CN109246089A - A kind of the front and back end separation architecture access control system and method for based role - Google Patents
A kind of the front and back end separation architecture access control system and method for based role Download PDFInfo
- Publication number
- CN109246089A CN109246089A CN201810948658.3A CN201810948658A CN109246089A CN 109246089 A CN109246089 A CN 109246089A CN 201810948658 A CN201810948658 A CN 201810948658A CN 109246089 A CN109246089 A CN 109246089A
- Authority
- CN
- China
- Prior art keywords
- module
- role
- access control
- routing
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000926 separation method Methods 0.000 title claims abstract description 21
- 238000000034 method Methods 0.000 title claims abstract description 13
- 238000012544 monitoring process Methods 0.000 claims abstract description 32
- 230000003993 interaction Effects 0.000 claims abstract description 11
- 238000011217 control strategy Methods 0.000 claims description 16
- 230000000875 corresponding effect Effects 0.000 claims description 15
- 238000009877 rendering Methods 0.000 claims description 13
- 230000004044 response Effects 0.000 claims description 13
- 230000009471 action Effects 0.000 claims description 8
- 230000008859 change Effects 0.000 claims description 8
- 238000012545 processing Methods 0.000 claims description 8
- 230000006378 damage Effects 0.000 claims description 7
- 238000011161 development Methods 0.000 claims description 6
- 230000001276 controlling effect Effects 0.000 claims description 4
- 230000008569 process Effects 0.000 claims description 3
- 238000012797 qualification Methods 0.000 claims description 3
- 230000003578 releasing effect Effects 0.000 claims 1
- 238000013475 authorization Methods 0.000 abstract 5
- 230000018109 developmental process Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- YWXYYJSYQOXTPL-SLPGGIOYSA-N isosorbide mononitrate Chemical compound [O-][N+](=O)O[C@@H]1CO[C@@H]2[C@@H](O)CO[C@@H]21 YWXYYJSYQOXTPL-SLPGGIOYSA-N 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides the front and back end separation architecture access control system and method for a kind of based role, and system includes: authorization role relating module, routing authorization role registration module, route system, access control module, routing monitoring module, authentication module and data access module;Authorization role relating module is connect with routing authorization role registration module and data access module respectively, routing authorization role registration module is connect with route system, authentication module is monitored module with data access module and routing respectively and is connect, routing is monitored module and is connect respectively with route system and access control module, and access control module is connect with data access module and route system respectively;Present invention mainly solves limited resources access control problems in front end in the separation architecture of front and back end, enhance front end permission control ability, limit improper interface requests and improve user's interaction logic.
Description
Technical Field
The invention relates to the problems of front-end data interaction, front-end presentation layer rendering and user behavior control management in a front-end and back-end architecture development SPA application, in particular to a system and a method for controlling access to a front-end view component in a front-end and back-end separation technology.
Background
The application program with the front end and the back end separated delivers the rendering of the view assembly to the client browser for processing, and the background server is exclusively responsible for data processing. The architecture realizes the decoupling of the data display layer, the user interaction layer and the service logic layer on one hand, and enables the application operation of the B/S architecture to achieve the effect of smooth interaction which cannot be achieved by the traditional C/S architecture on the other hand.
However, a series of authority control problems need to be faced when adopting a front-end and back-end separation architecture. In a traditional hybrid development mode, when a page is rendered by using a back-end template engine, a back-end language can selectively render and send some limited view elements according to user rights. In the front-end and back-end separation architecture, the front-end view components are all loaded to the front end when the application is started, rendering is controlled by the front-end script language, and the data server does not render any view components. The front end and the back end complete data interaction through a stateless REST interface, and under the condition, how to judge the user authority to control the rendering of the front end view module is a key element. Because all the views of the application are loaded to the front-end memory, selective view rendering needs to be performed on users with different permissions, and the users are prevented from accessing limited data resources.
Therefore, a set of complete front-end resource access control scheme is needed to solve the problem, so that the front-end and back-end separation architecture application can well judge the identity of an access user, reasonably render view resources within the legal authority range of the user, and simultaneously limit illegal calling of a system resource interface.
Disclosure of Invention
In order to solve the defects of the prior art, the invention realizes a role-based front-end and back-end separation architecture access control scheme, and promotes part of authority authentication to the front end for carrying out. The normal scheduling of the background interface is ensured, and meaningless interface calling and malicious interface requests are reduced. Reducing the request pressure of the background server and redundant authority authentication. Meanwhile, safe rendering and perfect user interaction of the application data display view are achieved, and user experience is improved.
In order to achieve the above purposes, the technical scheme adopted by the invention is as follows:
a role-based front-end and back-end separated architecture access control system, comprising: the system comprises an authority role correlation module, a routing authority role registration module, a routing system, an access control module, a routing monitoring module, an identity authentication module and a data access module;
the authority role correlation module is respectively connected with the routing authority role registration module and the data access module, the routing authority role registration module is connected with the routing system, the identity authentication module is respectively connected with the data access module and the routing monitoring module, the routing monitoring module is respectively connected with the routing system and the access control module, and the access control module is respectively connected with the data access module and the routing system;
the authority role association module is used for carrying out authority division on system resources according to a strategy designated by a system developer, distributing different authorities of roles and realizing the association relation between the roles and the access authorities of the system resources;
the authority role association module comprises an authority role table storage module and an authority role updating module; the authority role association table storage module is used for selecting a relational database, storing an authority role association table and ensuring the fast retrieval of the authority role association table; the authority role updating module is used for providing a flexible authority role configuration interface, including adding roles and adding and deleting related authorities for the roles;
the authority role table storage module is connected with the routing authority role registration module,
the routing authority role registration module is used for adding a front end view and a controller corresponding to a route in a routing system and registering a role with the access authority of the routing resource according to an authority role association table;
the routing system is used for controlling the incidence relation between the front end view and the controller and simultaneously appointing the jump interaction logic between the front end views;
the access control module is used for judging the request validity according to the set access control strategy middleware and generating corresponding actions;
the route monitoring module is registered at the starting stage of the application program and is used for monitoring route change, hijacking user resource access request actions and triggering the access control module to execute the route monitoring module;
the identity authentication module is used for carrying out identity authentication on the user with the access request by combining with a JWT standard universal for RESTFUL interface programming, acquiring the related identity information of the user and then re-rendering the front end view according to the identity information of the user;
the data access module is combined with a front-end and rear-end separation framework development framework, encapsulates a global service assembly, is used for providing a storage interface, a reading interface and a destruction interface of user information and authority role associated information, and utilizes a browser or a local memory to store information.
On the basis of the scheme, the identity authentication module comprises a user authentication module and an identity logout module;
the user authentication module is used for sending the user identification information to background authentication, setting a front end overall user identity, triggering a front end view to render again and updating an interface;
the identity logout module is used for destroying the global user identity at the front end, triggering the front end view to render again and updating the interface.
On the basis of the scheme, the data access module comprises a data encryption module, a data sharing module and a data destroying module;
the data encryption module is used for encrypting and storing relevant information such as user information, authority roles and the like;
the data sharing module is used for sharing sessionStorage storage data under multiple tags;
the data destruction module is used for destroying designated or global storage information.
On the basis of the scheme, the access control module comprises an authority authentication module, an access control strategy registration module and a strategy response module;
the authority authentication module is used for judging whether the resource access request user has the resource access qualification;
the access control strategy registration module is used for registering various access control strategy middleware;
and the strategy response module is used for implementing relevant response strategies including actions of routing redirection, request release and the like according to the authority authentication result.
A front-end and back-end separation architecture access control method based on roles applies the front-end and back-end separation architecture access control system based on roles, and comprises the following steps:
step 1, when an application program is started, acquiring a permission role association table from a permission role association module, then sending the permission role association table to a routing permission role registration module in a front-end framework, storing the permission role association table in a browser or a local memory through a data access module, registering a front end view corresponding to routing and routing, an accessible role list of a controller and related permissions into a routing system by the routing permission role registration module, and determining the corresponding relation between the routing and the roles, and meanwhile, registering an identity authentication module in the application program for finishing user identity authentication and logout; the route monitoring module is used for monitoring the change of the route state; the access control module is used for configuring a series of access control strategies;
step 2, when the user initiates the application program resource access request, firstly, the identity authentication module authenticates the user, refuses the subsequent access to the authentication failure request, and redirects the authentication to the identity authentication module, for the authentication success request, the identity authentication module reads the user information and the authority role associated information from the data access module, and hands the user information, the authority role associated information and the access request to the route monitoring module, the route monitoring module obtains the route information to be accessed in the access request, then reads the accessible role list of the route from the routing system, and sends the access request and the accessible role list to the access control module, the access control module firstly takes the intersection of the user information, the authority role associated information and the accessible role list, if the result is empty, the strategy response module in the access control module is executed, and refusing the access request and performing subsequent processing, if the result is not empty, further acquiring the related authority, performing further request processing action according to an access control strategy in the access control module, then completing legal request of resources through the request, and acquiring background data to complete front end view rendering.
On the basis of the scheme, the specific process of the identity authentication module for authenticating the identity of the user comprises the following steps: firstly, a user sends a user name and a password to a server, the server encrypts user identity information by using a secret key after verifying the user identity to generate a token to be returned to the front end, the token is carried by the front end when the front end subsequently accesses the server to be used as an identity identifier, and the server returns accessed resources to the front end after verifying the token.
The invention has the following beneficial effects:
the technical scheme of the invention provides a complete and efficient implementation scheme for resource access control, user identity authentication and front-end interaction of front-end and back-end separated architecture application. The method is mainly characterized in that a routing monitoring module, an access control module, a data access module and comprehensive application of various technologies in various modules are registered in an application program by using role-based access control, and the following beneficial effects are realized:
(1) front-end resource access control: and various modules are utilized to work comprehensively, so that the safe access of front-end resources is ensured.
(2) Flexible configuration: and a middleware registration mode is adopted, and various authority authentication strategies are flexibly configured and added.
(3) Multi-tab page data sharing: sessionStorage is shared across tag pages using localStorage events.
(4) Legal access of a background interface: through access control to the controller.
(5) And (4) safe transmission: the front-end encryption ensures reliable data transmission and prevents a man in the middle from eavesdropping sensitive data.
The technical scheme of the invention can be used for technical companies which adopt front-end and back-end separation architectures to research and develop application.
Drawings
The invention has the following drawings:
fig. 1 shows the overall architecture diagram provided in example 1.
Fig. 2 shows a basic schematic diagram of identity authentication in conjunction with JWT technology.
Fig. 3 shows an implementation flowchart of a role-based front-end and back-end separated architecture access control method provided in embodiment 1.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
Example 1
As shown in fig. 1, the role-based front-end and back-end separated architecture access control system provided in this embodiment includes: the system comprises an authority role correlation module, a routing authority role registration module, a routing system, an access control module, a routing monitoring module, an identity authentication module and a data access module;
the authority role correlation module is respectively connected with the routing authority role registration module and the data access module, the routing authority role registration module is connected with the routing system, the identity authentication module is respectively connected with the data access module and the routing monitoring module, the routing monitoring module is respectively connected with the routing system and the access control module, and the access control module is respectively connected with the data access module and the routing system;
the authority role association module is used for carrying out authority division on system resources according to a strategy designated by a system developer, distributing different authorities of system roles and realizing the association relation between the roles and the access authorities of the system resources;
the authority role association module comprises an authority role table storage module and an authority role updating module; the authority role association table storage module is used for selecting a relational database, storing an authority role association table and ensuring the fast retrieval of the authority role association table; the authority role updating module is used for providing a flexible authority role configuration interface, including adding roles and adding and deleting related authorities for the roles;
the authority role table storage module is connected with the routing authority role registration module,
the routing authority role registration module is used for adding a front end view and a controller corresponding to a route in a routing system with front and back end separated application, and registering a role with the access authority of the routing resource according to an authority role association table.
The routing system is used for controlling the incidence relation between the front end view and the controller and simultaneously appointing the jump interaction logic between the front end views;
the identity authentication module is used for carrying out identity authentication on the user with the access request by combining with a JWT standard universal for RESTFUL interface programming, acquiring the related identity information of the user and then re-rendering the front end view according to the identity information of the user;
the routing monitoring module is used for registering in an application starting stage and is used for monitoring routing change, hijacking a user resource access request action and triggering the access control module to execute the routing change;
the data access module is combined with a front-end and rear-end separation framework development framework, encapsulates the global service assembly, is used for providing a storage interface, a reading interface and a destruction interface of user information and authority role associated information, and utilizes a browser or a local memory to store information;
and the access control module is used for judging the request validity according to the set access control strategy middleware and generating corresponding actions.
On the basis of the scheme, the identity authentication module comprises a user authentication module and an identity logout module,
the user authentication module is used for sending the user identification information to background authentication, setting a front-end global user identity, triggering the front-end view to render again and updating an interface;
an identity logout module: and destroying the global user identity at the front end, triggering the front end view to render again, and updating the interface.
On the basis of the scheme, the data storage module comprises a data encryption module, a data sharing module and a data destroying module,
the data encryption module is used for encrypting and storing the user information, the authority role and other related information;
the data sharing module is used for sharing sessionStorage data under multiple tags
And the data destruction module is used for destroying the specified or global storage information.
On the basis of the scheme, the access control module comprises an authority authentication module, an access control strategy registration module and a strategy response module;
the authority authentication module is used for judging whether the resource access request user has the resource access qualification;
an access control policy registration module: registering various different access control policy middleware;
and the strategy response module implements related response strategies including actions of routing redirection, request release and the like according to the authority authentication result.
Wherein,
the work flow of each module is as follows: when an application program is started, acquiring a permission role association table from a permission role association module, then sending the permission role association table to a routing permission role registration module in a front-end framework, storing the permission role association table in a browser or a local memory through a data access module, registering a front end view corresponding to front-end routing and routing, an accessible role list of a controller accessing a background interface and related permissions into a routing system by the routing permission role registration module for determining the corresponding relation between routing and roles, and meanwhile, registering an identity authentication module in the application program for finishing user identity authentication and logout; the route monitoring module monitors the route state change; and the access control module is used for configuring a series of access control strategies.
When a user initiates an application resource access request, an identity authentication module performs identity authentication on the user, and a JWT authentication process is specifically as follows, as shown in fig. 2: firstly, a user sends a user name and a password to a server, the server encrypts user identity information by using a secret key after verifying the user identity and generates a token to be returned to the front end, and the token is carried by the front end to be used as an identity identifier when the front end subsequently accesses the server. And the server returns the accessed resources to the front end after verifying the token. For the authentication failure request, rejecting subsequent access, redirecting the authentication failure request to an identity authentication module, for the authentication success request, the identity authentication module reads user information and authority role associated information from a data access module, and delivers the user information, the authority role associated information and the access request to a route monitoring module, the route monitoring module acquires routing information to be accessed in the access request, then reads an accessible role list of the route from a routing system, and sends the access request and the accessible role list to an access control module, the access control module firstly intersects the user information, the authority role associated information and the accessible role list, if the result is empty, a strategy response module in the access control module is executed, the access request is rejected and subsequent processing is carried out, if the result is not empty, the relevant authority is further acquired, and further performing request processing action according to an access control strategy in the access control module, then completing legal request of resources through the request, and acquiring background data to complete view rendering.
As shown in fig. 3, the workflow of the front-end and back-end separated architecture access control method based on roles provided by this embodiment includes the following steps:
step 1, determining all roles in a system, determining the authority of system resources, establishing the corresponding relation between the authority and the roles, and providing the corresponding relation to a front-end program;
step 2, registering the view of the route and the response in the route system, the corresponding relation of the controller and the role of legally accessing the route;
step 3, designing and completing an identity authentication module, and realizing the authentication of the user and the acquisition of role authority information by combining JWT;
step 4, completing the interface writing of the data access module, including bottom API packaging and the completion of the global universal service assembly;
step 5, deploying a route monitoring module;
and 6, deploying an access control module and configuring a relevant access control strategy.
The code of each step is shown by taking a development framework angularjs which is commonly used for front-end and back-end separation as an example,
step 1, sending ajax request in app.run to obtain related role authority associated information in background, defining the requested role constant by app.constant, calling window.segmentation storage.setitem local storage interface of html5 to store the constant, and the main code segment:
step 2, a routing role registration module and a code segment
And 3, judging the validity of the user according to the user role information provided by the usersesion service by the code segment
Step 4, the code segment stores the authenticated user information in the global service assembly and provides a reading and destroying interface
Step 5, the route monitoring module code segment
Step 6, accessing code segments of control module
It should be understood that the above-mentioned embodiments of the present invention are only examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention, and it will be obvious to those skilled in the art that other variations or modifications may be made on the basis of the above description, and all embodiments may not be exhaustive, and all obvious variations or modifications may be included within the scope of the present invention.
Interpretation of related nouns
SPA application: the SPA application is a single-page application, and unlike a traditional web application, the single-page application renders all views and loads data in one web page. When the application is started, all related resources are loaded to the front end, and all user interaction logic monitors web routing hash change and dynamically loads view template rendering through the scripting language.
JWT Standard: the JSON WEB TOKEN is a scheme for solving user identity authentication in a front-end and back-end separation framework of JSON WEB TOKEN, mainly solves the cross-domain problem possibly caused by front-end and back-end REST interface communication, and mainly comprises a JWT head part, a load and visa information.
Those not described in detail in this specification are within the skill of the art.
Claims (6)
1. A role-based front-end and back-end separated architecture access control system, comprising: the system comprises an authority role correlation module, a routing authority role registration module, a routing system, an access control module, a routing monitoring module, an identity authentication module and a data access module;
the authority role correlation module is respectively connected with the routing authority role registration module and the data access module, the routing authority role registration module is connected with the routing system, the identity authentication module is respectively connected with the data access module and the routing monitoring module, the routing monitoring module is respectively connected with the routing system and the access control module, and the access control module is respectively connected with the data access module and the routing system;
the authority role association module is used for carrying out authority division on system resources according to a strategy designated by a system developer, distributing different authorities of roles and realizing the association relation between the roles and the access authorities of the system resources;
the authority role association module comprises an authority role table storage module and an authority role updating module; the authority role association table storage module is used for selecting a relational database, storing an authority role association table and ensuring the fast retrieval of the authority role association table; the authority role updating module is used for providing a flexible authority role configuration interface, including adding roles and adding and deleting related authorities for the roles;
the authority role table storage module is connected with the routing authority role registration module,
the routing authority role registration module is used for adding a front end view and a controller corresponding to a route in a routing system and registering a role with the access authority of the routing resource according to an authority role association table;
the routing system is used for controlling the incidence relation between the front end view and the controller and simultaneously appointing the jump interaction logic between the front end views;
the access control module is used for judging the request validity according to the set access control strategy middleware and generating corresponding actions;
the route monitoring module is registered at the starting stage of the application program and is used for monitoring route change, hijacking user resource access request actions and triggering the access control module to execute the route monitoring module;
the identity authentication module is used for carrying out identity authentication on the user with the access request by combining with a JWT standard universal for RESTFUL interface programming, acquiring the related identity information of the user and then re-rendering the front end view according to the identity information of the user;
the data access module is combined with a front-end and rear-end separation framework development framework, encapsulates a global service assembly, is used for providing a storage interface, a reading interface and a destruction interface of user information and authority role associated information, and utilizes a browser or a local memory to store information.
2. The role based front-end and back-end separated architecture access control system of claim 1, wherein the identity authentication module comprises a user authentication module and an identity deregistration module;
the user authentication module is used for sending the user identification information to background authentication, setting a front end overall user identity, triggering a front end view to render again and updating an interface;
the identity logout module is used for destroying the global user identity at the front end, triggering the front end view to render again and updating the interface.
3. The role-based front-end and back-end separation architecture access control system of claim 1, wherein the data access module comprises a data encryption module, a data sharing module, and a data destruction module;
the data encryption module is used for encrypting and storing user information and authority role related information;
the data sharing module is used for sharing sessionStorage storage data under multiple tags;
the data destruction module is used for destroying designated or global storage information.
4. The role-based front-end and back-end separated architecture access control system of claim 1, wherein the access control module comprises an authority authentication module, an access control policy registration module, and a policy response module;
the authority authentication module is used for judging whether the resource access request user has the resource access qualification;
the access control strategy registration module is used for registering various access control strategy middleware;
the strategy response module is used for implementing relevant response strategies including route redirection and request releasing action according to the authority authentication result.
5. A role-based front-back end separation architecture access control method, which applies the role-based front-back end separation architecture access control system of any one of the above claims 1-4, characterized by comprising the following steps:
step 1, when an application program is started, acquiring a permission role association table from a permission role association module, then sending the permission role association table to a routing permission role registration module in a front-end framework, storing the permission role association table in a browser or a local memory through a data access module, registering a front end view corresponding to routing and routing, an accessible role list of a controller and related permissions into a routing system by the routing permission role registration module, and determining the corresponding relation between the routing and the roles, and meanwhile, registering an identity authentication module in the application program for finishing user identity authentication and logout; the route monitoring module is used for monitoring the change of the route state; the access control module is used for configuring an access control strategy;
step 2, when the user initiates the application program resource access request, firstly, the identity authentication module authenticates the user, refuses the subsequent access to the authentication failure request, and redirects the authentication to the identity authentication module, for the authentication success request, the identity authentication module reads the user information and the authority role associated information from the data access module, and hands the user information, the authority role associated information and the access request to the route monitoring module, the route monitoring module obtains the route information to be accessed in the access request, then reads the accessible role list of the route from the routing system, and sends the access request and the accessible role list to the access control module, the access control module firstly takes the intersection of the user information, the authority role associated information and the accessible role list, if the result is empty, the strategy response module in the access control module is executed, and refusing the access request and performing subsequent processing, if the result is not empty, further acquiring the related authority, performing further request processing action according to an access control strategy in the access control module, then completing legal request of resources through the request, and acquiring background data to complete front end view rendering.
6. The role-based front-back end separation architecture access control method according to claim 5, wherein the specific process of the identity authentication module for performing identity authentication on the user is as follows: firstly, a user sends a user name and a password to a server, the server encrypts user identity information by using a secret key after verifying the user identity to generate a token to be returned to the front end, the token is carried by the front end when the front end subsequently accesses the server to be used as an identity identifier, and the server returns accessed resources to the front end after verifying the token.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810948658.3A CN109246089B (en) | 2018-08-20 | 2018-08-20 | Role-based front-end and back-end separation architecture access control system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810948658.3A CN109246089B (en) | 2018-08-20 | 2018-08-20 | Role-based front-end and back-end separation architecture access control system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109246089A true CN109246089A (en) | 2019-01-18 |
| CN109246089B CN109246089B (en) | 2020-06-30 |
Family
ID=65071789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810948658.3A Active CN109246089B (en) | 2018-08-20 | 2018-08-20 | Role-based front-end and back-end separation architecture access control system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109246089B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109936575A (en) * | 2019-03-07 | 2019-06-25 | 北京融链科技有限公司 | Page access method, apparatus, storage medium and processor |
| CN110069730A (en) * | 2019-03-15 | 2019-07-30 | 平安城市建设科技(深圳)有限公司 | Front end page display control method, device, equipment and readable storage medium storing program for executing |
| CN110442326A (en) * | 2019-08-11 | 2019-11-12 | 西藏宁算科技集团有限公司 | A kind of method and its system simplifying separation permission control in front and back end based on Vue |
| CN110493239A (en) * | 2019-08-26 | 2019-11-22 | 京东数字科技控股有限公司 | The method and apparatus of authentication |
| CN110768974A (en) * | 2019-10-21 | 2020-02-07 | 成都安恒信息技术有限公司 | Control method for single-page application real-time view authority |
| CN110933037A (en) * | 2019-10-31 | 2020-03-27 | 贝壳技术有限公司 | User authority verification method and authority management system |
| CN111240863A (en) * | 2020-01-10 | 2020-06-05 | 无锡华云数据技术服务有限公司 | Data communication method, device, micro front-end system and storage medium |
| CN111343172A (en) * | 2020-02-20 | 2020-06-26 | 中国建设银行股份有限公司 | Network access authority dynamic processing method and device |
| CN111414591A (en) * | 2020-03-02 | 2020-07-14 | 中国建设银行股份有限公司 | Workflow management method and device |
| CN112487392A (en) * | 2020-12-08 | 2021-03-12 | 浪潮云信息技术股份公司 | Method for realizing authority control of management system by front end |
| CN113268720A (en) * | 2021-06-01 | 2021-08-17 | 广州欢网科技有限责任公司 | Front-end and back-end separation system operation method and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080175360A1 (en) * | 2007-01-18 | 2008-07-24 | Paymentone Corporation | Method and system to verify the identity of a user |
| CN101321064A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | Information system access control method and apparatus based on digital certificate technique |
| CN101751712A (en) * | 2008-11-27 | 2010-06-23 | 航天信息股份有限公司 | Centralized invoice authentification system and authentification method |
| CN101778109A (en) * | 2010-01-13 | 2010-07-14 | 苏州国华科技有限公司 | Construction method for access control policy and system thereof |
| CN102457377A (en) * | 2011-08-08 | 2012-05-16 | 中标软件有限公司 | Role-based web remote authentication and authorization method and system thereof |
-
2018
- 2018-08-20 CN CN201810948658.3A patent/CN109246089B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080175360A1 (en) * | 2007-01-18 | 2008-07-24 | Paymentone Corporation | Method and system to verify the identity of a user |
| CN101321064A (en) * | 2008-07-17 | 2008-12-10 | 上海众恒信息产业有限公司 | Information system access control method and apparatus based on digital certificate technique |
| CN101751712A (en) * | 2008-11-27 | 2010-06-23 | 航天信息股份有限公司 | Centralized invoice authentification system and authentification method |
| CN101778109A (en) * | 2010-01-13 | 2010-07-14 | 苏州国华科技有限公司 | Construction method for access control policy and system thereof |
| CN102457377A (en) * | 2011-08-08 | 2012-05-16 | 中标软件有限公司 | Role-based web remote authentication and authorization method and system thereof |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109936575B (en) * | 2019-03-07 | 2021-11-12 | 北京融链科技有限公司 | Page access method, device, storage medium and processor |
| CN109936575A (en) * | 2019-03-07 | 2019-06-25 | 北京融链科技有限公司 | Page access method, apparatus, storage medium and processor |
| CN110069730A (en) * | 2019-03-15 | 2019-07-30 | 平安城市建设科技(深圳)有限公司 | Front end page display control method, device, equipment and readable storage medium storing program for executing |
| CN110442326A (en) * | 2019-08-11 | 2019-11-12 | 西藏宁算科技集团有限公司 | A kind of method and its system simplifying separation permission control in front and back end based on Vue |
| CN110442326B (en) * | 2019-08-11 | 2023-07-14 | 西藏宁算科技集团有限公司 | Method and system for simplifying front-end and back-end separation authority control based on Vue |
| CN110493239A (en) * | 2019-08-26 | 2019-11-22 | 京东数字科技控股有限公司 | The method and apparatus of authentication |
| CN110768974A (en) * | 2019-10-21 | 2020-02-07 | 成都安恒信息技术有限公司 | Control method for single-page application real-time view authority |
| CN110768974B (en) * | 2019-10-21 | 2022-02-08 | 成都安恒信息技术有限公司 | Control method for single-page application real-time view authority |
| CN110933037B (en) * | 2019-10-31 | 2020-11-06 | 贝壳找房(北京)科技有限公司 | User authority verification method and authority management system |
| CN110933037A (en) * | 2019-10-31 | 2020-03-27 | 贝壳技术有限公司 | User authority verification method and authority management system |
| CN111240863A (en) * | 2020-01-10 | 2020-06-05 | 无锡华云数据技术服务有限公司 | Data communication method, device, micro front-end system and storage medium |
| CN111240863B (en) * | 2020-01-10 | 2024-02-06 | 无锡华云数据技术服务有限公司 | Data communication method, device, micro front-end system and storage medium |
| CN111343172A (en) * | 2020-02-20 | 2020-06-26 | 中国建设银行股份有限公司 | Network access authority dynamic processing method and device |
| CN111414591A (en) * | 2020-03-02 | 2020-07-14 | 中国建设银行股份有限公司 | Workflow management method and device |
| CN111414591B (en) * | 2020-03-02 | 2024-02-20 | 中国建设银行股份有限公司 | Workflow management method and device |
| CN112487392A (en) * | 2020-12-08 | 2021-03-12 | 浪潮云信息技术股份公司 | Method for realizing authority control of management system by front end |
| CN113268720A (en) * | 2021-06-01 | 2021-08-17 | 广州欢网科技有限责任公司 | Front-end and back-end separation system operation method and device |
| CN113268720B (en) * | 2021-06-01 | 2023-05-26 | 广州欢网科技有限责任公司 | Front-end and back-end separation system operation method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109246089B (en) | 2020-06-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109246089B (en) | Role-based front-end and back-end separation architecture access control system and method | |
| US11019068B2 (en) | Quorum-based access management | |
| US10673866B2 (en) | Cross-account role management | |
| US9047456B2 (en) | System and method for controlling access to a resource | |
| CA3118694A1 (en) | Systems and methods for application pre-launch | |
| CN102929659B (en) | The method of selecting between manner of execution for the predetermined quantity in application program | |
| CN110363026B (en) | File operation method, device, equipment, system and computer readable storage medium | |
| US11888980B2 (en) | Stateless service-mediated security module | |
| US20050177724A1 (en) | Authentication system and method | |
| US10511584B1 (en) | Multi-tenant secure bastion | |
| CN105897668A (en) | Third party account authorization method, device, server and system | |
| KR20140041368A (en) | Image forming apparatus, method for controlling image forming apparatus, and storage medium therefor | |
| CN101326491A (en) | Methods for selecting between a predetermined number of execution methods for an application program | |
| US20140282994A1 (en) | Method for calling up a client program | |
| CN105432056A (en) | Secure hybrid file-sharing system | |
| US10205717B1 (en) | Virtual machine logon federation | |
| WO2017193074A1 (en) | Script manager for distributed systems | |
| US20150341362A1 (en) | Method and system for selectively permitting non-secure application to communicate with secure application | |
| US20190394188A1 (en) | Information processing apparatus, information processing method, and authentication linking system | |
| CN109977039A (en) | HD encryption method for storing cipher key, device, equipment and readable storage medium storing program for executing | |
| JP6994607B1 (en) | Systems and methods for intellisense for SAAS applications | |
| US8543810B1 (en) | Deployment tool and method for managing security lifecycle of a federated web service | |
| US10257263B1 (en) | Secure remote execution of infrastructure management | |
| EP3759629B1 (en) | Method, entity and system for managing access to data through a late dynamic binding of its associated metadata | |
| CN102655496A (en) | Logging method, system and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |