CN106027639B - A kind of wide-area network access method and device of PAAS platform - Google Patents

A kind of wide-area network access method and device of PAAS platform Download PDF

Info

Publication number
CN106027639B
CN106027639B CN201610331736.6A CN201610331736A CN106027639B CN 106027639 B CN106027639 B CN 106027639B CN 201610331736 A CN201610331736 A CN 201610331736A CN 106027639 B CN106027639 B CN 106027639B
Authority
CN
China
Prior art keywords
access request
verification information
area network
application program
wide area
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610331736.6A
Other languages
Chinese (zh)
Other versions
CN106027639A (en
Inventor
王阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sina Technology China Co Ltd
Original Assignee
Sina Technology China Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sina Technology China Co Ltd filed Critical Sina Technology China Co Ltd
Priority to CN201610331736.6A priority Critical patent/CN106027639B/en
Publication of CN106027639A publication Critical patent/CN106027639A/en
Application granted granted Critical
Publication of CN106027639B publication Critical patent/CN106027639B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/289Intermediate processing functionally located close to the data consumer application, e.g. in same machine, in same home or in same sub-network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/2895Intermediate processing functionally located close to the data provider application, e.g. reverse proxies

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

This application discloses a kind of wide-area network access methods of PAAS platform, need to modify to the code of application program to make the application program on PAAS platform be able to access that wide area network to solve the problems, such as the prior art.Method includes: that PAAS platform receives the first access request that application program is sent;It include wide area network address in first access request;The application program operates on the PAAS platform;Generate verification information corresponding with first access request;Call the application programming interface API being set in advance on the PAAS platform, pass through the API, first access request and the verification information are sent to proxy server, so that the proxy server is after being verified the verification information, according to the wide area network address for including in first access request, access to the wide area network address.Disclosed herein as well is a kind of wide-area network access devices of PAAS platform.

Description

A kind of wide-area network access method and device of PAAS platform
Technical field
This application involves field of computer technology more particularly to a kind of wide-area network access method and devices of PAAS platform.
Background technique
In order to facilitate User Exploitation application program, occur " platform services " (Platform-as-a-service, PAAS) mode also just produces PAAS platform in such a mode.So-called PAAS platform refers to application program (for example, net Stand or office system) developing operation basic platform (for example, database used in process of application development or Server, etc.) it is used as a kind of service, it is supplied to user, user can not consider bottom hardware situation by PAAS platform Under, convenient development and application program.
Generally, it is connected between the server on PAAS platform, database or other hardware devices by local area network, is Guarantee the safety for the application program that user develops or run on PAAS platform, local area network and wide area network on PAAS platform Connection is not set up, thus, user can not often access to wide area network during development and application program on PAAS platform.
As shown in Figure 1, user passes through proxy server 1 for a kind of architecture diagram of common PAAS platform in the prior art It accesses to PAAS platform, and runs development and application program on PAAS platform, and user is when using PAAS platform, it is possible It may require that and access to wide area network, in this case, in order to keep the application program operated on PAAS platform accessible Wide area network, the developer for generally requiring the application program modifies to the code of the application program, in the application program Application programming interface (the Application Programming for connecting proxy server is written in code Interface, API), then at this point, the wide area network address of expectation access can be sent to agency's clothes by the API by application program Business device 2, and wide area network is accessed by the proxy server 2.
However, be generally different provided by different PAAS platforms for accessing the proxy server of wide area network, Thus developer is that the API of application program write-in is often also only applicable to the currently running PAAS platform of the application program, when When the application program is migrated to other PAAS platforms, in order to make the application program be able to access that wide area network, then exploit person is needed Member again modifies to the code of the application program.
It can be seen that the above process is relatively complicated, and takes a long time, therefore how to develop and answered on guaranteeing PAAS platform Under the premise of with program safety, the application program on PAAS platform is allow easily to access to wide area network, becomes existing Technology urgent problem to be solved.
Summary of the invention
The embodiment of the present application provides a kind of wide-area network access method and device of PAAS platform, to solve the prior art without Method keeps the application program on PAAS platform convenient and fast under the premise of the application security developed on guaranteeing PAAS platform The problem of accessing to wide area network.
The embodiment of the present application adopts the following technical solutions:
A kind of wide-area network access method of PAAS platform, comprising:
PAAS platform receives the first access request that application program is sent;It include wide area entoilage in first access request Location;The application program operates on the PAAS platform;
Generate verification information corresponding with first access request;
The application programming interface API being set in advance on the PAAS platform is called, it, will be described by the API First access request and the verification information are sent to proxy server, so that the proxy server is believed to the verifying After breath is verified, according to the wide area network address for including in first access request, access to the wide area network address.
A kind of wide-area network access method of PAAS platform, comprising:
Proxy server receive PAAS platform by API the first access request sent and with first access request Corresponding verification information, wherein the API is set in advance on the PAAS platform, and first access request is to operate in Application program on the PAAS platform is sent to the PAAS platform, and first access request includes wide area network address;
The verification information is verified;
After to being verified of the verification information, according to the wide area network address for including in the access request, to institute Wide area network address is stated to access.
A kind of wide-area network access device of PAAS platform, comprising:
Access request receiving unit, for receiving the first access request of application program transmission;First access request In include wide area network address;The application program operates on the PAAS platform;
Verification information generation unit, for generating verification information corresponding with first access request;
Access request transmission unit, for calling the application programming interface being set in advance on the PAAS platform First access request and the verification information are sent to proxy server, so that the generation by the API by API Server is managed after being verified to the verification information, it is right according to the wide area network address for including in first access request The wide area network address accesses.
A kind of wide-area network access device of PAAS platform, comprising:
Verification information receiving unit, for receive PAAS platform by API the first access request sent and with it is described The corresponding verification information of first access request, wherein the API is set in advance on the PAAS platform, first access Request is sent to the PAAS platform for the application program operated on the PAAS platform, and first access request includes Wide area network address;
Authentication unit, for being verified to the verification information;
Access unit is wide according to include in the access request for after to being verified of the verification information Domain net address accesses to the wide area network address.
The embodiment of the present application use at least one above-mentioned technical solution can reach it is following the utility model has the advantages that
Since when the application program operated on PAAS platform needs to access wide area network, PAAS platform can be called in advance API on PAAS platform is set, by the API, access request is sent to proxy server, so that proxy server root It according to the wide area network address for including in the access request, accesses to wide area network, so as to not to the generation of application program In the case that code is modified, achieve the purpose that application program convenient access wide area network.It can generate simultaneously corresponding with access request Verification information, and proxy server is sent to together with access request, so that proxy server is to the verification information It after being verified, can just access to wide area network, thereby may be ensured that the application security developed on PAAS platform.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 is a kind of architecture diagram of PAAS platform in the prior art;
Fig. 2 is a kind of architecture diagram of PAAS platform provided by the embodiments of the present application;
Fig. 3 is a kind of specific implementation flow chart of the wide-area network access method of PAAS platform provided by the embodiments of the present application;
Fig. 4 is a kind of schematic diagram of network address input interface provided by the embodiments of the present application;
Fig. 5 is a kind of specific implementation flow chart of the wide-area network access method of PAAS platform provided by the embodiments of the present application;
Fig. 6 is a kind of concrete structure schematic diagram of the wide-area network access device of PAAS platform provided by the embodiments of the present application;
Fig. 7 is a kind of concrete structure schematic diagram of the wide-area network access device of PAAS platform provided by the embodiments of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.
In order to which the application program run on PAAS platform can be made easily to access wide area network, in the embodiment of the present application, The API for connecting proxy server is pre-set on PAAS platform, as shown in Fig. 2, being provided by the embodiments of the present application one The architecture diagram of kind PAAS platform, wherein be previously provided on the PAAS platform for establishing connection with proxy server 2 API, when user's expectation, which operates in the application program on PAAS platform, accesses wide area network, the application program can be by described API on PAAS platform sends access request to proxy server 2, takes so as to reach application program by the agency Business device 2 accesses the purpose of wide area network.
Based on PAAS platform as shown in Figure 2, a kind of wide-area network access side of PAAS platform provided by the embodiments of the present application The specific implementation flow of method is as shown in figure 3, may include following step:
Step 11, PAAS platform receives the first access request that application program is sent;
The application program operates on the PAAS platform.Generally, the PAAS platform often by multiple servers, Database and other hardware devices composition, when user's expectation uses the application program of PAAS platform development, PAAS platform can According to the needs of users, one or multiple servers, database and other hardware devices are supplied to user and used, then User can develop on the server that PAAS platform provides and run application program.
The application program can be the software or the application program that exploitation is perhaps run on PAAS platform can also To be exploitation or the system run or website on PAAS platform.
It include wide area network address in first access request.So-called wide area network can usually refer to and cover very big model It encloses, connects multiple city or countries, or across several continents and telecommunication, international telecommunication network can be provided.
Currently, being connected between server, database or other hardware devices on PAAS platform by local area network, and it is Guarantee the safety for the application program that user develops or run on PAAS platform, local area network and wide area network on PAAS platform Connection is not set up, thus, the application program developed or run on PAAS platform often can not directly visit wide area network It asks.
Generally, the application program operated on PAAS platform needs to complete the visit to wide area network by proxy server It asks.
When user's expectation, which operates in the application program on PAAS platform, accesses wide area network, user can be in application program Input needs the wide area network address accessed in specific interface, for example, user can be defeated in network address input interface as shown in Figure 4 Enter the wide area network address for needing to access, and click " submission ", then that the application program can be sent to PAAS platform includes user The access request of the wide area network address of input.
Alternatively, user can choose the wide area entoilage of expectation access from the wide area network address that application program pre-saves Location, and the access request for the wide area network address chosen to the transmission of PAAS platform comprising user.
Step 12, verification information corresponding with first access request is generated;
In order to guarantee the safety of application program on PAAS platform, the leakage of application data on PAAS platform is avoided, In a kind of embodiment, PAAS platform can be the access request received after the access request for receiving application program transmission Corresponding verification information is generated, and the verification information of generation is sent to proxy server together with the access request received, It, just can be to access corresponding with the verification information after subsequent proxy server is only verified what is carried out to verification information Request is handled.
In one embodiment, the specific implementation of step 12 can be with are as follows: by call be set in advance in it is described Application programming interface (Application Programming Interface, API) on PAAS platform, generation and institute State the corresponding verification information of the first access request.Wherein, the API be set in advance in it is on PAAS platform, for connecting generation Manage the interface of server.
It may include: to receive specifically, generating verification information corresponding with the access request by calling the API The key corresponding with the application program of user's input;Using the mark of application program described in the key pair, timestamp, institute It states wide area network address to sign, obtains signature character string;By it is described signature character string and the application program mark, when Between stamp, the wide area network address as generation verification information corresponding with first access request.
Wherein, the timestamp is asked for indicating that PAAS platform receives the application program transmission first access At the time of asking, PAAS platform can record the time for receiving access request, and generate for indicating to receive the visit Ask timestamp at the time of request.
Generally, PAAS platform can provide one and the application program pair for each application program of operation on the platform The key or PAAS platform answered can provide one and the user used account when using the PAAS platform for each user Number corresponding key, in PAAS platform by the API that calls, when generating verification information corresponding with the access request, It can receive key (or account counterpart keys with the user) that user inputs, corresponding with the application program, and use The wide area network address for including in the mark of the key pair application program, timestamp and the access request is signed, and is obtained Signature character string.The embodiment of the present application, such as can be according to informative abstract for being signed with no restrictions according to which kind of algorithm Algorithm is signed.Since key is uniquely corresponding with application program, so as to avoid illegal user from pretending to be on PAAS platform Application program.
For example, it is assumed that receiving the wide area network address for including in the access request that application program is sent on PAAS platform are as follows: " http://www.baidu.com/test/hello.html " sends the application program of the access request in the PAAS platform On mark are as follows: " abc ", PAAS platform according to the timestamp generated at the time of receiving the access request be " 145 ", user is defeated The key corresponding with the application program entered is " a1b2 ", then PAAS platform can be by calling pre-set API, according to institute Wide area network address, the mark of application program and timestamp are stated, character string: " http://www.baidu.com/test/ is generated Hello.html_abc_145 ", and using key " a1b2 " to character string " the http://www.baidu.com/test/ of generation Hello.html_abc_145 " signs, it is assumed that obtained signature character string are as follows: " 001c019f3f244 " can then be incited somebody to action: " http://www.baidu.com/test/hello.html ", " abc ", " 145 ", this four part " 001c019f3f244 " letter Breath, as verification information corresponding with the access request.
It should also be noted that, can also be asked by calling other tools on PAAS platform according to the access received It asks, generates verifying message corresponding with the access request, and the embodiment of the present application is for the generating mode of the verifying message Without limitation, as long as can be verified i.e. according to the verifying message pair access request corresponding with the verifying message of generation It can.
Step 13, the application programming interface API that is set in advance on the PAAS platform is called, by the API, First access request and the verification information are sent to proxy server, so that the proxy server is to described After verification information is verified, according to the wide area network address for including in first access request, to the wide area network address into Row access.
Since the application program run on PAAS platform can not directly access to wide area network, and need by calling generation Manage server mode, to achieve the purpose that access wide area network, thus PAAS platform can by call be set in advance in it is described The access request received is sent to proxy server by the API on PAAS platform.
In one embodiment, the specific implementation of step 13 may include: according to the agency service pre-saved The address of device generates the second access request of the address that destination address is the proxy server;The ground of the proxy server Location is the lan address of the PAAS platform;The wide area network address for including in first access request is carried and is visited second It asks in request;By the API, the second access request for carrying the wide area network address and the verification information are sent to Proxy server.
Due to the address that the destination address of the second access request is the proxy server, thus by calling the API, Second access request and verification information can be sent to the proxy server, and due to second access request In carry the address of wide area network, thus the proxy server is after receiving second access request, can be according to institute The wide area network address carried in the second access request is stated, is accessed to the wide area network address, it is flat so as to reach PAAS Application program on platform accesses the purpose of wide area network by proxy server.
Proxy server receive PAAS platform transmission the first access request and with first access request pair After the verification information answered, the verification information can be verified, and after to being verified of the verification information, according to institute The wide area network address for including in access request is stated, is accessed to the wide area network address.
In one embodiment, proxy server can test the verification information by following two mode Card, can specifically include:
Mode 1: right according to the mark for the application program for including in the verification information, timestamp and wide area network address The signature character string for including in the verification information is verified;
Specifically, can be according to the mark for the application program for including in the verification information, and pre-save Corresponding relationship between the mark and key of application program searches key corresponding with the mark of the application program;Using institute Mark, timestamp and the wide area network address for stating the application program for including in verification information described in key pair are signed, and are obtained Signature character string;When the signature character string for including in obtained signature character string and the verification information is identical, it is determined that right The signature character string for including in the verification information is verified;When including in obtained signature character string and the verification information Signature character string it is not identical when, it is determined that include in the verification information signature character string verifying do not pass through.
When illegal user pretends to be the application program on PAAS platform, to access of the PAAS platform transmission comprising wide area network address Request, PAAS platform is inputted according to the user and key generate verification information corresponding with the access request, since this is non- Key pre-saving in key provided by method user and proxy server, corresponding with the application program is not identical, because And using the key inputted by illegal user, it signs, obtains to the mark of application program, timestamp, the wide area network address The signature character string arrived, and proxy server use key corresponding with application program, to the mark of application program, timestamp, The wide area network address is signed, and obtained signature character string is different, and then proxy server can be by described The mode that the signature character string for including in verification information is verified reaches and carries out to the application identity for sending access request The purpose of verifying.
Mode 2: according to the timestamp for including in the verification information, judge whether first access request is overtime.
When proxy server receive time represented by the timestamp for including in verification information and current time interval compared with When long, then it represents that PAAS platform receives the access request of application program transmission and proxy server receives the transmission of PAAS platform Access request between interval time it is longer, at this time to PAAS platform send access request application program may be not required to To access to wide area network, in this case, proxy server can according to the timestamp for including in the verification information, At the time of judging corresponding with the timestamp and whether the time difference at current time is more than preset duration, when judging result is yes When, it is determined that the first access request time-out;When the judgment result is no, it is determined that first access request, which has not timed out, to be tested The timestamp for including in card information, judges whether the access request is overtime.
It should be noted that proxy server can be using the mode for combining mode 1 with mode 2, to the verifying Information is verified, for example, proxy server can first to the access request, whether time-out judges, and described in the judgement After access request has not timed out, then the signature character string for including in the verification information is verified, to complete to the verifying The verifying of information.And first using which kind of mode to verify verification information proxy server, the embodiment of the present application is not done Limitation.
Application program due to running on PAAS platform is required to pass through agency service when accessing to wide area network Device, it is frequent that wide area network is accessed by proxy server if the same application program is whithin a period of time, then it may be to generation The load of reason server impacts.
In order to avoid the problem, when (for example, 1 hour) is received comprising same application proxy server within the unit time When the quantity of the verification information of the mark of program is more than given threshold (for example, 20 times), then proxy server can be refused to test with this Demonstrate,prove the corresponding access request of information.
In order to avoid the application program on PAAS platform passes through access of the proxy server to illegal wide area network address, In a kind of embodiment, it is provided with the blacklist for saving illegal wide area network address on the proxy server, then works as agency service After device is verified what is carried out to verification information, proxy server can also be by the wide area entoilage that will include in access request The wide area network address saved in location and the blacklist compares, to reach to the wide area entoilage for including in the access request The purpose that location is verified.When the wide area network address phase saved on the wide area network address for including in the access request and blacklist Meanwhile proxy server will not access to the wide area network address.
Below with reference to Fig. 5, a kind of wide-area network access method of PAAS platform provided by the embodiments of the present application is discussed in detail Practical application:
Step 21, the application program operated on PAAS platform is sent to the API being set in advance on the PAAS platform First access request;
Wherein, the address for the wide area network for needing to access comprising application program in first access request.
Step 22, by the API, verification information corresponding with first access request is generated;
Specifically, the API can receive the key corresponding with the application program of user's input, using the key It signs to the mark of the application program, timestamp, the wide area network address, obtains signature character string, and by the label Name character string and the mark of the application program, the timestamp, the wide area network address are as generation and described first The corresponding verification information of access request.
Step 23, for API according to the address of the proxy server pre-saved, generation destination address is the proxy server Address the second access request;And the wide area network address for including in first access request is carried in the second access request In;
Step 24, by the API, second access request and the verification information are sent to proxy server;
Step 25, proxy server verifies the verification information received;
The verifying that proxy server can carry out the verification information by following two mode, can specifically include:
Mode 1: right according to the mark for the application program for including in the verification information, timestamp and wide area network address The signature character string for including in the verification information is verified;
How the signature character string for including in the verification information is verified, is seen above about proxy server Associated description, details are not described herein again.
Mode 2: according to the timestamp for including in the verification information, judge whether overtime with first access request;
, the associated description that sees above whether overtime with first access request how is judged about proxy server, Details are not described herein again.
Step 26, proxy server accesses to wide area network address after to being verified of verification information;
Step 27, proxy server returns to the access result to access to the wide area network address to the API;
Step 28, the API, which passes through, returns to application program for the access result received, operates in so as to reach The purpose of application program access wide area network on PAAS platform.
The embodiment of the present application also provides a kind of wide-area network access device of PAAS platform, to solve the prior art in order to The application program on PAAS platform is set to be able to access that wide area network and need the problem of modifying to the code of application program.The dress The concrete structure schematic diagram set is as shown in Figure 6, comprising: access request receiving unit 31, verification information generation unit 32 and visit Ask request transmitting unit 33.
Wherein, access request receiving unit 31, for receiving the first access request of application program transmission;Described first visits It asks in request comprising wide area network address;The application program operates on the PAAS platform;
Verification information generation unit 32, for generating verification information corresponding with first access request;
Access request transmission unit 33, for calling the application programming interface being set in advance on the PAAS platform First access request and the verification information are sent to proxy server, so that the generation by the API by API Server is managed after being verified to the verification information, it is right according to the wide area network address for including in first access request The wide area network address accesses.
In one embodiment, verification information generation unit 32 is set in advance on the PAAS platform by calling API generates verification information corresponding with first access request;And
Verification information generation unit 32, is specifically used for: receiving the key corresponding with the application program of user's input;It adopts The mark of the application program described in the key pair, timestamp, the wide area network address are signed, and signature character string is obtained, Wherein, at the time of the timestamp is for indicating that the application program sends first access request;By the signature character The mark of string and the application program, the timestamp, the wide area network address are asked as what is generated with first access Seek corresponding verification information.
In one embodiment, access request transmission unit 33, is specifically used for: according to the proxy server pre-saved Address, generate destination address be the proxy server address the second access request, wherein the proxy server Address is the address where the PAAS platform in local area network;The wide area network address for including in first access request is carried In the second access request;By the API, the second access request for carrying the wide area network address and the verifying are believed Breath is sent to proxy server.
The embodiment of the present application also provides a kind of wide-area network access device of PAAS platform, to solve the prior art in order to The application program on PAAS platform is set to be able to access that wide area network and need the problem of modifying to the code of application program.The dress The concrete structure schematic diagram set as shown in fig. 7, comprises: verification information receiving unit 41, authentication unit 42 and access unit 43.
Wherein, verification information receiving unit 41, for receive PAAS platform by API the first access request sent and Verification information corresponding with first access request, wherein the API is set in advance on the PAAS platform, and described One access request is that the application program operated on the PAAS platform is sent to the PAAS platform, and first access is asked It asks comprising wide area network address;
Authentication unit 42, for being verified to the verification information;
Access unit 43, for including according in the access request after to being verified of the verification information Wide area network address accesses to the wide area network address.
In one embodiment, the verification information include signature character string, the mark of application program, timestamp and Wide area network address, authentication unit 42, is specifically used for: according to the mark for the application program for including in the verification information, timestamp And wide area network address, the signature character string for including in the verification information is verified;And/or according to the verification information In include timestamp, judge whether first access request overtime.
In one embodiment, authentication unit 42 are specifically used for: according to the application for including in the verification information Corresponding relationship between the mark of program, and the mark and key of the application program that pre-save, searches and applies journey with described The corresponding key of the mark of sequence;Use mark, the timestamp of the application program for including in verification information described in the key pair with And the wide area network address is signed, and signature character string is obtained;It is wrapped when in obtained signature character string and the verification information When the signature character string contained is identical, it is determined that be verified to the signature character string for including in the verification information;When what is obtained When the signature character string for including in signature character string and the verification information is not identical, it is determined that including in the verification information Signature character string verifying do not pass through.
In one embodiment, authentication unit 42 are specifically used for: according to the time for including in first access request Stamp, at the time of judging corresponding with the timestamp and whether the time difference at current time is more than preset duration;When judging result is When being, it is determined that the first access request time-out;When the judgment result is no, it is determined that first access request does not surpass When.
Using the wide-area network access method of PAAS platform provided by the embodiments of the present application, operated on PAAS platform due to working as Application program when needing to access wide area network, PAAS platform can call the API being set in advance on PAAS platform, by described API sends access request to proxy server, so that proxy server is according to the wide area entoilage for including in the access request Location accesses to wide area network, so as to reach application program in the case where not modifying to the code of application program The purpose of convenient access wide area network.Verification information corresponding with access request can be generated simultaneously, and is sent together with access request To proxy server, so that proxy server after being verified to the verification information, can just access to wide area network, It thereby may be ensured that the application security developed on PAAS platform.
It should be understood by those skilled in the art that, the embodiment of the present invention can provide as method, system or computer program Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention Apply the form of example.Moreover, it wherein includes the computer of computer usable program code that the present invention, which can be used in one or more, The computer program implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) produces The form of product.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.
Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.
It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.
It will be understood by those skilled in the art that embodiments herein can provide as method, system or computer program product. Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.
The above description is only an example of the present application, is not intended to limit this application.For those skilled in the art For, various changes and changes are possible in this application.All any modifications made within the spirit and principles of the present application are equal Replacement, improvement etc., should be included within the scope of the claims of this application.

Claims (14)

1. a kind of wide-area network access method of PAAS platform characterized by comprising
PAAS platform receives the first access request that application program is sent;It include wide area network address in first access request; The application program operates on the PAAS platform;
Generate verification information corresponding with first access request;
The application programming interface API being set in advance on the PAAS platform is called, by the API, by described first Access request and the verification information are sent to proxy server, so that the proxy server is tested to the verification information After card passes through, according to the wide area network address for including in first access request, access to the wide area network address.
2. the method as described in claim 1, which is characterized in that
By calling the API being set in advance on the PAAS platform, verifying letter corresponding with first access request is generated Breath;And
It is described to generate verification information corresponding with first access request, it specifically includes:
Receive the key corresponding with the application program of user's input;
It is signed using the mark of application program described in the key pair, timestamp, the wide area network address, obtains signature word Symbol string, wherein at the time of the timestamp is for indicating that the application program sends first access request;
Using the mark of the signature character string and the application program, the timestamp, the wide area network address as generation Verification information corresponding with first access request.
3. the method as described in claim 1, which is characterized in that by the API, the access request and the verifying are believed Breath is sent to proxy server, specifically includes:
According to the address of the proxy server pre-saved, generate the address that destination address is the proxy server second is visited Ask request, wherein address of the address of the proxy server in the local area network where the PAAS platform;
The wide area network address for including in first access request is carried in the second access request;
By the API, the second access request for carrying the wide area network address and the verification information are sent to agency Server.
4. a kind of wide-area network access method of PAAS platform characterized by comprising
Proxy server receives PAAS platform and passes through API the first access request sent and corresponding with first access request Verification information, wherein the API is set in advance on the PAAS platform, first access request be operate in it is described Application program on PAAS platform is sent to the PAAS platform, and first access request includes wide area network address;
The verification information is verified;
After to being verified of the verification information, according to the wide area network address for including in the access request, to described wide Domain net address accesses.
5. method as claimed in claim 4, which is characterized in that the verification information includes signature character string, application program Mark, timestamp and wide area network address;
The verification information is verified, is specifically included:
According to the mark for the application program for including in the verification information, timestamp and wide area network address, the verifying is believed The signature character string for including in breath is verified;And/or
According to the timestamp for including in the verification information, judge whether first access request is overtime.
6. method as claimed in claim 5, which is characterized in that according to the mark for the application program for including in the verification information Knowledge, timestamp and wide area network address, verify the signature character string for including in the verification information, specifically include:
According to the mark for the application program for including in the verification information, and the mark of application program that pre-saves with Corresponding relationship between key searches key corresponding with the mark of the application program;
It is carried out using the mark for the application program for including in verification information described in the key pair, timestamp and wide area network address Signature obtains signature character string;
When the signature character string for including in obtained signature character string and the verification information is identical, it is determined that the verifying The signature character string for including in information is verified;
When the signature character string for including in obtained signature character string and the verification information is not identical, it is determined that test described The signature character string verifying for including in card information does not pass through.
7. method as claimed in claim 5, which is characterized in that according to the timestamp for including in the verification information, judge institute It whether overtime states the first access request, specifically includes:
According to the timestamp for including in the verification information, at the time of judging corresponding with the timestamp and the time at current time Whether difference is more than preset duration;
When the judgment result is yes, it is determined that the first access request time-out;
When the judgment result is no, it is determined that first access request has not timed out.
8. a kind of wide-area network access device of PAAS platform characterized by comprising
Access request receiving unit, for receiving the first access request of application program transmission;It is wrapped in first access request Containing wide area network address;The application program operates on the PAAS platform;
Verification information generation unit, for generating verification information corresponding with first access request;
Access request transmission unit leads to for calling the application programming interface API being set in advance on the PAAS platform The API is crossed, first access request and the verification information are sent to proxy server, so that the agency service Device is after being verified the verification information, according to the wide area network address for including in first access request, to described wide Domain net address accesses.
9. device as claimed in claim 8, which is characterized in that verification information generation unit is set in advance in described by calling API on PAAS platform generates verification information corresponding with first access request;And
Verification information generation unit, is specifically used for:
Receive the key corresponding with the application program of user's input;
It is signed using the mark of application program described in the key pair, timestamp, the wide area network address, obtains signature word Symbol string, wherein at the time of the timestamp is for indicating that the application program sends first access request;
Using the mark of the signature character string and the application program, the timestamp, the wide area network address as generation Verification information corresponding with first access request.
10. device as claimed in claim 8, which is characterized in that access request transmission unit is specifically used for:
According to the address of the proxy server pre-saved, generate the address that destination address is the proxy server second is visited Ask request, wherein the address of the proxy server is the address where the PAAS platform in local area network;
The wide area network address for including in first access request is carried in the second access request;
By the API, the second access request for carrying the wide area network address and the verification information are sent to agency Server.
11. a kind of wide-area network access device of PAAS platform characterized by comprising
Verification information receiving unit, for receiving PAAS platform by API the first access request sent and with described first The corresponding verification information of access request, wherein the API is set in advance on the PAAS platform, first access request Application program to operate on the PAAS platform is sent to the PAAS platform, and first access request includes wide area Net address;
Authentication unit, for being verified to the verification information;
Access unit, for after to being verified of the verification information, according to the wide area network for including in the access request Address accesses to the wide area network address.
12. device as claimed in claim 11, which is characterized in that the verification information includes signature character string, application program Mark, timestamp and wide area network address;And
The authentication unit, is specifically used for:
According to the mark for the application program for including in the verification information, timestamp and wide area network address, the verifying is believed The signature character string for including in breath is verified;And/or
According to the timestamp for including in the verification information, judge whether first access request is overtime.
13. device as claimed in claim 12, which is characterized in that authentication unit is specifically used for:
According to the mark for the application program for including in the verification information, and the mark of application program that pre-saves with Corresponding relationship between key searches key corresponding with the mark of the application program;
Using the mark for the application program for including in verification information described in the key pair, timestamp and the wide area network address It signs, obtains signature character string;
When the signature character string for including in obtained signature character string and the verification information is identical, it is determined that the verifying The signature character string for including in information is verified;
When the signature character string for including in obtained signature character string and the verification information is not identical, it is determined that test described The signature character string verifying for including in card information does not pass through.
14. device as claimed in claim 12, which is characterized in that authentication unit is specifically used for:
According to the timestamp for including in first access request, at the time of judge corresponding with the timestamp and current time Whether the time difference is more than preset duration;
When the judgment result is yes, it is determined that the first access request time-out;
When the judgment result is no, it is determined that first access request has not timed out.
CN201610331736.6A 2016-05-18 2016-05-18 A kind of wide-area network access method and device of PAAS platform Active CN106027639B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610331736.6A CN106027639B (en) 2016-05-18 2016-05-18 A kind of wide-area network access method and device of PAAS platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610331736.6A CN106027639B (en) 2016-05-18 2016-05-18 A kind of wide-area network access method and device of PAAS platform

Publications (2)

Publication Number Publication Date
CN106027639A CN106027639A (en) 2016-10-12
CN106027639B true CN106027639B (en) 2019-05-17

Family

ID=57097532

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610331736.6A Active CN106027639B (en) 2016-05-18 2016-05-18 A kind of wide-area network access method and device of PAAS platform

Country Status (1)

Country Link
CN (1) CN106027639B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107302526B (en) * 2017-06-07 2021-09-07 努比亚技术有限公司 System interface calling method, device and computer readable storage medium
CN109450649A (en) * 2018-12-28 2019-03-08 北京金山安全软件有限公司 Gateway verification method and device based on application program interface and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212453A (en) * 2006-12-29 2008-07-02 凹凸科技(中国)有限公司 Network access control method and firewall device
CN103955371A (en) * 2014-04-29 2014-07-30 浙江银江研究院有限公司 Design and development method for universal software module for performing data acquisition on serial-port instrument
KR20150113521A (en) * 2014-03-31 2015-10-08 (주)모빌랩 System and method for user authentication using location information at mobile PaaS cloud system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101212453A (en) * 2006-12-29 2008-07-02 凹凸科技(中国)有限公司 Network access control method and firewall device
KR20150113521A (en) * 2014-03-31 2015-10-08 (주)모빌랩 System and method for user authentication using location information at mobile PaaS cloud system
CN103955371A (en) * 2014-04-29 2014-07-30 浙江银江研究院有限公司 Design and development method for universal software module for performing data acquisition on serial-port instrument

Also Published As

Publication number Publication date
CN106027639A (en) 2016-10-12

Similar Documents

Publication Publication Date Title
US11048620B2 (en) Distributed system test device
CN107257340B (en) A kind of authentication method, authentication data processing method and equipment based on block chain
CN108305072B (en) Method, apparatus, and computer storage medium for deploying a blockchain network
JP5522307B2 (en) System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines
CN103548320B (en) The dangerous safety applied on device performs
CN107608689A (en) The update method of application program, device and electronic equipment in client
CN110245518B (en) Data storage method, device and equipment
CN107026832A (en) Account logon method, equipment and server
CN107015996A (en) A kind of resource access method, apparatus and system
CN111967610A (en) Block chain-based federal learning incentive method, device, equipment and storage medium
CN104158802A (en) Platform authorization method, platform service side, application client side and system
CN109981664A (en) Website logging method, device and the realization device of page end
CN109086596A (en) The authentication method of application program, apparatus and system
CN110008743A (en) Data attribute identification method, device and equipment in a kind of piece of chain type account book
CN108990059A (en) A kind of verification method and device
CN109509099A (en) Data trade method and device calculates equipment, storage medium
CN110190963A (en) A kind of monitoring method, device and equipment for the request of time service certificates constructing
CN110266494A (en) Time service authentication method, device and equipment in a kind of piece of chain type account book
CN110474775A (en) User's creation method, device and equipment in a kind of piece of chain type account book
CN106027639B (en) A kind of wide-area network access method and device of PAAS platform
CN108924185A (en) Interface creation method and device
CN113158196A (en) Login verification method, device, equipment and medium
US10645177B2 (en) Cookie based session timeout detection and management
CN109462600A (en) Access method, user equipment, login service device and the storage medium of application
CN110022327B (en) Short message authentication test method and device

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20230317

Address after: Room 501-502, 5/F, Sina Headquarters Scientific Research Building, Block N-1 and N-2, Zhongguancun Software Park, Dongbei Wangxi Road, Haidian District, Beijing, 100193

Patentee after: Sina Technology (China) Co.,Ltd.

Address before: 100080, International Building, No. 58 West Fourth Ring Road, Haidian District, Beijing, 20 floor

Patentee before: Sina.com Technology (China) Co.,Ltd.