CN108924125A - Control method, device, computer equipment and the storage medium of interface calling permission - Google Patents

Control method, device, computer equipment and the storage medium of interface calling permission Download PDF

Info

Publication number
CN108924125A
CN108924125A CN201810698726.5A CN201810698726A CN108924125A CN 108924125 A CN108924125 A CN 108924125A CN 201810698726 A CN201810698726 A CN 201810698726A CN 108924125 A CN108924125 A CN 108924125A
Authority
CN
China
Prior art keywords
user
product
interface
permission
tenant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810698726.5A
Other languages
Chinese (zh)
Other versions
CN108924125B (en
Inventor
马煜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhao Yin Yun Chuang (shenzhen) Information Technology Co Ltd
Original Assignee
Zhao Yin Yun Chuang (shenzhen) Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhao Yin Yun Chuang (shenzhen) Information Technology Co Ltd filed Critical Zhao Yin Yun Chuang (shenzhen) Information Technology Co Ltd
Priority to CN201810698726.5A priority Critical patent/CN108924125B/en
Publication of CN108924125A publication Critical patent/CN108924125A/en
Application granted granted Critical
Publication of CN108924125B publication Critical patent/CN108924125B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles

Abstract

The present invention relates to control method, device, computer equipment and storage mediums that interface calls permission, belong to technical field of the computer network.The method includes:The user login information that API gateway is sent is received, the product permission of currently logged on user is determined according to the user login information;The product permission is returned to API gateway, forwards the call request of product interface to trigger API gateway to business service;The interface authentication request that business service is sent is received, calls permission to identify according to product interface of the interface authentication request to currently logged on user;If product interface calls permission, identification passes through, and returns to interface response instruction to the business service;To trigger the function that the business service executes the product corresponding interface.Above-mentioned technical proposal solves the problems, such as the permission control complexity height called to multiuser interface, low efficiency, can call to the interface of users multiple in tenant and carry out effective permission control.

Description

Control method, device, computer equipment and the storage medium of interface calling permission
Technical field
The present invention relates to technical field of the computer network, and control method, the device, meter of permission are called more particularly to interface Calculate machine equipment and storage medium.
Background technique
Relative to traditional technology, SAAS (Software-as-a-Service, software service) is from framework level Difference is Multi-Tenant (multi-tenant) mode, and SAAS provides for tenant and hire out application, and tenant can be arrived by network connection In the SAAS, and call corresponding interface.In realizing process of the present invention, inventor's discovery at least exists as follows in the prior art Problem:One tenant may include multiple users, and different users may need to call different interfaces, while different user It may be different to the permission of different product and interface.This results in the permission control complexity height called to multiuser interface, effect Rate is low.
Summary of the invention
Based on this, the present invention provides interface call permission control method, device, computer equipment and storage medium, The interface of users multiple in tenant can be called and carry out effective permission control.
The content of the embodiment of the present invention is as follows:
A kind of interface calls the control method of permission, includes the following steps:It receives the user that API gateway is sent and logs in letter Breath, the product permission of currently logged on user is determined according to the user login information;Return to currently logged on user's to API gateway Product permission, to trigger product interface call request of the API gateway to business service forwarding currently logged on user;Reception business clothes The interface authentication request that business is sent calls permission to carry out according to product interface of the interface authentication request to currently logged on user Identification;The product interface call request that the interface authentication request is forwarded according to API gateway obtains;If product interface calls permission Identification passes through, and returns to interface response instruction to the business service;The interface response instruction is for triggering the business service Execute the function of the product corresponding interface.
The user login information for receiving API gateway and sending in one of the embodiments, logs according to the user Before information determines the step of product permission of currently logged on user, further include:Receive the registration request of tenant;The registration is asked It include that the tenant requests the product of registration and the user information of multiple users in asking;It is institute according to the registration request It states tenant to register, determines product permission of the multiple user under each product, and determine that each product permission is corresponding Token.
Product permission of the multiple user of the determination under each product in one of the embodiments, and determine After the step of each product permission corresponding token, further include:The product permission is stored in the permissions data pre-established In library, and the token is returned into the tenant, so that the token is distributed to corresponding user by the tenant.
The user login information includes token in one of the embodiments,;There are effective times by the token;Institute Before the step of stating the product permission for determining currently logged on user according to the user login information, further include:Described in judgement Whether token is within effective time.
The product permission that currently logged on user is determined according to the user login information in one of the embodiments, The step of, including:If the token is within effective time, product power corresponding with the token in search access right database Limit, obtains the product permission of currently logged on user.
Multiple tenant ID and User ID are stored in the rights database in one of the embodiments,;The reception The user login information that API gateway is sent, the step of the product permission of currently logged on user is determined according to the user login information After rapid, further include:If it is determined that currently logged on user has the permission using corresponding product, stored according to the rights database Tenant ID and User ID be that the currently logged on user distributes tenant ID and User ID, and by the tenant ID distributed and user ID returns to the API gateway.
The interface authentication request is forwarded according to API gateway in one of the embodiments, product interface call request, Tenant ID and User ID obtain;It is described according to the interface authentication request to the product interface of currently logged on user call permission into The step of row identification, including:According to the interface authentication request, corresponding tenant ID and User ID are identified;If described Corresponding tenant ID and User ID identification pass through, then product interface calls permission identification to pass through, and currently logged on user, which has, to be called The permission of corresponding interface.
Correspondingly, the embodiment of the present invention provides a kind of control device of interface calling permission, including:Product authentication module, For receiving the user login information of API gateway transmission, the product of currently logged on user is determined according to the user login information Permission;Permission return module, for returning to the product permission of currently logged on user to API gateway, to trigger API gateway to business The product interface call request of service forwarding currently logged on user;Interface authentication module, for receiving connecing for business service transmission Mouth authentication request calls permission to identify according to product interface of the interface authentication request to currently logged on user;It is described The product interface call request that interface authentication request is forwarded according to API gateway obtains;Interface respond module, if being used for product interface It calls permission identification to pass through, returns to interface response instruction to the business service;The interface response instruction is described for triggering Business service executes the function of the product corresponding interface.
Above-mentioned interface calls the control method and device of permission, when different users logs in, determines that each user is corresponding Product and user need to call which of product interface.Product to each user and the interface to be called Permission identification is carried out respectively:Whether unified certification service is first determined with access to the permission of corresponding product user;It produces Product permission judges whether the user has permission again and calls corresponding interface after determining;If the permission identification of interface passes through, control Business service processed executes the function of user institute calling interface.The permission of multi-user can be controlled and be managed collectively, while is right It can be carried out targeted identification in different users, the efficiency of multi-user authority control can be effectively improved.
A kind of computer equipment can be run on a memory and on a processor including memory, processor and storage Computer program, the processor realize following steps when executing the computer program:The user that API gateway is sent is received to step on Information is recorded, the product permission of currently logged on user is determined according to the user login information;Current log in is returned to API gateway to use The product permission at family, to trigger product interface call request of the API gateway to business service forwarding currently logged on user;Receive industry The interface authentication request that business service is sent calls permission according to product interface of the interface authentication request to currently logged on user It is identified;The product interface call request that the interface authentication request is forwarded according to API gateway obtains;If product interface calls Permission identification passes through, and returns to interface response instruction to the business service;The interface response instruction is for triggering the business The function of product corresponding interface described in service execution.
Above-mentioned computer equipment can control the permission of multi-user and be managed collectively, simultaneously for different users It can be carried out targeted identification, the efficiency of multi-user authority control can be effectively improved.
A kind of computer readable storage medium, is stored thereon with computer program, and the computer program is held by processor Following steps are realized when row:The user login information that API gateway is sent is received, is currently stepped on according to user login information determination Employ the product permission at family;The product permission of currently logged on user is returned to, to API gateway to trigger API gateway to business service Forward the product interface call request of currently logged on user;The interface authentication request that business service is sent is received, is connect according to described Mouth authentication request calls permission to identify the product interface of currently logged on user;The interface authentication request is according to API net The product interface call request for closing forwarding obtains;If product interface calls permission, identification passes through, and connects to business service return Mouth response instruction;The interface response instruction executes the function of the product corresponding interface for triggering the business service.
Above-mentioned computer readable storage medium can control the permission of multi-user and be managed collectively, simultaneously for not Same user can be carried out targeted identification, can effectively improve the efficiency of multi-user authority control.
Detailed description of the invention
Fig. 1 is the applied environment figure for the control method that interface calls permission in one embodiment;
Fig. 2 is the flow diagram for the control method that interface calls permission in one embodiment;
Fig. 3 is the schematic diagram of the product table of rights database in one embodiment;
Fig. 4 is the schematic diagram of the product authority list of rights database in one embodiment;
Fig. 5 is the timing diagram for the control method that interface calls permission in one embodiment;
Fig. 6 is the flow diagram for the control method that interface calls permission in another embodiment;
Fig. 7 is the structural block diagram for the control device that interface calls permission in one embodiment;
Fig. 8 is the internal structure of computer equipment in one embodiment.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
Interface provided by the present application calls the control method of permission, can be applied in application environment as shown in Figure 1.Its In, external system 101 is communicated with management of product center 102 by network, and external system 101 is to management of product center 102 Registration obtains the permission using certain products and product corresponding interface.When external system 101 needs to call management of product center When the function of 102 a certain interfaces, corresponding product and interface authority are identified in management of product center, when identification passes through, There is provided interface corresponding function for the external system 101.External system 101 and management of product center 102 may each be terminal or Person's server.Wherein, terminal can be, but not limited to be various personal computers, laptop, smart phone, tablet computer and Portable wearable device, server can be with the server clusters of the either multiple server compositions of independent server come real It is existing.
In one embodiment, management of product center 102 can refer to that SAAS (Software as a Service) is serviced, The SAAS service may include API gateway, business service and unified certification service etc..Wherein, business service and unified certification Service may each be server.
SAAS provides complete software solution, and tenant can be purchased in a manner of fee-for-use from cloud service provider The product of SAAS offer is provided.User can be connected to the application by Internet (usually using Web browser).SAAS services institute Some foundation structure, middleware, application software and application data are all located in the data center of service provider.Service provider It is responsible for management hardware and software, and is ensured according to service agreement appropriate using the availability and safety with data.SAAS clothes Business can allow user to be quickly constructed and put into operation by the application of minimum preceding period cost.
SAAS service can store product (including but not limited to software product), product resource, money by rights database The information such as source license, product permission, tenant, tenant role, user.The customized product resource of product, resource grant and product Permission, each interface correspond to one group of resource and resource grant.SAAS is serviced while being provided tenant's registration and tenant's user management Service.SAAS service may include SAAS service login platform, and tenant user can call the SAAS service login platform, SAAS Service carries out registration according to tenant and tenant's user information for tenant user and determines the corresponding product permission of each product and production Product permission deposit caching (rights database).Tenant calls the corresponding product resource of SAAS service open interface registration, resource to be permitted It can be with product permission.When there is the user in tenant to need to call a certain interface, SAAS is serviced according to corresponding resource and resource The permission of the user is identified in license.
In one embodiment, entire interface calls the control method of permission can be in micro services framework It is realized in (MicroService Architecture).Wherein, micro services are a kind of framework styles, are by one or more micro- Service a large complicated software application of composition.Each micro services in framework can be disposed independently, between each micro services It is loose coupling.Each micro services, which only focus on, to be completed a task and completes the task well, each Charge-de-Mission one A small professional ability.Specific to the embodiment of the present invention, external system, API gateway, business service and unified certification service are equal It can refer to a micro services, cooperate between these micro services, realize effective control to user right.Wherein, external system System refers to the system where tenant.
The embodiment of the present invention provides control method, device, computer equipment and the storage medium of a kind of interface calling permission. It is described in detail separately below.
In one embodiment, as shown in Fig. 2, providing a kind of control method of interface calling permission.It answers in this way For being illustrated for the unified certification server-side in SAAS service, include the following steps:
S201, the user login information that API gateway (api-gateWay) is sent is received, according to the user login information Determine the product permission of currently logged on user.
In this step, institute's product to be used is determined when user logs in and sends out the corresponding user login information of the product Give API gateway;After API gateway receives the user login information, unified certification service, unified certification service are sent it to Judge whether user has the permission using corresponding product according to user login information.
Wherein, API gateway refers to the entrance of external system access SAAS service, and external system passes through the API gateway energy It is enough to be interacted with SAAS service, call the interface of SAAS service.Unified certification service is accomplished that the identification to information, unified Authentication service realized by server, the embodiment of the present invention to the form of unified certification service with no restrictions.
In one embodiment, user login information may include user information, product information and corresponding with the product Token, token computer identity certification in be token, unified certification service can determine that the production of login user according to token Product permission, that is, determine whether the login user has the permission using corresponding product.
In one embodiment, it when the interface that user needs that SAAS is called to service, needs to establish connection with SAAS service Relationship can log in SAAS service by SAAS service login platform.
In one embodiment, when user logs in, message is sent to API gateway, which includes stem (header), institute The information such as product, the interface recalls information of selection.API gateway carries out safety, integrality etc. after user logs in, to message Verifying.
S202, the product permission that currently logged on user is returned to API gateway, are forwarded with triggering API gateway to business service The product interface call request of currently logged on user.
In this step, after unified certification services the product permission for determining currently logged on user, the production is returned to API gateway Product permission, to trigger product interface call request of the API gateway to business service forwarding currently logged on user.
In one embodiment, product permission can be that corresponding product can be used, cannot use corresponding product etc..
In one embodiment, if unified certification, which services, determines that currently logged on user has the permission using corresponding product, Product the authentication is passed information is returned to API gateway, so that the interface of API gateway triggering following authenticates.If unified certification service is true Determine the permission that currently logged on user does not use corresponding product, then returns to product failed authentication information to API gateway.API gateway Receive after product failed authentication information can not triggering following interface authentication, i.e., no longer carry out the process of interface authentication.
S203, the interface authentication request that business service is sent is received, current log in is used according to the interface authentication request The product interface at family calls permission to be identified;The product interface calling that the interface authentication request is forwarded according to API gateway is asked It asks to obtain.
In this step, unified certification service is fed back after determining that user has using the permission of corresponding product to API gateway Product permission identifies the information passed through.API gateway is after determining that user has using the permission of corresponding product, when being logged according to user Product interface call request determine that user needs which interface called, and generate product interface call request, which connect Mouth call request is sent to business service, and business service generates interface authentication request according to the product interface call request, and will The interface authentication request is sent to unified certification service, calls the permission of corresponding interface to reflect by unified certification service for user It is fixed.
Wherein, business service refers to the server for handling concrete application, i.e., when user logs in and product permission is reflected After passing through calmly, specific interface service is completed:The product interface call request of currently logged on user is passed through into interface authentication request Mode be sent to unified certification service, interface authority identification pass through after, the business of corresponding interface is handled, with response user's Product interface call request.
If S204, product interface call permission, identification passes through, and returns to interface response instruction to the business service;It is described to connect Mouth response instruction executes the function of the product corresponding interface for triggering the business service.
In this step, if the permission identification of interface passes through, unified certification service returns to interface response instruction to business service. Business service responds the function of instruction execution corresponding interface according to the interface.
The present embodiment can control the permission of multi-user and be managed collectively, can be carried out simultaneously for different users Targetedly identification can effectively improve the efficiency of multi-user authority control.
In one embodiment, the user login information for receiving API gateway and sending, according to the user login information Before the step of determining the product permission of currently logged on user, further include:Receive the registration request of tenant;In the registration request It include that the tenant requests the product of registration and the user information of multiple users;It is the rent according to the registration request Family is registered, and determines product permission of the multiple user under each product, and determines that each product permission is corresponding token。
In one embodiment, it when certain product of the tenant in needing to service using SAAS, is serviced to SAAS and sends note Volume is requested, and the product, desired which interface registered in the product and tenant institute to be registered is included in the registration request Including user.Tenant pays corresponding expense according to the charging standard that SAAS is serviced.Unified certification service in SAAS service It is that the tenant registers according to the registration request, i.e., each user uses the permission of corresponding product and interface in determining tenant, Product permission is embodied by token.
The present embodiment is registered for tenant, determines that the user in tenant to the access right of corresponding product and interface, is The subsequent permission to user's calling physical interface carries out identification and prepares, and is able to achieve centralized management of the SAAS service to tenant, has The product that effect prevents unregistered user from SAAS service arbitrarily being used to provide.
In one embodiment, product permission of the multiple user of the determination under each product, and determination is each After the step of product permission corresponding token, further include:The product permission is stored in the rights database pre-established In, and the token is returned into the tenant, so that the token is distributed to corresponding user by the tenant.
In one embodiment, token can also be stored in rights database, unified certification service based on subscriber is sent The direct search access right database of token in whether with the presence of corresponding token, that is, can determine the user whether have using correspond to The permission of product.
Determining product permission is stored in the rights database pre-established, and the token is returned by the present embodiment To the tenant, tenant receives the token.Tenant is serviced to SAAS in the product for needing to be serviced using SAAS and sends request, And the token is taken in request message, to show itself attribute, unified certification service is facilitated to identify it.It will produce Product permission is stored in rights database, it needs to be determined that login user product permission when inquire the rights database and can learn As a result, it is convenient direct, the control efficiency that interface calls permission can be effectively improved.
In one embodiment, the user login information includes token;There are effective times by the token;Described Before the step of determining the product permission of currently logged on user according to the user login information, further include:Judging the token is It is no within effective time.
In the present embodiment, unified certification service determined whether to carry out subsequent permission number according to the effective time of token According to library inquiry.If the effective time of token terminates, it is not necessarily to search access right database, determines user without using corresponding product Permission;If the effective time of token is not finished, subsequent product authentication process is completed.
In one embodiment, the step of the product permission that currently logged on user is determined according to the user login information Suddenly, including:If the token, within effective time, product permission corresponding with the token, obtains in search access right database To the product permission of currently logged on user.
In one embodiment, it may include token in the heading of user login information, selected product, connect The information such as mouth recalls information.API gateway obtains token from the stem of message, and token is sent to unified certification service, by Unified certification service determines whether user has the permission using corresponding product according to the token.
In one embodiment, product permission corresponding with the token in search access right database, is currently logged in The step of product permission of user, including:According to Product Definition information corresponding in token search access right database;Determine with The corresponding authority definition information of the Product Definition information, judging whether the user has according to the authority definition information makes With the permission of corresponding product.
Wherein, Product Definition information refer to servicing to SAAS provided by the relevant title of product, ID, function description, The information such as Permission Levels can store in the product table of rights database, and product table is as shown in Figure 3.Authority definition information refers to Be to user using a certain product permission information, can store in the product authority list of rights database, product power Table is limited as shown in figure 4, in the product authority list, includes the information such as permission ID, product IDs, authority name.Wherein, product table It is relevant between product authority list.Unified certification service can be inquired each provided by SAAS service by product table Product can be inquired when receiving the user login information of API gateway transmission according to the token in user login information Product authority list simultaneously determines that the user uses the permission of the product.
In one embodiment, rights database can not also include product table, directly by Product Definition information and permission Information is defined to be placed in a product authority list.
The present embodiment determines whether user has the permission using corresponding product in conjunction with effective time and product permission, can The accuracy of dual guarantee permission identification.
In one embodiment, multiple tenant ID (enterprise ID) and user are stored in the rights database ID(user ID);The user login information for receiving API gateway and sending, is currently stepped on according to user login information determination After the step of employing the product permission at family, further include:If it is determined that currently logged on user has the permission using corresponding product, according to The stored tenant ID of the rights database and User ID are that the currently logged on user distributes tenant ID and User ID, and will The tenant ID and User ID distributed returns to the API gateway.
In one embodiment, if it is determined that currently logged on user has the permission using corresponding product, then after user logs in Tenant ID and User ID are distributed for the currently logged on user.Therefore, the user for being capable of providing tenant ID and user's id information is Through the user for logging in SAAS service and having passed through the identification of product permission.
The present embodiment is convenient for subsequent docking to there is the user for the permission for using corresponding product to distribute tenant ID and User ID The identification of mouth permission.
In one embodiment, the interface authentication request is forwarded according to API gateway product interface call request, tenant ID and User ID obtain;It is described to call permission to reflect according to product interface of the interface authentication request to currently logged on user Fixed step, including:According to the interface authentication request, corresponding tenant ID and User ID are identified;If the correspondence Tenant ID and User ID identification pass through, then product interface call permission identification passes through, currently logged on user have call correspond to The permission of interface.
In one embodiment, interface may include open visit interface, sign-on access interface and authorization access interface. Wherein, open visit interface is referred to as exempting to step on access interface, is that service opening completely does not need any control;It logs in and visits Ask that interface is that service is only open and controls to login user without permission that user A logins successfully i.e. user A and got tenant ID And User ID, then it is assumed that user A has the permission for calling corresponding interface;Authorizing access interface is that service is only open to specific weights The user of limit needs the legitimacy to tenant ID and User ID to identify.
In one embodiment, the process identified product permission can be realized by business service, when business takes When the interface for being engaged in determining that currently logged on user is called is authorization access interface, asked to unified certification service transmission interface authentication It asks, tenant ID and User ID is identified by unified certification service.If passing through to the identification of tenant ID and User ID, determine Currently logged on user has the permission for calling corresponding interface, returns to identification by information to business service, is agreed to by business service The interface call request of the user and the function of executing corresponding interface;If the identification to tenant ID and User ID does not pass through, sentence Determine currently logged on user and does not have the permission for calling corresponding interface, the process of the function without subsequent execution corresponding interface.
In the present embodiment, tenant ID and User ID provided by unified certification service for user are identified, if the tenant ID and User ID are legal, then determine that currently logged on user has the permission for calling corresponding interface.Interface identifies that mode is simple, simultaneously Further interface can be authenticated on the basis of qualified products pass through, guarantee the safety of SAAS service.
In one embodiment, the step of calling permission to identify the product interface of currently logged on user further include: If business service determines that the interface that the currently logged on user is called is open visit interface, determine that currently logged on user has Call the permission of corresponding interface;If business service determines that the interface that the currently logged on user is called is sign-on access interface, Judge whether be corresponding with tenant ID and User ID in the interface authentication request;If so, then user has the power for calling corresponding interface Limit.If business service determines the interface that the currently logged on user is called for authorization access interface, to unified certification service Transmission interface authentication request is serviced by unified certification and determines whether currently logged on user has the permission for calling corresponding interface.
The present embodiment carries out different identification modes for different interfaces, can effectively improve and carry out permission control to user The efficiency of system.
In one embodiment, as shown in figure 5, providing a kind of control method of interface calling permission, include the following steps:
S501, the registration request for receiving tenant;It include the product and more that the tenant requests registration in registration request The user information of a user.
S502, it is that tenant registers according to registration request, determines product permission of each user under each product, and Determine the corresponding token of each product permission.
In S503, the rights database for pre-establishing product permission deposit, and the token is returned into the rent Family, so that token is distributed to corresponding user by tenant.
S504, the user login information that API gateway is sent is received, judges whether the token in user login information is having It imitates in the time.
If S505, token, within effective time, product permission corresponding with the token, obtains in search access right database The product permission of currently logged on user.
S506, if it is determined that currently logged on user has the permission using corresponding product, according to the stored rent of rights database Family ID and User ID are that currently logged on user distributes tenant ID and User ID, and the tenant ID and User ID that are distributed are returned to API gateway.
S507, the product permission that currently logged on user is returned to API gateway, are forwarded with triggering API gateway to business service The product interface call request of currently logged on user.
S508, the interface authentication request that business service is sent is received, according to the interface authentication request to currently logged on user Product interface call permission identified;Wherein, the product interface calling that interface authentication request is forwarded according to API gateway is asked It asks, tenant ID and User ID are obtained.
S509, according to interface authentication request, corresponding tenant ID and User ID are identified;If corresponding tenant ID and User ID identification passes through, then product interface calls permission identification to pass through, and currently logged on user has the permission for calling corresponding interface.
If S510, product interface call permission, identification passes through, and returns to interface response instruction to the business service;The interface Response instruction executes the function of product corresponding interface for triggering business service.
The present embodiment can control the permission of multi-user and be managed collectively, can be carried out simultaneously for different users Targetedly identification can effectively improve the efficiency of multi-user authority control.
The above method in order to better understand, an interface of the present invention detailed below call the control method of permission Application example.The timing diagram of the application example can be as shown in Figure 6.
Equipment registration (is not shown) in Fig. 6:
1, unified certification service receives the registration request of tenant;It include the production that tenant requests registration in the registration request The user information of product and multiple users;Unified certification service is that the tenant registers according to the registration request, is determined each Product permission of a user under each product, and determine the corresponding token of each product permission.
2, unified certification service is by the rights database that pre-establishes of product permission deposit, and by the token Return to the tenant;Tenant distributes to corresponding user after receiving user login information, by the token.
Permission controls (i.e. interface calling):
3, currently logged on user sends the call request of product interface to API gateway in the form of message, includes in the message There are the token, interface recalls information (for calling the interface for sending short message) etc..
4, API gateway services to unified certification and sends the call request of product interface, and unified certification service is according to corresponding Token judges whether user has the permission using corresponding product;If it is determined that user has the permission using corresponding product, then to API Gateway returns to tenant ID and User ID.
5, API gateway sends the product information that the authentication is passed to short message service service and sends distributed tenant ID and use Family ID.
If 6, the interface recalls information of short message service service based on subscriber determines that called interface is authorization access interface, Interface authentication request is then generated according to the tenant ID and User ID, is serviced to unified certification and sends the interface authentication request.
7, unified certification service is when receiving the interface authentication request of short message service service transmission, to corresponding tenant ID and The legitimacy of User ID is identified.
If 8, according to the legitimacy of tenant ID and User ID determine interface permission identification pass through, unified certification service to this Short message service service returns to interface response instruction.
9, short message service service executes corresponding short message and sends operation, and will ask accordingly according to the function of corresponding interface Response message is asked to return to user (external system).
The present embodiment can control the permission of multi-user and be managed collectively, and can be carried out simultaneously for different users It targetedly identifies, the efficiency of multi-user authority control can be effectively improved.
It should be noted that for the various method embodiments described above, describing for simplicity, it is all expressed as a series of Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described, because according to According to the present invention, certain steps can use other sequences or carry out simultaneously.
Based on thought identical with the interface calling control method of permission in above-described embodiment, the present invention also provides interfaces The control device of permission is called, which can be used for executing the control method that above-mentioned interface calls permission.For ease of description, it connects Mouth calls in the structural schematic diagram of the control device embodiment of permission, illustrate only part related to the embodiment of the present invention, It will be understood by those skilled in the art that the restriction of schematic structure not structure twin installation, may include more more or less than illustrating Component, perhaps combine certain components or different component layouts.
As described in Figure 7, interface call permission control device include product authentication module 701, permission return module 702, Interface authentication module 703 and interface respond module 704, detailed description are as follows:
Product authentication module 701 logs according to the user and believes for receiving the user login information of API gateway transmission Cease the product permission for determining currently logged on user.
Permission return module 702, for returning to the product permission of currently logged on user to API gateway, to trigger API gateway Product interface call request to business service forwarding currently logged on user.
Interface authentication module 703 is asked for receiving the interface authentication request of business service transmission according to interface authentication It asks and calls permission to identify the product interface of currently logged on user;What the interface authentication request was forwarded according to API gateway Product interface call request obtains.
And interface respond module 704 is returned if calling permission identification to pass through for product interface to the business service The response instruction of tieback mouth;The interface response instruction executes the function of the product corresponding interface for triggering the business service Energy.
The present embodiment can control the permission of multi-user and be managed collectively, can be carried out simultaneously for different users Targetedly identification can effectively improve the efficiency of multi-user authority control.
In one embodiment, the interface calls the control device of permission, further includes:Registration request receiving module is used In the registration request for receiving tenant;It include that the tenant requests the product registered and multiple users in the registration request User information;Registration module determines that the multiple user exists for being that the tenant registers according to the registration request Product permission under each product, and determine the corresponding token of each product permission.
In one embodiment, further include:Permission memory module, for the product permission to be stored in the power pre-established It limits in database, and the token is returned into the tenant, so that the token is distributed to corresponding use by the tenant Family.
In one embodiment, the user login information includes token;There are effective times by the token;Also wrap It includes:Time judgment module, for judging the token whether within effective time.
In one embodiment, the product authentication module, if being also used to the token within effective time, inquiry power Product permission corresponding with the token in database is limited, the product permission of currently logged on user is obtained.
In one embodiment, multiple tenant ID and User ID are stored in the rights database;The interface calls The control device of permission further includes:ID distribution module, for if it is determined that currently logged on user has the permission using corresponding product, It is that the currently logged on user distributes tenant ID and User ID according to the stored tenant ID of the rights database and User ID, And the tenant ID and User ID that are distributed are returned into the API gateway.
In one embodiment, the interface authentication request is forwarded according to API gateway product interface call request, tenant ID and User ID obtain;The interface authentication module is also used to according to the interface authentication request, to corresponding tenant ID and use Family ID is identified;If the corresponding tenant ID and User ID identification pass through, product interface calls permission identification to pass through, when Preceding login user has the permission for calling corresponding interface.
It should be noted that interface of the invention calls the control device of permission and the control of interface calling permission of the invention Method processed corresponds, and calls the technical characteristic and its advantages of the embodiment elaboration of the control method of permission in above-mentioned interface The embodiment of control device for calling permission suitable for interface, particular content can be found in chatting in embodiment of the present invention method It states, details are not described herein again, hereby give notice that.
In addition, the interface of above-mentioned example calls in the embodiment of the control device of permission, the logic of each program module is drawn Divide and be merely illustrative of, can according to need in practical application, such as the configuration requirement of corresponding hardware or the reality of software Above-mentioned function distribution is completed by different program modules, i.e., calls the control of permission to fill the interface by existing convenient consideration The internal structure set is divided into different program modules, to complete all or part of the functions described above.
In one embodiment, a kind of computer equipment is provided, which can be server, internal junction Composition can be as shown in Figure 8.The computer equipment include by system bus connect processor, memory, network interface and Database.Wherein, the processor of the computer equipment is for providing calculating and control ability.The memory packet of the computer equipment Include non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system, computer program and data Library.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The calculating The database of machine equipment is used for as rights database storage Product Definition information, authority definition information, tenant ID and User ID Etc. information.The network interface of the computer equipment is used to communicate with external terminal by network connection, connects to exterior terminal Whether mouth is identified using the permission of corresponding product and interface.To realize one kind when the computer program is executed by processor The control method of interface calling permission.
It will be understood by those skilled in the art that structure shown in Fig. 8, only part relevant to application scheme is tied The block diagram of structure does not constitute the restriction for the computer equipment being applied thereon to application scheme, specific computer equipment It may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
In one embodiment, a kind of computer equipment is provided, including memory, processor and storage are on a memory And the computer program that can be run on a processor, processor realize following steps when executing computer program:Receive API gateway The user login information of transmission determines the product permission of currently logged on user according to the user login information;It is returned to API gateway The product permission of currently logged on user is returned, to trigger product interface tune of the API gateway to business service forwarding currently logged on user With request;Receive the interface authentication request that business service is sent, the production according to the interface authentication request to currently logged on user Product interface calls permission to be identified;The product interface call request that the interface authentication request is forwarded according to API gateway obtains; If product interface calls permission, identification passes through, and returns to interface response instruction to the business service;The interface response instruction is used The function of the product corresponding interface is executed in the triggering business service.
In one embodiment, following steps are also realized when processor executes computer program:The reception API gateway hair The user login information sent, before the step of product permission of currently logged on user is determined according to the user login information, also Including:Receive the registration request of tenant;It include the product and multiple that the tenant requests registration in the registration request The user information of user;It is that the tenant registers according to the registration request, determines the multiple user in each product Under product permission, and determine the corresponding token of each product permission.
In one embodiment, following steps are also realized when processor executes computer program:The determination is the multiple Product permission of the user under each product, and after the step of determining each product permission corresponding token, further include:It will In the rights database that the product permission deposit pre-establishes, and the token is returned into the tenant, so that the rent Family the token is distributed into corresponding user.
In one embodiment, following steps are also realized when processor executes computer program:The user login information Including token;There are effective times by the token;The production that currently logged on user is determined according to the user login information Before the step of product permission, further include:Judge the token whether within effective time.
In one embodiment, following steps are also realized when processor executes computer program:It is described according to the user Log-on message determines the step of product permission of currently logged on user, including:If the token is within effective time, inquiry power Product permission corresponding with the token in database is limited, the product permission of currently logged on user is obtained.
In one embodiment, following steps are also realized when processor executes computer program:In the rights database It is stored with multiple tenant ID and User ID;The user login information for receiving API gateway and sending, logs according to the user and believes After the step of ceasing the product permission for determining currently logged on user, further include:It is produced if it is determined that currently logged on user has using corresponding The permission of product is that the currently logged on user distributes tenant ID according to the stored tenant ID of the rights database and User ID And User ID, and the tenant ID and User ID that are distributed are returned into the API gateway.
In one embodiment, following steps are also realized when processor executes computer program:The interface authentication request It is obtained according to the call request of product interface, tenant ID and the User ID that API gateway forwards;It is described according to the interface authentication request The step of calling permission to identify the product interface of currently logged on user, including:According to the interface authentication request, to right The tenant ID and User ID answered is identified;If the corresponding tenant ID and User ID identification pass through, product interface is called Permission identification passes through, and currently logged on user has the permission for calling corresponding interface.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated Machine program realizes following steps when being executed by processor:The user login information that API gateway is sent is received, is stepped on according to the user Record information determines the product permission of currently logged on user;The product permission of currently logged on user is returned to, to API gateway with triggering Product interface call request of the API gateway to business service forwarding currently logged on user;Receive the interface mirror that business service is sent Power request calls permission to identify according to product interface of the interface authentication request to currently logged on user;The interface The product interface call request that authentication request is forwarded according to API gateway obtains;If product interface calls permission, identification passes through, to institute It states business service and returns to interface response instruction;The interface response instruction executes the product pair for triggering the business service Answer the function of interface.
In one embodiment, following steps are also realized when computer program is executed by processor:The reception API gateway The user login information of transmission, before the step of product permission of currently logged on user is determined according to the user login information, Further include:Receive the registration request of tenant;It include the product and more that the tenant requests registration in the registration request The user information of a user;It is that the tenant registers according to the registration request, determines the multiple user in each production Product permission under product, and determine the corresponding token of each product permission.
In one embodiment, following steps are also realized when computer program is executed by processor:The determination is described more Product permission of a user under each product, and after the step of determining each product permission corresponding token, further include: In the rights database that product permission deposit is pre-established, and the token is returned into the tenant, so that described The token is distributed to corresponding user by tenant.
In one embodiment, following steps are also realized when computer program is executed by processor:The user logs in letter Breath includes token;There are effective times by the token;It is described to determine currently logged on user's according to the user login information Before the step of product permission, further include:Judge the token whether within effective time.
In one embodiment, following steps are also realized when computer program is executed by processor:It is described according to the use Family log-on message determines the step of product permission of currently logged on user, including:If the token is within effective time, inquiry Product permission corresponding with the token in rights database, obtains the product permission of currently logged on user.
In one embodiment, following steps are also realized when computer program is executed by processor:The rights database In be stored with multiple tenant ID and User ID;The user login information for receiving API gateway and sending, logs according to the user After information determines the step of product permission of currently logged on user, further include:If it is determined that currently logged on user has using correspondence The permission of product is that the currently logged on user distributes tenant according to the stored tenant ID of the rights database and User ID ID and User ID, and the tenant ID and User ID that are distributed are returned into the API gateway.
In one embodiment, following steps are also realized when computer program is executed by processor:The interface authentication is asked The call request of product interface, tenant ID and the User ID that rooting is forwarded according to API gateway obtain;It is described to be asked according to interface authentication The step of calling permission to identify the product interface of currently logged on user is asked, including:It is right according to the interface authentication request Corresponding tenant ID and User ID are identified;If the corresponding tenant ID and User ID identification pass through, product interface tune Passed through with permission identification, currently logged on user has the permission for calling corresponding interface.
It will appreciated by the skilled person that realizing all or part of the process in above-described embodiment method, being can It is completed with instructing relevant hardware by computer program, the program can be stored in a computer-readable storage and be situated between In matter, sells or use as independent product.The more specific example (non-exhaustive list) of computer-readable medium includes Below:Electrical connection section (electronic device) with one or more wiring, portable computer diskette box (magnetic device), arbitrary access Memory (RAM), read-only memory (ROM), erasable edit read-only storage (EPROM or flash memory), optical fiber dress It sets and portable optic disk read-only storage (CDROM).In addition, computer-readable medium, which can even is that, to be printed on it The paper of described program or other suitable media, because can be for example by carrying out optical scanner to paper or other media, then It edited, interpreted or is handled when necessary with other suitable methods electronically to obtain described program, then by it Storage is in computer storage.
It should be appreciated that each section of the invention can be realized with hardware, software, firmware or their combination.Above-mentioned In embodiment, software that multiple steps or method can be executed in memory and by suitable instruction execution system with storage Or firmware is realized.It, and in another embodiment, can be under well known in the art for example, if realized with hardware Any one of column technology or their combination are realized:With for realizing the logic gates of logic function to data-signal Discrete logic, with suitable combinational logic gate circuit specific integrated circuit, programmable gate array (PGA), scene Programmable gate array (FPGA) etc..
The term " includes " of the embodiment of the present invention and " having " and their any deformations, it is intended that cover non-exclusive Include.Such as contain series of steps or the process, method, system, product or equipment of (module) unit are not limited to The step of listing or unit, but optionally further comprising the step of not listing or unit, or optionally further comprising for these The intrinsic other step or units of process, method, product or equipment.
Each technical characteristic of embodiment described above can be combined arbitrarily, for simplicity of description, not to above-mentioned reality It applies all possible combination of each technical characteristic in example to be all described, as long as however, the combination of these technical characteristics is not deposited In contradiction, all should be considered as described in this specification.
The embodiments described above only express several embodiments of the present invention, should not be understood as to the invention patent range Limitation.It should be pointed out that for those of ordinary skill in the art, without departing from the inventive concept of the premise, Various modifications and improvements can be made, and these are all within the scope of protection of the present invention.Therefore, the scope of protection of the patent of the present invention It should be determined by the appended claims.

Claims (10)

1. the control method that a kind of interface calls permission, which is characterized in that include the following steps:
The user login information that API gateway is sent is received, the product of currently logged on user is determined according to the user login information Permission;
The product permission of currently logged on user is returned to API gateway, forwards current log in use to trigger API gateway to business service The product interface call request at family;
The interface authentication request that business service is sent is received, the product of currently logged on user is connect according to the interface authentication request Mouth calls permission to be identified;The product interface call request that the interface authentication request is forwarded according to API gateway obtains;
If product interface calls permission, identification passes through, and returns to interface response instruction to the business service;The interface response refers to Enable the function that the product corresponding interface is executed for triggering the business service.
2. the control method that interface according to claim 1 calls permission, which is characterized in that the reception API gateway hair The user login information sent, before the step of product permission of currently logged on user is determined according to the user login information, also Including:
Receive the registration request of tenant;It include that the tenant requests the product registered and multiple use in the registration request The user information at family;
It is that the tenant registers according to the registration request, determines product power of the multiple user under each product Limit, and determine the corresponding token of each product permission.
3. the control method that interface according to claim 2 calls permission, which is characterized in that the multiple use of determination Product permission of the family under each product, and after the step of determining each product permission corresponding token, further include:
In the rights database that product permission deposit is pre-established, and the token is returned into the tenant, so that The token is distributed to corresponding user by the tenant.
4. the control method that interface according to claim 3 calls permission, which is characterized in that the user login information packet Include token;There are effective times by the token;
Before the step of product permission for determining currently logged on user according to the user login information, further include:
Judge the token whether within effective time.
5. the control method that interface according to claim 4 calls permission, which is characterized in that described to be stepped on according to the user The step of record information determines the product permission of currently logged on user, including:
If the token, within effective time, product permission corresponding with the token, is worked as in search access right database The product permission of preceding login user.
6. the control method that interface according to claim 5 calls permission, which is characterized in that deposited in the rights database Contain multiple tenant ID and User ID;
The user login information for receiving API gateway and sending, determines currently logged on user's according to the user login information After the step of product permission, further include:
If it is determined that currently logged on user has the permission using corresponding product, according to the stored tenant ID of the rights database and User ID is that the currently logged on user distributes tenant ID and User ID, and the tenant ID and User ID that are distributed are returned to institute State API gateway.
7. the control method that interface according to claim 6 calls permission, which is characterized in that the interface authentication request root It is obtained according to the call request of product interface, tenant ID and the User ID that API gateway forwards;
Described the step of calling permission to identify according to product interface of the interface authentication request to currently logged on user, packet It includes:
According to the interface authentication request, corresponding tenant ID and User ID are identified;
If the corresponding tenant ID and User ID identification pass through, product interface calls permission identification to pass through, and current log in is used Family has the permission for calling corresponding interface.
8. the control device that a kind of interface calls permission, which is characterized in that including:
Product authentication module is worked as receiving the user login information of API gateway transmission according to user login information determination The product permission of preceding login user;
Permission return module, for returning to the product permission of currently logged on user to API gateway, to trigger API gateway to business The product interface call request of service forwarding currently logged on user;
Interface authentication module, for receiving the interface authentication request of business service transmission, according to the interface authentication request to working as The product interface of preceding login user calls permission to be identified;The interface authentication request connects according to the product that API gateway forwards Mouth call request obtains;
Interface respond module returns to interface response to the business service and refers to if calling permission identification to pass through for product interface It enables;The interface response instruction executes the function of the product corresponding interface for triggering the business service.
9. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor Calculation machine program, which is characterized in that the processor is realized described in any one of claim 1 to 7 when executing the computer program Method the step of.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the computer program The step of claim 1 to 7 described in any item methods are realized when being executed by processor.
CN201810698726.5A 2018-06-29 2018-06-29 Control method and device of interface calling authority, computer equipment and storage medium Active CN108924125B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810698726.5A CN108924125B (en) 2018-06-29 2018-06-29 Control method and device of interface calling authority, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810698726.5A CN108924125B (en) 2018-06-29 2018-06-29 Control method and device of interface calling authority, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN108924125A true CN108924125A (en) 2018-11-30
CN108924125B CN108924125B (en) 2021-06-04

Family

ID=64424375

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810698726.5A Active CN108924125B (en) 2018-06-29 2018-06-29 Control method and device of interface calling authority, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN108924125B (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109871287A (en) * 2018-12-15 2019-06-11 中国平安人寿保险股份有限公司 Interface call method, device, computer installation and storage medium
CN110225039A (en) * 2019-06-14 2019-09-10 无锡华云数据技术服务有限公司 Authority models acquisition, method for authenticating, gateway, server and storage medium
CN110309636A (en) * 2019-07-04 2019-10-08 阿里巴巴集团控股有限公司 A kind of identity authentication method and system
CN110414252A (en) * 2019-08-02 2019-11-05 湖南御家科技有限公司 A kind of method for processing business, system and electronic equipment and storage medium
CN110457399A (en) * 2019-08-19 2019-11-15 浪潮通用软件有限公司 A kind of data permission distribution control method and system based on micro services framework
CN110995450A (en) * 2020-02-27 2020-04-10 中科星图股份有限公司 Authentication and authorization method and system based on Kubernetes
CN111010396A (en) * 2019-12-17 2020-04-14 紫光云(南京)数字技术有限公司 Internet identity authentication management method
CN111092892A (en) * 2019-12-20 2020-05-01 上海众源网络有限公司 Authentication method, device, server and storage medium
CN111163063A (en) * 2019-12-12 2020-05-15 万翼科技有限公司 Edge application management method and related product
CN111355743A (en) * 2020-03-11 2020-06-30 成都卓杭网络科技股份有限公司 Management method and system based on API gateway
CN111488598A (en) * 2020-04-09 2020-08-04 腾讯科技(深圳)有限公司 Access control method, device, computer equipment and storage medium
CN111800426A (en) * 2020-07-07 2020-10-20 腾讯科技(深圳)有限公司 Method, device, equipment and medium for accessing native code interface in application program
CN111818035A (en) * 2020-07-01 2020-10-23 上海悦易网络信息技术有限公司 Permission verification method and device based on API gateway
CN112181681A (en) * 2020-09-17 2021-01-05 彩讯科技股份有限公司 Remote calling method and device, computer equipment and storage medium
CN112559976A (en) * 2020-12-08 2021-03-26 广联达科技股份有限公司 Product authorization method and system
CN113179243A (en) * 2021-03-10 2021-07-27 中国人民财产保险股份有限公司 Authentication method, device, equipment and storage medium for interface calling
CN113472794A (en) * 2021-07-05 2021-10-01 福州数据技术研究院有限公司 Multi-application system authority unified management method based on micro-service and computer readable storage medium
CN114928460A (en) * 2022-02-14 2022-08-19 上海大学 Multi-tenant application integration framework system based on micro-service architecture
WO2023051189A1 (en) * 2021-09-30 2023-04-06 华为技术有限公司 Communication method and apparatus for managing service

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102480354A (en) * 2010-11-30 2012-05-30 北大方正集团有限公司 Unified authentication service system and method for unified authentication
CN103078827A (en) * 2011-10-25 2013-05-01 腾讯数码(天津)有限公司 Open platform system called by third-party applications and implementation method for open platform system
CN105187372A (en) * 2015-06-09 2015-12-23 深圳市腾讯计算机系统有限公司 Method for data processing based on mobile application entrance, device and system
CN105635132A (en) * 2015-12-24 2016-06-01 浪潮软件集团有限公司 User authentication method and system
US20160373455A1 (en) * 2015-06-19 2016-12-22 Oracle International Corporation Methods, systems, and computer readable media for authorization frameworks for web-based applications

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102480354A (en) * 2010-11-30 2012-05-30 北大方正集团有限公司 Unified authentication service system and method for unified authentication
CN103078827A (en) * 2011-10-25 2013-05-01 腾讯数码(天津)有限公司 Open platform system called by third-party applications and implementation method for open platform system
CN105187372A (en) * 2015-06-09 2015-12-23 深圳市腾讯计算机系统有限公司 Method for data processing based on mobile application entrance, device and system
US20160373455A1 (en) * 2015-06-19 2016-12-22 Oracle International Corporation Methods, systems, and computer readable media for authorization frameworks for web-based applications
US9591000B2 (en) * 2015-06-19 2017-03-07 Oracle International Corporation Methods, systems, and computer readable media for authorization frameworks for web-based applications
CN105635132A (en) * 2015-12-24 2016-06-01 浪潮软件集团有限公司 User authentication method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
许瑞辉等: "新一代企业统一接口平台的研究 ", 《信息技术与信息化》 *

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109871287A (en) * 2018-12-15 2019-06-11 中国平安人寿保险股份有限公司 Interface call method, device, computer installation and storage medium
CN110225039A (en) * 2019-06-14 2019-09-10 无锡华云数据技术服务有限公司 Authority models acquisition, method for authenticating, gateway, server and storage medium
CN110225039B (en) * 2019-06-14 2021-10-26 华云数据控股集团有限公司 Authority model obtaining method, authority authentication method, gateway, server and storage medium
CN110309636A (en) * 2019-07-04 2019-10-08 阿里巴巴集团控股有限公司 A kind of identity authentication method and system
CN110309636B (en) * 2019-07-04 2022-11-25 创新先进技术有限公司 Identity authentication method and system
CN110414252A (en) * 2019-08-02 2019-11-05 湖南御家科技有限公司 A kind of method for processing business, system and electronic equipment and storage medium
CN110457399A (en) * 2019-08-19 2019-11-15 浪潮通用软件有限公司 A kind of data permission distribution control method and system based on micro services framework
CN111163063A (en) * 2019-12-12 2020-05-15 万翼科技有限公司 Edge application management method and related product
CN111163063B (en) * 2019-12-12 2022-07-12 万翼科技有限公司 Edge application management method and related product
CN111010396A (en) * 2019-12-17 2020-04-14 紫光云(南京)数字技术有限公司 Internet identity authentication management method
CN111092892A (en) * 2019-12-20 2020-05-01 上海众源网络有限公司 Authentication method, device, server and storage medium
CN110995450B (en) * 2020-02-27 2020-06-23 中科星图股份有限公司 Authentication and authorization method and system based on Kubernetes
CN110995450A (en) * 2020-02-27 2020-04-10 中科星图股份有限公司 Authentication and authorization method and system based on Kubernetes
CN111355743A (en) * 2020-03-11 2020-06-30 成都卓杭网络科技股份有限公司 Management method and system based on API gateway
CN111355743B (en) * 2020-03-11 2021-07-06 成都卓杭网络科技股份有限公司 Management method and system based on API gateway
CN111488598A (en) * 2020-04-09 2020-08-04 腾讯科技(深圳)有限公司 Access control method, device, computer equipment and storage medium
CN111818035A (en) * 2020-07-01 2020-10-23 上海悦易网络信息技术有限公司 Permission verification method and device based on API gateway
CN111800426A (en) * 2020-07-07 2020-10-20 腾讯科技(深圳)有限公司 Method, device, equipment and medium for accessing native code interface in application program
CN112181681A (en) * 2020-09-17 2021-01-05 彩讯科技股份有限公司 Remote calling method and device, computer equipment and storage medium
CN112559976A (en) * 2020-12-08 2021-03-26 广联达科技股份有限公司 Product authorization method and system
CN112559976B (en) * 2020-12-08 2024-03-19 广联达科技股份有限公司 Product authorization method and system
CN113179243A (en) * 2021-03-10 2021-07-27 中国人民财产保险股份有限公司 Authentication method, device, equipment and storage medium for interface calling
CN113179243B (en) * 2021-03-10 2022-11-18 中国人民财产保险股份有限公司 Authentication method, device, equipment and storage medium for interface call
CN113472794A (en) * 2021-07-05 2021-10-01 福州数据技术研究院有限公司 Multi-application system authority unified management method based on micro-service and computer readable storage medium
CN113472794B (en) * 2021-07-05 2023-08-15 福州数据技术研究院有限公司 Multi-application system authority unified management method based on micro-service and storage medium
WO2023051189A1 (en) * 2021-09-30 2023-04-06 华为技术有限公司 Communication method and apparatus for managing service
CN114928460A (en) * 2022-02-14 2022-08-19 上海大学 Multi-tenant application integration framework system based on micro-service architecture

Also Published As

Publication number Publication date
CN108924125B (en) 2021-06-04

Similar Documents

Publication Publication Date Title
CN108924125A (en) Control method, device, computer equipment and the storage medium of interface calling permission
CN101990183B (en) Method, device and system for protecting user information
US10868915B2 (en) System and methods for routing communication requests to dedicated agents
US8695074B2 (en) Pre-authenticated calling for voice applications
US9584615B2 (en) Redirecting access requests to an authorized server system for a cloud service
CN112769826B (en) Information processing method, device, equipment and storage medium
CN103246533B (en) A kind of method for adding plug-in unit in address list, device and equipment
TW202006578A (en) Cloud device account configuration method, apparatus and system, and data processing method
CN110351269A (en) The method for logging in open platform by third-party server
WO2017173966A1 (en) Recording control method and device
CN103475743B (en) A kind of method, apparatus and system for cloud service
CN106331003B (en) The access method and device of application door system on a kind of cloud desktop
CN107453872B (en) Unified security authentication method and system based on Mesos container cloud platform
CN110069909A (en) It is a kind of to exempt from the close method and device for logging in third party system
CN110247758A (en) The method, apparatus and code management device of Password Management
CN110457629A (en) Permission processing, authority control method and device
CN103856454B (en) IP IP multimedia subsystem, IMSs and the method and business intercommunication gateway of Internet service intercommunication
JP2022552110A (en) Blockchain-based workflow node authentication method and device
US20140201083A1 (en) System and method for offering a multi-partner delegated platform
CN109614778A (en) Dynamic Configuration, gateway and the system of user right
CN103348628B (en) A kind of method and device of Conference control
JP7317935B2 (en) User profile management method and device
CN106254328A (en) A kind of access control method and device
CN110096543A (en) Data manipulation method, device, server and the medium of application program
CN111385313A (en) Method and system for verifying object request validity

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Room 1901, building 5, Shenzhen new generation industrial park, 136 Zhongkang Road, Meidu community, Meilin street, Futian District, Shenzhen, Guangdong 518000

Applicant after: Zhaoyin yunchuang Information Technology Co.,Ltd.

Address before: 518000 Room 201, building A, No. 1, Qian Wan Road, Qianhai Shenzhen Hong Kong cooperation zone, Shenzhen, Guangdong (Shenzhen Qianhai business secretary Co., Ltd.)

Applicant before: MBCLOUD (SHENZHEN) INFORMATION TECHNOLOGY Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant
PE01 Entry into force of the registration of the contract for pledge of patent right

Denomination of invention: Control methods, devices, computer devices, and storage media for interface call permissions

Effective date of registration: 20231117

Granted publication date: 20210604

Pledgee: Shenzhen Branch of China Merchants Bank Co.,Ltd.

Pledgor: Zhaoyin yunchuang Information Technology Co.,Ltd.

Registration number: Y2023980065913

PE01 Entry into force of the registration of the contract for pledge of patent right