CN108418814A - Interface authentication method, apparatus and computer readable storage medium based on dubbo frames - Google Patents
Interface authentication method, apparatus and computer readable storage medium based on dubbo frames Download PDFInfo
- Publication number
- CN108418814A CN108418814A CN201810145194.2A CN201810145194A CN108418814A CN 108418814 A CN108418814 A CN 108418814A CN 201810145194 A CN201810145194 A CN 201810145194A CN 108418814 A CN108418814 A CN 108418814A
- Authority
- CN
- China
- Prior art keywords
- interface
- business
- security key
- filter components
- service identification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of interface authentication method, apparatus and computer readable storage medium based on dubbo frames, the method includes access interfaces to ask to permission center transmission interface access rights, obtains the service identification of permission center distribution and security key corresponding with the service identification;First filter components of the access interface generate call request according to the security key and the service identification;In response to the call request of the access interface, the business interface obtains security key corresponding with the service identification in the call request from the permission center;The security key that 2nd filter components of the business interface are obtained according to the business interface verifies the legitimacy of the call request.The safety that business interface can be improved by the method prevents business interface from maliciously being called, and ensures the data safety for being stored in service provisioning platform.
Description
Technical field
The present invention relates to interface authentication field and field, and in particular to a kind of interface authentication method based on dubbo frames.
Background technology
Dubbo is a service framework, is dedicated to providing the RPC remote service invocation schemes of high-performance and transparence, with
And SOA services resolution.Its core includes:1, telecommunication:It provides abstract to a variety of NIO frames based on long connection
The information exchange system of encapsulation, including a variety of threading models, serializing, and " request-response " pattern.2, cluster is fault-tolerant:It carries
For the transparent remote invocation of procedure based on interface method, including multi protocol supporting and soft load balancing, fault-tolerant, the address of failure
Routing, the clusters such as dynamic configuration are supported.3, automatic to find:Based on registration center's directory service, make service consumer dynamic
Service provider is searched, makes address-transparent, service provider is allow smoothly to increase or decrease machine.
Currently, in Internet service, dubbo frames have largely been used to carry out business research and development, still, due to Dubbo frames
The function of finding automatically of frame itself, and the primary token security strategies granularities of dubbo slightly make very much, the safety of data-interface
Property it is relatively low so that the interface message that data-interface is registered in registration center is easy leakage, so as to cause the data of service provider
Interface is easy to be called by illegal user from malicious, influences the data safety for being stored in service provider.
Invention content
The object of the present invention is to provide a kind of interface authentication methods based on dubbo frames, improve the safety of business interface
Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
In order to solve the above technical problems, the embodiment of the present invention provides a kind of interface authentication method based on dubbo frames, packet
It includes:
Access interface is asked to permission center transmission interface access rights, obtains the service identification of the permission center distribution
Security key corresponding with the service identification;
First filter components of the access interface are generated to call and be asked according to the security key and the service identification
It asks;
In response to the call request of the access interface, business interface obtains and the call request from the permission center
In the corresponding security key of service identification;
The security key that 2nd filter components of the business interface are obtained according to the business interface is to the calling
The legitimacy of request is verified.
Preferably, the first filter components of the access interface are generated according to the security key and the service identification
Call request specifically includes:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the tune according to the token labels and the service identification
With request.
Preferably, the security key that the 2nd filter components of the business interface are obtained according to the business interface is to institute
The legitimacy for stating call request is verified, and is specifically included:
2nd filter components of the business interface are generated according to the security key that the business interface obtains
Localtoken labels;
2nd filter components of the business interface are to the localtoken labels and token labels progress
With processing;
When the 2nd filter components of the localtoken and the token successful match, the business interface judge
The call request is legal, and the access interface is authorized to call the business interface;
When the localtoken matches with the token unsuccessful, the 2nd filter components of the business interface are sentenced
The fixed call request is illegal, and the access interface is forbidden to call the business interface.
The embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to access interface, packet
It includes:
Asked to permission center transmission interface access rights, obtain permission center distribution service identification and with it is described
The corresponding security key of service identification;
First filter components of the access interface are generated to call and be asked according to the security key and the service identification
It asks;
The call request is sent to business interface.
Preferably, the first filter components of the access interface are generated according to the security key and the service identification
Call request specifically includes:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the tune according to the token labels and the service identification
With request.
The embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to permission center, packet
It includes:
In response to the interface access rights request of access interface, service identification and peace corresponding with the service identification are distributed
Full key is to the access interface;
The service identification obtained from the access interface sent according to business interface, search are corresponding with the service identification
Security key, and security key corresponding with the service identification is sent to the business interface.
The embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to business interface, packet
It includes:
In response to the call request of access interface, the business interface obtains and the call request from the permission center
In the corresponding security key of service identification;
The security key that 2nd filter components of the business interface are obtained according to the business interface is to the calling
The legitimacy of request is verified.
Preferably, the security key that the 2nd filter components of the business interface are obtained according to the business interface is to institute
The legitimacy for stating call request is verified, and is specifically included:
2nd filter components of the business interface are generated according to the security key that the business interface obtains
Localtoken labels;
2nd filter components of the business interface are to the localtoken labels and token labels progress
With processing;
When the 2nd filter components of the localtoken and the token successful match, the business interface judge
The call request is legal, and the access interface is authorized to call the business interface;
When the localtoken matches with the token unsuccessful, the 2nd filter components of the business interface are sentenced
The fixed call request is illegal, and the access interface is forbidden to call the business interface.
The embodiment of the present invention also provide a kind of interface authentication device based on dubbo frames, including processor, memory with
And it is stored in the memory and is configured as the computer program executed by the processor, described in the processor execution
The above-mentioned interface authentication method based on dubbo frames is realized when computer program.
The embodiment of the present invention also provides a kind of computer readable storage medium, and the computer readable storage medium includes depositing
The computer program of storage, wherein equipment where controlling the computer readable storage medium when the computer program is run
Execute the above-mentioned interface authentication method based on dubbo frames.
Compared with prior art, a kind of interface authentication method based on dubbo frames provided in an embodiment of the present invention has
Beneficial effect is:The interface authentication method based on dubbo frames includes:Access interface is accessed to permission center transmission interface
Authority request obtains the service identification of the permission center distribution and security key corresponding with the service identification;The visit
Ask that the first filter components of interface generate call request according to the security key and the service identification;In response to the visit
Ask that the call request of interface, the business interface obtain corresponding with the service identification in the call request from the permission center
Security key;The security key that 2nd filter components of the business interface are obtained according to the business interface is to the tune
It is verified with the legitimacy of request.The safety that business interface can be improved by the method prevents business interface from being disliked
Meaning is called, and ensures the data safety for being stored in service provisioning platform.The embodiment of the present invention also provides a kind of based on dubbo frames
Interface authentication and computer readable storage medium.
Description of the drawings
Fig. 1 is a kind of flow chart for interface authentication method based on dubbo frames that the embodiment of the present invention one provides;
Fig. 2 is a kind of flow chart of interface authentication method based on dubbo frames provided by Embodiment 2 of the present invention;
Fig. 3 is a kind of flow chart for interface authentication method based on dubbo frames that the embodiment of the present invention three provides;
Fig. 4 is a kind of flow chart for interface authentication method based on dubbo frames that the embodiment of the present invention four provides;
Fig. 5 is a kind of schematic diagram for interface authentication device based on dubbo frames that the embodiment of the present invention is provided.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art are obtained every other without creative efforts
Embodiment shall fall within the protection scope of the present invention.
Referring to Fig. 1, a kind of its interface authentication method based on dubbo frames that be one embodiment of the invention provided
Flow chart, the interface authentication method based on dubbo frames include:
S101:Access interface is asked to permission center transmission interface access rights, obtains the industry of the permission center distribution
Business mark and security key corresponding with the service identification;
S102:First filter components of the access interface are generated according to the security key and the service identification and are adjusted
With request;
S103:In response to the call request of the access interface, business interface obtains and the tune from the permission center
With the corresponding security key of service identification in request;
S104:The security key that 2nd filter components of the business interface are obtained according to the business interface is to described
The legitimacy of call request is verified.
The access granularity of each business interface is controlled by the permission center, it can be with the safety of effective protection business interface
Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
In a kind of optional embodiment, S102:First filter components of the access interface are close according to the safety
Key and the service identification generate call request, specifically include:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the tune according to the token labels and the service identification
With request.
The call request includes the token labels and the service identification;The business interface is from receiving
The token labels and the service identification are obtained in the call request, the business interface is given birth to according to the service identification
At certification request, in response to the certification request, the permission center finding is corresponding with service identification in the certification request
The security key is simultaneously sent to the business interface by security key, wherein the security key is obtained with the access interface
Security key is same key.
In a kind of optional embodiment, S104:2nd filter components of the business interface connect according to the business
The security key that mouth obtains verifies the legitimacy of the call request, specifically includes:
2nd filter components of the business interface are generated according to the security key that the business interface obtains
Localtoken labels;
2nd filter components of the business interface are to the localtoken labels and token labels progress
With processing;
When the 2nd filter components of the localtoken and the token successful match, the business interface judge
The call request is legal, and the access interface is authorized to call the business interface;
When the localtoken matches with the token unsuccessful, the 2nd filter components of the business interface are sentenced
The fixed call request is illegal, and the access interface is forbidden to call the business interface.
Referring to Fig. 2, a kind of its interface authentication method based on dubbo frames that be second embodiment of the invention provided
Flow chart, the embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to access interface, packet
It includes:
S201:Asked to permission center transmission interface access rights, obtain permission center distribution service identification and
Security key corresponding with the service identification;
S202:First filter components of the access interface are generated according to the security key and the service identification and are adjusted
With request;
The call request is sent to business interface by S203.
The access granularity of each business interface is controlled by the permission center, it can be with the safety of effective protection business interface
Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
In a kind of optional embodiment, the first filter components of the access interface are according to the security key
Call request is generated with the service identification, is specifically included:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the tune according to the token labels and the service identification
With request.
The call request includes the token labels and the service identification;The business interface is from receiving
The token labels and the service identification are obtained in the call request, the business interface is given birth to according to the service identification
At certification request, in response to the certification request, the permission center finding is corresponding with service identification in the certification request
The security key is simultaneously sent to the business interface by security key, wherein the security key is obtained with the access interface
Security key is same key.
Referring to Fig. 3, a kind of its interface authentication method based on dubbo frames that be third embodiment of the invention provided
Flow chart, the embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to permission center, packet
It includes:
S301:In response to access interface interface access rights request, distribute service identification and with the service identification pair
The security key answered is to the access interface;
S302:The service identification obtained from the access interface sent according to business interface, search and the business mark
Know corresponding security key, and security key corresponding with the service identification is sent to the business interface.
The access granularity of each business interface is controlled by the permission center, it can be with the safety of effective protection business interface
Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
Referring to Fig. 4, a kind of its interface authentication method based on dubbo frames that be fourth embodiment of the invention provided
Flow chart, the embodiment of the present invention also provides a kind of interface authentication method based on dubbo frames, is applied to business interface, packet
It includes:
S401:In response to the call request of access interface, the business interface obtains and the tune from the permission center
With the corresponding security key of service identification in request;
S402:The security key that 2nd filter components of the business interface are obtained according to the business interface is to described
The legitimacy of call request is verified.
The access granularity of each business interface is controlled by the permission center, it can be with the safety of effective protection business interface
Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
In a kind of optional embodiment, the 2nd filter components of the business interface are according to the business interface
The security key of acquisition verifies the legitimacy of the call request, specifically includes:
2nd filter components of the business interface are generated according to the security key that the business interface obtains
Localtoken labels;
2nd filter components of the business interface are to the localtoken labels and token labels progress
With processing;
When the 2nd filter components of the localtoken and the token successful match, the business interface judge
The call request is legal, and the access interface is authorized to call the business interface;
When the localtoken matches with the token unsuccessful, the 2nd filter components of the business interface are sentenced
The fixed call request is illegal, and the access interface is forbidden to call the business interface.
The call request includes the token labels and the service identification;The business interface is from receiving
The token labels and the service identification are obtained in the call request, the business interface is given birth to according to the service identification
At certification request, in response to the certification request, the permission center finding is corresponding with service identification in the certification request
The security key is simultaneously sent to the business interface by security key, wherein the security key is obtained with the access interface
Security key is same key.
Referring to Fig. 5, a kind of its interface authentication device based on dubbo frames that be one embodiment of the invention provided
Schematic diagram, the interface authentication device based on dubbo frames include:Access interface 1, business interface 2, permission center 3,
In, the access interface includes the first filter components 11, and the business interface 2 includes the 2nd filter components 22;
The access interface 1 is used to ask to 3 transmission interface access rights of the permission center, obtains the permission center
The service identification of distribution and security key corresponding with the service identification;
First filter components 11 of the access interface 1 are used to be generated according to the security key and the service identification
Call request;
In response to the call request of the access interface, the business interface 2 is used to obtain from the permission center 3 and institute
State the corresponding security key of service identification in call request;
The security key that 2nd filter components 22 of the business interface 2 are used to be obtained according to the business interface is to institute
The legitimacy for stating call request is verified.
The access granularity of each business interface is controlled by the permission center, it can be with the safety of effective protection business interface
Property, it prevents business interface from maliciously being called, ensures the data safety for being stored in service provisioning platform.
In a kind of optional embodiment, the first filter components of the access interface are additionally operable to close according to the safety
Key generates the token labels;First filter components of the access interface are additionally operable to according to token labels and described
Service identification generates the call request.
The call request includes the token labels and the service identification;The business interface is from receiving
The token labels and the service identification are obtained in the call request, the business interface is given birth to according to the service identification
At certification request, in response to the certification request, the permission center finding is corresponding with service identification in the certification request
The security key is simultaneously sent to the business interface by security key, wherein the security key is obtained with the access interface
Security key is same key.
In a kind of optional embodiment, the 2nd filter components of the business interface are additionally operable to be connect according to the business
The security key that mouth obtains generates localtoken labels;2nd filter components of the business interface are additionally operable to described
Localtoken labels carry out matching treatment with the token labels;
When the 2nd filter components of the localtoken and the token successful match, the business interface are used for
Judge that the call request is legal, the access interface is authorized to call the business interface;
When the localtoken matches unsuccessful, the 2nd filter components use of the business interface with the token
In judging that the call request is illegal, the access interface is forbidden to call the business interface.
The embodiment of the present invention also provide a kind of interface authentication device based on dubbo frames, including processor, memory with
And it is stored in the memory and is configured as the computer program executed by the processor, described in the processor execution
The above-mentioned interface authentication method based on dubbo frames is realized when computer program.
Illustratively, the computer program can be divided into one or more module/units, one or more
A module/unit is stored in the memory, and is executed by the processor, to complete the present invention.It is one or more
A module/unit can be the series of computation machine program instruction section that can complete specific function, and the instruction segment is for describing institute
State implementation procedure of the computer program in the interface authentication device based on dubbo frames.For example, the computer program
Access interface, business interface, permission center can be divided into, each module concrete function is as follows:The access interface be used for
Permission center transmission interface access rights request, obtain the distribution of permission center service identification and with the service identification pair
The security key answered;First filter components of the access interface are used to be given birth to according to the security key and the service identification
At call request;In response to the call request of the access interface, the business interface be used for from the permission center obtain with
The corresponding security key of service identification in the call request;2nd filter components of the business interface are used for according to institute
The security key for stating business interface acquisition verifies the legitimacy of the call request.
The interface authentication device based on dubbo frames can be desktop PC, notebook, palm PC and cloud
Hold the computing devices such as server.The interface authentication device based on dubbo frames may include, but be not limited only to, and processor is deposited
Reservoir.It will be understood by those skilled in the art that the schematic diagram is only based on showing for the interface authentication device of dubbo frames
Example, does not constitute the restriction to the interface authentication device based on dubbo frames, may include than illustrating more or fewer portions
Part, either combines certain components or different components, such as the interface authentication device based on dubbo frames can be with
Including input-output equipment, network access equipment, bus etc..
The processor can be central processing unit (Central Processing Unit, CPU), can also be it
His general processor, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng the processor is the control centre of the interface authentication device based on dubbo frames, and various interfaces and circuit is utilized to connect
Connect the various pieces of the entirely interface authentication device based on dubbo frames.
The memory can be used for storing the computer program and/or module, and the processor is by running or executing
Computer program in the memory and/or module are stored, and calls the data being stored in memory, described in realization
The various functions of interface authentication device based on dubbo frames.The memory can include mainly storing program area and storage number
According to area, wherein storing program area can storage program area, (for example sound plays work(to the application program needed at least one function
Energy, image player function etc.) etc.;Storage data field can store according to mobile phone use created data (such as audio data,
Phone directory etc.) etc..In addition, memory may include high-speed random access memory, can also include nonvolatile memory, example
Such as hard disk, memory, plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure
Digital, SD) card, flash card (Flash Card), at least one disk memory, flush memory device or other volatibility are solid
State memory device.
Wherein, if the integrated module/unit of the interface authentication device based on dubbo frames is with SFU software functional unit
Form realize and when sold or used as an independent product, can be stored in a computer read/write memory medium.
Based on this understanding, the present invention realizes all or part of flow in above-described embodiment method, can also pass through computer journey
Sequence is completed to instruct relevant hardware, and the computer program can be stored in a computer readable storage medium, the meter
Calculation machine program is when being executed by processor, it can be achieved that the step of above-mentioned each embodiment of the method.Wherein, the computer program packet
Include computer program code, the computer program code can be source code form, object identification code form, executable file or
Certain intermediate forms etc..The computer-readable medium may include:Any reality of the computer program code can be carried
Body or device, recording medium, USB flash disk, mobile hard disk, magnetic disc, CD, computer storage, read-only memory (ROM, Read-
Only Memory), random access memory (RAM, Random Access Memory), electric carrier signal, telecommunication signal and
Software distribution medium etc..It should be noted that the content that the computer-readable medium includes can be according in jurisdiction
Legislation and the requirement of patent practice carry out increase and decrease appropriate, such as in certain jurisdictions, according to legislation and patent practice, meter
Calculation machine readable medium does not include electric carrier signal and telecommunication signal.
It should be noted that the apparatus embodiments described above are merely exemplary, wherein described be used as separating component
The unit of explanation may or may not be physically separated, and the component shown as unit can be or can also
It is not physical unit, you can be located at a place, or may be distributed over multiple network units.It can be according to actual
It needs that some or all of module therein is selected to achieve the purpose of the solution of this embodiment.In addition, device provided by the invention
In embodiment attached drawing, the connection relation between module indicates there is communication connection between them, specifically can be implemented as one or
A plurality of communication bus or signal wire.Those of ordinary skill in the art are without creative efforts, you can to understand
And implement.
The embodiment of the present invention also provides a kind of computer readable storage medium, and the computer readable storage medium includes depositing
The computer program of storage, wherein equipment where controlling the computer readable storage medium when the computer program is run
Execute the above-mentioned interface authentication method based on dubbo frames.
Compared with prior art, a kind of interface authentication method based on dubbo frames provided in an embodiment of the present invention has
Beneficial effect is:The interface authentication method based on dubbo frames includes:Access interface is accessed to permission center transmission interface
Authority request obtains the service identification of permission center distribution and security key corresponding with the service identification;The access connects
First filter components of mouth generate call request according to the security key and the service identification;It is connect in response to the access
The call request of mouth, the business interface obtain peace corresponding with the service identification in the call request from the permission center
Full key;The security key that 2nd filter components of the business interface are obtained according to the business interface asks the calling
The legitimacy asked is verified.The safety that business interface can be improved by the method prevents business interface from maliciously being adjusted
With guarantee is stored in the data safety of service provisioning platform.The embodiment of the present invention also provides a kind of interface based on dubbo frames
Certification and computer readable storage medium.
It is the preferred embodiment of the present invention above, it is noted that for those skilled in the art,
Various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also considered as this hair
Bright protection domain.
Claims (10)
1. a kind of interface authentication method based on dubbo frames, which is characterized in that including:
Access interface is asked to permission center transmission interface access rights, obtain permission center distribution service identification and with
The corresponding security key of the service identification;
First filter components of the access interface generate call request according to the security key and the service identification;
In response to the call request of the access interface, business interface is from permission center acquisition and the call request
The corresponding security key of service identification;
The security key that 2nd filter components of the business interface are obtained according to the business interface is to the call request
Legitimacy verified.
2. the interface authentication method based on dubbo frames as described in claim 1, which is characterized in that the access connects
First filter components of mouth generate call request according to the security key and the service identification, specifically include:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the calling according to the token labels and the service identification and ask
It asks.
3. the interface authentication method based on dubbo frames as claimed in claim 2, which is characterized in that the business connects
The security key that 2nd filter components of mouth are obtained according to the business interface tests the legitimacy of the call request
Card, specifically includes:
2nd filter components of the business interface generate local token according to the security key that the business interface obtains
Label;
2nd filter components of the business interface match the local token labels with the token labels
Processing;
As the local token and the token successful match, described in the 2nd filter components judgement of the business interface
Call request is legal, and the access interface is authorized to call the business interface;
When the local token match unsuccessful, the 2nd filter components judgement institute of the business interface with the token
It is illegal to state call request, the access interface is forbidden to call the business interface.
4. a kind of interface authentication method based on dubbo frames is applied to access interface, which is characterized in that including:
Asked to permission center transmission interface access rights, obtain permission center distribution service identification and with the business
Identify corresponding security key;
First filter components of the access interface generate call request according to the security key and the service identification;
The call request is sent to business interface.
5. the interface authentication method based on dubbo frames as claimed in claim 4, which is characterized in that the access interface
First filter components generate call request according to the security key and the service identification, specifically include:
First filter components of the access interface generate the token labels according to the security key;
First filter components of the access interface generate the calling according to the token labels and the service identification and ask
It asks.
6. a kind of interface authentication method based on dubbo frames is applied to permission center, which is characterized in that including:
In response to the interface access rights request of access interface, distributes service identification and safety corresponding with the service identification is close
Key is to the access interface;
The service identification obtained from the access interface sent according to business interface, searches for peace corresponding with the service identification
Full key, and security key corresponding with the service identification is sent to the business interface.
7. a kind of interface authentication method based on dubbo frames is applied to business interface, which is characterized in that including:
In response to the call request of access interface, the business interface is from permission center acquisition and the call request
The corresponding security key of service identification;
The security key that 2nd filter components of the business interface are obtained according to the business interface is to the call request
Legitimacy verified.
8. the interface authentication method based on dubbo frames as claimed in claim 7, which is characterized in that the business connects
The security key that 2nd filter components of mouth are obtained according to the business interface tests the legitimacy of the call request
Card, specifically includes:
2nd filter components of the business interface generate local token according to the security key that the business interface obtains
Label;
2nd filter components of the business interface match the local token labels with the token labels
Processing;
As the local token and the token successful match, described in the 2nd filter components judgement of the business interface
Call request is legal, and the access interface is authorized to call the business interface;
When the local token match unsuccessful, the 2nd filter components judgement institute of the business interface with the token
It is illegal to state call request, the access interface is forbidden to call the business interface.
9. a kind of interface authentication device based on dubbo frames, including processor, memory and it is stored in the memory
And it is configured as the computer program executed by the processor, the processor is realized when executing the computer program as weighed
Profit requires the interface authentication method based on dubbo frames described in any one of 1 to 3.
10. a kind of computer readable storage medium, which is characterized in that the computer readable storage medium includes the calculating of storage
Machine program, wherein equipment where controlling the computer readable storage medium when the computer program is run is executed as weighed
Profit requires the interface authentication method based on dubbo frames described in any one of 1 to 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810145194.2A CN108418814A (en) | 2018-02-12 | 2018-02-12 | Interface authentication method, apparatus and computer readable storage medium based on dubbo frames |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810145194.2A CN108418814A (en) | 2018-02-12 | 2018-02-12 | Interface authentication method, apparatus and computer readable storage medium based on dubbo frames |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108418814A true CN108418814A (en) | 2018-08-17 |
Family
ID=63128447
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810145194.2A Pending CN108418814A (en) | 2018-02-12 | 2018-02-12 | Interface authentication method, apparatus and computer readable storage medium based on dubbo frames |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108418814A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109871287A (en) * | 2018-12-15 | 2019-06-11 | 中国平安人寿保险股份有限公司 | Interface call method, device, computer installation and storage medium |
WO2020181809A1 (en) * | 2019-03-13 | 2020-09-17 | 平安科技(深圳)有限公司 | Data processing method and system based on interface checking, and computer device |
CN112217823A (en) * | 2020-10-13 | 2021-01-12 | 中国银行股份有限公司 | Interface authority control method and device based on dubbo frame |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103220259A (en) * | 2012-01-20 | 2013-07-24 | 华为技术有限公司 | Using method, call method, device and system of Oauth application programming interface (API) |
US20150156123A1 (en) * | 2011-12-15 | 2015-06-04 | Amazon Technologies, Inc. | System and method for throttling service requests using work-based tokens |
CN106453519A (en) * | 2016-09-21 | 2017-02-22 | 合网络技术(北京)有限公司 | Interface call method and device |
CN107124431A (en) * | 2017-06-22 | 2017-09-01 | 浙江数链科技有限公司 | Method for authenticating, device, computer-readable recording medium and right discriminating system |
CN107493286A (en) * | 2017-08-23 | 2017-12-19 | 杭州安恒信息技术有限公司 | A kind of RPC remote procedure calling (PRC) methods based on secure authentication |
CN107659581A (en) * | 2017-10-19 | 2018-02-02 | 郑州云海信息技术有限公司 | A kind of resource transfer method and apparatus |
-
2018
- 2018-02-12 CN CN201810145194.2A patent/CN108418814A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150156123A1 (en) * | 2011-12-15 | 2015-06-04 | Amazon Technologies, Inc. | System and method for throttling service requests using work-based tokens |
CN103220259A (en) * | 2012-01-20 | 2013-07-24 | 华为技术有限公司 | Using method, call method, device and system of Oauth application programming interface (API) |
CN106453519A (en) * | 2016-09-21 | 2017-02-22 | 合网络技术(北京)有限公司 | Interface call method and device |
CN107124431A (en) * | 2017-06-22 | 2017-09-01 | 浙江数链科技有限公司 | Method for authenticating, device, computer-readable recording medium and right discriminating system |
CN107493286A (en) * | 2017-08-23 | 2017-12-19 | 杭州安恒信息技术有限公司 | A kind of RPC remote procedure calling (PRC) methods based on secure authentication |
CN107659581A (en) * | 2017-10-19 | 2018-02-02 | 郑州云海信息技术有限公司 | A kind of resource transfer method and apparatus |
Non-Patent Citations (1)
Title |
---|
JMBKEYES: "dubbo之令牌验证", 《HTTPS://WWW.CNBLOGS.COM/JMBKEYES/P/7542685.HTML》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109871287A (en) * | 2018-12-15 | 2019-06-11 | 中国平安人寿保险股份有限公司 | Interface call method, device, computer installation and storage medium |
WO2020181809A1 (en) * | 2019-03-13 | 2020-09-17 | 平安科技(深圳)有限公司 | Data processing method and system based on interface checking, and computer device |
CN112217823A (en) * | 2020-10-13 | 2021-01-12 | 中国银行股份有限公司 | Interface authority control method and device based on dubbo frame |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9614875B2 (en) | Scaling a trusted computing model in a globally distributed cloud environment | |
US9769152B2 (en) | Attribute-based access control | |
US8639627B2 (en) | Portable digital rights for multiple devices | |
US9052939B2 (en) | Data compliance management associated with cloud migration events | |
JP5516821B2 (en) | System and method for remote maintenance of multiple clients in an electronic network using virtualization and authentication | |
US9491183B1 (en) | Geographic location-based policy | |
CN114026834A (en) | Multi-entity resource, security, and service management in edge computing deployments | |
CN105981331B (en) | Entity handling registry for supporting traffic policy enforcement | |
CN109635550B (en) | Permission verification method, gateway and system for cluster data | |
CN109462831B (en) | Method, distribution server and system for accessing network by application program in mobile terminal | |
CN102082821B (en) | Method and system for safely accessing cross-resource pool resources based on federal center | |
US9729465B2 (en) | Policy based application elasticity across heterogeneous computing infrastructure | |
CN110138767B (en) | Transaction request processing method, device, equipment and storage medium | |
CN108418814A (en) | Interface authentication method, apparatus and computer readable storage medium based on dubbo frames | |
CN103369038B (en) | Platform serves PaaS management platform and method | |
CN107846313A (en) | A kind of method and the network equipment of network service template generation | |
CN107480554A (en) | A kind of right management method, rights management device and intelligent terminal | |
US20210281555A1 (en) | Api key access authorization | |
US11522864B1 (en) | Secure identity transfer | |
CN112887199B (en) | Gateway, cloud platform, configuration method and device thereof, and computer-readable storage medium | |
CN112422555B (en) | Kubernetes-based resource authority management system and method for distributed system | |
CN108228197A (en) | A kind of method and apparatus for installing software in the cluster | |
CN107181801A (en) | A kind of electronic accessories storage method and terminal | |
CN107277640A (en) | Interactive approach, device and storage medium based on live platform | |
CN113312669B (en) | Password synchronization method, device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180817 |
|
RJ01 | Rejection of invention patent application after publication |