CN108418814A - Interface authentication method, apparatus and computer readable storage medium based on dubbo frames - Google Patents

Interface authentication method, apparatus and computer readable storage medium based on dubbo frames Download PDF

Info

Publication number
CN108418814A
CN108418814A CN201810145194.2A CN201810145194A CN108418814A CN 108418814 A CN108418814 A CN 108418814A CN 201810145194 A CN201810145194 A CN 201810145194A CN 108418814 A CN108418814 A CN 108418814A
Authority
CN
China
Prior art keywords
interface
business
security key
filter components
service identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810145194.2A
Other languages
Chinese (zh)
Inventor
林毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangzhou Bei Chat Mdt Infotech Ltd
Original Assignee
Guangzhou Bei Chat Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangzhou Bei Chat Mdt Infotech Ltd filed Critical Guangzhou Bei Chat Mdt Infotech Ltd
Priority to CN201810145194.2A priority Critical patent/CN108418814A/en
Publication of CN108418814A publication Critical patent/CN108418814A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/133Protocols for remote procedure calls [RPC]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a kind of interface authentication method, apparatus and computer readable storage medium based on dubbo frames, the method includes access interfaces to ask to permission center transmission interface access rights, obtains the service identification of permission center distribution and security key corresponding with the service identification;First filter components of the access interface generate call request according to the security key and the service identification;In response to the call request of the access interface, the business interface obtains security key corresponding with the service identification in the call request from the permission center;The security key that 2nd filter components of the business interface are obtained according to the business interface verifies the legitimacy of the call request.The safety that business interface can be improved by the method prevents business interface from maliciously being called, and ensures the data safety for being stored in service provisioning platform.

Description

Interface authentication method, apparatus and computer readable storage medium based on dubbo frames
Technical field
The present invention relates to interface authentication field and field, and in particular to a kind of interface authentication method based on dubbo frames.
Background technology
Dubbo is a service framework, is dedicated to providing the RPC remote service invocation schemes of high-performance and transparence, with And SOA services resolution.Its core includes:1, telecommunication:It provides abstract to a variety of NIO frames based on long connection The information exchange system of encapsulation, including a variety of threading models, serializing, and " request-response " pattern.2, cluster is fault-tolerant:It carries For the transparent remote invocation of procedure based on interface method, including multi protocol supporting and soft load balancing, fault-tolerant, the address of failure Routing, the clusters such as dynamic configuration are supported.3, automatic to find:Based on registration center's directory service, make service consumer dynamic Service provider is searched, makes address-transparent, service provider is allow smoothly to increase or decrease machine.
Currently, in Internet service, dubbo frames have largely been used to carry out business research and development, still, due to Dubbo frames The function of finding automatically of frame itself, and the primary token security strategies granularities of dubbo slightly make very much, the safety of data-interface Property it is relatively low so that the interface message that data-interface is registered in registration center is easy leakage, so as to cause the data of service provider Interface is easy to be called by illegal user from malicious, influences the data safety for being stored in service provider.
Invention content
The object of the present invention is to provide a kind of interface authentication methods based on dubbo frames, improve the safety of business interface Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of interface authentication method based on dubbo frames, packet It includes:
Access interface is asked to permission center transmission interface access rights, obtains the service identification of the permission center distribution Security key corresponding with the service identification;
First filter components of the access interface are generated to call and be asked according to the security key and the service identification It asks;
In response to the call request of the access interface, business interface obtains and the call request from the permission center In the corresponding security key of service identification;
The security key that 2nd filter components of the business interface are obtained according to the business interface is to the calling The legitimacy of request is verified.
Preferably, the first filter components of the access interface are generated according to the security key and the service identification Call request specifically includes:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the tune according to the token labels and the service identification With request.
Preferably, the security key that the 2nd filter components of the business interface are obtained according to the business interface is to institute The legitimacy for stating call request is verified, and is specifically included:
2nd filter components of the business interface are generated according to the security key that the business interface obtains Localtoken labels;
2nd filter components of the business interface are to the localtoken labels and token labels progress With processing;
When the 2nd filter components of the localtoken and the token successful match, the business interface judge The call request is legal, and the access interface is authorized to call the business interface;
When the localtoken matches with the token unsuccessful, the 2nd filter components of the business interface are sentenced The fixed call request is illegal, and the access interface is forbidden to call the business interface.
The embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to access interface, packet It includes:
Asked to permission center transmission interface access rights, obtain permission center distribution service identification and with it is described The corresponding security key of service identification;
First filter components of the access interface are generated to call and be asked according to the security key and the service identification It asks;
The call request is sent to business interface.
Preferably, the first filter components of the access interface are generated according to the security key and the service identification Call request specifically includes:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the tune according to the token labels and the service identification With request.
The embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to permission center, packet It includes:
In response to the interface access rights request of access interface, service identification and peace corresponding with the service identification are distributed Full key is to the access interface;
The service identification obtained from the access interface sent according to business interface, search are corresponding with the service identification Security key, and security key corresponding with the service identification is sent to the business interface.
The embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to business interface, packet It includes:
In response to the call request of access interface, the business interface obtains and the call request from the permission center In the corresponding security key of service identification;
The security key that 2nd filter components of the business interface are obtained according to the business interface is to the calling The legitimacy of request is verified.
Preferably, the security key that the 2nd filter components of the business interface are obtained according to the business interface is to institute The legitimacy for stating call request is verified, and is specifically included:
2nd filter components of the business interface are generated according to the security key that the business interface obtains Localtoken labels;
2nd filter components of the business interface are to the localtoken labels and token labels progress With processing;
When the 2nd filter components of the localtoken and the token successful match, the business interface judge The call request is legal, and the access interface is authorized to call the business interface;
When the localtoken matches with the token unsuccessful, the 2nd filter components of the business interface are sentenced The fixed call request is illegal, and the access interface is forbidden to call the business interface.
The embodiment of the present invention also provide a kind of interface authentication device based on dubbo frames, including processor, memory with And it is stored in the memory and is configured as the computer program executed by the processor, described in the processor execution The above-mentioned interface authentication method based on dubbo frames is realized when computer program.
The embodiment of the present invention also provides a kind of computer readable storage medium, and the computer readable storage medium includes depositing The computer program of storage, wherein equipment where controlling the computer readable storage medium when the computer program is run Execute the above-mentioned interface authentication method based on dubbo frames.
Compared with prior art, a kind of interface authentication method based on dubbo frames provided in an embodiment of the present invention has Beneficial effect is:The interface authentication method based on dubbo frames includes:Access interface is accessed to permission center transmission interface Authority request obtains the service identification of the permission center distribution and security key corresponding with the service identification;The visit Ask that the first filter components of interface generate call request according to the security key and the service identification;In response to the visit Ask that the call request of interface, the business interface obtain corresponding with the service identification in the call request from the permission center Security key;The security key that 2nd filter components of the business interface are obtained according to the business interface is to the tune It is verified with the legitimacy of request.The safety that business interface can be improved by the method prevents business interface from being disliked Meaning is called, and ensures the data safety for being stored in service provisioning platform.The embodiment of the present invention also provides a kind of based on dubbo frames Interface authentication and computer readable storage medium.
Description of the drawings
Fig. 1 is a kind of flow chart for interface authentication method based on dubbo frames that the embodiment of the present invention one provides;
Fig. 2 is a kind of flow chart of interface authentication method based on dubbo frames provided by Embodiment 2 of the present invention;
Fig. 3 is a kind of flow chart for interface authentication method based on dubbo frames that the embodiment of the present invention three provides;
Fig. 4 is a kind of flow chart for interface authentication method based on dubbo frames that the embodiment of the present invention four provides;
Fig. 5 is a kind of schematic diagram for interface authentication device based on dubbo frames that the embodiment of the present invention is provided.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts Embodiment shall fall within the protection scope of the present invention.
Referring to Fig. 1, a kind of its interface authentication method based on dubbo frames that be one embodiment of the invention provided Flow chart, the interface authentication method based on dubbo frames include:
S101:Access interface is asked to permission center transmission interface access rights, obtains the industry of the permission center distribution Business mark and security key corresponding with the service identification;
S102:First filter components of the access interface are generated according to the security key and the service identification and are adjusted With request;
S103:In response to the call request of the access interface, business interface obtains and the tune from the permission center With the corresponding security key of service identification in request;
S104:The security key that 2nd filter components of the business interface are obtained according to the business interface is to described The legitimacy of call request is verified.
The access granularity of each business interface is controlled by the permission center, it can be with the safety of effective protection business interface Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
In a kind of optional embodiment, S102:First filter components of the access interface are close according to the safety Key and the service identification generate call request, specifically include:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the tune according to the token labels and the service identification With request.
The call request includes the token labels and the service identification;The business interface is from receiving The token labels and the service identification are obtained in the call request, the business interface is given birth to according to the service identification At certification request, in response to the certification request, the permission center finding is corresponding with service identification in the certification request The security key is simultaneously sent to the business interface by security key, wherein the security key is obtained with the access interface Security key is same key.
In a kind of optional embodiment, S104:2nd filter components of the business interface connect according to the business The security key that mouth obtains verifies the legitimacy of the call request, specifically includes:
2nd filter components of the business interface are generated according to the security key that the business interface obtains Localtoken labels;
2nd filter components of the business interface are to the localtoken labels and token labels progress With processing;
When the 2nd filter components of the localtoken and the token successful match, the business interface judge The call request is legal, and the access interface is authorized to call the business interface;
When the localtoken matches with the token unsuccessful, the 2nd filter components of the business interface are sentenced The fixed call request is illegal, and the access interface is forbidden to call the business interface.
Referring to Fig. 2, a kind of its interface authentication method based on dubbo frames that be second embodiment of the invention provided Flow chart, the embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to access interface, packet It includes:
S201:Asked to permission center transmission interface access rights, obtain permission center distribution service identification and Security key corresponding with the service identification;
S202:First filter components of the access interface are generated according to the security key and the service identification and are adjusted With request;
The call request is sent to business interface by S203.
The access granularity of each business interface is controlled by the permission center, it can be with the safety of effective protection business interface Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
In a kind of optional embodiment, the first filter components of the access interface are according to the security key Call request is generated with the service identification, is specifically included:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the tune according to the token labels and the service identification With request.
The call request includes the token labels and the service identification;The business interface is from receiving The token labels and the service identification are obtained in the call request, the business interface is given birth to according to the service identification At certification request, in response to the certification request, the permission center finding is corresponding with service identification in the certification request The security key is simultaneously sent to the business interface by security key, wherein the security key is obtained with the access interface Security key is same key.
Referring to Fig. 3, a kind of its interface authentication method based on dubbo frames that be third embodiment of the invention provided Flow chart, the embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to permission center, packet It includes:
S301:In response to access interface interface access rights request, distribute service identification and with the service identification pair The security key answered is to the access interface;
S302:The service identification obtained from the access interface sent according to business interface, search and the business mark Know corresponding security key, and security key corresponding with the service identification is sent to the business interface.
The access granularity of each business interface is controlled by the permission center, it can be with the safety of effective protection business interface Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
Referring to Fig. 4, a kind of its interface authentication method based on dubbo frames that be fourth embodiment of the invention provided Flow chart, the embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to business interface, packet It includes:
S401:In response to the call request of access interface, the business interface obtains and the tune from the permission center With the corresponding security key of service identification in request;
S402:The security key that 2nd filter components of the business interface are obtained according to the business interface is to described The legitimacy of call request is verified.
The access granularity of each business interface is controlled by the permission center, it can be with the safety of effective protection business interface Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
In a kind of optional embodiment, the 2nd filter components of the business interface are according to the business interface The security key of acquisition verifies the legitimacy of the call request, specifically includes:
2nd filter components of the business interface are generated according to the security key that the business interface obtains Localtoken labels;
2nd filter components of the business interface are to the localtoken labels and token labels progress With processing;
When the 2nd filter components of the localtoken and the token successful match, the business interface judge The call request is legal, and the access interface is authorized to call the business interface;
When the localtoken matches with the token unsuccessful, the 2nd filter components of the business interface are sentenced The fixed call request is illegal, and the access interface is forbidden to call the business interface.
The call request includes the token labels and the service identification;The business interface is from receiving The token labels and the service identification are obtained in the call request, the business interface is given birth to according to the service identification At certification request, in response to the certification request, the permission center finding is corresponding with service identification in the certification request The security key is simultaneously sent to the business interface by security key, wherein the security key is obtained with the access interface Security key is same key.
Referring to Fig. 5, a kind of its interface authentication device based on dubbo frames that be one embodiment of the invention provided Schematic diagram, the interface authentication device based on dubbo frames include:Access interface 1, business interface 2, permission center 3, In, the access interface includes the first filter components 11, and the business interface 2 includes the 2nd filter components 22;
The access interface 1 is used to ask to 3 transmission interface access rights of the permission center, obtains the permission center The service identification of distribution and security key corresponding with the service identification;
First filter components 11 of the access interface 1 are used to be generated according to the security key and the service identification Call request;
In response to the call request of the access interface, the business interface 2 is used to obtain from the permission center 3 and institute State the corresponding security key of service identification in call request;
The security key that 2nd filter components 22 of the business interface 2 are used to be obtained according to the business interface is to institute The legitimacy for stating call request is verified.
The access granularity of each business interface is controlled by the permission center, it can be with the safety of effective protection business interface Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
In a kind of optional embodiment, the first filter components of the access interface are additionally operable to close according to the safety Key generates the token labels;First filter components of the access interface are additionally operable to according to token labels and described Service identification generates the call request.
The call request includes the token labels and the service identification;The business interface is from receiving The token labels and the service identification are obtained in the call request, the business interface is given birth to according to the service identification At certification request, in response to the certification request, the permission center finding is corresponding with service identification in the certification request The security key is simultaneously sent to the business interface by security key, wherein the security key is obtained with the access interface Security key is same key.
In a kind of optional embodiment, the 2nd filter components of the business interface are additionally operable to be connect according to the business The security key that mouth obtains generates localtoken labels;2nd filter components of the business interface are additionally operable to described Localtoken labels carry out matching treatment with the token labels;
When the 2nd filter components of the localtoken and the token successful match, the business interface are used for Judge that the call request is legal, the access interface is authorized to call the business interface;
When the localtoken matches unsuccessful, the 2nd filter components use of the business interface with the token In judging that the call request is illegal, the access interface is forbidden to call the business interface.
The embodiment of the present invention also provide a kind of interface authentication device based on dubbo frames, including processor, memory with And it is stored in the memory and is configured as the computer program executed by the processor, described in the processor execution The above-mentioned interface authentication method based on dubbo frames is realized when computer program.
Illustratively, the computer program can be divided into one or more module/units, one or more A module/unit is stored in the memory, and is executed by the processor, to complete the present invention.It is one or more A module/unit can be the series of computation machine program instruction section that can complete specific function, and the instruction segment is for describing institute State implementation procedure of the computer program in the interface authentication device based on dubbo frames.For example, the computer program Access interface, business interface, permission center can be divided into, each module concrete function is as follows:The access interface be used for Permission center transmission interface access rights request, obtain the distribution of permission center service identification and with the service identification pair The security key answered;First filter components of the access interface are used to be given birth to according to the security key and the service identification At call request;In response to the call request of the access interface, the business interface be used for from the permission center obtain with The corresponding security key of service identification in the call request;2nd filter components of the business interface are used for according to institute The security key for stating business interface acquisition verifies the legitimacy of the call request.
The interface authentication device based on dubbo frames can be desktop PC, notebook, palm PC and cloud Hold the computing devices such as server.The interface authentication device based on dubbo frames may include, but be not limited only to, and processor is deposited Reservoir.It will be understood by those skilled in the art that the schematic diagram is only based on showing for the interface authentication device of dubbo frames Example, does not constitute the restriction to the interface authentication device based on dubbo frames, may include than illustrating more or fewer portions Part, either combines certain components or different components, such as the interface authentication device based on dubbo frames can be with Including input-output equipment, network access equipment, bus etc..
The processor can be central processing unit (Central Processing Unit, CPU), can also be it His general processor, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor Deng the processor is the control centre of the interface authentication device based on dubbo frames, and various interfaces and circuit is utilized to connect Connect the various pieces of the entirely interface authentication device based on dubbo frames.
The memory can be used for storing the computer program and/or module, and the processor is by running or executing Computer program in the memory and/or module are stored, and calls the data being stored in memory, described in realization The various functions of interface authentication device based on dubbo frames.The memory can include mainly storing program area and storage number According to area, wherein storing program area can storage program area, (for example sound plays work(to the application program needed at least one function Energy, image player function etc.) etc.;Storage data field can store according to mobile phone use created data (such as audio data, Phone directory etc.) etc..In addition, memory may include high-speed random access memory, can also include nonvolatile memory, example Such as hard disk, memory, plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card), at least one disk memory, flush memory device or other volatibility are solid State memory device.
Wherein, if the integrated module/unit of the interface authentication device based on dubbo frames is with SFU software functional unit Form realize and when sold or used as an independent product, can be stored in a computer read/write memory medium. Based on this understanding, the present invention realizes all or part of flow in above-described embodiment method, can also pass through computer journey Sequence is completed to instruct relevant hardware, and the computer program can be stored in a computer readable storage medium, the meter Calculation machine program is when being executed by processor, it can be achieved that the step of above-mentioned each embodiment of the method.Wherein, the computer program packet Include computer program code, the computer program code can be source code form, object identification code form, executable file or Certain intermediate forms etc..The computer-readable medium may include:Any reality of the computer program code can be carried Body or device, recording medium, USB flash disk, mobile hard disk, magnetic disc, CD, computer storage, read-only memory (ROM, Read- Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and Software distribution medium etc..It should be noted that the content that the computer-readable medium includes can be according in jurisdiction Legislation and the requirement of patent practice carry out increase and decrease appropriate, such as in certain jurisdictions, according to legislation and patent practice, meter Calculation machine readable medium does not include electric carrier signal and telecommunication signal.
It should be noted that the apparatus embodiments described above are merely exemplary, wherein described be used as separating component The unit of explanation may or may not be physically separated, and the component shown as unit can be or can also It is not physical unit, you can be located at a place, or may be distributed over multiple network units.It can be according to actual It needs that some or all of module therein is selected to achieve the purpose of the solution of this embodiment.In addition, device provided by the invention In embodiment attached drawing, the connection relation between module indicates there is communication connection between them, specifically can be implemented as one or A plurality of communication bus or signal wire.Those of ordinary skill in the art are without creative efforts, you can to understand And implement.
The embodiment of the present invention also provides a kind of computer readable storage medium, and the computer readable storage medium includes depositing The computer program of storage, wherein equipment where controlling the computer readable storage medium when the computer program is run Execute the above-mentioned interface authentication method based on dubbo frames.
Compared with prior art, a kind of interface authentication method based on dubbo frames provided in an embodiment of the present invention has Beneficial effect is:The interface authentication method based on dubbo frames includes:Access interface is accessed to permission center transmission interface Authority request obtains the service identification of permission center distribution and security key corresponding with the service identification;The access connects First filter components of mouth generate call request according to the security key and the service identification;It is connect in response to the access The call request of mouth, the business interface obtain peace corresponding with the service identification in the call request from the permission center Full key;The security key that 2nd filter components of the business interface are obtained according to the business interface asks the calling The legitimacy asked is verified.The safety that business interface can be improved by the method prevents business interface from maliciously being adjusted With guarantee is stored in the data safety of service provisioning platform.The embodiment of the present invention also provides a kind of interface based on dubbo frames Certification and computer readable storage medium.
It is the preferred embodiment of the present invention above, it is noted that for those skilled in the art, Various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also considered as this hair Bright protection domain.

Claims (10)

1. a kind of interface authentication method based on dubbo frames, which is characterized in that including:
Access interface is asked to permission center transmission interface access rights, obtain permission center distribution service identification and with The corresponding security key of the service identification;
First filter components of the access interface generate call request according to the security key and the service identification;
In response to the call request of the access interface, business interface is from permission center acquisition and the call request The corresponding security key of service identification;
The security key that 2nd filter components of the business interface are obtained according to the business interface is to the call request Legitimacy verified.
2. the interface authentication method based on dubbo frames as described in claim 1, which is characterized in that the access connects First filter components of mouth generate call request according to the security key and the service identification, specifically include:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the calling according to the token labels and the service identification and ask It asks.
3. the interface authentication method based on dubbo frames as claimed in claim 2, which is characterized in that the business connects The security key that 2nd filter components of mouth are obtained according to the business interface tests the legitimacy of the call request Card, specifically includes:
2nd filter components of the business interface generate local token according to the security key that the business interface obtains Label;
2nd filter components of the business interface match the local token labels with the token labels Processing;
As the local token and the token successful match, described in the 2nd filter components judgement of the business interface Call request is legal, and the access interface is authorized to call the business interface;
When the local token match unsuccessful, the 2nd filter components judgement institute of the business interface with the token It is illegal to state call request, the access interface is forbidden to call the business interface.
4. a kind of interface authentication method based on dubbo frames is applied to access interface, which is characterized in that including:
Asked to permission center transmission interface access rights, obtain permission center distribution service identification and with the business Identify corresponding security key;
First filter components of the access interface generate call request according to the security key and the service identification;
The call request is sent to business interface.
5. the interface authentication method based on dubbo frames as claimed in claim 4, which is characterized in that the access interface First filter components generate call request according to the security key and the service identification, specifically include:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the calling according to the token labels and the service identification and ask It asks.
6. a kind of interface authentication method based on dubbo frames is applied to permission center, which is characterized in that including:
In response to the interface access rights request of access interface, distributes service identification and safety corresponding with the service identification is close Key is to the access interface;
The service identification obtained from the access interface sent according to business interface, searches for peace corresponding with the service identification Full key, and security key corresponding with the service identification is sent to the business interface.
7. a kind of interface authentication method based on dubbo frames is applied to business interface, which is characterized in that including:
In response to the call request of access interface, the business interface is from permission center acquisition and the call request The corresponding security key of service identification;
The security key that 2nd filter components of the business interface are obtained according to the business interface is to the call request Legitimacy verified.
8. the interface authentication method based on dubbo frames as claimed in claim 7, which is characterized in that the business connects The security key that 2nd filter components of mouth are obtained according to the business interface tests the legitimacy of the call request Card, specifically includes:
2nd filter components of the business interface generate local token according to the security key that the business interface obtains Label;
2nd filter components of the business interface match the local token labels with the token labels Processing;
As the local token and the token successful match, described in the 2nd filter components judgement of the business interface Call request is legal, and the access interface is authorized to call the business interface;
When the local token match unsuccessful, the 2nd filter components judgement institute of the business interface with the token It is illegal to state call request, the access interface is forbidden to call the business interface.
9. a kind of interface authentication device based on dubbo frames, including processor, memory and it is stored in the memory And it is configured as the computer program executed by the processor, the processor is realized when executing the computer program as weighed Profit requires the interface authentication method based on dubbo frames described in any one of 1 to 3.
10. a kind of computer readable storage medium, which is characterized in that the computer readable storage medium includes the calculating of storage Machine program, wherein equipment where controlling the computer readable storage medium when the computer program is run is executed as weighed Profit requires the interface authentication method based on dubbo frames described in any one of 1 to 3.
CN201810145194.2A 2018-02-12 2018-02-12 Interface authentication method, apparatus and computer readable storage medium based on dubbo frames Pending CN108418814A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810145194.2A CN108418814A (en) 2018-02-12 2018-02-12 Interface authentication method, apparatus and computer readable storage medium based on dubbo frames

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810145194.2A CN108418814A (en) 2018-02-12 2018-02-12 Interface authentication method, apparatus and computer readable storage medium based on dubbo frames

Publications (1)

Publication Number Publication Date
CN108418814A true CN108418814A (en) 2018-08-17

Family

ID=63128447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810145194.2A Pending CN108418814A (en) 2018-02-12 2018-02-12 Interface authentication method, apparatus and computer readable storage medium based on dubbo frames

Country Status (1)

Country Link
CN (1) CN108418814A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109871287A (en) * 2018-12-15 2019-06-11 中国平安人寿保险股份有限公司 Interface call method, device, computer installation and storage medium
WO2020181809A1 (en) * 2019-03-13 2020-09-17 平安科技(深圳)有限公司 Data processing method and system based on interface checking, and computer device
CN112217823A (en) * 2020-10-13 2021-01-12 中国银行股份有限公司 Interface authority control method and device based on dubbo frame

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103220259A (en) * 2012-01-20 2013-07-24 华为技术有限公司 Using method, call method, device and system of Oauth application programming interface (API)
US20150156123A1 (en) * 2011-12-15 2015-06-04 Amazon Technologies, Inc. System and method for throttling service requests using work-based tokens
CN106453519A (en) * 2016-09-21 2017-02-22 合网络技术(北京)有限公司 Interface call method and device
CN107124431A (en) * 2017-06-22 2017-09-01 浙江数链科技有限公司 Method for authenticating, device, computer-readable recording medium and right discriminating system
CN107493286A (en) * 2017-08-23 2017-12-19 杭州安恒信息技术有限公司 A kind of RPC remote procedure calling (PRC) methods based on secure authentication
CN107659581A (en) * 2017-10-19 2018-02-02 郑州云海信息技术有限公司 A kind of resource transfer method and apparatus

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150156123A1 (en) * 2011-12-15 2015-06-04 Amazon Technologies, Inc. System and method for throttling service requests using work-based tokens
CN103220259A (en) * 2012-01-20 2013-07-24 华为技术有限公司 Using method, call method, device and system of Oauth application programming interface (API)
CN106453519A (en) * 2016-09-21 2017-02-22 合网络技术(北京)有限公司 Interface call method and device
CN107124431A (en) * 2017-06-22 2017-09-01 浙江数链科技有限公司 Method for authenticating, device, computer-readable recording medium and right discriminating system
CN107493286A (en) * 2017-08-23 2017-12-19 杭州安恒信息技术有限公司 A kind of RPC remote procedure calling (PRC) methods based on secure authentication
CN107659581A (en) * 2017-10-19 2018-02-02 郑州云海信息技术有限公司 A kind of resource transfer method and apparatus

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JMBKEYES: "dubbo之令牌验证", 《HTTPS://WWW.CNBLOGS.COM/JMBKEYES/P/7542685.HTML》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109871287A (en) * 2018-12-15 2019-06-11 中国平安人寿保险股份有限公司 Interface call method, device, computer installation and storage medium
WO2020181809A1 (en) * 2019-03-13 2020-09-17 平安科技(深圳)有限公司 Data processing method and system based on interface checking, and computer device
CN112217823A (en) * 2020-10-13 2021-01-12 中国银行股份有限公司 Interface authority control method and device based on dubbo frame

Similar Documents

Publication Publication Date Title
US9614875B2 (en) Scaling a trusted computing model in a globally distributed cloud environment
US9769152B2 (en) Attribute-based access control
US8639627B2 (en) Portable digital rights for multiple devices
US9052939B2 (en) Data compliance management associated with cloud migration events
JP5516821B2 (en) System and method for remote maintenance of multiple clients in an electronic network using virtualization and authentication
US9491183B1 (en) Geographic location-based policy
CN114026834A (en) Multi-entity resource, security, and service management in edge computing deployments
CN105981331B (en) Entity handling registry for supporting traffic policy enforcement
CN109635550B (en) Permission verification method, gateway and system for cluster data
CN109462831B (en) Method, distribution server and system for accessing network by application program in mobile terminal
CN102082821B (en) Method and system for safely accessing cross-resource pool resources based on federal center
US9729465B2 (en) Policy based application elasticity across heterogeneous computing infrastructure
CN110138767B (en) Transaction request processing method, device, equipment and storage medium
CN108418814A (en) Interface authentication method, apparatus and computer readable storage medium based on dubbo frames
CN103369038B (en) Platform serves PaaS management platform and method
CN107846313A (en) A kind of method and the network equipment of network service template generation
CN107480554A (en) A kind of right management method, rights management device and intelligent terminal
US20210281555A1 (en) Api key access authorization
US11522864B1 (en) Secure identity transfer
CN112887199B (en) Gateway, cloud platform, configuration method and device thereof, and computer-readable storage medium
CN112422555B (en) Kubernetes-based resource authority management system and method for distributed system
CN108228197A (en) A kind of method and apparatus for installing software in the cluster
CN107181801A (en) A kind of electronic accessories storage method and terminal
CN107277640A (en) Interactive approach, device and storage medium based on live platform
CN113312669B (en) Password synchronization method, device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20180817

RJ01 Rejection of invention patent application after publication