Embodiment
Fig. 1 is the flow chart of the method for the access intranet server shown in an exemplary embodiment of the invention.
As shown in figure 1, the method for the access intranet server that the present embodiment provides includes:
Step 101, the operational order that client plug-in crawl user is operated to the content stored in intranet server.
Wherein, Intranet refers to the enterprises dedicated network established using Internet technologies, and enterprise therein can be
Enterprises and institutions, government organs, it can also be that school etc. needs to set the department of internal private network.Intranet server refers to
It is used for the server that service is provided to the terminal being attached thereto in Intranet.For example, intranet server can be used for data storage, with
The terminal of intranet server connection is able to access that intranet server, so as to obtain the resource in intranet server.In addition, Intranet takes
Business device can also be apps server, so that the terminal being connected with intranet server can use what intranet server provided
Respective service.Specifically, intranet server can be one or more, then can between multiple servers if more
, can also independent operating with annexation.
Client plug-in refers to the program that a kind of application programming interfaces for following certain specification are write out, can be in program
Run under defined platform.Specifically, performing the client plug-in of the present embodiment can be arranged in intranet server, can also
It is arranged in other plug-in servers being connected with intranet server, the client for accessing server can also be arranged on
In end.
When user operates to the content stored in intranet server, can be sent by terminal to intranet server should
The corresponding operational order of operation, if client plug-in is arranged in intranet server, client plug-in can be monitored end
The operational order sent is held, for example, obtaining operational order from intranet server;If client plug-in is arranged on plug-in services
In device, the plug-in server can obtain the transmission information between terminal and server by client plug-in, in operational order
When sending to intranet server, the operational order is captured by client plug-in.
Specifically, operational order is the instruction for being operated to the content stored in intranet server, for example, to depositing
The instruction that the file of storage is operated, such as OPEN, duplicate instructions, delete instruction, shearing instruction, modification instruction.Also
It can be the instruction that the service processes in intranet server are operated, such as operation service process, stop service processes.
Step 102, whether client plug-in identification operational order is legal effective behaviour that intranet server is able to carry out
Instruct.
After client plug-in grabs operational order, parse the information that includes in operational order, information include user profile,
Command information;The attribute of operational order is judged further according to the information of parsing, the attribute of operational order refer to legal attribute,
It is non-attribute.
Further, it can judge whether operational order is legal according to the authority information of user, be performed if user has
The authority of operation is stated, then the operational order is legal, otherwise illegally.
It can also judge whether operational order is legal according to existing instruction database, because some operational orders are to Intranet service
Device is very harmful, if intranet server performs corresponding instruction, may result in server can not normal operation even paralysis
The consequence of paralysis, therefore, this kind of operational order should be marked as illegally instructing.
Client plug-in sends instruction message according to whether operational order is legal to intranet server.
, can be by the communication mode inside intranet server to place if client plug-in is arranged in intranet server
Manage device and send instruction message;If client plug-in be arranged on independent plug-in server in, can by plug-in server to
Intranet server sends instruction message.
During practical application, if operational order be it is legal operate effectively instruction, step 103 is performed, if operational order is not
It is legal effective, then performs step 104.
Step 103, client plug-in sends the first instruction message to intranet server, and the first instruction message is in indicating
Network server performs operational order.
If operational order is legal effective, that is, intranet server can perform corresponding operational order, then inwardly
Network server sends the first instruction message, so that intranet server performs operational order.Intranet server performs operational order
Afterwards, corresponding operating result is fed back to the terminal for sending operational order.User is when accessing intranet server, valid operation instruction
It can be sent directly in intranet server and be fed back accordingly, so as to not influence original user's access Intranet service
On the basis of the flow of device, the operational order sent to user judges, when user sends legal operational order, uses
Family does not feel as the presence of client plug-in, so as to improve Consumer's Experience.
Step 104, client plug-in sends the second instruction message to intranet server, and the second instruction message is in indicating
Network server refusal performs operational order.
Wherein, if the operational order that user sends is not legal effective, client plug-in is sent out to intranet server
The second instruction message is sent, so that intranet server refusal performs above-mentioned illegal operational order.For example, the operation that user sends refers to
Order be delete a vital document, and the user do not possess delete the vital document authority, then it is assumed that user send this
It is illegal to delete the operational order of vital document, and then notifies intranet server refusal to perform this operational order, so as to protect
Demonstrate,prove the file security in intranet server.
Specifically, client plug-in can also record the user for sending illegal operational order and its operation sent refers to
The information of order, and form is periodically generated according to the information of record, send to the director of intranet server.Further, may be used also
After judging that operational order is illegal operational order, the 3rd instruction message is sent to intranet server, so that Intranet takes
Business device prompts the user with the authority for not possessing corresponding operating.
Wherein, the execution sequence of step 103, step 104 is not limited.
The method for the access intranet server that the present embodiment provides, user is captured in intranet server by client plug-in
The operational order that the content of storage is operated, then identify whether operational order is that intranet server can be held by client plug-in
It is capable legal to operate effectively instruction;If so, then client plug-in sends the first instruction message to intranet server, so that Intranet
Server performs operational order;If it is not, then client plug-in sends the second instruction message to intranet server, so that Intranet service
Device refusal performs operational order.Judge whether the operational order that user sends is legal using client plug-in, and tied according to judgement
Fruit sends instruction message to intranet server, so that intranet server is performed according to instruction message or refusal performs corresponding behaviour
Instruct, it is possible to increase the security of intranet server, avoid intranet server from directly performing the operational order of user's transmission, make
The problem of arbitrarily even maliciously being changed into the content in intranet server.Meanwhile above-mentioned steps are performed by client plug-in,
It can realize that limitation user is internal on the basis of the flow interacted between original user and intranet server is not changed
Network server carries out the function of illegal operation so that when adjusting the function of plug-in unit, it is only necessary to change client plug-in in itself i.e.
Can, it is not necessary to the interaction flow between user and intranet server is modified, is more convenient for operating.
Fig. 2 is the flow chart of the method for the access intranet server shown in another exemplary embodiment of the present invention.
As shown in Fig. 2 the method for the access intranet server that the present embodiment provides, including:
Step 201, client plug-in monitoring user logs in the behavior of intranet server.
Wherein, client plug-in can monitor all users by checking or obtaining the log-on message in intranet server
Log in the behavior of intranet server.
Specifically, client plug-in may also listen for the landing request information that user terminal is sent to intranet server, when
After user terminal have sent landing request information, obtain intranet server in log-on message, so that it is determined that user terminal whether
Success is recorded to intranet server.
Step 202, client plug-in obtains the accounts information of user it is determined that after user's login intranet server.
Further, the log-on message in intranet server can be obtained, so that it is determined that logging on to the use of intranet server
The accounts information at family.It can include in accounts information:User identity information.
Step 203, client plug-in obtains access rights of the user to intranet server according to the accounts information of user.
During practical application, rights database can be set in intranet server or plug-in server, be used for recording
The access rights at family, specifically, preserving the corresponding access rights of each user's mark in rights database.
Client plug-in, specifically can be according to the identification information of user, in rights database according to the accounts information of user
It is middle to obtain access rights of the user to intranet server.
Step 204, client plug-in shows the access page of storage content in intranet server to user according to access rights
Face.
Wherein it is possible to the content setting rank stored in intranet server, when user logs in intranet server, Xiang Qi
The display content corresponding with its rank.For example, when the access rights of user are merely able to access the storage content of lowest level,
The low level content that is stored in intranet server and the file for including low level storage content can be displayed to, when with
When above-mentioned file is opened at family, the low level storage content in file is also only shown.Shown to user corresponding with its authority
Storage content, it is possible to increase the confidentiality of intranet server, so as to improve the level of security of storage content in intranet server.
Step 205, client plug-in identification user grasps on accession page to the content stored in intranet server
The operational order of work.
User can in the accession page of display to intranet server in the content that stores operate, client plug-in
User's operational order performed in accession page can be identified.The content of identification can be pair that the operational order performs
As action for specifically being performed in, operational order etc..Such as can be " customer information " to a filename word document
The operation that the content of power is modified, wherein, the object of execution is the word document that filename is " customer information ", and execution is moved
Work is modification content.
Step 206, for client plug-in according to default recognition rule, whether identification operational order is that intranet server can
The legal of execution operates effectively instruction.If so, step 207 is then performed, if it is not, then performing step 211.
Wherein, recognition rule refers to the rule whether legal for judging operational order, if meeting wanting for recognition rule
Ask, then judge that operational order is legal, otherwise, judge that operational order is illegal.
Recognition rule includes at least one of following rules:
Whether user has the authority for performing operational order;Whether operational order is legal finger marked in instruction database
Order.
Wherein, authority includes:The access rights of content operated by the execution authority and/or operational order of operational order.
Specifically, the execution authority of operational order, including at least one of following authorities:
Delete authority, modification authority, newly-built authority, copy authority, shearing authority, Share Permissions, sending permission, the power of checking
Limit.
Wherein, the execution authority of operational order refers to whether there is the authority for performing corresponding operating instruction, such as deletes power
Limit refers to the authority for deleting the content stored in intranet server, such as, delete the file or text in intranet server
Part, if user, which has, deletes authority, judge that the deletion action instruction that user sends is valid instruction.
Specifically, the access rights of the content operated by operational order, including at least one of following authorities:
Addressable storage region authority, the classification authority of addressable content.
Further, addressable storage region authority refers to that user is able to access that the authority of storage region.Can be internal
The storage region of network server carries out subregion, and the content corresponding with the subregion is stored up in each partitioned storage, works as user
When the operational order of transmission is the content being directed in one of partition holding, judge whether user has the power for accessing the subregion
Limit, if so, then judging that the operational order that the user sends is valid instruction, otherwise it is judged as illegally instructing.For example, shared A,
B, tri- subregions of C, the addressable storage region authority of user is only is able to access that A memory blocks, when the operation that user sends refers to
When being the content for being stored in B memory blocks or C memory blocks, judge that operational order is illegal.
During practical application, the classification authority of addressable content can also be included, wherein, will can to addressable content
The multi-mode operation of execution is classified, and different classification authorities includes different operational orders.If the operational order that user sends
Belong to the classification authority of the user, then judge that the operational order that user sends is valid instruction, be otherwise judged as illegally instructing.Example
Such as, will check and be classified as 3rd level, it is newly-built, replicate, send, it is shared be classified as the 2nd grade, delete, shearing is classified as the 1st grade.With the 3rd pole
The user of authority is merely able to perform the operational order of 3rd level, and the user with the 2nd grade of authority is able to carry out the 2nd, 3 grade of operation
Instruction, the user with the 1st grade of authority are able to carry out the 1st, 2,3 grade of operational order.If user has 3rd level authority, still
The operational order of transmission belongs to the 1st or 2 grade, then judges that the instruction that user sends instructs to be illegal.
Wherein, instruction database refers to the database for being stored with operational order, wherein, rower is entered to operational order in database
Note, the operational order for allowing intranet server to perform is arranged to valid instruction, does not allow the operation that intranet server performs to refer to
Order is arranged to illegally instruct.
If the operational order that user sends is not stored in database, client plug-in can preserve the operation and refer to
Order, and the intranet server temporary respite operational order is notified, meanwhile, send the operational order to the manager of intranet server
Content, the property of this operational order is determined by manager.If manager thinks that this operational order is legal, to visitor
Family end plug-in unit sends legal instruction, and client plug-in is saved to instruction database, and labeled as legal.If manager recognizes
It is illegal for this operational order, execution step is similar to above, repeats no more.
Further, can also be to recognition rule prioritization, for example, whether can be in instruction database by operational order
Recognition rule of the marked valid instruction as limit priority, the execution authority of operational order is arranged to the second priority
Recognition rule, the recognition rule using addressable storage region authority as third priority, by addressable content point
Recognition rule of the level authority as the 4th priority.According to priority orders from high to low according to recognition rule successively to operation
Instruction judged, if according to the other recognition rule of high one-level judge operational order be it is illegal, without according to continue its
His recognition rule continues to judge, avoids client plug-in from judging every time when whether operational order is valid instruction, it is necessary to take turns
All recognition rules are ask, cause client plug-in operationally to take excessive internal memory.For example client plug-in identifies that operation refers to
After order, first determine whether the operational order is valid instruction marked in instruction database, if it is not, then being sent to intranet server
Second instruction message, otherwise, judge whether user has the execution authority for performing corresponding operational order, if it is not, then to Intranet
Server sends the second instruction message, otherwise, judges whether the object operated by operational order belongs to the storage of user-accessible
Content in region, if it is not, then sending the second instruction message to intranet server, otherwise, judging whether user has pair can visit
The content asked performs the authority of corresponding operating instruction, if it is not, then sending the second instruction message to intranet server, otherwise, inwardly
Network server sends the first instruction message.
Step 207, client plug-in sends the first instruction message to intranet server, and the first instruction message is in indicating
Network server performs operational order.
Step 208, client plug-in obtains the implementing result that intranet server performs operational order.
Wherein, client plug-in can monitor the state of the content stored in intranet server, perform operational order
Afterwards, monitor in intranet server outside the content of division operation command operating, whether the content of other storages is modified.For example, other
Whether the attribute of the content of storage is modified, and whether the process run in intranet server is closed by force etc..
Step 209, client plug-in judges whether operational order is legal according to implementing result.
A database can be established, records illegal operation wherein, in being stored in mass change intranet server
The form of appearance, the process of operation are closed etc. by force, if client plug-in is monitored in intranet server, there occurs in database
The illegal operation of record, then may determine that the operational order before illegal operation is produced is not legal operational order.
If it is not legal operational order to judge operational order, step 210 is performed.
Step 210, operational order is labeled as illegal by client plug-in in instruction database.
Specifically, can be illegal directly by the aforesaid operations cue mark included in instruction database.
Step 211, client plug-in sends the second instruction message to intranet server, and the second instruction message is in indicating
Network server refusal performs operational order.
Optionally, the method for the access intranet server that the present embodiment provides, can also comprise the following steps:
Client plug-in receives the more new command that intranet server is sent, and more new command is used to update recognition rule.
Wherein, client plug-in can be updated according to the instruction of intranet server to recognition rule, can be changed
Some recognition rules, make existing recognition rule more perfect, new recognition rule can also be increased.
Furthermore it is also possible to which the more new command for making client plug-in only be sent according to intranet server is updated, it is avoided
His terminal sends more new command to client plug-in, the problem of making the function of client plug-in destroyed.
The method for the access intranet server that the present embodiment provides, can be displayed to and its authority according to the authority of user
Corresponding storage content, so as to improve the level of security of intranet server, operation can also be performed by the way that whether user has
Whether legal two aspects judge whether operational order is legal in itself for the authority of instruction and instruction, so as to more reasonably to behaviour
Judged as instruction the operational order received whether is performed further according to judged result notice intranet server, avoids Intranet
Server directly performs the operational order of reception, and the content for causing to store in intranet server is asked by random or malicious modification
Topic.
Fig. 3 is the structure chart for being used to control the device for accessing intranet server shown in an exemplary embodiment of the invention.
As shown in figure 3, the device that the present embodiment provides, including:
Handling module 31, the operational order operated for capturing user to the content stored in intranet server;
Identification module 32, legal finger is operated effectively for identify whether operational order is that intranet server is able to carry out
Order;
If so, then sending module 33 sends the first instruction message to intranet server, the first instruction message is in indicating
Network server performs operational order;
If it is not, then sending module 33 sends the second instruction message to intranet server, the second instruction message is in indicating
Network server refusal performs operational order.
Wherein, handling module 31 is connected with identification module 32, and identification module 32 is connected with sending module 33.
What the present embodiment provided is used to control the device for accessing intranet server, and user is captured to Intranet by client plug-in
The operational order that the content stored on server is operated, then identify whether operational order is Intranet service by client plug-in
What device was able to carry out legal operates effectively instruction;If so, then client plug-in sends the first instruction message to intranet server,
So that intranet server performs operational order;If it is not, then client plug-in sends the second instruction message to intranet server, so that
Intranet server refusal performs operational order.Judge whether the operational order that user sends is legal using client plug-in, and root
It is judged that result sends instruction message to intranet server, so that intranet server is performed according to instruction message or refusal performs
Corresponding operational order, it is possible to increase the security of intranet server, avoid intranet server from directly performing the behaviour of user's transmission
Instruct, cause the content in intranet server by the problem of arbitrarily even malice is changed.Meanwhile performed by client plug-in
Above-mentioned steps, limit can be realized on the basis of the flow interacted between original user and intranet server is not changed
User processed carries out the function of illegal operation to intranet server so that when adjusting the function of plug-in unit, it is only necessary to change client
Plug-in unit is in itself, it is not necessary to the interaction flow between user and intranet server is modified, is more convenient for operating.
The present embodiment provide determination hole tortuosity device concrete principle and implementation with the reality shown in Fig. 1
It is similar to apply example, here is omitted.
Fig. 4 is the structure for being used to control the device for accessing intranet server shown in another exemplary embodiment of the present invention
Figure.
As shown in figure 4, on the basis of above-described embodiment, what the present embodiment provided is used to control access intranet server
Device, identification module 32 are specifically used for according to default recognition rule, and whether identification operational order is that intranet server can be held
It is capable legal to operate effectively instruction;
Wherein, recognition rule, including at least one of following rules:
Whether user has the authority for performing operational order;
Whether operational order is valid instruction marked in instruction database.
Specifically, authority includes:The access right of content operated by the execution authority and/or operational order of operational order
Limit;
Wherein, the execution authority of operational order, including at least one of following authorities:
Delete authority, modification authority, newly-built authority, copy authority, shearing authority, Share Permissions, sending permission, the power of checking
Limit;
The access rights of content operated by operational order, including at least one of following authorities:
Addressable storage region authority, the classification authority of addressable content.
The device that the present embodiment provides, in addition to:First acquisition module 34, refer to for obtaining intranet server execution operation
The implementing result of order;
Judge module 35, for judging whether operational order is legal according to implementing result;
If it is not, then operational order is labeled as illegally by mark module 36 in instruction database.
Wherein, the first acquisition module 34, judge module 35, mark module 36 are sequentially connected, mark module 36 also with identification
Module 32 connects.
The device that the present embodiment provides, in addition to:Update module 37, the renewal for receiving intranet server transmission refer to
Order, more new command are used to update recognition rule.
Specifically, update module 37 can be connected with identification module 32.
The device that the present embodiment provides, in addition to:
Monitoring module 38, the behavior of intranet server is logged in for monitoring user;
Second acquisition module 39, for, it is determined that after user's login intranet server, obtaining user in monitoring module 38
Accounts information;
Second acquisition module 39 is additionally operable to the accounts information according to user, obtains access right of the user to intranet server
Limit;
Display module 40, for according to access rights, the accession page of storage content in intranet server to be shown to user;
Accordingly, handling module 311 also includes recognition unit 311, and Intranet is taken on accession page for identifying user
The operational order that the content stored on business device is operated.
Wherein, monitoring module 38, the second acquisition module 39, display module 40 are sequentially connected, display module 40 also with identification
Unit 311 connects.
What the present embodiment provided is used to control the device for accessing intranet server, can be displayed to according to the authority of user
The storage content corresponding with its authority, so as to improve the level of security of intranet server, whether can also have by user
Whether legal two aspects judge whether operational order is legal in itself for the authority of execution operational order and instruction, so as to more adduction
Reason is judged operational order, notifies whether intranet server performs the operational order received further according to judged result,
Intranet server is avoided directly to perform the operational order of reception, the content for causing to store in intranet server arbitrarily or is maliciously repaiied
The problem of changing.
The concrete principle and implementation for the device that the present embodiment provides are similar with the embodiment shown in Fig. 2, herein not
Repeat again.
One of ordinary skill in the art will appreciate that:Realizing all or part of step of above-mentioned each method embodiment can lead to
The related hardware of programmed instruction is crossed to complete.Foregoing program can be stored in a computer read/write memory medium.The journey
Sequence upon execution, execution the step of including above-mentioned each method embodiment;And foregoing storage medium includes:ROM, RAM, magnetic disc or
Person's CD etc. is various can be with the medium of store program codes.
Finally it should be noted that:Various embodiments above is merely illustrative of the technical solution of the present invention, rather than its limitations;To the greatest extent
The present invention is described in detail with reference to foregoing embodiments for pipe, it will be understood by those within the art that:Its according to
The technical scheme described in foregoing embodiments can so be modified, either which part or all technical characteristic are entered
Row equivalent substitution;And these modifications or replacement, the essence of appropriate technical solution is departed from various embodiments of the present invention technology
The scope of scheme.