CN109246089B - Role-based front-end and back-end separation architecture access control system and method - Google Patents

Role-based front-end and back-end separation architecture access control system and method Download PDF

Info

Publication number
CN109246089B
CN109246089B CN201810948658.3A CN201810948658A CN109246089B CN 109246089 B CN109246089 B CN 109246089B CN 201810948658 A CN201810948658 A CN 201810948658A CN 109246089 B CN109246089 B CN 109246089B
Authority
CN
China
Prior art keywords
module
role
routing
authority
access control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810948658.3A
Other languages
Chinese (zh)
Other versions
CN109246089A (en
Inventor
王健
吕少华
杨茵淇
和旭东
于洋
刘吉强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
Original Assignee
Beijing Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University filed Critical Beijing Jiaotong University
Priority to CN201810948658.3A priority Critical patent/CN109246089B/en
Publication of CN109246089A publication Critical patent/CN109246089A/en
Application granted granted Critical
Publication of CN109246089B publication Critical patent/CN109246089B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a front-end and back-end separation architecture access control system and a method based on roles, wherein the system comprises the following steps: the system comprises an authority role correlation module, a routing authority role registration module, a routing system, an access control module, a routing monitoring module, an identity authentication module and a data access module; the authority role correlation module is respectively connected with the routing authority role registration module and the data access module, the routing authority role registration module is connected with the routing system, the identity authentication module is respectively connected with the data access module and the routing monitoring module, the routing monitoring module is respectively connected with the routing system and the access control module, and the access control module is respectively connected with the data access module and the routing system; the invention mainly solves the problem of front-end limited resource access control in a front-end and back-end separation framework, enhances the front-end authority control capability, limits illegal interface requests and perfects user interaction logic.

Description

Role-based front-end and back-end separation architecture access control system and method
Technical Field
The invention relates to the problems of front-end data interaction, front-end presentation layer rendering and user behavior control management in a front-end and back-end architecture development SPA application, in particular to a system and a method for controlling access to a front-end view component in a front-end and back-end separation technology.
Background
The application program with the front end and the back end separated delivers the rendering of the view assembly to the client browser for processing, and the background server is exclusively responsible for data processing. The architecture realizes the decoupling of the data display layer, the user interaction layer and the service logic layer on one hand, and enables the application operation of the B/S architecture to achieve the effect of smooth interaction which cannot be achieved by the traditional C/S architecture on the other hand.
However, a series of authority control problems need to be faced when adopting a front-end and back-end separation architecture. In a traditional hybrid development mode, when a page is rendered by using a back-end template engine, a back-end language can selectively render and send some limited view elements according to user rights. In the front-end and back-end separation architecture, the front-end view components are all loaded to the front end when the application is started, rendering is controlled by the front-end script language, and the data server does not render any view components. The front end and the back end complete data interaction through a stateless REST interface, and under the condition, how to judge the user authority to control the rendering of the front end view module is a key element. Because all the views of the application are loaded to the front-end memory, selective view rendering needs to be performed on users with different permissions, and the users are prevented from accessing limited data resources.
Therefore, a set of complete front-end resource access control scheme is needed to solve the problem, so that the front-end and back-end separation architecture application can well judge the identity of an access user, reasonably render view resources within the legal authority range of the user, and simultaneously limit illegal calling of a system resource interface.
Disclosure of Invention
In order to solve the defects of the prior art, the invention realizes a role-based front-end and back-end separation architecture access control scheme, and promotes part of authority authentication to the front end for carrying out. The normal scheduling of the background interface is ensured, and meaningless interface calling and malicious interface requests are reduced. Reducing the request pressure of the background server and redundant authority authentication. Meanwhile, safe rendering and perfect user interaction of the application data display view are achieved, and user experience is improved.
In order to achieve the above purposes, the technical scheme adopted by the invention is as follows:
a role-based front-end and back-end separated architecture access control system, comprising: the system comprises an authority role correlation module, a routing authority role registration module, a routing system, an access control module, a routing monitoring module, an identity authentication module and a data access module;
the authority role correlation module is respectively connected with the routing authority role registration module and the data access module, the routing authority role registration module is connected with the routing system, the identity authentication module is respectively connected with the data access module and the routing monitoring module, the routing monitoring module is respectively connected with the routing system and the access control module, and the access control module is respectively connected with the data access module and the routing system;
the authority role association module is used for carrying out authority division on system resources according to a strategy designated by a system developer, distributing different authorities of roles and realizing the association relation between the roles and the access authorities of the system resources;
the authority role association module comprises an authority role table storage module and an authority role updating module; the authority role association table storage module is used for selecting a relational database, storing an authority role association table and ensuring the fast retrieval of the authority role association table; the authority role updating module is used for providing a flexible authority role configuration interface, including adding roles and adding and deleting related authorities for the roles;
the authority role table storage module is connected with the routing authority role registration module,
the routing authority role registration module is used for adding a front end view and a controller corresponding to a route in a routing system and registering a role with the access authority of the routing resource according to an authority role association table;
the routing system is used for controlling the incidence relation between the front end view and the controller and simultaneously appointing the jump interaction logic between the front end views;
the access control module is used for judging the request validity according to the set access control strategy middleware and generating corresponding actions;
the route monitoring module is registered at the starting stage of the application program and is used for monitoring route change, hijacking user resource access request actions and triggering the access control module to execute the route monitoring module;
the identity authentication module is used for carrying out identity authentication on the user with the access request by combining with a JWT standard universal for RESTFUL interface programming, acquiring the related identity information of the user and then re-rendering the front end view according to the identity information of the user;
the data access module is combined with a front-end and rear-end separation framework development framework, encapsulates a global service assembly, is used for providing a storage interface, a reading interface and a destruction interface of user information and authority role associated information, and utilizes a browser or a local memory to store information.
On the basis of the scheme, the identity authentication module comprises a user authentication module and an identity logout module;
the user authentication module is used for sending the user identification information to background authentication, setting a front end overall user identity, triggering a front end view to render again and updating an interface;
the identity logout module is used for destroying the global user identity at the front end, triggering the front end view to render again and updating the interface.
On the basis of the scheme, the data access module comprises a data encryption module, a data sharing module and a data destroying module;
the data encryption module is used for encrypting and storing relevant information such as user information, authority roles and the like;
the data sharing module is used for sharing sessionStorage storage data under multiple tags;
the data destruction module is used for destroying designated or global storage information.
On the basis of the scheme, the access control module comprises an authority authentication module, an access control strategy registration module and a strategy response module;
the authority authentication module is used for judging whether the resource access request user has the resource access qualification;
the access control strategy registration module is used for registering various access control strategy middleware;
and the strategy response module is used for implementing relevant response strategies including actions of routing redirection, request release and the like according to the authority authentication result.
A front-end and back-end separation architecture access control method based on roles applies the front-end and back-end separation architecture access control system based on roles, and comprises the following steps:
step 1, when an application program is started, acquiring a permission role association table from a permission role association module, then sending the permission role association table to a routing permission role registration module in a front-end framework, storing the permission role association table in a browser or a local memory through a data access module, registering a front end view corresponding to routing and routing, an accessible role list of a controller and related permissions into a routing system by the routing permission role registration module, and determining the corresponding relation between the routing and the roles, and meanwhile, registering an identity authentication module in the application program for finishing user identity authentication and logout; the route monitoring module is used for monitoring the change of the route state; the access control module is used for configuring a series of access control strategies;
step 2, when the user initiates the application program resource access request, firstly, the identity authentication module authenticates the user, refuses the subsequent access to the authentication failure request, and redirects the authentication to the identity authentication module, for the authentication success request, the identity authentication module reads the user information and the authority role associated information from the data access module, and hands the user information, the authority role associated information and the access request to the route monitoring module, the route monitoring module obtains the route information to be accessed in the access request, then reads the accessible role list of the route from the routing system, and sends the access request and the accessible role list to the access control module, the access control module firstly takes the intersection of the user information, the authority role associated information and the accessible role list, if the result is empty, the strategy response module in the access control module is executed, and refusing the access request and performing subsequent processing, if the result is not empty, further acquiring the related authority, performing further request processing action according to an access control strategy in the access control module, then completing legal request of resources through the request, and acquiring background data to complete front end view rendering.
On the basis of the scheme, the specific process of the identity authentication module for authenticating the identity of the user comprises the following steps: firstly, a user sends a user name and a password to a server, the server encrypts user identity information by using a secret key after verifying the user identity to generate a token to be returned to the front end, the token is carried by the front end when the front end subsequently accesses the server to be used as an identity identifier, and the server returns accessed resources to the front end after verifying the token.
The invention has the following beneficial effects:
the technical scheme of the invention provides a complete and efficient implementation scheme for resource access control, user identity authentication and front-end interaction of front-end and back-end separated architecture application. The method is mainly characterized in that a routing monitoring module, an access control module, a data access module and comprehensive application of various technologies in various modules are registered in an application program by using role-based access control, and the following beneficial effects are realized:
(1) front-end resource access control: and various modules are utilized to work comprehensively, so that the safe access of front-end resources is ensured.
(2) Flexible configuration: and a middleware registration mode is adopted, and various authority authentication strategies are flexibly configured and added.
(3) Multi-tab page data sharing: sessionStorage is shared across tag pages using localStorage events.
(4) Legal access of a background interface: through access control to the controller.
(5) And (4) safe transmission: the front-end encryption ensures reliable data transmission and prevents a man in the middle from eavesdropping sensitive data.
The technical scheme of the invention can be used for technical companies which adopt front-end and back-end separation architectures to research and develop application.
Drawings
The invention has the following drawings:
fig. 1 shows the overall architecture diagram provided in example 1.
Fig. 2 shows a basic schematic diagram of identity authentication in conjunction with JWT technology.
Fig. 3 shows an implementation flowchart of a role-based front-end and back-end separated architecture access control method provided in embodiment 1.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings.
Example 1
As shown in fig. 1, the role-based front-end and back-end separated architecture access control system provided in this embodiment includes: the system comprises an authority role correlation module, a routing authority role registration module, a routing system, an access control module, a routing monitoring module, an identity authentication module and a data access module;
the authority role correlation module is respectively connected with the routing authority role registration module and the data access module, the routing authority role registration module is connected with the routing system, the identity authentication module is respectively connected with the data access module and the routing monitoring module, the routing monitoring module is respectively connected with the routing system and the access control module, and the access control module is respectively connected with the data access module and the routing system;
the authority role association module is used for carrying out authority division on system resources according to a strategy designated by a system developer, distributing different authorities of system roles and realizing the association relation between the roles and the access authorities of the system resources;
the authority role association module comprises an authority role table storage module and an authority role updating module; the authority role association table storage module is used for selecting a relational database, storing an authority role association table and ensuring the fast retrieval of the authority role association table; the authority role updating module is used for providing a flexible authority role configuration interface, including adding roles and adding and deleting related authorities for the roles;
the authority role table storage module is connected with the routing authority role registration module,
the routing authority role registration module is used for adding a front end view and a controller corresponding to a route in a routing system with front and back end separated application, and registering a role with the access authority of the routing resource according to an authority role association table.
The routing system is used for controlling the incidence relation between the front end view and the controller and simultaneously appointing the jump interaction logic between the front end views;
the identity authentication module is used for carrying out identity authentication on the user with the access request by combining with a JWT standard universal for RESTFUL interface programming, acquiring the related identity information of the user and then re-rendering the front end view according to the identity information of the user;
the routing monitoring module is used for registering in an application starting stage and is used for monitoring routing change, hijacking a user resource access request action and triggering the access control module to execute the routing change;
the data access module is combined with a front-end and rear-end separation framework development framework, encapsulates the global service assembly, is used for providing a storage interface, a reading interface and a destruction interface of user information and authority role associated information, and utilizes a browser or a local memory to store information;
and the access control module is used for judging the request validity according to the set access control strategy middleware and generating corresponding actions.
On the basis of the scheme, the identity authentication module comprises a user authentication module and an identity logout module,
the user authentication module is used for sending the user identification information to background authentication, setting a front-end global user identity, triggering the front-end view to render again and updating an interface;
an identity logout module: and destroying the global user identity at the front end, triggering the front end view to render again, and updating the interface.
On the basis of the scheme, the data storage module comprises a data encryption module, a data sharing module and a data destroying module,
the data encryption module is used for encrypting and storing the user information, the authority role and other related information;
the data sharing module is used for sharing sessionStorage data under multiple tags
And the data destruction module is used for destroying the specified or global storage information.
On the basis of the scheme, the access control module comprises an authority authentication module, an access control strategy registration module and a strategy response module;
the authority authentication module is used for judging whether the resource access request user has the resource access qualification;
an access control policy registration module: registering various different access control policy middleware;
and the strategy response module implements related response strategies including actions of routing redirection, request release and the like according to the authority authentication result.
Wherein,
the work flow of each module is as follows: when an application program is started, acquiring a permission role association table from a permission role association module, then sending the permission role association table to a routing permission role registration module in a front-end framework, storing the permission role association table in a browser or a local memory through a data access module, registering a front end view corresponding to front-end routing and routing, an accessible role list of a controller accessing a background interface and related permissions into a routing system by the routing permission role registration module for determining the corresponding relation between routing and roles, and meanwhile, registering an identity authentication module in the application program for finishing user identity authentication and logout; the route monitoring module monitors the route state change; and the access control module is used for configuring a series of access control strategies.
When a user initiates an application resource access request, an identity authentication module performs identity authentication on the user, and a JWT authentication process is specifically as follows, as shown in fig. 2: firstly, a user sends a user name and a password to a server, the server encrypts user identity information by using a secret key after verifying the user identity and generates a token to be returned to the front end, and the token is carried by the front end to be used as an identity identifier when the front end subsequently accesses the server. And the server returns the accessed resources to the front end after verifying the token. For the authentication failure request, rejecting subsequent access, redirecting the authentication failure request to an identity authentication module, for the authentication success request, the identity authentication module reads user information and authority role associated information from a data access module, and delivers the user information, the authority role associated information and the access request to a route monitoring module, the route monitoring module acquires routing information to be accessed in the access request, then reads an accessible role list of the route from a routing system, and sends the access request and the accessible role list to an access control module, the access control module firstly intersects the user information, the authority role associated information and the accessible role list, if the result is empty, a strategy response module in the access control module is executed, the access request is rejected and subsequent processing is carried out, if the result is not empty, the relevant authority is further acquired, and further performing request processing action according to an access control strategy in the access control module, then completing legal request of resources through the request, and acquiring background data to complete view rendering.
As shown in fig. 3, the workflow of the front-end and back-end separated architecture access control method based on roles provided by this embodiment includes the following steps:
step 1, determining all roles in a system, determining the authority of system resources, establishing the corresponding relation between the authority and the roles, and providing the corresponding relation to a front-end program;
step 2, registering the view of the route and the response in the route system, the corresponding relation of the controller and the role of legally accessing the route;
step 3, designing and completing an identity authentication module, and realizing the authentication of the user and the acquisition of role authority information by combining JWT;
step 4, completing the interface writing of the data access module, including bottom API packaging and the completion of the global universal service assembly;
step 5, deploying a route monitoring module;
and 6, deploying an access control module and configuring a relevant access control strategy.
The code of each step is shown by taking a development framework angularjs which is commonly used for front-end and back-end separation as an example,
step 1, sending ajax request in app.run to obtain related role authority associated information in background, defining the requested role constant by app.constant, calling window.segmentation storage.setitem local storage interface of html5 to store the constant, and the main code segment:
Figure BDA0001770928140000091
step 2, a routing role registration module and a code segment
Figure BDA0001770928140000092
And 3, judging the validity of the user according to the user role information provided by the usersesion service by the code segment
Figure BDA0001770928140000093
Step 4, the code segment stores the authenticated user information in the global service assembly and provides a reading and destroying interface
Figure BDA0001770928140000101
Step 5, the route monitoring module code segment
Figure BDA0001770928140000102
Step 6, accessing code segments of control module
Figure BDA0001770928140000111
It should be understood that the above-mentioned embodiments of the present invention are only examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention, and it will be obvious to those skilled in the art that other variations or modifications may be made on the basis of the above description, and all embodiments may not be exhaustive, and all obvious variations or modifications may be included within the scope of the present invention.
Interpretation of related nouns
SPA application: the SPA application is a single-page application, and unlike a traditional web application, the single-page application renders all views and loads data in one web page. When the application is started, all related resources are loaded to the front end, and all user interaction logic monitors web routing hash change and dynamically loads view template rendering through the scripting language.
JWT Standard: the JSON WEB TOKEN is a scheme for solving user identity authentication in a front-end and back-end separation framework of JSON WEB TOKEN, mainly solves the cross-domain problem possibly caused by front-end and back-end REST interface communication, and mainly comprises a JWT head part, a load and visa information.
Those not described in detail in this specification are within the skill of the art.

Claims (3)

1. A role-based front-end and back-end separated architecture access control system, comprising: the system comprises an authority role correlation module, a routing authority role registration module, a routing system, an access control module, a routing monitoring module, an identity authentication module and a data access module;
the authority role correlation module is respectively connected with the routing authority role registration module and the data access module, the routing authority role registration module is connected with the routing system, the identity authentication module is respectively connected with the data access module and the routing monitoring module, the routing monitoring module is respectively connected with the routing system and the access control module, and the access control module is respectively connected with the data access module and the routing system;
the authority role association module is used for carrying out authority division on system resources according to a strategy designated by a system developer, distributing different authorities of roles and realizing the association relation between the roles and the access authorities of the system resources;
the authority role association module comprises an authority role table storage module and an authority role updating module; the authority role association table storage module is used for selecting a relational database, storing an authority role association table and ensuring the fast retrieval of the authority role association table; the authority role updating module is used for providing a flexible authority role configuration interface, including adding roles and adding and deleting related authorities for the roles;
the authority role table storage module is connected with the routing authority role registration module,
the routing authority role registration module is used for adding a front end view and a controller corresponding to a route in a routing system and registering a role with the access authority of the routing resource according to an authority role association table;
the routing system is used for controlling the incidence relation between the front end view and the controller and simultaneously appointing the jump interaction logic between the front end views;
the access control module is used for judging the request validity according to the set access control strategy middleware and generating corresponding actions;
the route monitoring module is registered at the starting stage of the application program and is used for monitoring route change, hijacking user resource access request actions and triggering the access control module to execute the route monitoring module;
the identity authentication module is used for carrying out identity authentication on the user with the access request by combining with a JWT standard universal for RESTFUL interface programming, acquiring the related identity information of the user and then re-rendering the front end view according to the identity information of the user;
the data access module is combined with a front-end and rear-end separation framework development framework, encapsulates a global service assembly, is used for providing a storage interface, a reading interface and a destruction interface of user information and authority role associated information, and utilizes a browser or a local memory to store information;
the identity authentication module comprises a user authentication module and an identity logout module;
the user authentication module is used for sending the user identification information to background authentication, setting a front end overall user identity, triggering a front end view to render again and updating an interface;
the identity logout module is used for destroying the global user identity at the front end, triggering the front end view to render again and updating the interface;
the data access module comprises a data encryption module, a data sharing module and a data destruction module;
the data encryption module is used for encrypting and storing user information and authority role related information;
the data sharing module is used for sharing sessionStorage storage data under multiple tags;
the data destruction module is used for destroying designated or global storage information;
the access control module comprises an authority authentication module, an access control strategy registration module and a strategy response module;
the authority authentication module is used for judging whether the resource access request user has the resource access qualification;
the access control strategy registration module is used for registering various access control strategy middleware;
the strategy response module is used for implementing relevant response strategies including route redirection and request releasing action according to the authority authentication result.
2. A role-based front-back end separation architecture access control method, to which the role-based front-back end separation architecture access control system of claim 1 is applied, comprising the steps of:
step 1, when an application program is started, acquiring a permission role association table from a permission role association module, then sending the permission role association table to a routing permission role registration module in a front-end framework, storing the permission role association table in a browser or a local memory through a data access module, registering a front end view corresponding to routing and routing, an accessible role list of a controller and related permissions into a routing system by the routing permission role registration module, and determining the corresponding relation between the routing and the roles, and meanwhile, registering an identity authentication module in the application program for finishing user identity authentication and logout; the route monitoring module is used for monitoring the change of the route state; the access control module is used for configuring an access control strategy;
step 2, when the user initiates the application program resource access request, firstly, the identity authentication module authenticates the user, refuses the subsequent access to the authentication failure request, and redirects the authentication to the identity authentication module, for the authentication success request, the identity authentication module reads the user information and the authority role associated information from the data access module, and hands the user information, the authority role associated information and the access request to the route monitoring module, the route monitoring module obtains the route information to be accessed in the access request, then reads the accessible role list of the route from the routing system, and sends the access request and the accessible role list to the access control module, the access control module firstly takes the intersection of the user information, the authority role associated information and the accessible role list, if the result is empty, the strategy response module in the access control module is executed, and refusing the access request and performing subsequent processing, if the result is not empty, further acquiring the related authority, performing further request processing action according to an access control strategy in the access control module, then completing legal request of resources through the request, and acquiring background data to complete front end view rendering.
3. The role-based front-back end separation architecture access control method according to claim 2, wherein the specific process of the identity authentication module for performing identity authentication on the user is as follows: firstly, a user sends a user name and a password to a server, the server encrypts user identity information by using a secret key after verifying the user identity to generate a token to be returned to the front end, the token is carried by the front end when the front end subsequently accesses the server to be used as an identity identifier, and the server returns accessed resources to the front end after verifying the token.
CN201810948658.3A 2018-08-20 2018-08-20 Role-based front-end and back-end separation architecture access control system and method Active CN109246089B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810948658.3A CN109246089B (en) 2018-08-20 2018-08-20 Role-based front-end and back-end separation architecture access control system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810948658.3A CN109246089B (en) 2018-08-20 2018-08-20 Role-based front-end and back-end separation architecture access control system and method

Publications (2)

Publication Number Publication Date
CN109246089A CN109246089A (en) 2019-01-18
CN109246089B true CN109246089B (en) 2020-06-30

Family

ID=65071789

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810948658.3A Active CN109246089B (en) 2018-08-20 2018-08-20 Role-based front-end and back-end separation architecture access control system and method

Country Status (1)

Country Link
CN (1) CN109246089B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109936575B (en) * 2019-03-07 2021-11-12 北京融链科技有限公司 Page access method, device, storage medium and processor
CN110069730A (en) * 2019-03-15 2019-07-30 平安城市建设科技(深圳)有限公司 Front end page display control method, device, equipment and readable storage medium storing program for executing
CN110442326B (en) * 2019-08-11 2023-07-14 西藏宁算科技集团有限公司 Method and system for simplifying front-end and back-end separation authority control based on Vue
CN110493239B (en) * 2019-08-26 2021-11-12 京东数字科技控股有限公司 Authentication method and device
CN110768974B (en) * 2019-10-21 2022-02-08 成都安恒信息技术有限公司 Control method for single-page application real-time view authority
CN110933037B (en) * 2019-10-31 2020-11-06 贝壳找房(北京)科技有限公司 User authority verification method and authority management system
CN111240863B (en) * 2020-01-10 2024-02-06 无锡华云数据技术服务有限公司 Data communication method, device, micro front-end system and storage medium
CN111343172A (en) * 2020-02-20 2020-06-26 中国建设银行股份有限公司 Network access authority dynamic processing method and device
CN111414591B (en) * 2020-03-02 2024-02-20 中国建设银行股份有限公司 Workflow management method and device
CN112487392A (en) * 2020-12-08 2021-03-12 浪潮云信息技术股份公司 Method for realizing authority control of management system by front end
CN113268720B (en) * 2021-06-01 2023-05-26 广州欢网科技有限责任公司 Front-end and back-end separation system operation method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321064A (en) * 2008-07-17 2008-12-10 上海众恒信息产业有限公司 Information system access control method and apparatus based on digital certificate technique
CN101751712A (en) * 2008-11-27 2010-06-23 航天信息股份有限公司 Centralized invoice authentification system and authentification method
CN101778109A (en) * 2010-01-13 2010-07-14 苏州国华科技有限公司 Construction method for access control policy and system thereof
CN102457377A (en) * 2011-08-08 2012-05-16 中标软件有限公司 Role-based web remote authentication and authorization method and system thereof

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8239325B2 (en) * 2007-01-18 2012-08-07 Paymentone Corporation Method and system to verify the identity of a user

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321064A (en) * 2008-07-17 2008-12-10 上海众恒信息产业有限公司 Information system access control method and apparatus based on digital certificate technique
CN101751712A (en) * 2008-11-27 2010-06-23 航天信息股份有限公司 Centralized invoice authentification system and authentification method
CN101778109A (en) * 2010-01-13 2010-07-14 苏州国华科技有限公司 Construction method for access control policy and system thereof
CN102457377A (en) * 2011-08-08 2012-05-16 中标软件有限公司 Role-based web remote authentication and authorization method and system thereof

Also Published As

Publication number Publication date
CN109246089A (en) 2019-01-18

Similar Documents

Publication Publication Date Title
CN109246089B (en) Role-based front-end and back-end separation architecture access control system and method
EP3788760B1 (en) Systems and methods for adding watermarks using an embedded browser
US20220070151A1 (en) Systems and methods for application pre-launch
US11019068B2 (en) Quorum-based access management
US10673866B2 (en) Cross-account role management
US20210092200A1 (en) Systems and methods for secure peer-to-peer caching
US20190089810A1 (en) Resource access method, apparatus, and system
US11888980B2 (en) Stateless service-mediated security module
CN102929659B (en) The method of selecting between manner of execution for the predetermined quantity in application program
US10733238B2 (en) Script manager for distributed systems
CN110363026B (en) File operation method, device, equipment, system and computer readable storage medium
US10511584B1 (en) Multi-tenant secure bastion
US11310034B2 (en) Systems and methods for securing offline data
US20150341362A1 (en) Method and system for selectively permitting non-secure application to communicate with secure application
US20190394188A1 (en) Information processing apparatus, information processing method, and authentication linking system
JP6994607B1 (en) Systems and methods for intellisense for SAAS applications
CN116484338A (en) Database access method and device
US10257263B1 (en) Secure remote execution of infrastructure management
CN112560006B (en) Single sign-on method and system under multi-application system
CN102655496A (en) Logging method, system and device
US9479492B1 (en) Authored injections of context that are resolved at authentication time
CN115525880A (en) Method, device, equipment and medium for providing SAAS service facing multi-tenant
CN107517177B (en) Interface authorization method and device
US20240104223A1 (en) Portable verification context
US11757848B1 (en) Content protection for device rendering

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant