CN108718339A - Data processing method, device and server - Google Patents
Data processing method, device and server Download PDFInfo
- Publication number
- CN108718339A CN108718339A CN201810504061.XA CN201810504061A CN108718339A CN 108718339 A CN108718339 A CN 108718339A CN 201810504061 A CN201810504061 A CN 201810504061A CN 108718339 A CN108718339 A CN 108718339A
- Authority
- CN
- China
- Prior art keywords
- target
- request parameter
- target object
- parameter
- object service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title abstract description 21
- 238000000034 method Methods 0.000 claims abstract description 34
- 238000012545 processing Methods 0.000 claims description 46
- 238000000605 extraction Methods 0.000 claims description 25
- 238000004422 calculation algorithm Methods 0.000 claims description 7
- 238000006243 chemical reaction Methods 0.000 claims description 7
- 238000010586 diagram Methods 0.000 description 17
- 230000008569 process Effects 0.000 description 13
- 238000004891 communication Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000012795 verification Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the present invention proposes a kind of data processing method, device and server, is related to information technology field, this method includes:The http request of reception is handled, to generate destination request parameter corresponding with http request;According to destination request parameter, in preset database, target object service corresponding with destination request parameter is obtained;Http request is responded, target object service is converted into external object model.A kind of data processing method, device and the server that the embodiment of the present invention is provided, can reduce the input cost of enterprise.
Description
Technical Field
The invention relates to the technical field of information, in particular to a data processing method, a data processing device and a server.
Background
In the internet, enterprises and the collaboration of the enterprises become more and more compact, and many companies provide services of the enterprises to the partners to use, so that the value is maximized. With the development of company business, more and more services are exposed and access partners are provided. This is particularly important for the management of exposed services and the authority control of partners.
However, in the prior art, the access partner of the open platform is often implemented in a manner of adding new program codes. That is to say, for the access of a new partner, a series of processes such as http interface, permission verification, parameter conversion, internal service invocation and the like need to be added to support the invocation of the new partner, and the technical implementation mode needs to follow a complete on-line test process.
Disclosure of Invention
The invention aims to provide a data processing method, a data processing device and a server, which can reduce the investment cost of enterprises.
In order to achieve the above purpose, the embodiment of the present invention adopts the following technical solutions:
in a first aspect, an embodiment of the present invention provides a data processing method, where the method includes: processing the received http request to generate a target request parameter corresponding to the http request; according to the target request parameter, acquiring a target object service corresponding to the target request parameter in a preset database; and responding to the http request, and converting the target object service into an external object model.
In a second aspect, an embodiment of the present invention provides a data processing apparatus, where the apparatus includes: the target request parameter generation module is used for processing the received http request to generate a target request parameter corresponding to the http request; the target object service determining module is used for acquiring a target object service corresponding to the target request parameter in a preset database according to the target request parameter; and the external object model conversion module is used for responding to the http request and converting the target object service into an external object model.
In a third aspect, an embodiment of the present invention provides a server, where the server includes a memory configured to store one or more programs; a processor. The one or more programs, when executed by the processor, implement the data processing method described above.
Compared with the prior art, the data processing method, the data processing device and the data processing server provided by the embodiment of the invention have the advantages that all internal services provided by the server are uniformly configured and managed, the target request parameters are obtained by analyzing the http request according to the http request sent by the user terminal, and the internal services targeted by the http request are further determined according to the analyzed target request parameters; and the corresponding configuration is added or modified in the server, so that the internal service provided by the server can be added or modified, and the management is easy.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 shows a schematic application scenario diagram of a data processing method provided by an embodiment of the present invention;
FIG. 2 is a block diagram illustrating an exemplary architecture of a server provided by an embodiment of the present invention;
FIG. 3 is a schematic block diagram of a data processing apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic block diagram of a target request parameter generation module of a data processing apparatus according to an embodiment of the present invention;
FIG. 5 is a schematic block diagram of a target object service determination module of a data processing apparatus according to an embodiment of the present invention;
FIG. 6 is a schematic block diagram of a privilege check module of a data processing apparatus according to an embodiment of the present invention;
FIG. 7 is a schematic flow chart diagram of a data processing method provided by an embodiment of the present invention;
FIG. 8 is a schematic flow chart of the substeps of step S100 in FIG. 7;
FIG. 9 is a schematic flow chart of the substeps of step S300 in FIG. 7;
fig. 10 is a schematic flow chart of the sub-steps of step S200 in fig. 7.
In the figure: 10-a server; 20-a data processing device; 30-a user terminal; 110-a memory; 120-a processor; 130-a communication interface; 200-a target request parameter generation module; 210-an extraction configuration determination unit; 220-request parameter generation unit; 300-target object service determination module; 310-target object service determination unit; 320-target object service configuration extraction unit; 330-target object service extraction unit; 400-external object model conversion module; 500-permission check module; 510-a first judgment unit; 520-a second determination unit; 530-target signature generation unit; 540-a third judging unit; 600-error code feedback module.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present invention, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
In the description of the present invention, it should also be noted that, unless otherwise explicitly specified or limited, the terms "disposed" and "connected" are to be interpreted broadly, e.g., as being either fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Some embodiments of the invention are described in detail below with reference to the accompanying drawings. The embodiments described below and the features of the embodiments can be combined with each other without conflict.
Aiming at the objective defect that the enterprise implementation cost is high due to the fact that an open platform accesses a new partner and needs to follow a finished test online process in the prior art, the inventor provides a solution in the embodiment of the invention as follows: the unified management server 10 manages the external internal services, all the user terminals 30 and the respective configurations of each user terminal 30, and when a certain user terminal 30 accesses the internal service that the server 10 calls, the configuration corresponding to the certain user terminal 30 is called, that is, the configuration is matched with the corresponding internal service.
Specifically, referring to fig. 1, fig. 1 is a schematic application scenario diagram illustrating a data processing method according to an embodiment of the present invention, wherein a user terminal 30 and a server 10 are located in a wireless network or a wired network, and the user terminal 30 and the server 10 perform data interaction through the wireless network or the wired network. In the embodiment of the present invention, at least one application program (APP) is installed in the server 10, corresponding to the user terminal 30, so that when the user terminal 30 sends a service access request to the server 10, corresponding processing is performed.
For example, in a specific implementation scenario, after the partner establishes communication with the server 10 through the wireless network or the wired network using the user terminal 30, the partner sends a service request to the server 10, and the server 10 performs corresponding processing according to the received service request sent by the user terminal 30, so as to respond to the service request initiated by the user terminal 30.
Referring to fig. 2, fig. 2 is a schematic block diagram of a server 10 according to an embodiment of the present invention. The server 10 may be, but is not limited to, a Personal Computer (PC), a tablet PC, a laptop portable computer, a car computer, a Personal Digital Assistant (PDA), and the like. The server 10 includes a data processing device 20, a memory 110, a processor 120, and a communication interface 130.
The memory 110, processor 120 and communication interface 130 may be electrically connected to each other directly or indirectly to enable data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The data processing device 20 includes at least one software function module which may be stored in the memory 110 in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the server 10. The processor 120 may be configured to execute one or more programs stored in the memory 110, such as a software functional module or a computer program included in the data processing apparatus 20, to implement the data processing method provided by the embodiment of the present invention.
The Memory 110 may be, but is not limited to, a Random Access Memory (RAM), a Read Only Memory (ROM), a Programmable Read-Only Memory (PROM), an Erasable Read-Only Memory (EPROM), an electrically Erasable Read-Only Memory (EEPROM), and the like. The memory 110 may be configured to store one or more programs, and the processor 120 may execute the one or more programs after receiving the execution instruction, so as to implement a data processing method provided by the embodiment of the present invention. The method executed by the server 10 according to the process definition disclosed in any embodiment of the present invention can be applied to the processor 120, or can be implemented by the processor 120.
The processor 120 may be an integrated circuit chip having signal processing capabilities. The processor 120 may be a general-purpose processor, including a Central Processing Unit (CPU), a Network Processor (NP), a voice processor, a video processor, and the like; but may also be a digital signal processor, an application specific integrated circuit, a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor 120 may be any conventional processor or the like.
The communication interface 130 may be used to communicate signaling or data with other nodes or devices by the data processing apparatus 20.
It will be appreciated that the configuration shown in fig. 2 is merely illustrative and that server 10 may include more or fewer components than shown in fig. 2 or have a different configuration than shown in fig. 2. The components shown in fig. 2 may be implemented in hardware, software, or a combination thereof.
Specifically, referring to fig. 3, fig. 3 is a schematic structural diagram of a data processing apparatus 20 according to an embodiment of the present invention, in which the data processing apparatus 20 includes a target request parameter generation module 200, a target object service determination module 300, and an external object model conversion module 400. Wherein,
the target request parameter generating module 200 is configured to process the received http request to generate a target request parameter corresponding to the http request.
Specifically, referring to fig. 4, fig. 4 shows a schematic structural diagram of a target request parameter generating module 200 of a data processing apparatus 20 according to an embodiment of the present invention, in which the target request parameter generating module 200 includes an extraction configuration determining unit 210 and a request parameter generating unit 220. Wherein,
the extraction configuration determining unit 210 is configured to determine a parameter extraction configuration of the http request according to a URL prefix of the received http request, where the parameter extraction configuration represents a manner of processing the http request.
The request parameter generating unit 220 is configured to process the http request with the parameter extraction configuration, and generate a target request parameter corresponding to the http request.
The target object service determining module 300 is configured to obtain, according to the target request parameter, a target object service corresponding to the target request parameter in a preset database.
Specifically, referring to fig. 5, fig. 5 shows a schematic structural diagram of a target object service determining module 300 of the data processing apparatus 20 according to an embodiment of the present invention, where the target object service determining module 300 includes a target object service determining unit 310, a target object service configuration extracting unit 320, and a target object service extracting unit 330. Wherein,
the target object service determining unit 310 is configured to obtain a target object service model and a target object configuration parameter corresponding to the target request parameter in a preset database according to the target request parameter.
The target object service configuration extracting unit 320 is configured to obtain the target object service configuration of the target object service model in the preset database according to the target object configuration parameter.
The target object service extracting unit 330 is configured to determine a target corresponding service corresponding to the target request parameter according to the target object service model and the target object service configuration.
The external object model conversion module 400 is configured to convert the target object service into an external object model in response to the http request.
As an embodiment, with continued reference to fig. 3, in the embodiment of the present invention, the data processing apparatus 20 further includes a permission verification module 500 and an error code feedback module 600. Wherein,
the permission checking module 500 is configured to determine whether the target request parameter meets a permission requirement according to the target request parameter.
The error code feedback module 600 is configured to feed back a preset authority check error code when the target request parameter does not meet the authority requirement.
Specifically, referring to fig. 6, fig. 6 shows a schematic structural diagram of a permission checking module 500 of a data processing apparatus 20 according to an embodiment of the present invention, in which the permission checking module 500 includes a first determining unit 510, a second determining unit 520, a target signature generating unit 530 and a third determining unit 540. Wherein,
the first determining unit 510 is configured to determine whether a difference between the timestamp of the target request parameter and the current timestamp is smaller than a first preset value.
The second determining unit 520 is configured to determine whether the target IP address corresponding to the target request parameter exists in a preset white list when a difference between the timestamp of the target request parameter and the current timestamp is smaller than the first preset value.
The target signature generating unit 530 is configured to, when the target IP address corresponding to the target request parameter exists in the preset white list, process the target request parameter according to a preset signature algorithm to generate a target signature;
the third determining unit 540 is configured to determine whether the target signature is the same as the initial signature in the http request, where when the target signature is the same as the initial signature in the http request, it is determined that the target request parameter meets the permission requirement.
Specifically, referring to fig. 7, fig. 7 is a schematic flowchart illustrating a data processing method according to an embodiment of the present invention, where the data processing method includes the following steps:
step S100, processing the received http request to generate a target request parameter corresponding to the http request.
As shown in the application scenario of fig. 1, when a partner needs to access an internal service provided by an enterprise, the partner sends an http request to the server 10 of the enterprise through the user terminal 30 to obtain feedback from the server 10 about the access of the user terminal 30 to the internal service provided by the server 10. Correspondingly, the server 10 processes the http request according to the received http request to generate a target request parameter corresponding to the http request, so as to respond to the http request sent by the user terminal 30 according to the target request parameter, and access the internal service of the corresponding server 10.
There are various ways to determine target request parameters through an http request, and one implementation way provided by the embodiment of the present invention is as follows: and after the parameter extraction configuration of the http request is determined through the URL prefix of the http request, processing the http request according to the determined parameter extraction configuration to obtain the target request parameter corresponding to the http request. The step S100 may be executed by the target request parameter generating module 200. Specifically, referring to fig. 8, fig. 8 is a schematic flow chart of the sub-steps of step S100 in fig. 7, in the embodiment of the present invention, step S100 includes the following sub-steps:
and a substep S110, determining parameter extraction configuration of the http request according to the URL prefix of the received http request.
When the server 10 receives an internal service access request sent by the user terminal 30, according to the http request received from the user terminal 30, and according to the URL prefix of the http request, the parameter extraction configuration of the http request is determined. The http request is processed by the parameter extraction configuration representation, and different http request processing modes are different by different parameter extraction configuration representations to obtain target request parameters.
For example, for the standard format of a URL: the domain name/version number/type identifier/API identifier, where the version number of the server 10 is generally the same as the version number carried in the http request sent by the user terminal 30, but when an internal system of the server 10 is upgraded, the version number of the server 10 is different from the version number carried in the http request sent by the user terminal 30, that is, as the internal system of the server 10 is continuously upgraded, the version numbers carried in the http request sent to the server 10 by different user terminals 30 may be different, and therefore, when the server 10 receives a certain http request sent by a user terminal 30, it is necessary to invoke different processing manners according to the version number carried by the URL prefix of the http request.
Meanwhile, different types of identifiers may exist for different user terminals 30, such as post/form, post/json, post/custom xml format, and for different types of identifiers, different processing manners are often required to be invoked for processing. Wherein the substep S110 may be performed by the extraction configuration determining unit 210 described above.
And a substep S120, processing the http request by using the parameter extraction configuration, and generating a target request parameter corresponding to the http request.
According to the parameter extraction configuration of the http request determined in the substep S110, the http request is processed by the parameter extraction configuration, and then the target request parameter corresponding to the http request is generated. That is, according to the parameter extraction configuration of the http request determined in the substep S110, the method for processing the http request by the server 10 is determined, and then according to the determined processing method, the http request is processed to generate the target request parameter corresponding to the http request. Wherein the substep S120 may be performed by the request parameter generating unit 220 described above.
Step S300, according to the target request parameter, obtaining a target object service corresponding to the target request parameter in a preset database.
After obtaining the target request parameter corresponding to the http request sent by the user terminal 30 according to step S100, the server 10 obtains, in a preset database, the target object service corresponding to the target request parameter according to the target request parameter, where the target object service is an internal service provided by the server 10 to which the http request sent by the user terminal 30 is to be accessed. The step S300 may be executed by the target object service determination module 300.
Referring to fig. 9 as an embodiment, fig. 9 is a schematic flow chart of sub-steps of step S300 in fig. 7, in an embodiment of the present invention, step S300 includes the following sub-steps:
and a substep S310, obtaining a target object service model and a target object configuration parameter corresponding to the target request parameter from a preset database according to the target request parameter.
The server 10 obtains a target object service model and a target object configuration parameter corresponding to the target request parameter from a preset database according to the target request parameter corresponding to the http request obtained in step S100. The target object service model is a model of an internal service provided by the server 10 in the server 10, and the target object configuration parameters are configuration parameters required for configuring the target object service model. Wherein the substep S310 may be performed by the target object service determining unit 310 described above.
And a substep S320 of obtaining a target object service configuration corresponding to the target object service model in a preset database according to the target object configuration parameters.
In the target object service model and the target object configuration parameters corresponding to the http request obtained in substep S320, the target object configuration parameters cannot directly configure the target object service model by the user to form the target object service for the user terminal 30 to access, and the target object service model needs to be processed by the specific target corresponding service configuration to obtain the target object service corresponding to the http request. Therefore, after obtaining the target object configuration parameters, according to the target object configuration parameters, the target object service configuration corresponding to the target object service model is obtained in the preset database, so that the server 10 configures the target object service model according to the target object service configuration to form the target object service. Wherein the substep S320 may be performed by the target object service configuration extraction unit 320 described above.
And a substep S330 of determining a target object service corresponding to the target request parameter according to the target object service model and the target object service configuration.
The target object service model obtained in substep S310 is configured according to the target object service configuration obtained from the target object configuration parameters in substep S320, thereby determining the target object service corresponding to the target request parameters, in other words, the target object service model is configured according to the target object service configuration, thereby determining the target object service corresponding to the http request sent by the user terminal 30. Wherein the substep S330 may be performed by the target object service extracting unit 330 described above.
And step S400, responding to the http request, and converting the target object service into an external object model.
After obtaining the target object service corresponding to the http request according to step S300, the server 10 responds to the http request sent by the user terminal 30, and converts the target object service into an external object model matching the API interface of the user terminal 30, so that the user terminal 30 accesses the target object service. The step S400 may be executed by the external object model conversion module 400.
Based on the above design, the data processing method provided in the embodiment of the present invention performs unified configuration management on all internal services provided by the server 10, obtains the target request parameter by analyzing the http request according to the http request sent by the user terminal 30, and further determines the internal service targeted by the http request according to the analyzed target request parameter, so that compared with the prior art, when a partner connects the internal service provided by the enterprise through the server 10 via the user terminal 30, the work flow of developers can be reduced, and the investment cost of the enterprise can be further reduced; and corresponding configuration is newly added or modified in the server 10, so that internal services provided by the server 10 can be newly added or modified, and the management is easy.
In order to avoid some malicious attacks from non-partners or partners, some security configurations are often required to be performed on the server 10, and an implementation manner provided by the embodiment of the present invention is as follows: when the user terminal 30 sends an http request to the server 10 to request access to the internal service provided by the server 10, it is checked whether the http request of the user terminal 30 has the right to access the internal service provided by the server 10. Specifically, referring to fig. 7 again, in the embodiment of the present invention, before step S300, the data processing method further includes step S200 of determining whether the target request parameter meets the permission requirement?
For the http request sent by the user terminal 30, according to the target request parameter obtained by the server 10 by analyzing the http request and the corresponding relationship between the preset target request parameter and the partner, the server 10 can determine the specific partner corresponding to the http request, and further determine whether the specific partner has the right to access the internal service provided by the server 10 according to the specific partner. That is, in the server 10, by determining whether the target request parameter satisfies the authority requirement preset by the server 10, it is further determined whether the corresponding user terminal 30 has the authority requirement for accessing the internal service provided by the server 10. When the target request parameter meets the permission requirement, that is, the user terminal 30 is represented to meet the permission requirement of the server 10, the user terminal 30 may be allowed to access the internal service provided by the server 10, that is, step S300 is executed; if the target request parameter does not satisfy the permission requirement, i.e. the characteristic that the user terminal 30 does not satisfy the permission requirement of the server 10, the server 10 will refuse to access the user terminal 30 to the internal service provided by the server 10, i.e. step S500 is executed. The step S200 may be executed by the permission verification module 500.
Specifically, as an implementation manner, please refer to fig. 10, fig. 10 is a schematic flowchart of the sub-steps of step S200 in fig. 7, in an embodiment of the present invention, step S200 includes the following sub-steps:
sub-step S210, determining whether a difference between a timestamp of the target request parameter and a current timestamp is less than a first preset value? If so, performing substep S220; if not, go to step S500.
When the user terminal 30 sends an http request to the server 10, the server 10 performs difference calculation according to a target request parameter parsed from the http request, and further according to a timestamp included in the target request parameter and a current timestamp, and determines whether a difference between the timestamp of the target request parameter and the current timestamp is smaller than a first preset value, only when the difference between the timestamp of the target request parameter and the current timestamp is smaller than the first preset value, the server 10 continues to perform the substep S220, otherwise, the step S500 is performed, so as to avoid request playback of the user terminal 30. The sub-step S210 may be performed by the first determining unit 510.
As an embodiment, the first preset value may be set to 60 seconds. Of course, it is understood that the first preset value can also be set to other values, such as 30 seconds, 90 seconds, and so on.
Substep S220, determine whether the target IP address corresponding to the target request parameter exists in the preset white list? If yes, go on to execute substep S230; if not, go to step S500.
After the timestamp of the target request parameter and the current timestamp are determined to be smaller than the first preset value, the http request for the user terminal does not belong to request playback, and at this time, the substep S220 is executed to determine whether the target IP address corresponding to the target request parameter exists in a white list preset by the server 10. The preset white list represents the IP address of the user terminal 30 allowed to be accessed by the server 10, and represents the user terminal 30 as the user terminal 30 allowed to be accessed to the internal service provided by the server 10 only when the target IP address of the user terminal 30 exists in the preset white list.
Meanwhile, only when the target IP address corresponding to the target request parameter is determined to exist in the preset white list, the substep S230 is continuously executed; if the target IP address corresponding to the target request parameter does not exist in the preset white list, step S500 is executed. Thereby avoiding malicious attacks by non-enterprise partners. The sub-step S220 may be performed by the second determination unit 520.
And a substep S230, processing the target request parameter according to a preset signature algorithm, and generating a target signature.
After the sub-step S220 determines that the target IP address corresponding to the target request parameter exists in the preset white list, it represents that the user terminal 30 corresponding to the target request parameter may be the user terminal 30 allowed to be accessed by the server 10, at this time, the target request parameter is processed according to a preset signature algorithm, so as to generate a target signature corresponding to the target request parameter. Wherein the substep S230 may be performed by the target signature generating unit 530 described above.
Substep S240, determine if the target signature is the same as the initial signature in the http request? If the target request is the same as the authority request, judging that the target request meets the authority requirement; if not, if the target request parameter is judged not to meet the permission requirement.
After the substep S230 or the target signature corresponding to the target request parameter, the target signature is compared with the initial signature included in the http request according to the target signature. The http request includes an initial signature generated by the user terminal 30 processing the target request parameter according to a preset signature algorithm, and generally, the generated signatures are different because different signature algorithms process the same target request parameter; moreover, the same signature algorithm processes different target request parameters, and the generated signatures are also different. Therefore, if the target signature is the same as the initial signature included in the http request, it is characterized that the user terminal 30 is the user terminal 30 allowed to be accessed by the server 10, that is, the target request parameter meets the permission requirement of the server 10; if the target signature is different from the initial signature included in the http request, it is characterized that the user terminal 30 is not the user terminal 30 allowed to be accessed by the server 10, that is, the target request parameter does not satisfy the permission requirement of the server 10, thereby preventing malicious attack of non-enterprise partners. The substep S240 may be executed by the third judging unit 540 described above.
Meanwhile, as an embodiment, when the target request parameter does not satisfy the permission requirement, step S500 is executed to feed back a preset permission check error code.
When the target request parameter does not satisfy the authority requirement of the server 10, the server 10 will reject the request of the user terminal 30 for accessing the internal service provided by the server 10, and feed back a preset authority check error code to the user terminal 30 to indicate to the user terminal 30 that the user terminal 30 does not have the authority to access the internal service provided by the server 10. The step S500 may be executed by the error code feedback module 600.
Based on the above design, the data processing method provided in the embodiment of the present invention performs permission verification on the target request parameter to ensure that the user terminal 30 accesses the internal service provided by the server 10 on the premise of satisfying the permission, so as to prevent the server 10 from being attacked maliciously.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative and, for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, each functional module in the embodiments of the present invention may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiment of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
In summary, according to the data processing method, the data processing apparatus, and the server provided in the embodiments of the present invention, by performing unified configuration management on all internal services provided by the server 10, and according to an http request sent by the user terminal 30, obtaining a target request parameter by analyzing the http request, and further determining an internal service targeted by the http request according to the analyzed target request parameter, compared with the prior art, when a partner connects an enterprise through the user terminal 30 with the internal service provided by the server 10, a workflow of a developer can be reduced, and further, an investment cost of the enterprise can be reduced; and the corresponding configuration is newly added or modified in the server 10, so that the internal service provided by the server 10 can be newly added or modified, and the management is easy; and the authority verification is carried out on the target request parameter so as to ensure that the user terminal 30 accesses the internal service provided by the server 10 on the premise of meeting the authority, thereby preventing the server 10 from being attacked maliciously.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (10)
1. A method of data processing, the method comprising:
processing the received http request to generate a target request parameter corresponding to the http request;
according to the target request parameter, acquiring a target object service corresponding to the target request parameter in a preset database;
and responding to the http request, and converting the target object service into an external object model.
2. The method of claim 1, wherein the step of processing the received http request to generate target request parameters corresponding to the http request comprises:
determining parameter extraction configuration of the http request according to a URL prefix of the received http request, wherein the parameter extraction configuration represents a mode for processing the http request;
and processing the http request by the parameter extraction configuration to generate a target request parameter corresponding to the http request.
3. The method as claimed in claim 1, wherein the step of obtaining the target object service corresponding to the target request parameter in a preset database according to the target request parameter comprises:
according to the target request parameter, obtaining a target object service model and a target object configuration parameter corresponding to the target request parameter from a preset database;
obtaining a target object service configuration corresponding to the target object service model in the preset database according to the target object configuration parameters;
and determining the target object service corresponding to the target request parameter according to the target object service model and the target object service configuration.
4. The method as claimed in claim 1, wherein before the step of obtaining the target object service corresponding to the target request parameter in a preset database according to the target request parameter, the method further comprises:
and determining whether the target request parameter meets the authority requirement or not according to the target request parameter, wherein when the target request parameter meets the authority requirement, the step of acquiring a target object service corresponding to the target request parameter in a preset database according to the target request parameter is executed.
5. The method of claim 4, wherein said step of determining whether said target request parameter satisfies an entitlement requirement based on said target request parameter comprises:
judging whether the difference value between the timestamp of the target request parameter and the current timestamp is smaller than a first preset value or not;
when the difference value between the timestamp of the target request parameter and the current timestamp is smaller than the first preset value, judging whether a target IP address corresponding to the target request parameter exists in a preset white list or not;
when the target IP address corresponding to the target request parameter exists in the preset white list, processing the target request parameter according to a preset signature algorithm to generate a target signature;
and judging whether the target signature is the same as the initial signature in the http request, wherein when the target signature is the same as the initial signature in the http request, the target request parameter is judged to meet the permission requirement.
6. The method as claimed in claim 4, wherein before the step of obtaining the target object service corresponding to the target request parameter in a preset database according to the target request parameter, the method further comprises:
and feeding back a preset authority check error code when the target request parameter does not meet the authority requirement.
7. A data processing apparatus, characterized in that the apparatus comprises:
the target request parameter generation module is used for processing the received http request to generate a target request parameter corresponding to the http request;
the target object service determining module is used for acquiring a target object service corresponding to the target request parameter in a preset database according to the target request parameter;
and the external object model conversion module is used for responding to the http request and converting the target object service into an external object model.
8. The apparatus of claim 7, wherein the target object service determination module comprises:
the target object service determining unit is used for acquiring a target object service model and a target object configuration parameter corresponding to the target request parameter in a preset database according to the target request parameter;
the target object service configuration extraction unit is used for acquiring the target object service configuration of the target object service model in the preset database according to the target object configuration parameters;
and the target object service extraction unit is used for determining a target corresponding service corresponding to the target request parameter according to the target object server model and the target object service configuration.
9. The apparatus of claim 7, wherein the apparatus further comprises:
and the authority checking module is used for determining whether the target request parameter meets the authority requirement or not according to the target request parameter.
10. A server, comprising:
a memory for storing one or more programs;
a processor;
the one or more programs, when executed by the processor, implement the method of any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810504061.XA CN108718339A (en) | 2018-05-23 | 2018-05-23 | Data processing method, device and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810504061.XA CN108718339A (en) | 2018-05-23 | 2018-05-23 | Data processing method, device and server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108718339A true CN108718339A (en) | 2018-10-30 |
Family
ID=63900497
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810504061.XA Pending CN108718339A (en) | 2018-05-23 | 2018-05-23 | Data processing method, device and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108718339A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760133A (en) * | 2022-04-15 | 2022-07-15 | 中国电信股份有限公司 | RESTful interface authentication method, device, system, equipment and medium |
| CN116560641A (en) * | 2023-04-19 | 2023-08-08 | 上海百秋智尚网络服务有限公司 | Automatic interface generation method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102073953A (en) * | 2009-11-24 | 2011-05-25 | 阿里巴巴集团控股有限公司 | On-line payment method and system |
| CN103581173A (en) * | 2013-09-11 | 2014-02-12 | 北京东土科技股份有限公司 | Safe data transmission method, system and device based on industrial Ethernet |
| US20170315524A1 (en) * | 2016-04-27 | 2017-11-02 | Hypertherm, Inc. | Systems and methods for wireless communications between components of a material processing system |
| CN107733922A (en) * | 2017-11-20 | 2018-02-23 | 百度在线网络技术(北京)有限公司 | Method and apparatus for calling service |
-
2018
- 2018-05-23 CN CN201810504061.XA patent/CN108718339A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102073953A (en) * | 2009-11-24 | 2011-05-25 | 阿里巴巴集团控股有限公司 | On-line payment method and system |
| CN103581173A (en) * | 2013-09-11 | 2014-02-12 | 北京东土科技股份有限公司 | Safe data transmission method, system and device based on industrial Ethernet |
| US20170315524A1 (en) * | 2016-04-27 | 2017-11-02 | Hypertherm, Inc. | Systems and methods for wireless communications between components of a material processing system |
| CN107733922A (en) * | 2017-11-20 | 2018-02-23 | 百度在线网络技术(北京)有限公司 | Method and apparatus for calling service |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760133A (en) * | 2022-04-15 | 2022-07-15 | 中国电信股份有限公司 | RESTful interface authentication method, device, system, equipment and medium |
| CN114760133B (en) * | 2022-04-15 | 2023-10-03 | 中国电信股份有限公司 | RESTful interface authentication method, device, system, equipment and medium |
| CN116560641A (en) * | 2023-04-19 | 2023-08-08 | 上海百秋智尚网络服务有限公司 | Automatic interface generation method, device, equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10949335B2 (en) | Designer defined mocking service behavior | |
| CN109543891B (en) | Method and apparatus for establishing capacity prediction model, and computer-readable storage medium | |
| CN111290742A (en) | Parameter verification method and device, electronic equipment and readable storage medium | |
| US10630399B2 (en) | Testing distributed applications that have an established exchange in an advanced message queuing protocol (AMQP) message broker | |
| CN110222535B (en) | Processing device, method and storage medium for block chain configuration file | |
| CN112685709B (en) | Authorization token management method and device, storage medium and electronic equipment | |
| US12074912B2 (en) | Dynamic, runtime application programming interface parameter labeling, flow parameter tracking and security policy enforcement | |
| CN112380145A (en) | SDK generation method, device, equipment and readable storage medium | |
| CN111294347B (en) | Safety management method and system for industrial control equipment | |
| CN111782652B (en) | Data calling method, device, computer equipment and storage medium | |
| CN114398631A (en) | Business processing method and device, electronic equipment and storage medium | |
| CN108718339A (en) | Data processing method, device and server | |
| CN108170537B (en) | Game API realization method, device, interface server and readable storage medium | |
| CN114598750A (en) | Data request processing method and device and storage medium | |
| CA2967270A1 (en) | Techniques to transform network resource requests to zero rated network requests | |
| CN109992298B (en) | Examination and approval platform expansion method and device, examination and approval platform and readable storage medium | |
| CN110443291B (en) | Model training method, device and equipment | |
| CN112995164A (en) | Resource access authentication method and device, storage medium and electronic equipment | |
| CN114666418B (en) | Service system connection method, device and storage medium | |
| CN115495196A (en) | Container mirror image compliance checking method and system for container cloud platform | |
| US10019582B1 (en) | Detecting application leaks | |
| CN113296832A (en) | Data processing method and device and electronic equipment | |
| CN113590352A (en) | Data calling method, device, equipment and readable storage medium | |
| CN113778780A (en) | Application stability determination method and device, electronic equipment and storage medium | |
| CN111652580A (en) | Method and device for processing data of nodes |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181030 |
|
| RJ01 | Rejection of invention patent application after publication |