CN107277038A - Access control method, device and system - Google Patents
Access control method, device and system Download PDFInfo
- Publication number
- CN107277038A CN107277038A CN201710585746.7A CN201710585746A CN107277038A CN 107277038 A CN107277038 A CN 107277038A CN 201710585746 A CN201710585746 A CN 201710585746A CN 107277038 A CN107277038 A CN 107277038A
- Authority
- CN
- China
- Prior art keywords
- business operation
- targeted customer
- user
- mark
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
This application provides a kind of access control method, device and system, in this scenario, the application server of operation system sends the authentication request for carrying targeted customer's mark and business operation information to authentication server after the business operation request for carrying targeted customer's mark and business operation information is intercepted;Authentication server is designated targeted customer's mark of logged-in user detecting the targeted customer, and when there is the object run authority with the business operation information match in the corresponding object run authority set of targeted customer mark, return to authenticate for application server and successfully indicate, to cause application server to perform business operation according to the business operation information.The scheme of the application can reduce network business platform to realize the development amount needed for Authority Verification, reduce the complexity of Authority Verification.
Description
Technical field
The application is related to communication technical field, more particularly to a kind of access control method, device and system.
Background technology
For providing the network business platform of business, it is necessary to run people during the operation of network business platform
Member is managed to network business platform, e.g., for providing the network business platform of multimedia resource, operation personnel's management
Network business platform institute energy multimedia resource, changes brief introduction of multimedia resource etc..
Under normal circumstances, network business platform can be made up of multiple operation systems, and different business systems are provided
Exercisable business operation species is different.And the operating right that different operation personnel have also is differed, only as operation people
Member has to during the operational administrative authority of some business operations, the operation personnel just can be in the business system in some operation system
Corresponding service management operation is carried out in system.And in order to carry out Authority Verification, the application clothes of each operation system to operation personnel
It is required for developing corresponding Authority Verification function in business device, development amount is larger, is tested so that web traffic platform carries out authority
The complexity of card is higher.
The content of the invention
In view of this, this application provides a kind of access control method, device and system, to reduce web traffic platform
In order to realize the development amount needed for Authority Verification, the complexity of Authority Verification is reduced.
To achieve the above object, this application provides following scheme:
On the one hand, this application provides a kind of access control method, this method includes:
Intercept and capture the business operation request that the browser of terminal is sent to the application server of operation system, the business operation
Request carries targeted customer's mark of the browser rs cache, and the business operation information that request is operated;
In response to the business operation request intercepted, authentication request, the authentication request are sent to authentication server
Carry targeted customer's mark and the business operation information;
When receive the authentication server return authenticate successfully indicate when, according to business operation information execution business
Operation, wherein, described authenticate successfully is designated as confirming that the targeted customer is designated logged-in user in the authentication server
Mark, and the targeted customer identifies corresponding object run authority set and includes and the business operation information match
Operating right set after, generation.
It is preferred that, it is described when the authentication server return authenticate successfully indicate when, held according to the business operation information
Row business operation, including:
When the authentication for receiving the authentication server return is successfully indicated, the business operation is asked into behaviour
The business operation information of work is transmitted to the application server, to cause the application server according to the business operation information
Perform business operation.
It is preferred that, the business operation in response to intercepting is asked, and authentication request, bag are sent to authentication server
Include:
In response to the business operation request intercepted, the targeted customer carried is asked to identify according to business operation
And business operation information, authentication request is generated, the authentication request carries targeted customer's mark and the business
Operation information;
The authentication request is sent to authentication server.
On the other hand, present invention also provides another access control method, applied to authentication server, methods described bag
Include:
The authentication request that application server is sent is received, the authentication request carries targeted customer's mark and business behaviour
Make information, wherein, after the business operation request that authentication request sends for the browser that the application server intercepts terminal,
Ask what the business operation information of the targeted customer mark and request operation carried was generated according to business operation, and
The targeted customer that business operation request is carried is designated the targeted customer's mark being buffered in the browser;
Detect whether that the targeted customer is designated targeted customer's mark of logged-in user, and the targeted customer identifies
In corresponding object run authority set, there is the object run authority with the business operation information match;
When the targeted customer be designated logged-in user targeted customer mark, and the targeted customer mark it is corresponding
There is the object run authority with the business operation information match in object run authority set, be the application server
Return, which is authenticated, successfully to be indicated, to cause the application server to perform business operation according to the business operation information.
It is preferred that, it is described for the application server return authenticate successfully indicate while, in addition to:
Operation Log of the generation comprising targeted customer mark and the business operation information, and store the operation
Daily record.
It is preferred that, it is described to detect whether targeted customer's mark that the targeted customer is designated logged-in user and described
Targeted customer is identified in corresponding object run authority set, there is the object run power with the business operation information match
Limit, including:
From user's mark of the logged-in user of storage and the corresponding relation of operating right set, inquiry whether there is institute
State targeted customer and identify corresponding object run authority set;
When inquiring the corresponding object run authority set of targeted customer's mark, the object run authority is detected
With the presence or absence of the object run authority with the business operation information match in set.
It is preferred that, the targeted customer's mark and the corresponding relation of operating right set of the logged-in user from storage
In, inquiry identifies corresponding object run authority set with the presence or absence of the targeted customer, including:
The targeted customer's mark and pair of operating right set of the logged-in user stored from long-range memory database
In should being related to, inquiry identifies corresponding object run authority set with the presence or absence of the targeted customer.
It is preferred that, before the authentication request that the reception application server is sent, in addition to:
The logging request that the browser of the terminal is sent is received, the logging request carries the user's that request is logged in
User name and login password;
When the identity for going out the user based on the user name and login password authentication is legal, according to the user name,
All operating rights that the user has are obtained, and all operating rights having are constituted into object run authority set
Close;
The targeted customer mark of user described in unique mark is generated, and stores targeted customer's mark and the mesh
Mark the corresponding relation of operating right set;
The targeted customer is identified to the browser for sending the terminal, used with caching the target in the browser
Family is identified.
It is preferred that, after the browser that the targeted customer is identified to the transmission terminal, in addition to:
Authority selection interface is returned to for the browser, the authority selection interface includes the object run authority set
In operations authority menu option;
The mark for the pending operating right that browser is returned is obtained, the pending operating right is user from the power
Limit the operating right associated by the menu option of selection interface selection;
Page address according to associated by operating right, is that the browser is returned corresponding to the pending operating right
The business operation page page address, to cause the browser according to the services addresses of the business operation page, from institute
State application server and obtain the business operation page, and the operation based on user in the business operation page, generate institute
State business operation request.
On the other hand, the embodiment of the present application additionally provides a kind of access control apparatus, including:
Request Interception unit, for intercepting and capturing the business operation that the browser of terminal is sent to the application server of operation system
Request, the business operation request carries targeted customer's mark of the browser rs cache, and the business behaviour that request is operated
Make information;
Authentication request unit, for being asked in response to the business operation intercepted, sends to authentication server and authenticates
Request, the authentication request carries targeted customer's mark and the business operation information;
Business execution unit, for when receive the authentication server return authenticate successfully indicate when, according to the industry
Operation information of being engaged in performs business operation, wherein, described authenticate successfully is designated as confirming that the target is used in the authentication server
Family is designated the mark of logged-in user, and the targeted customer identify corresponding object run authority set include with it is described
After the operating right set of business operation information match, generation.
On the other hand, the embodiment of the present application additionally provides a kind of access control apparatus, applied to authentication server, the dress
Put including:
Request reception unit, the authentication request for receiving application server transmission, the authentication request carries target
User identifies and business operation information, wherein, authentication request is the browser transmission that the application server intercepts terminal
Business operation request after, according to business operation ask carry the targeted customer identify and request operation the industry
Operation information of being engaged in generation, and the targeted customer that business operation request is carried is designated the mesh being buffered in the browser
Mark user's mark;
Authentication process unit, for detecting whether the targeted customer is designated targeted customer's mark of logged-in user,
And the targeted customer is identified in corresponding object run authority set, there is the target with the business operation information match
Operating right;
As a result indicating member, the targeted customer for being designated logged-in user as the targeted customer identifies, and described
Targeted customer identifies the object run existed in corresponding object run authority set with the business operation information match and weighed
Limit, is that the application server is returned to authenticate and successfully indicated, to cause the application server according to the business operation information
Perform business operation.
On the other hand, present invention also provides a kind of access control system, including:
Application server, is asked, institute for intercepting and capturing the business operation that the browser of terminal is sent to the application server
State targeted customer's mark that business operation request carries the browser rs cache, and the business operation information that request is operated;
In response to the business operation request intercepted, authentication request is sent to authentication server, the authentication request is carried
State targeted customer's mark and the business operation information;When receive the authentication server return authenticate successfully indicate when,
Business operation is performed according to the business operation information;
Authentication server, use has been logged in in response to the authentication request, detecting whether that the targeted customer is designated
Targeted customer's mark at family, and in the corresponding object run authority set of targeted customer mark, exist and the business is grasped
Make the object run authority of information match;When the targeted customer is designated targeted customer's mark of logged-in user, and institute
State targeted customer and identify the object run existed in corresponding object run authority set with the business operation information match
Authority, is that described authenticate of the application server return successfully indicates.
Understand that in the embodiment of the present application, the application server of operation system can intercept end via above-mentioned technical scheme
The business operation request that end is sent, and before application server processes business operation request, send and reflect to authentication server
Power request, and verify whether the user of the terminal possesses the business operation carried in business operation request by authentication server
The corresponding operating right of information, it is achieved thereby that by authentication server it is unified all business operations in operation system are asked into
Row purview certification, it is to avoid the independent exploitation authority authentication procedure in every application server respectively, reduces the work of exploitation
Amount and complexity, improve the convenience of purview certification.
Brief description of the drawings
In order to illustrate more clearly of the technical scheme of the embodiment of the present application, used required in being described below to embodiment
Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are only embodiments herein, for this area
For those of ordinary skill, on the premise of not paying creative work, it can also be obtained according to the accompanying drawing of offer other attached
Figure.
Fig. 1 shows a kind of structure composed schematic diagram for application scenarios that the access control method of the application is applicable;
Fig. 2 shows a kind of schematic flow sheet of access control method one embodiment of the application;
Fig. 3 shows a kind of composition structural representation of access control apparatus one embodiment of the application;
Fig. 4 shows the composition structural representation of another access control apparatus one embodiment of the application.
Embodiment
In order to make it easy to understand, a kind of application scenarios that first scheme to the embodiment of the present application is applicable are introduced, such as Fig. 1
It is shown.Include in Fig. 1 application scenarios:Network business platform 10 and the terminal 11 where operation personnel.
Wherein, the network business platform can include multiple operation systems 101 and an authentication server 102, business
System is connected with authentication server by network.
Wherein, each operation system 101 can include one or more application servers 1011, wherein, work as operation system
During including multiple application servers, the plurality of application server may be constructed a server cluster.
Certainly, for authentication and the speed and reliability of purview certification, and avoid due to authentication server failure
And lead to not carry out identity and Authority Verification, the authentication server can equally have many.Such as, can be according to load balancing
Principle, selection one is used as the authentication server for currently carrying out authentication and purview certification from many authentication servers;
And for example, in this many authentication servers one as master server, other are as standby server, as the mirror for master server
When weighing server failure, then start the authentication server as standby server.
Wherein, authentication server can safeguard herein below:
The management of authority:Establishment, modification, deletion and inquiry of operations authority etc.;
The management of role:Establishment, modification, deletion and inquiry of role etc., wherein, a role can have one
Or multi-mode operation authority;
The management of user right:Assign or withdraw one or more role of user.
Wherein, the keeper of web traffic platform can increase or delete every newly at the rights management interface of AUC
The corresponding option of operating right, meanwhile, for each operating right, keeper can set up grasping associated by operations authority
Make page address and the corresponding matched rule template of each operating right of the page etc..Wherein, each operating right correspondence
Matched rule template be the rule for determining the operation content that this operating right may be matched, e.g., the matched rule
Template can be a regular expression, can detect whether the operation content that operation personnel is asked belongs to based on regular expression
The extent of competence included in this operating right.
In one implementation, the web traffic platform can also include database 103, and the database can be with the mirror
Weigh server by network to be connected, authority, role and user's power that authentication server is managed can be stored in the database
The relevant informations such as limit.
With reference to the above general character of the application, the access control method of the embodiment of the present application is described in detail.
Such as, referring to Fig. 2, schematic diagram is interacted it illustrates a kind of flow of access control method one embodiment of the application,
The method of the present embodiment can include:
S201, terminal sends logging request by browser to authentication server, and the logging request carries the use of user
Name in an account book and login password.
Wherein, authentication server can for request all terminals of logging in network business platform unified log in page is provided
Face.Accordingly, user opens the login page of network business platform in the browser of terminal, and fills in and step in the login page
Record after the username and password needed for the network business platform, logging request can be sent to the authentication server, then this is stepped on
Record request, which is directed, is sent to the authentication server.
In the embodiment of the present application, the user can be the operation personnel of network business platform, and the user name of user can be with
One user of unique mark.
S202, authentication server, based on the user name and login password, verifies the body of the user in response to the logging request
Part legitimacy.
Such as, the corresponding password of different user name can be stored in authentication server, so, is got entrained by logging request
User name after, authentication server detects that the login password is corresponding with the user name close with what is stored in the authentication server
Whether code is consistent, if unanimously, it is the user with legal identity to confirm the user.
Certainly, user name and login password based on user, the mode of checking user identity legitimacy can have a variety of, right
In the legitimacy which kind of mode to verify user identity using, the embodiment of the present application is not any limitation as.
It should be noted that above step S201 and step S202 is optional step, it belongs to the process of authentication, and
Operating right verification process is not belonging to, it is used for the purpose of to readily appreciate the whole process of application scheme and being retouched
State.
S203, when the identity that authentication server verifies the user is legal, gathers from the user name of storage with role
In incidence relation, the target roles set associated with the user name of the user is inquired.
Wherein, the target roles set includes at least one target roles.For the ease of distinguishing, the embodiment of the present application
In, the role of the user-association is referred to as target roles, and the collection that all target roles of user-association are constituted is collectively referred to as
Target roles set.
Such as, if in the case of the incidence relation that be stored with the authentication server user name and role gather, can be with
The target roles set is inquired from authentication server;If the pass that the user name that is stored with database is gathered with role
Connection relation, then can be to inquire the target roles set in database.
Wherein, role be used for characterize the responsibility that user is carried during operation, e.g., role can for logistics transportation,
Pre-sales consulting, after-sales service etc..
It is understood that authentication server verify user identity it is legal when, then the user can log in the authentication
Server;When the identity that authentication server verifies the user is illegal, the authentication server can return to phase for browser
The miscue answered, such as Password Input are operated, and do not possess logon rights etc..
S204, authentication server obtains target roles collection respectively according to the role of storage and the matching relationship of operating right
At least one operating right of each target roles association, is obtained and at least one target angle in the target roles set in conjunction
The operating right set of color association.
Wherein, the operating right set includes at least one operating right.
Such as, in the role stored from authentication server and the matching relationship of operating right, obtain in the target roles set
The operating right of each target roles association;Either, from the role of database purchase and the matching relationship of operating right,
Obtain the operating right that each target roles is associated in the target roles set.
In the embodiment of the present application, different roles has different operating rights, according to the difference of operation system, different
The operating right that role has can also have the coincidence of part operation authority with entirely different.
Optionally, in order to avoid there is the operating right repeated in the corresponding operating right set of the user, determining
In the target roles set of the user after the operations authority of each target roles association, the operating rights of repetition can be removed
Limit, and the operating right set that the set that the operations authority obtained by after duplicate removal is constituted has as the user.
Certainly, after the operating right set is obtained, then deduplication operation is carried out similarly to the operating right in operating right set
It is applicable.
It should be noted that in the embodiment of the present application, by distributing different roles, not each angle for different user
It is only a kind of mode for determining the operating right that user has that color, which is associated with least one operating right,.In practical application
In, the operating right set that different user has can also be configured in authentication server in advance, what each user had
Operating right set includes at least one operating right, in this kind of situation, the user that authentication server can be according to user
In name, the user name and the corresponding relation of operating right that are stored from database or the authentication server, user pass is obtained
Connection at least one of operating right so that obtain that the user has at least one of the operating right collection that is constituted of operating right
Close.
S205, authentication server is that the user generates unique user's mark, and is cached in long-range memory database
The user identifies the corresponding relation with the operating right set.
Wherein, the user is identified for the unique mark user, and user mark can be by numeral, letter or other words
One or more compositions in symbol.Certainly, the authentication server can also directly using the user name of user as the user use
Family is identified.
User name in view of user is easy to be stolen, and is falsely used by other people, therefore, in order to ensure subsequent authority certification
Reliability, authentication server can generate a unique user mark for user, be somebody's turn to do after confirming that user identity is legal
User's mark is generated at random by authentication server, and user mark is different from the user name of the user.
It is understood that user mark and the corresponding relation of the operating right set are cached in memory database,
Be conducive to subsequent authentication server quick search to go out the user and identify which object run authority characterized user has.
Such as, the memory database can be the database mapped between storage key (key) and key assignments (value), i.e. redis
Database.Accordingly, can be using user's mark as key, using the corresponding operating right set of user as key assignments, so that should
User's mark of user is corresponding with operating right set to be cached in the redis databases.
It should be understood that not in the same time, authentication server may be multiple different logged-in users generation users
Mark, for the ease of distinguishing, the user mark that can generate current time is referred to as targeted customer's mark, and the target is used
Family identifies corresponding operating right collection and is collectively referred to as object run authority set.
It should be noted that authentication server caches user mark and operating right collection in long-range memory database
Corresponding relation between conjunction is only a kind of implementation.But it is understood that, authentication server can also be by the correspondence
Relation is cached in the memory of the authentication server or internal memory, or the corresponding relation is cached into other kinds of number
According in storehouse, it is not any limitation as herein.
S206, authentication server identifies the user browser for being sent to terminal, to store the user in a browser
Mark.
Such as, user mark is written in the cookies of browser.
It is understood that the purpose that authentication server, which is listed user, generates unique user's mark is,
It is Successful login authentication server (Successful login network business platform in other words) to characterize the user by user mark
Logged-in user.Accordingly, when browser initiates to ask the business operation of operation system, browser can be by caching
Service identification is carried in business operation request, and so, authentication server can detect that the user is identified whether as the authentication
Server is user's mark that logged-in user is generated.
It should be noted that authentication server for logged-in user generation user by identifying and storing user mark only
Only it is a kind of implementation that authentication server recognizes logged-in user, in actual applications, authentication server can also be by
Long-range memory database or designated memory space are arrived in the storage of the information such as the user name of login user, and use has been logged in distinguish
Family.
In addition, step S203 to step S206 logs in authentication server just for the sake of user's request, (request is stepped in other words
Record network business platform) during, authentication server is for some processing of logging request, and the part is not belonging to authentication service
Device is for the process of purview certification, and some only done for follow-up Authority Verification prepare operation.
S207, authentication server returns to authority selection interface to the browser of terminal.
Wherein, the authority selection interface shows the operations authority in the operating right set for having the user to possess
Option.
Such as, the items included in the operating right set can be shown in the form of menus in the authority selection interface
The corresponding menu option of operating right, so, user can characterize the menu option of different operation authority by clicking on, to realize
Selection to a certain operating right.
S208, the option mark for the pending operating right that the browser of terminal selects user from the authority selection interface
Knowledge is sent to authentication server.
For the ease of distinguishing, by the operating right set, the operating right that user selects is referred to as pending operating rights
Limit.
Wherein, the Option of the pending operating right is used to identify the pending operating right, e.g., the pending behaviour
The Option for making authority can be the title of the pending operating right or other marks etc..
For example, showing operating right A menu option A, operating right B menu option in authority selection interface
And operating right C menu option C, it is assumed that user clicks operating right B menu option B, then browser can be by dish
Uniterming B coordinate position or identification number etc. are sent to authentication server, to cause authentication server to be selected according to menu
Item B coordinate position or identification number, determines the menu option that user clicks on, and then determine the behaviour of menu option association
Make authority for operating right B.
S209, the page address for the business operation page that authentication server is associated based on the pending operating right, at this
The webpage representation region of authority selection interface shows the business operation page.
Wherein, the business operation page can show:The business operation project for being available for user to select, and configuration may be selected
Business operation content, for example, the film information for having some to be available for modification can be showed in the business operation page, in the business operation
In interface, user can perform modification for some film or delete the operation such as movie name.
Be stored with the page of different operation authority and the exercisable business operation page of the operating right in authentication server
Incidence relation between face, authentication server is got after the pending operating right of user's selection, can be obtained this and be waited to locate
The page address of the business operation page of operating right association is managed, is somebody's turn to do so that the page address based on the business operation page is obtained
The business operation page.Such as, the page address for the business operation page that authentication server can associate the pending operating right
The browser of terminal is sent to, the browser can be based on the page address, to the operation system belonging to the business operation page
Application server send page request, so as to get the business operation page.
It is understood that the mode for showing the business operation page in the browser of terminal can have a variety of.In order to just
While user is watching or operated the business operation page, browser can select business operation webpage representation in the authority
Designated area in interface is selected, the designated area can be the webpage representation region for showing the business operation page.Accordingly, exist
While the authority displaying interface business operation page, user then can be still selected if it is desired to change selected operating right
The option of other operating rights is selected, so as to reload the corresponding business operation page of other operating rights.
S210, the operation of the browser of terminal according to user in the business operation page, business is sent to application server
Operation requests.
Wherein, business operation request carries user's mark of browser rs cache, and the business operation that request is operated
Information.For the ease of distinguishing, the user's mark carried in business operation request can also be referred to as targeted customer's mark.
Such as, browser according to user in the selected business operation project of the business operation page and selected operation
The information such as content, generation business operation request, and the user mark cached in cookies is obtained, and user request is taken
Band is in business operation request.
It is understood that the browser that step S207 to step S210 is only terminal sends business to application server
A kind of implementation of operation requests, in actual applications, the browser of terminal can also be by other means to operation system
Application server send business operation request, be not any limitation as the application.
S211, application server intercepts and captures business operation request, and the user's mark for asking to carry based on the business operation
And business operation information, generate authentication request.
Wherein, the authentication request includes user mark and business operation information.
The business operation request itself received is intercepted and captured in application server, and in the application server processes business operation
Before request, first the user for being sent to business operation request is authenticated.
Such as, interception application can be installed in the application server, the interception application can regard the authentication server as
Corresponding client, the business operation that the browser that the interception application can intercept terminal is sent to the application server please
Ask, so, before application server processes business operation request, the interception application can generate an authentication request.
S212, application server is sent to authentication request to authentication server.
It is understood that step S211 and step S212 should for the interception in application server in other words application server
With a kind of implementation that authentication request is sent to authentication server.In actual applications, application server can be in response to cutting
The business operation request received, authentication request is sent to authentication server, and the user's mark carried during business operation is asked
Know and business operation information is sent to authentication server in the lump with authentication request.
S213, authentication server is identified according to the user, the logged-in user stored from the long-range memory database
User's mark with the corresponding relation of operating right set, inquiry identifies corresponding object run authority with the presence or absence of the user
Set, if it is, performing step S214;If it is not, then returning to the prompting of failed authentication to application server;
It is understood that after each User logs in authentication server, the user can be all stored in memory database
Corresponding relation between the operating right set that user identifies and the user has, so, in memory database can store multigroup
Corresponding relation.Accordingly, if the user carried in the authentication request that is stored with memory database identifies corresponding operation
Authority set, then it is the use that logged-in user is generated to illustrate that the user carried in business operation request is designated authentication server
Family is identified, while the user that also explanation initiates business operation request is logged-in user.
For the ease of distinguishing, operating right collection corresponding with the user's mark carried in the authentication request is collectively referred to as target
Operating right set.
It is understood that the operation that authentication server has user's mark of logged-in user with the logged-in user
Authority set is stored into the memory database, so, and business operation is initiated by the browser of terminal in the logged-in user
Request, and application server be based on the business operation ask to authentication server initiation authentication request after, authentication server without
Need the real-time query logged-in user has again role, and the authority that each role has, it is to avoid inquiry operation
The complexity of authority;And using user mark as key assignments, user mark institute just can be inquired from the memory database
Corresponding object run authority set, determines that the user identifies the operating rights that characterized user has so as to substantially increase
Limit the efficiency of set.
Certainly, if authentication server is logged-in user generation determining that the user is designated the authentication server
After mark, from database real-time matching go out the user and identify all operating rights that characterized user has,
It is equally applicable to the embodiment of the present application.
It should be noted that the corresponding relation storage that user is identified with operating right set is arrived into authentication in authentication server
In the case of server, other database memory spaces, authentication server can still be stored from corresponding memory space
User's mark of login user is with the corresponding relation of operating right set, inquiring about and identifying corresponding target with the presence or absence of the user
Operating right set, the application is not any limitation as to this.
S214, authentication server is detected in the object run authority set, if existed and the business operation information phase
At least one the object run authority matched somebody with somebody, is successfully indicated, and perform step S215 if it is, returning to authenticate for application server;
If it is not, then returning to the prompting of failed authentication to application server.
For the ease of distinguishing, by least one of included operating right in object run authority set, with the business
The operating right of operation information matching is referred to as object run authority.
If it is understood that there is the target with the business operation information match in the object run authority set
Operating right, then illustrating the browser of the terminal has the authority for carrying out the corresponding business operation of the business operation information,
In the case of this kind, authentication server thinks that the user identifies characterized user and has the execution corresponding industry of business operation information
The authority of business operation, and confirm that authentication passes through, so as to return to authentication successfully instruction to application server.
Wherein, authentication server is from object run authority set, and detection and the target of the business operation information matches are grasped
Making the process of authority can be:Whether the business operation content that detection operations authority may relate to includes contains in other words
The business operation information is covered, if the business operation content detected involved by a certain operating right covers business operation letter
Breath, it is determined that this business operations competence is the object run authority with the business operation information matches.
If grasped it is understood that each operating right may relate into all business in view of authentication server
Make content and be set out, memory data output can be caused excessive and the problems such as match complexity is high, optionally, the authentication
Server can build the Back ground Information that the business operation content corresponding to each operating right has in advance, so, be based on
The Back ground Information that business operation corresponding to each operating right of the business operation information and this has is matched, so that it is determined that
The operating right of business operation information matches.Such as, it can determine what business operation information was matched by way of canonical is matched
Object run authority.
Detect whether that the user is designated it is understood that step S213 and step S214 are only one kind and logged in use
Targeted customer's mark at family, and in the corresponding object run authority set of targeted customer mark, exist and the business operation is believed
A kind of implementation of the object run authority of manner of breathing matching, for detecting that the user is identified whether as authentication by other means
Server is the mark that logged-in user is generated, and analyzes whether the characterized user of user mark has to the business operation
The mode of the related operating right of information, is applied equally to the embodiment of the present application, is not any limitation as herein.
It is understood that in the case where authentication server returns to the prompting of failed authentication to application server, application
Server can abandon business operation request, without performing the business operation related to the business operation information.
S215, Operation Log of the authentication server generation comprising user mark and the business operation information, and store
The Operation Log.
By Operation Log it is recognized that during operation, different user identifies which characterized user carried out
Business operation.
Certainly, if the business operation request that browser is sent carries the information such as the user name of user, in this kind of situation
Under, the corresponding relation of the information such as the user name and the business operation information can also be recorded in Operation Log.
In the embodiment of the present application, by authentication server when authenticating successfully, based on business operation information generation operation day
Will, so, all Operation Logs complete record by authentication server, without respectively in the application clothes of each operation system
The program for realizing operation log recording is individually developed in business device, development amount is greatly reduced, improves Operation Log
The convenience of record.
Explanation is needed, the order that authentication server generation Operation Log authenticates successfully instruction with sending is not limited to Fig. 2
Shown, in actual applications, authentication server can also first generate Operation Log, retransmit to authenticate and successfully indicate, certainly, authentication
Server can also to application server send authenticate successfully indicate while, generate the Operation Log.
S216, application server performs business operation according to the business operation information.
Such as, the business operation information is the modification for some movie name, then application server can be performed to the electricity
Modification of shadow title etc. is operated.
In the embodiment of the present application, the application server of operation system can intercept the business operation request of terminal transmission, and
Before application server processes business operation request, authentication request is sent to authentication server, and pass through authentication server
Verify whether the user of the terminal possesses the corresponding operating right of business operation information carried in business operation request, so that
Realize purview certification is carried out to all business operation requests in operation system by the way that authentication server is unified, it is to avoid exist respectively
Authority authentication procedure is individually developed in every application server, the workload and complexity of exploitation is reduced, improves authority and recognize
The convenience of card.
Meanwhile, the authority selection interface for the operating right that the user possesses is returned to user by authentication server, so,
If user does not possess a certain operating right, the operating right will not be shown in the authority selection interface, so, user is also
Corresponding operating right can not be selected by mouse or keyboard in the authority selection interface, so as to can not ask to the operation
The related business operation of authority.
Even if in addition, exist user malice get the page address that the user does not possess the business operation of operating right,
And be have sent by browser to the application server of operation system to the request of the corresponding business operation in the page address, and due to
After application server intercepts business operation request in the application, it can ask to send out to authentication server based on the business operation
Authentication request is sent, so, if authentication server detects the user and was not logged on authentication server, or does not possess the industry
The operating right for the business operation information that business operation requests are asked, authentication server can still lose to application server feedback authentication
The prompting lost, so that the user can not possibly perform the corresponding business behaviour of the business operation information in the application server
Make, and then improve the reliability of purview certification.
A kind of access control method of correspondence the application, present invention also provides a kind of access control apparatus, the access control
Device processed can apply to application server, or be deployed in the front end of application server, be sent out with intercepting to application server
The information sent.
Such as, referring to Fig. 3, it illustrates a kind of composition structural representation of access control apparatus one embodiment of the application,
The access control apparatus of the present embodiment can include:
Request Interception unit 301, for intercepting and capturing the business that the browser of terminal is sent to the application server of operation system
Operation requests, the business operation request carries targeted customer's mark of the browser rs cache, and the industry that request is operated
Business operation information;
Authentication request unit 302, for being asked in response to the business operation intercepted, sends to authentication server and reflects
Power request, the authentication request carries targeted customer's mark and the business operation information;
Business execution unit 303, for when receive the authentication server return authenticate successfully indicate when, according to described in
Business operation information performs business operation, wherein, described authenticate successfully is designated as confirming the target in the authentication server
User is designated the mark of logged-in user, and the targeted customer identifies corresponding object run authority set and included and institute
After the operating right set for stating business operation information match, generation.
Optionally, the business execution unit, including:
Business triggers execution unit, for when the authentication for receiving the authentication server return is successfully indicated, by institute
Stating business operation asks the business operation information of operation to be transmitted to the application server, to cause the application service
Device performs business operation according to the business operation information.
Optionally, the authentication request unit, including:
Generation unit is asked, for asking in response to the business operation intercepted, is asked to carry according to business operation
Targeted customer mark and business operation information, generate authentication request, the authentication request carries the target and used
Family is identified and the business operation information;
Authentication request transmitting element, for sending the authentication request to authentication server.
Another aspect, present invention also provides another access control method, e.g., referring to Fig. 4, it illustrates the application
The composition structural representation of another access control apparatus one embodiment, the device of the present embodiment can apply to authentication service
Device, the device of the present embodiment can include:
Request reception unit 401, the authentication request for receiving application server transmission, the authentication request carries mesh
User's mark and business operation information are marked, wherein, authentication request is the browser hair that the application server intercepts terminal
After the business operation request sent, according to business operation asks targeted customer mark and the request operation of carrying
The generation of business operation information, and the targeted customer that business operation request is carried is designated and is buffered in the browser
Targeted customer identifies;
Authentication process unit 402, for detecting whether the targeted customer is designated targeted customer's mark of logged-in user
Know, and the targeted customer is identified in corresponding object run authority set, is existed and the business operation information match
Object run authority;
As a result indicating member 403, the targeted customer for being designated logged-in user as the targeted customer identifies, and institute
State targeted customer and identify the object run existed in corresponding object run authority set with the business operation information match
Authority, is that the application server is returned to authenticate and successfully indicated, to cause the application server to believe according to the business operation
Breath performs business operation.
In a kind of possible implementation, the device can also include:
Daily record generation unit 404, successfully refers to for returning to authenticate for the application server in the result indicating member
While showing, Operation Log of the generation comprising targeted customer mark and the business operation information, and store the behaviour
Make daily record.
In a kind of possible implementation, the authentication process unit can include:
Information inquiry subelement, user's mark pass corresponding with operating right set for the logged-in user from storage
In system, inquiry identifies corresponding object run authority set with the presence or absence of the targeted customer;
Permission match unit, for when inquiring the corresponding object run authority set of targeted customer's mark, examining
Survey in the object run authority set with the presence or absence of the object run authority with the business operation information match.
In a kind of possible implementation, described information inquiry subelement, specifically, for from long-range internal storage data
Targeted customer's mark of the logged-in user stored in storehouse is with the corresponding relation of operating right set, inquiring about with the presence or absence of described
Targeted customer identifies corresponding object run authority set.
In a kind of possible implementation, described device can also include:
Log in receiving unit, for the request reception unit receive application server send authentication request before,
Receive the terminal browser send logging request, the logging request carry request log in user user name and
Login password;
Authority acquiring unit, the identity for that ought go out the user based on the user name and login password authentication is legal
When, according to the user name, obtain all operating rights that the user has, and by all operating right groups having
Into object run authority set;
Identification generation unit, the targeted customer for generating user described in unique mark identifies, and stores the mesh
Mark user's mark and the corresponding relation of the object run authority set;
Returning unit is identified, the browser of the terminal is sent for the targeted customer to be identified, to be browsed described
Targeted customer's mark is cached in device.
On the basis of any of the above one embodiment, the device can also include:
Authority interface returning unit, for returning to authority selection interface, the authority selection interface bag for the browser
Include the menu option of the operations authority in the object run authority set;
Operating right determining unit, the mark of the pending operating right for obtaining browser return is described pending
Operating right is the operating right associated by the menu option that user is selected from the authority selection interface;
Page returning unit, is to be treated described in the browser is returned for the page address according to associated by operating right
The page address of the business operation page corresponding to operating right is handled, to cause the browser according to business operation page
The services addresses in face, the business operation page is obtained from the application server, and based on user in business operation page
Operation in face, generates the business operation request.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight
Point explanation be all between difference with other embodiment, each embodiment identical similar part mutually referring to.
For device class embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is joined
See the part explanation of embodiment of the method.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relational terms be used merely to by
One entity or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or operation
Between there is any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant meaning
Covering including for nonexcludability, so that process, method, article or equipment including a series of key elements not only include that
A little key elements, but also other key elements including being not expressly set out, or also include be this process, method, article or
The intrinsic key element of equipment.In the absence of more restrictions, the key element limited by sentence "including a ...", is not arranged
Except also there is other identical element in the process including key element, method, article or equipment.
The foregoing description of the disclosed embodiments, enables those skilled in the art to realize or using the present invention.To this
A variety of modifications of a little embodiments will be apparent for a person skilled in the art, and generic principles defined herein can
Without departing from the spirit or scope of the present invention, to realize in other embodiments.Therefore, the present invention will not be limited
It is formed on the embodiments shown herein, and is to fit to consistent with features of novelty with principles disclosed herein most wide
Scope.
It the above is only the preferred embodiment of the present invention, it is noted that come for those skilled in the art
Say, under the premise without departing from the principles of the invention, some improvements and modifications can also be made, these improvements and modifications also should be regarded as
Protection scope of the present invention.
Claims (10)
1. a kind of access control method, it is characterised in that including:
Intercept and capture the business operation request that the browser of terminal is sent to the application server of operation system, the business operation request
Carry targeted customer's mark of the browser rs cache, and the business operation information that request is operated;
In response to the business operation request intercepted, authentication request is sent to authentication server, the authentication request is carried
There is the targeted customer to identify and the business operation information;
When receive the authentication server return authenticate successfully indicate when, perform business according to the business operation information and grasp
Make, wherein, described authenticate successfully is designated as confirming that the targeted customer is designated logged-in user in the authentication server
Identify, and the targeted customer identifies corresponding object run authority set and included and the business operation information match
After operating right set, generation.
2. access control method according to claim 1, it is characterised in that the business in response to intercepting is grasped
Ask, authentication request is sent to authentication server, including:
In response to intercept the business operation request, according to business operation ask carry the targeted customer mark and
Business operation information, generates authentication request, and the authentication request carries targeted customer's mark and the business operation
Information;
The authentication request is sent to authentication server.
3. a kind of access control method, it is characterised in that applied to authentication server, methods described includes:
The authentication request that application server is sent is received, the authentication request carries targeted customer's mark and business operation letter
Breath, wherein, after the business operation request that authentication request sends for the browser that the application server intercepts terminal, according to
The business operation information generation that the targeted customer mark and request that the business operation request is carried are operated, and
The targeted customer that the business operation request is carried is designated the targeted customer's mark being buffered in the browser;
Detect whether that the targeted customer is designated targeted customer's mark of logged-in user, and targeted customer mark correspondence
Object run authority set in, there is the object run authority with the business operation information match;
When the targeted customer is designated targeted customer's mark of logged-in user, and the corresponding target of targeted customer mark
There is the object run authority with the business operation information match in operating right set, be that the application server is returned
Authenticate and successfully indicate, to cause the application server to perform business operation according to the business operation information.
4. access control method according to claim 3, it is characterised in that reflected in described returned for the application server
Weigh while successfully indicate, in addition to:
Operation Log of the generation comprising targeted customer mark and the business operation information, and store the operation day
Will.
5. access control method according to claim 3, it is characterised in that described to detect whether targeted customer's mark
Identified for the targeted customer of logged-in user, and the targeted customer is identified in corresponding object run authority set, exist with
The object run authority of the business operation information match, including:
From user's mark of the logged-in user of storage and the corresponding relation of operating right set, inquiry whether there is the mesh
Mark user and identify corresponding object run authority set;
When inquiring the corresponding object run authority set of targeted customer's mark, the object run authority set is detected
In with the presence or absence of object run authority with the business operation information match.
6. the access control method according to claim any one of 3-5, it is characterised in that in the reception application server
Before the authentication request of transmission, in addition to:
The logging request that the browser of the terminal is sent is received, the logging request carries the user for the user that request is logged in
Name and login password;
When the identity for going out the user based on the user name and login password authentication is legal, according to the user name, obtain
All operating rights that the user has, and all operating rights having are constituted into object run authority set;
The targeted customer mark of user described in unique mark is generated, and stores targeted customer's mark and is grasped with the target
Make the corresponding relation of authority set;
The targeted customer is identified to the browser for sending the terminal, marked with caching the targeted customer in the browser
Know.
7. access control method according to claim 6, it is characterised in that sent in described identify the targeted customer
After the browser of the terminal, in addition to:
Authority selection interface is returned to for the browser, the authority selection interface is included in the object run authority set
The menu option of operations authority;
The mark for the pending operating right that browser is returned is obtained, the pending operating right is that user selects from the authority
Select the operating right associated by the menu option of interface selection;
Page address according to associated by operating right, is the industry corresponding to the browser return pending operating right
The page address for operation pages of being engaged in, to cause the browser according to the services addresses of the business operation page, to be answered from described
The business operation page, and the operation based on user in the business operation page are obtained with server, the industry is generated
Business operation requests.
8. a kind of access control apparatus, it is characterised in that including:
Request Interception unit, please for intercepting and capturing the business operation that the browser of terminal is sent to the application server of operation system
Ask, the business operation request carries targeted customer's mark of the browser rs cache, and the business operation that request is operated
Information;
Authentication request unit, for being asked in response to the business operation intercepted, authentication request is sent to authentication server,
The authentication request carries targeted customer's mark and the business operation information;
Business execution unit, for when receive the authentication server return authenticate successfully indicate when, grasped according to the business
Make information and perform business operation, wherein, described authenticate successfully is designated as confirming targeted customer's mark in the authentication server
Know the mark for logged-in user, and the targeted customer identifies corresponding object run authority set and included and the business
After the operating right set that operation information matches, generation.
9. a kind of access control apparatus, it is characterised in that applied to authentication server, described device includes:
Request reception unit, the authentication request for receiving application server transmission, the authentication request carries targeted customer
Mark and business operation information, wherein, authentication request is that the application server intercepts the industry that the browser of terminal is sent
After operation requests of being engaged in, the targeted customer carried is asked to identify and ask the industry of operation according to the business operation
Operation information of being engaged in generation, and the targeted customer that business operation request is carried is designated and is buffered in the browser
Targeted customer mark;
Authentication process unit, for detecting whether the targeted customer is designated targeted customer's mark of logged-in user, and institute
State targeted customer to identify in corresponding object run authority set, there is the object run with the business operation information match
Authority;
As a result indicating member, the targeted customer for being designated logged-in user as the targeted customer identifies, and the target
User identifies the object run authority existed in corresponding object run authority set with the business operation information match, is
The application server is returned to authenticate and successfully indicated, to cause the application server to perform industry according to the business operation information
Business operation.
10. a kind of access control system, it is characterised in that including:
Application server, is asked, the industry for intercepting and capturing the business operation that the browser of terminal is sent to the application server
Business operation requests carry targeted customer's mark of the browser rs cache, and the business operation information that request is operated;Response
In the business operation request intercepted, authentication request is sent to authentication server, the authentication request carries the mesh
Mark user's mark and the business operation information;When receive the authentication server return authenticate successfully indicate when, foundation
The business operation information performs business operation;
Authentication server, in response to the authentication request, detecting whether that the targeted customer is designated logged-in user
Targeted customer is identified, and the targeted customer is identified in corresponding object run authority set, is existed and is believed with the business operation
The object run authority of manner of breathing matching;When the targeted customer is designated targeted customer's mark of logged-in user, and the mesh
Mark user and identify the object run authority existed in corresponding object run authority set with the business operation information match,
Described authenticate is returned to for the application server successfully to indicate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710585746.7A CN107277038A (en) | 2017-07-18 | 2017-07-18 | Access control method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710585746.7A CN107277038A (en) | 2017-07-18 | 2017-07-18 | Access control method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107277038A true CN107277038A (en) | 2017-10-20 |
Family
ID=60078788
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710585746.7A Pending CN107277038A (en) | 2017-07-18 | 2017-07-18 | Access control method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107277038A (en) |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108173839A (en) * | 2017-12-26 | 2018-06-15 | 北京奇虎科技有限公司 | Right management method and system |
| CN108512835A (en) * | 2018-03-15 | 2018-09-07 | 链家网(北京)科技有限公司 | A kind of business unique identification code verification method and system |
| CN108629484A (en) * | 2018-03-30 | 2018-10-09 | 平安科技(深圳)有限公司 | It attends a banquet qualification management method, apparatus and storage medium |
| CN108881170A (en) * | 2018-05-21 | 2018-11-23 | 阿里巴巴集团控股有限公司 | A kind of data processing method, device, processing equipment and the system of authorization guidance |
| CN108965326A (en) * | 2018-08-21 | 2018-12-07 | 南京国电南自电网自动化有限公司 | A kind of boss's station secure communication control method and system based on user identity authentication |
| CN108989315A (en) * | 2018-07-23 | 2018-12-11 | 广州视源电子科技股份有限公司 | Identity authentication method, device and system |
| CN109063437A (en) * | 2018-08-01 | 2018-12-21 | 郑州市景安网络科技股份有限公司 | A kind of asset of equipments operation audit method, device, equipment and readable storage medium storing program for executing |
| CN109617926A (en) * | 2019-01-28 | 2019-04-12 | 广东淘家科技有限公司 | Control method, device and the storage medium of service authority |
| CN109635222A (en) * | 2018-12-07 | 2019-04-16 | 深圳前海微众银行股份有限公司 | Webpage privilege control method, apparatus, equipment and computer readable storage medium |
| CN109683942A (en) * | 2018-11-13 | 2019-04-26 | 平安科技(深圳)有限公司 | Script management method, device, medium and electronic equipment |
| CN109740328A (en) * | 2019-01-08 | 2019-05-10 | 广州虎牙信息科技有限公司 | A kind of right authentication method, device, computer equipment and storage medium |
| CN109857577A (en) * | 2019-01-28 | 2019-06-07 | 北京三快在线科技有限公司 | Access control method, device, medium and electronic equipment |
| CN110430213A (en) * | 2019-08-15 | 2019-11-08 | 北京奇艺世纪科技有限公司 | Service request processing method, apparatus and system |
| CN110798471A (en) * | 2019-10-31 | 2020-02-14 | 宁波奥克斯电气股份有限公司 | Air conditioner management method and related device |
| CN110851688A (en) * | 2019-11-11 | 2020-02-28 | 上海燕汐软件信息科技有限公司 | Page request method, device and equipment |
| CN111131324A (en) * | 2019-12-31 | 2020-05-08 | 北京网众共创科技有限公司 | Login method and device of business system, storage medium and electronic device |
| CN111259429A (en) * | 2020-02-10 | 2020-06-09 | 支付宝(杭州)信息技术有限公司 | Resource operation authority control method and device and electronic equipment |
| CN111416813A (en) * | 2020-03-16 | 2020-07-14 | 山东浪潮通软信息科技有限公司 | Data filtering system based on reverse proxy service and implementation method |
| CN111444483A (en) * | 2020-03-26 | 2020-07-24 | 杭州指令集智能科技有限公司 | Authentication method, device and equipment |
| CN111737717A (en) * | 2020-06-28 | 2020-10-02 | 深信服科技股份有限公司 | Authority management and control method, system, equipment and computer readable storage medium |
| CN111783050A (en) * | 2020-07-02 | 2020-10-16 | 浪潮云信息技术股份公司 | Role and authority control system of website user |
| CN111966996A (en) * | 2019-05-20 | 2020-11-20 | 杭州海康威视数字技术股份有限公司 | Data processing method and device |
| CN112036888A (en) * | 2020-08-05 | 2020-12-04 | 北京文思海辉金信软件有限公司 | Business operation execution method and device, computer equipment and storage medium |
| CN112287308A (en) * | 2020-10-23 | 2021-01-29 | 深圳云之家网络有限公司 | Service role authentication method and related device |
| CN112417402A (en) * | 2020-11-27 | 2021-02-26 | 亿企赢网络科技有限公司 | Authority control method, authority control device and storage medium |
| CN112464212A (en) * | 2020-03-30 | 2021-03-09 | 上海汇招信息技术有限公司 | Data authority control reconstruction method based on mature complex service system |
| CN112738100A (en) * | 2020-12-29 | 2021-04-30 | 北京天融信网络安全技术有限公司 | Authentication method, device, authentication equipment and authentication system for data access |
| CN112965901A (en) * | 2021-03-05 | 2021-06-15 | 北京百度网讯科技有限公司 | API testing method, server, system and electronic equipment |
| CN113032749A (en) * | 2021-03-03 | 2021-06-25 | 北京读我网络技术有限公司 | Synchronous authentication method and device |
| CN113343273A (en) * | 2021-06-30 | 2021-09-03 | 重庆渝高科技产业(集团)股份有限公司 | User login method, first server and computer readable storage medium |
| CN113589986A (en) * | 2021-07-30 | 2021-11-02 | 上海公装无忧装饰工程有限公司 | Business process management method, system, electronic device and storage medium |
| CN113641971A (en) * | 2021-08-20 | 2021-11-12 | 武汉极意网络科技有限公司 | Exception handling system based on behavior verification |
| CN113765676A (en) * | 2021-09-18 | 2021-12-07 | 平安国际智慧城市科技股份有限公司 | Interface access control method based on multiple user identities and related equipment |
| CN114417283A (en) * | 2022-01-21 | 2022-04-29 | 芜湖雄狮汽车科技有限公司 | Authority matching method and device for Internet of vehicles users, client and storage medium |
| CN115242474A (en) * | 2022-07-14 | 2022-10-25 | 观澜网络(杭州)有限公司 | Real-time communication system, method, terminal equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102034186A (en) * | 2009-09-29 | 2011-04-27 | 中国移动通信集团四川有限公司 | Device and method for determining object user in mobile communication system |
| US20130218676A1 (en) * | 2012-02-17 | 2013-08-22 | Yahoo! Inc. | Guaranteed Retargeting in Online Advertising |
| CN106529324A (en) * | 2016-09-06 | 2017-03-22 | 北京三快在线科技有限公司 | Method and device for switching user identity |
-
2017
- 2017-07-18 CN CN201710585746.7A patent/CN107277038A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102034186A (en) * | 2009-09-29 | 2011-04-27 | 中国移动通信集团四川有限公司 | Device and method for determining object user in mobile communication system |
| US20130218676A1 (en) * | 2012-02-17 | 2013-08-22 | Yahoo! Inc. | Guaranteed Retargeting in Online Advertising |
| CN106529324A (en) * | 2016-09-06 | 2017-03-22 | 北京三快在线科技有限公司 | Method and device for switching user identity |
Cited By (47)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108173839A (en) * | 2017-12-26 | 2018-06-15 | 北京奇虎科技有限公司 | Right management method and system |
| CN108512835A (en) * | 2018-03-15 | 2018-09-07 | 链家网(北京)科技有限公司 | A kind of business unique identification code verification method and system |
| CN108629484A (en) * | 2018-03-30 | 2018-10-09 | 平安科技(深圳)有限公司 | It attends a banquet qualification management method, apparatus and storage medium |
| WO2019223390A1 (en) * | 2018-05-21 | 2019-11-28 | 阿里巴巴集团控股有限公司 | Authorization guidance data processing method, apparatus, device and system |
| CN108881170A (en) * | 2018-05-21 | 2018-11-23 | 阿里巴巴集团控股有限公司 | A kind of data processing method, device, processing equipment and the system of authorization guidance |
| TWI706653B (en) * | 2018-05-21 | 2020-10-01 | 香港商阿里巴巴集團服務有限公司 | Authorized guided data processing method, device, processing equipment and system |
| CN108989315A (en) * | 2018-07-23 | 2018-12-11 | 广州视源电子科技股份有限公司 | Identity authentication method, device and system |
| CN109063437A (en) * | 2018-08-01 | 2018-12-21 | 郑州市景安网络科技股份有限公司 | A kind of asset of equipments operation audit method, device, equipment and readable storage medium storing program for executing |
| CN108965326A (en) * | 2018-08-21 | 2018-12-07 | 南京国电南自电网自动化有限公司 | A kind of boss's station secure communication control method and system based on user identity authentication |
| CN109683942A (en) * | 2018-11-13 | 2019-04-26 | 平安科技(深圳)有限公司 | Script management method, device, medium and electronic equipment |
| CN109683942B (en) * | 2018-11-13 | 2024-05-24 | 平安科技(深圳)有限公司 | Script management method, script management device, script management medium and electronic equipment |
| CN109635222A (en) * | 2018-12-07 | 2019-04-16 | 深圳前海微众银行股份有限公司 | Webpage privilege control method, apparatus, equipment and computer readable storage medium |
| CN109740328B (en) * | 2019-01-08 | 2021-07-02 | 广州虎牙信息科技有限公司 | Authority identification method and device, computer equipment and storage medium |
| CN109740328A (en) * | 2019-01-08 | 2019-05-10 | 广州虎牙信息科技有限公司 | A kind of right authentication method, device, computer equipment and storage medium |
| CN109857577A (en) * | 2019-01-28 | 2019-06-07 | 北京三快在线科技有限公司 | Access control method, device, medium and electronic equipment |
| CN109617926A (en) * | 2019-01-28 | 2019-04-12 | 广东淘家科技有限公司 | Control method, device and the storage medium of service authority |
| CN111966996A (en) * | 2019-05-20 | 2020-11-20 | 杭州海康威视数字技术股份有限公司 | Data processing method and device |
| CN110430213A (en) * | 2019-08-15 | 2019-11-08 | 北京奇艺世纪科技有限公司 | Service request processing method, apparatus and system |
| CN110798471A (en) * | 2019-10-31 | 2020-02-14 | 宁波奥克斯电气股份有限公司 | Air conditioner management method and related device |
| CN110798471B (en) * | 2019-10-31 | 2022-01-25 | 宁波奥克斯电气股份有限公司 | Air conditioner management method and related device |
| CN110851688A (en) * | 2019-11-11 | 2020-02-28 | 上海燕汐软件信息科技有限公司 | Page request method, device and equipment |
| CN111131324A (en) * | 2019-12-31 | 2020-05-08 | 北京网众共创科技有限公司 | Login method and device of business system, storage medium and electronic device |
| CN111259429A (en) * | 2020-02-10 | 2020-06-09 | 支付宝(杭州)信息技术有限公司 | Resource operation authority control method and device and electronic equipment |
| CN111416813A (en) * | 2020-03-16 | 2020-07-14 | 山东浪潮通软信息科技有限公司 | Data filtering system based on reverse proxy service and implementation method |
| CN111444483A (en) * | 2020-03-26 | 2020-07-24 | 杭州指令集智能科技有限公司 | Authentication method, device and equipment |
| CN112464212A (en) * | 2020-03-30 | 2021-03-09 | 上海汇招信息技术有限公司 | Data authority control reconstruction method based on mature complex service system |
| CN111737717A (en) * | 2020-06-28 | 2020-10-02 | 深信服科技股份有限公司 | Authority management and control method, system, equipment and computer readable storage medium |
| CN111737717B (en) * | 2020-06-28 | 2024-04-09 | 深信服科技股份有限公司 | Authority management and control method, system, equipment and computer readable storage medium |
| CN111783050A (en) * | 2020-07-02 | 2020-10-16 | 浪潮云信息技术股份公司 | Role and authority control system of website user |
| CN112036888A (en) * | 2020-08-05 | 2020-12-04 | 北京文思海辉金信软件有限公司 | Business operation execution method and device, computer equipment and storage medium |
| CN112287308A (en) * | 2020-10-23 | 2021-01-29 | 深圳云之家网络有限公司 | Service role authentication method and related device |
| CN112417402B (en) * | 2020-11-27 | 2024-04-12 | 亿企赢网络科技有限公司 | Authority control method, authority control device, authority control equipment and storage medium |
| CN112417402A (en) * | 2020-11-27 | 2021-02-26 | 亿企赢网络科技有限公司 | Authority control method, authority control device and storage medium |
| CN112738100A (en) * | 2020-12-29 | 2021-04-30 | 北京天融信网络安全技术有限公司 | Authentication method, device, authentication equipment and authentication system for data access |
| CN112738100B (en) * | 2020-12-29 | 2023-09-01 | 北京天融信网络安全技术有限公司 | Authentication method, device, authentication equipment and authentication system for data access |
| CN113032749A (en) * | 2021-03-03 | 2021-06-25 | 北京读我网络技术有限公司 | Synchronous authentication method and device |
| CN112965901B (en) * | 2021-03-05 | 2023-08-01 | 北京百度网讯科技有限公司 | API testing method, server, system and electronic equipment |
| CN112965901A (en) * | 2021-03-05 | 2021-06-15 | 北京百度网讯科技有限公司 | API testing method, server, system and electronic equipment |
| CN113343273A (en) * | 2021-06-30 | 2021-09-03 | 重庆渝高科技产业(集团)股份有限公司 | User login method, first server and computer readable storage medium |
| CN113589986B (en) * | 2021-07-30 | 2024-02-27 | 上海公装无忧装饰工程有限公司 | Business process management method, system, electronic equipment and storage medium |
| CN113589986A (en) * | 2021-07-30 | 2021-11-02 | 上海公装无忧装饰工程有限公司 | Business process management method, system, electronic device and storage medium |
| CN113641971A (en) * | 2021-08-20 | 2021-11-12 | 武汉极意网络科技有限公司 | Exception handling system based on behavior verification |
| CN113765676A (en) * | 2021-09-18 | 2021-12-07 | 平安国际智慧城市科技股份有限公司 | Interface access control method based on multiple user identities and related equipment |
| CN113765676B (en) * | 2021-09-18 | 2024-05-24 | 平安国际智慧城市科技股份有限公司 | Interface access control method based on multiple identities of user and related equipment |
| CN114417283A (en) * | 2022-01-21 | 2022-04-29 | 芜湖雄狮汽车科技有限公司 | Authority matching method and device for Internet of vehicles users, client and storage medium |
| CN115242474A (en) * | 2022-07-14 | 2022-10-25 | 观澜网络(杭州)有限公司 | Real-time communication system, method, terminal equipment and storage medium |
| CN115242474B (en) * | 2022-07-14 | 2024-06-07 | 观澜网络(杭州)有限公司 | Real-time communication system, method, terminal equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107277038A (en) | Access control method, device and system | |
| US11005779B2 (en) | Method of and server for detecting associated web resources | |
| CN111600856B (en) | Safety system of operation and maintenance of data center | |
| CN112597472B (en) | Single sign-on method, device and storage medium | |
| CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
| EP3417590B1 (en) | Phishing attack detection and mitigation | |
| WO2018188558A1 (en) | Method and apparatus for identifying account permission | |
| CN101626369B (en) | Method, device and system for single sign-on | |
| CN108701309A (en) | A kind of distributed user profile authentication system for security of e-commerce transactions | |
| CN107948203A (en) | A kind of container login method, application server, system and storage medium | |
| US8818906B1 (en) | Systems and methods for performing authentication of a customer interacting with a banking platform | |
| WO2013028794A2 (en) | Multi-factor identity fingerprinting with user behavior | |
| CN104660562A (en) | Method, related device and system for information viewing | |
| CN104168339A (en) | Method and device for preventing domain name from being intercepted | |
| CN111988295A (en) | Database auditing method and device, WEB server, database auditing system and storage medium | |
| CN106790085B (en) | Vulnerability scanning method, device and system | |
| CN111510463B (en) | Abnormal behavior recognition system | |
| CN113497786B (en) | Evidence collection and tracing method, device and storage medium | |
| CN112118238B (en) | Method, device, system, equipment and storage medium for authenticating login | |
| CN112995227B (en) | One-stop information service platform based on three-party credit management | |
| CN107438054A (en) | The method and system of menu information control are realized based on public platform | |
| CN114745145A (en) | Business data access method, device and equipment and computer storage medium | |
| CN105933356A (en) | Method and device for detecting DNS (Domain Name System) hijacking of client | |
| CN111385293A (en) | Network risk detection method and device | |
| CN107231365A (en) | The method and server and fire wall of a kind of evidence obtaining |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| AD01 | Patent right deemed abandoned | ||
| AD01 | Patent right deemed abandoned |
Effective date of abandoning: 20200721 |