://www.baidu.com/test/hello.html ",
" abc ", " 145 ", " 001c019f3f244 " this four partial information, as corresponding with this access request
Checking information.
Also, it should be noted can also be by calling other instruments on PAAS platform, according to receiving
Access request, generate the checking message corresponding with described access request, and the embodiment of the present application be for described
The generating mode of checking message does not limits, as long as can disappear with described checking according to the checking message pair generated
The access request that breath is corresponding carries out verifying.
Step 13, calls application programming interface API being set in advance on described PAAS platform, logical
Cross described API, described first access request and described checking information are sent to proxy server, so that
Described proxy server, after passing through described checking Information Authentication, comprises according in described first access request
Wide area network address, described wide area network address is conducted interviews.
Wide area network cannot directly be conducted interviews by the application program owing to running on PAAS platform, and needs logical
Crossing and call proxy server mode, to reach to access the purpose of wide area network, thus PAAS platform can pass through
Call the API being set in advance on described PAAS platform, the access request received is sent to acting on behalf of clothes
Business device.
In one embodiment, the specific implementation of step 13 may include that basis pre-saves
The address of proxy server, generates the second access request of the address that destination address is described proxy server;
The address of described proxy server is the lan address of described PAAS platform;By described first access request
In the wide area network address that comprises carry in the second access request;By described API, will carry described extensively
Second access request of territory net address and described checking information send to proxy server.
Due to the address that destination address is described proxy server of the second access request, thereby through calling
State API, described second access request and checking information can be sent to described proxy server, again by
In described second access request, carry the address of wide area network, thus described proxy server is receiving
After stating the second access request, can be according to the wide area network address carried in described second access request, to described
Wide area network address conducts interviews, such that it is able to the application program reached on PAAS platform passes through proxy server
Access the purpose of wide area network.
Proxy server is receiving the first access request of PAAS platform transmission and is accessing with described first
After the checking information that request is corresponding, described checking information can be verified, and to described checking information
After being verified, according to the wide area network address comprised in described access request, described wide area network address is carried out
Access.
In one embodiment, described checking information can be entered by proxy server by following two mode
The checking of row, specifically may include that
Mode 1: according to the mark of application program, timestamp and the wide area network that comprise in described checking information
Address, verifies the signature character string comprised in described checking information;
Specifically, can be according to the mark of the described application program comprised in described checking information, and in advance
Corresponding relation between mark and the key of the application program preserved, it is right with the mark of described application program to search
The key answered;Use the mark of the application program comprised in checking information described in described double secret key, timestamp with
And wide area network address signs, obtain character string of signing;When the signature character string obtained and described checking letter
When the signature character string that comprises in breath is identical, it is determined that the signature character string comprised in described checking information is tested
Card passes through;When the signature character string comprised in the signature character string obtained with described checking information differs,
Then determine that the signature character string checking to comprising in described checking information is not passed through.
When disabled user pretends to be the application program on PAAS platform, send to PAAS platform and comprise wide area network
The access request of address, PAAS platform inputs according to this user and key, generate and described access request
That corresponding checking information, the key provided due to this disabled user and proxy server pre-save,
The key corresponding with this application program also differs, thus, use the key inputted by disabled user, corresponding
Signing with the mark of program, timestamp, described wide area network address, the signature character string obtained, with generation
Reason server uses the key corresponding with application program, to the mark of application program, timestamp, described wide area
Net address is signed, and the signature character string obtained is different, and then proxy server can be by institute
State the mode that the signature character string comprised in checking information carries out verifying, reach the application sending access request
Program identity carries out the purpose verified.
Mode 2: according to the timestamp comprised in described checking information, it is judged that whether described first access request
Time-out.
The time represented by timestamp comprised in proxy server receives checking information and current time
When being spaced longer, then it represents that PAAS platform receives access request and the proxy server that application program sends
Receive interlude between the access request that PAAS platform sends longer, now send out to PAAS platform
The application program sending access request may be already without to conduct interviews to wide area network, in this case, and generation
Reason server can be according to the timestamp comprised in described checking information, it is judged that time corresponding with described timestamp
Carve and whether exceed preset duration, when judged result is for being with the time difference of current time, it is determined that described the
One access request time-out;When judged result is no, it is determined that described first access request has not timed out checking letter
The timestamp comprised in breath, it is judged that described access request is the most overtime.
It should be noted that the mode that mode 1 can be combined with mode 2 by proxy server with employing, right
Described checking information is verified, such as, proxy server can first to described access request, whether time-out be entered
Row judges, and after judging that described access request has not timed out, then to the signature word comprised in described checking information
Symbol string is verified, to complete the checking to described checking information.And which kind of proxy server first used
Checking information is verified by mode, and the embodiment of the present application does not limits.
Owing to the application program run on PAAS platform is when conducting interviews to wide area network, it is required to pass through
Proxy server, if same application program is within a period of time, is accessed by proxy server frequently
Wide area network, then may impact the load of proxy server.
In order to avoid this problem, when proxy server (such as, 1 hour) within the unit interval receives bag
When the quantity of the checking information of the mark containing same application exceedes setting threshold value (such as, 20 times), then
Proxy server can refuse the access request corresponding with this checking information.
In order to avoid the application program on PAAS platform by proxy server to illegal wide area network address
Access, in one embodiment, described proxy server is provided with and preserves the black of illegal wide area network address
List, then when proxy server checking information is carried out be verified after, proxy server can also lead to
Cross the wide area network address preserved in the wide area network address comprised in access request and described blacklist is carried out right
Ratio, to reach the purpose verifying the wide area network address comprised in described access request.When described access
When the wide area network address comprised in request is identical with the wide area network address preserved on blacklist, proxy server will
This wide area network address will not be conducted interviews.
Below in conjunction with Fig. 5, the wide area network that a kind of PAAS platform that the embodiment of the present application provide is discussed in detail is visited
Ask the actual application of method:
Step 21, operates in the application program on PAAS platform to being set in advance on described PAAS platform
API send the first access request;
Wherein, described first access request comprises the address of the wide area network that application program needs access.
Step 22, by described API, generates the checking information corresponding with described first access request;
Concrete, described API can receive the key corresponding with described application program of user's input, uses
Described in described double secret key, the mark of application program, timestamp, described wide area network address are signed, and are signed
Name character string, and by described signature character string and the mark of described application program, described timestamp, described
Wide area network address is as the checking information corresponding with described first access request generated.
Step 23, API is according to the address of the proxy server pre-saved, and generating destination address is described generation
Second access request of the address of reason server;And the wide area network address that will comprise in described first access request
Carry in the second access request;
Step 24, by described API, sends described second access request and described checking information to agency
Server;
Step 25, the checking information received is verified by proxy server;
The checking that described checking information can be carried out by proxy server by following two mode, the most permissible
Including:
Mode 1: according to the mark of application program, timestamp and the wide area network that comprise in described checking information
Address, verifies the signature character string comprised in described checking information;
How the signature character string comprised in described checking information is verified about proxy server, see
Associated description above, here is omitted.
Mode 2: according to the timestamp comprised in described checking information, it is judged that be with described first access request
No time-out;
How to judge the most overtime with described first access request about proxy server, see above is relevant
Describing, here is omitted.
Step 26, wide area network address, after being verified checking information, is conducted interviews by proxy server;
Step 27, proxy server returns the access conducting interviews described wide area network address to described API
Result;
Step 28, described API passes through the access result received is returned to application program, such that it is able to
Reach the purpose of the application program access wide area network operating on PAAS platform.
The embodiment of the present application additionally provides the wide-area network access device of a kind of PAAS platform, existing in order to solve
In order to make the application program on PAAS platform be able to access that, wide area network needs the code to application program to technology
The problem modified.The concrete structure schematic diagram of this device as shown in Figure 6, receives including: access request
Unit 31, checking information generating unit 32 and access request transmitting element 33.
Wherein, access request receives unit 31, for receiving the first access request that application program sends;Institute
State in the first access request and comprise wide area network address;Described application program operates on described PAAS platform;
Checking information generating unit 32, for generating the checking information corresponding with described first access request;
Access request transmitting element 33, for calling the application program being set in advance on described PAAS platform
DLL API, by described API, sends described first access request and described checking information to generation
Reason server, so that described proxy server is after passing through described checking Information Authentication, according to described the
The wide area network address comprised in one access request, conducts interviews to described wide area network address.
In one embodiment, checking information generating unit 32 is set in advance in described PAAS by calling
API on platform, generates the checking information corresponding with described first access request;And
Checking information generating unit 32, specifically for: receive the corresponding with described application program of user's input
Key;The mark of application program described in described double secret key, timestamp, described wide area network address is used to sign
Name, obtains character string of signing, and wherein, described timestamp is used for representing that described application program sends described first
The moment of access request;By described signature character string and the mark of described application program, described timestamp,
Described wide area network address is as the checking information corresponding with described first access request generated.
In one embodiment, access request transmitting element 33, specifically for: according to the generation pre-saved
The address of reason server, generates the second access request of the address that destination address is described proxy server, its
In, the address of described proxy server is the address in the LAN of described PAAS platform place;By described
The wide area network address comprised in one access request carries in the second access request;By described API, will take
The second access request and described checking information with described wide area network address send to proxy server.
The embodiment of the present application additionally provides the wide-area network access device of a kind of PAAS platform, existing in order to solve
In order to make the application program on PAAS platform be able to access that, wide area network needs the code to application program to technology
The problem modified.The concrete structure schematic diagram of this device as it is shown in fig. 7, comprises: checking information receives
Unit 41, authentication unit 42 and access unit 43.
Wherein, verify information receiving unit 41, be used for receiving first that PAAS platform is sent by API
Access request and the checking information corresponding with described first access request, wherein, described API pre-sets
On described PAAS platform, described first access request is to operate in the application journey on described PAAS platform
Sequence sends to described PAAS platform, and described first access request comprises wide area network address;
Authentication unit 42, for verifying described checking information;
Access unit 43, for after described checking information is verified, according in described access request
The wide area network address comprised, conducts interviews to described wide area network address.
In one embodiment, described checking information comprise signature character string, the mark of application program, time
Between stamp and wide area network address, authentication unit 42, specifically for: according to described checking information comprises should
With the mark of program, timestamp and wide area network address, to the signature character string comprised in described checking information
Verify;And/or according to the timestamp comprised in described checking information, it is judged that described first access request is
No time-out.
In one embodiment, authentication unit 42, specifically for: according to what described checking information comprised
Corresponding pass between the mark of described application program, and the mark of the application program pre-saved and key
System, searches the key corresponding with the mark of described application program;Use in checking information described in described double secret key
The mark of the application program comprised, timestamp and described wide area network address are signed, and obtain character of signing
String;When the signature character string obtained is identical with the signature character string comprised in described checking information, it is determined that
The signature character string comprised in described checking information is verified;When the signature character string obtained is tested with described
When the signature character string comprised in card information differs, it is determined that to the signature word comprised in described checking information
Symbol string checking is not passed through.
In one embodiment, authentication unit 42, specifically for: wrap according in described first access request
The timestamp contained, it is judged that whether the moment corresponding with described timestamp exceedes default with the time difference of current time
Duration;When judged result is for being, it is determined that described first access request time-out;When judged result is no,
Then determine that described first access request has not timed out.
Use the wide-area network access method of the PAAS platform of the embodiment of the present application offer, due to when operating in
When application program on PAAS platform needs to access wide area network, PAAS platform can call and be set in advance in
API on PAAS platform, by described API, sends access request to proxy server, so that generation
Wide area network, according to the wide area network address comprised in described access request, is conducted interviews by reason server, thus can
In the case of modifying at not code to application program, reach application program convenient access wide area network
Purpose.The checking information corresponding with access request can be generated simultaneously, and sent along with access request to agency
Server, so that proxy server is after passing through described checking Information Authentication, just can be carried out wide area network
Access, thereby may be ensured that the application security of exploitation on PAAS platform.
Those skilled in the art are it should be appreciated that embodiments of the invention can be provided as method, system or meter
Calculation machine program product.Therefore, the present invention can use complete hardware embodiment, complete software implementation or knot
The form of the embodiment in terms of conjunction software and hardware.And, the present invention can use and wherein wrap one or more
Computer-usable storage medium containing computer usable program code (include but not limited to disk memory,
CD-ROM, optical memory etc.) form of the upper computer program implemented.
The present invention is with reference to method, equipment (system) and computer program product according to embodiments of the present invention
The flow chart of product and/or block diagram describe.It should be understood that can by computer program instructions flowchart and
/ or block diagram in each flow process and/or flow process in square frame and flow chart and/or block diagram and/
Or the combination of square frame.These computer program instructions can be provided to general purpose computer, special-purpose computer, embedding
The processor of formula datatron or other programmable data processing device is to produce a machine so that by calculating
The instruction that the processor of machine or other programmable data processing device performs produces for realizing at flow chart one
The device of the function specified in individual flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions may be alternatively stored in and computer or the process of other programmable datas can be guided to set
In the standby computer-readable memory worked in a specific way so that be stored in this computer-readable memory
Instruction produce and include the manufacture of command device, this command device realizes in one flow process or multiple of flow chart
The function specified in flow process and/or one square frame of block diagram or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, makes
Sequence of operations step must be performed to produce computer implemented place on computer or other programmable devices
Reason, thus the instruction performed on computer or other programmable devices provides for realizing flow chart one
The step of the function specified in flow process or multiple flow process and/or one square frame of block diagram or multiple square frame.
In a typical configuration, calculating equipment includes one or more processor (CPU), input/defeated
Outgoing interface, network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory
(RAM) and/or the form such as Nonvolatile memory, such as read only memory (ROM) or flash memory (flash RAM).
Internal memory is the example of computer-readable medium.
Computer-readable medium includes that removable media permanent and non-permanent, removable and non-can be by appointing
Where method or technology realize information storage.Information can be computer-readable instruction, data structure, program
Module or other data.The example of the storage medium of computer includes, but are not limited to phase transition internal memory
(PRAM), static RAM (SRAM), dynamic random access memory (DRAM), its
The random access memory (RAM) of his type, read only memory (ROM), electrically erasable are read-only
Memorizer (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read only memory
(CD-ROM), digital versatile disc (DVD) or other optical storage, magnetic cassette tape, tape magnetic
Disk storage or other magnetic storage apparatus or any other non-transmission medium, can be used for storage can be calculated
The information that equipment accesses.According to defining herein, computer-readable medium does not include temporary computer-readable matchmaker
Body (transitory media), such as data signal and the carrier wave of modulation.
Also, it should be noted term " includes ", " comprising " or its any other variant are intended to
Comprising of nonexcludability, so that include the process of a series of key element, method, commodity or equipment not only
Including those key elements, but also include other key elements being not expressly set out, or also include for this mistake
The key element that journey, method, commodity or equipment are intrinsic.In the case of there is no more restriction, by statement " bag
Include one ... " key element that limits, it is not excluded that include the process of described key element, method, commodity or
Equipment there is also other identical element.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer journey
Sequence product.Therefore, the application can use complete hardware embodiment, complete software implementation or combine software and
The form of the embodiment of hardware aspect.And, the application can use and wherein include calculating one or more
The computer-usable storage medium of machine usable program code (include but not limited to disk memory, CD-ROM,
Optical memory etc.) form of the upper computer program implemented.
The foregoing is only embodiments herein, be not limited to the application.For this area skill
For art personnel, the application can have various modifications and variations.All institutes within spirit herein and principle
Any modification, equivalent substitution and improvement etc. made, within the scope of should be included in claims hereof.
Claims (14)
1. the wide-area network access method of a PAAS platform, it is characterised in that including:
PAAS platform receives the first access request that application program sends;Described first access request comprises
Wide area network address;Described application program operates on described PAAS platform;
Generate the checking information corresponding with described first access request;
Call application programming interface API being set in advance on described PAAS platform, by described
API, sends described first access request and described checking information to proxy server, so that described generation
Reason server is after passing through described checking Information Authentication, according to the wide area comprised in described first access request
Net address, conducts interviews to described wide area network address.
2. the method for claim 1, it is characterised in that
By calling the API being set in advance on described PAAS platform, generate and described first access request
Corresponding checking information;And
The checking information that described generation is corresponding with described first access request, specifically includes:
Receive the key corresponding with described application program of user's input;
The mark of application program described in described double secret key, timestamp, described wide area network address is used to sign,
Obtaining character string of signing, wherein, described timestamp is used for representing that described application program sends described first and accesses
The moment of request;
By described signature character string and the mark of described application program, described timestamp, described wide area entoilage
Location is as the checking information corresponding with described first access request generated.
3. the method for claim 1, it is characterised in that by described API, by described access
Request and described checking information send to proxy server, specifically include:
According to the address of the proxy server pre-saved, generate the ground that destination address is described proxy server
Second access request of location, wherein, the address of described proxy server is the office at described PAAS platform place
Address in the net of territory;
The wide area network address comprised in described first access request is carried in the second access request;
By described API, the second access request of described wide area network address and described checking information will be carried
Send to proxy server.
4. the wide-area network access method of a PAAS platform, it is characterised in that including:
Proxy server receives the first access request of being sent by API of PAAS platform and with described first
The checking information that access request is corresponding, wherein, described API is set in advance on described PAAS platform, institute
Stating the first access request is that the application program operated on described PAAS platform sends to described PAAS platform
, described first access request comprises wide area network address;
Described checking information is verified;
After described checking information is verified, according to the wide area entoilage comprised in described access request
Location, conducts interviews to described wide area network address.
5. method as claimed in claim 4, it is characterised in that described checking information comprises signature character
String, the mark of application program, timestamp and wide area network address;
Described checking information is verified, specifically includes:
According to the mark of application program, timestamp and the wide area network address that comprise in described checking information, right
The signature character string comprised in described checking information is verified;And/or
According to the timestamp comprised in described checking information, it is judged that described first access request is the most overtime.
6. method as claimed in claim 5, it is characterised in that according to comprise in described checking information
The mark of application program, timestamp and wide area network address, to the signature character comprised in described checking information
String is verified, specifically includes:
According to the mark of the described application program comprised in described checking information, and the application journey pre-saved
Corresponding relation between mark and the key of sequence, searches the key corresponding with the mark of described application program;
Use the mark of the application program comprised in checking information described in described double secret key, timestamp and wide area
Net address is signed, and obtains character string of signing;
When the signature character string obtained is identical with the signature character string comprised in described checking information, it is determined that
The signature character string comprised in described checking information is verified;
When the signature character string comprised in the signature character string obtained with described checking information differs, the most really
The fixed signature character string checking to comprising in described checking information is not passed through.
7. method as claimed in claim 5, it is characterised in that according to comprise in described checking information
Timestamp, it is judged that described first access request is the most overtime, specifically includes:
According to the timestamp comprised in described checking information, it is judged that the moment corresponding with described timestamp is with current
Whether the time difference in moment exceedes preset duration;
When judged result is for being, it is determined that described first access request time-out;
When judged result is no, it is determined that described first access request has not timed out.
8. the wide-area network access device of a PAAS platform, it is characterised in that including:
Access request receives unit, for receiving the first access request that application program sends;Described first visits
Ask and request comprises wide area network address;Described application program operates on described PAAS platform;
Checking information generating unit, for generating the checking information corresponding with described first access request;
Access request transmitting element, compiles for calling the application program being set in advance on described PAAS platform
Journey interface API, by described API, sends described first access request and described checking information to agency
Server, so that described proxy server is after passing through described checking Information Authentication, according to described first
The wide area network address comprised in access request, conducts interviews to described wide area network address.
9. device as claimed in claim 8, it is characterised in that checking information generating unit is by calling
It is set in advance in the API on described PAAS platform, generates the checking letter corresponding with described first access request
Breath;And
Checking information generating unit, specifically for:
Receive the key corresponding with described application program of user's input;
The mark of application program described in described double secret key, timestamp, described wide area network address is used to sign,
Obtaining character string of signing, wherein, described timestamp is used for representing that described application program sends described first and accesses
The moment of request;
By described signature character string and the mark of described application program, described timestamp, described wide area entoilage
Location is as the checking information corresponding with described first access request generated.
10. device as claimed in claim 8, it is characterised in that access request transmitting element, specifically uses
In:
According to the address of the proxy server pre-saved, generate the ground that destination address is described proxy server
Second access request of location, wherein, the address of described proxy server is described PAAS platform place local
Address in net;
The wide area network address comprised in described first access request is carried in the second access request;
By described API, the second access request of described wide area network address and described checking information will be carried
Send to proxy server.
The wide-area network access device of 11. 1 kinds of PAAS platforms, it is characterised in that including:
Checking information receiving unit, for receive the first access request that PAAS platform sent by API with
And the checking information corresponding with described first access request, wherein, described API is set in advance in described PAAS
On platform, described first access request is that the application program operated on described PAAS platform sends to described
PAAS platform, described first access request comprises wide area network address;
Authentication unit, for verifying described checking information;
Access unit, for after described checking information is verified, wrap according in described access request
The wide area network address contained, conducts interviews to described wide area network address.
12. devices as claimed in claim 11, it is characterised in that described checking information comprises signature word
Symbol string, the mark of application program, timestamp and wide area network address;And
Described authentication unit, specifically for:
According to the mark of application program, timestamp and the wide area network address that comprise in described checking information, right
The signature character string comprised in described checking information is verified;And/or
According to the timestamp comprised in described checking information, it is judged that described first access request is the most overtime.
13. devices as claimed in claim 12, it is characterised in that authentication unit, specifically for:
According to the mark of the described application program comprised in described checking information, and the application journey pre-saved
Corresponding relation between mark and the key of sequence, searches the key corresponding with the mark of described application program;
Use the mark of the application program comprised in checking information described in described double secret key, timestamp and described
Wide area network address is signed, and obtains character string of signing;
When the signature character string obtained is identical with the signature character string comprised in described checking information, it is determined that
The signature character string comprised in described checking information is verified;
When the signature character string comprised in the signature character string obtained with described checking information differs, the most really
The fixed signature character string checking to comprising in described checking information is not passed through.
14. devices as claimed in claim 12, it is characterised in that authentication unit, specifically for:
According to the timestamp comprised in described first access request, it is judged that the moment corresponding with described timestamp with
Whether the time difference of current time exceedes preset duration;
When judged result is for being, it is determined that described first access request time-out;
When judged result is no, it is determined that described first access request has not timed out.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610331736.6A CN106027639B (en) | 2016-05-18 | 2016-05-18 | A kind of wide-area network access method and device of PAAS platform |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610331736.6A CN106027639B (en) | 2016-05-18 | 2016-05-18 | A kind of wide-area network access method and device of PAAS platform |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106027639A true CN106027639A (en) | 2016-10-12 |
CN106027639B CN106027639B (en) | 2019-05-17 |
Family
ID=57097532
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610331736.6A Active CN106027639B (en) | 2016-05-18 | 2016-05-18 | A kind of wide-area network access method and device of PAAS platform |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106027639B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107302526A (en) * | 2017-06-07 | 2017-10-27 | 努比亚技术有限公司 | System interface call method, equipment and computer-readable recording medium |
CN109450649A (en) * | 2018-12-28 | 2019-03-08 | 北京金山安全软件有限公司 | Gateway verification method and device based on application program interface and electronic equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101212453A (en) * | 2006-12-29 | 2008-07-02 | 凹凸科技(中国)有限公司 | Network access control method and firewall device |
CN103955371A (en) * | 2014-04-29 | 2014-07-30 | 浙江银江研究院有限公司 | Design and development method for universal software module for performing data acquisition on serial-port instrument |
KR20150113521A (en) * | 2014-03-31 | 2015-10-08 | (주)모빌랩 | System and method for user authentication using location information at mobile PaaS cloud system |
-
2016
- 2016-05-18 CN CN201610331736.6A patent/CN106027639B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101212453A (en) * | 2006-12-29 | 2008-07-02 | 凹凸科技(中国)有限公司 | Network access control method and firewall device |
KR20150113521A (en) * | 2014-03-31 | 2015-10-08 | (주)모빌랩 | System and method for user authentication using location information at mobile PaaS cloud system |
CN103955371A (en) * | 2014-04-29 | 2014-07-30 | 浙江银江研究院有限公司 | Design and development method for universal software module for performing data acquisition on serial-port instrument |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107302526A (en) * | 2017-06-07 | 2017-10-27 | 努比亚技术有限公司 | System interface call method, equipment and computer-readable recording medium |
CN109450649A (en) * | 2018-12-28 | 2019-03-08 | 北京金山安全软件有限公司 | Gateway verification method and device based on application program interface and electronic equipment |
Also Published As
Publication number | Publication date |
---|---|
CN106027639B (en) | 2019-05-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11048620B2 (en) | Distributed system test device | |
CN109981679B (en) | Method and apparatus for performing transactions in a blockchain network | |
CN105095737A (en) | Method and device for detecting weak password | |
CN105493470A (en) | Dynamic application security verification | |
CN106548076A (en) | Method and apparatus of the detection using bug code | |
CN109960903A (en) | A kind of method, apparatus, electronic equipment and storage medium that application is reinforced | |
CN105337928A (en) | User identity identification method and apparatus, and safety protection problem generation method and apparatus | |
CN107689951A (en) | Web data crawling method, device, user terminal and readable storage medium storing program for executing | |
CN113221166A (en) | Method and device for acquiring block chain data, electronic equipment and storage medium | |
CN109344572B (en) | The Licensing Methods and system of distributed objects | |
CN111770112B (en) | Information sharing method, device and equipment | |
CN105100029A (en) | Method and device for user identity verification | |
CN104836777B (en) | Identity verification method and system | |
CN110324344A (en) | The method and device of account information certification | |
CN106027639A (en) | WAN (Wide Area Network) access method and apparatus for PAAS (Platform-as-a-Service) platform | |
Reantongcome et al. | Securing and trustworthy blockchain-based multi-tenant cloud computing | |
CN106102059A (en) | For determining the possessory method and apparatus of hotspot | |
Elsayed et al. | IFCaaS: information flow control as a service for cloud security | |
US11663339B2 (en) | Security testing based on user request | |
CN105684343B (en) | A kind of information processing method and equipment | |
CN112434347B (en) | Rental business processing method, device, equipment and system | |
CN112732676B (en) | Block chain-based data migration method, device, equipment and storage medium | |
CN108650150A (en) | A kind of data verification method and device | |
CN113849562A (en) | Method and device for accessing external service system | |
CN112788017A (en) | Safety verification method, device, equipment and medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20230317 Address after: Room 501-502, 5/F, Sina Headquarters Scientific Research Building, Block N-1 and N-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193 Patentee after: Sina Technology (China) Co.,Ltd. Address before: 100080, International Building, No. 58 West Fourth Ring Road, Haidian District, Beijing, 20 floor Patentee before: Sina.com Technology (China) Co.,Ltd. |