CN109347840B - Method and device for configuring access rules of business party - Google Patents

Method and device for configuring access rules of business party Download PDF

Info

Publication number
CN109347840B
CN109347840B CN201811252202.XA CN201811252202A CN109347840B CN 109347840 B CN109347840 B CN 109347840B CN 201811252202 A CN201811252202 A CN 201811252202A CN 109347840 B CN109347840 B CN 109347840B
Authority
CN
China
Prior art keywords
service party
access
configuration
party
access rule
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811252202.XA
Other languages
Chinese (zh)
Other versions
CN109347840A (en
Inventor
冯盼盼
卢明樊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing QIYI Century Science and Technology Co Ltd
Original Assignee
Beijing QIYI Century Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing QIYI Century Science and Technology Co Ltd filed Critical Beijing QIYI Century Science and Technology Co Ltd
Priority to CN201811252202.XA priority Critical patent/CN109347840B/en
Publication of CN109347840A publication Critical patent/CN109347840A/en
Application granted granted Critical
Publication of CN109347840B publication Critical patent/CN109347840B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention discloses a method and a device for configuring access rules of a service party, wherein the method comprises the following steps: receiving a configuration instruction of an access rule; judging whether an access rule configuration set of the service party is cached or not according to the identification information of the service party; if yes, determining all the access rules contained in the configuration instruction as an updated access rule configuration set of the service party; interpreting the updated access rule configuration set, generating a new service party configuration file of the service party which can be identified by the website server, and sending the new service party configuration file to the website server; if not, determining all the access rules contained in the configuration instruction as an access rule configuration set of the business party, and caching; and interpreting the cached access rule configuration set, generating a service party configuration file of the service party which can be identified by the website server, and sending the service party configuration file to the website server. By applying the embodiment of the invention, the differentiated requirements of business parties on website services can be met.

Description

Method and device for configuring access rules of business party
Technical Field
The invention relates to the technical field of website services, in particular to a method and a device for configuring business party access rules.
Background
At present, no limitation is imposed on a business party accessing a website service.
For example: the video streaming service provided by the website has an access mode that a storage unit needing to be accessed is mounted on a machine, a website server is deployed on the machine, and the access of the website server is designated as a mounting path, so that a service party can access video files in a storage cluster in an http mode. In the prior art, a service party can access a video file in a storage cluster through all website servers and watch or download the video file in the storage cluster without the limitation and restriction of an area or a website server.
However, for network security, the service party may only allow access to the intranet, or to keep the network clear, the service party may limit the frequency of access or download bandwidth. The prior art does not satisfy this differentiated need of the business parties.
Disclosure of Invention
The embodiment of the invention aims to provide a method and a device for business party access and configuration of access rules so as to meet the differentiated requirements of business parties on website services.
In order to achieve the above object, the embodiment of the present invention discloses a method for a service party to access, which is applied to a website server and includes the steps of:
receiving an access request sent by a service party;
according to the access request, obtaining a service party configuration file of the service party from a pre-stored service party configuration file; the pre-stored business party configuration files are generated and sent to the website server by a management server connected with the website server according to the requirements of business parties, and all access rules aiming at the business parties are stored in each business party configuration file;
and executing the access request according to the access rule in the service party configuration file.
Preferably, the access request includes identification information of a service party; the pre-stored service party configuration file comprises the corresponding relation between the service party identification information and the service party configuration file of the service party;
the obtaining of the service party configuration file of the service party from the pre-stored service party configuration file according to the access request is as follows: and acquiring a service party configuration file corresponding to the identification information of the service party from a pre-stored service party configuration file according to the identification information of the service party.
Preferably, the access request includes a service party key, and the service party key is pre-allocated to the service party by the management server; the pre-stored service party configuration file comprises the corresponding relation between the identification information of the service party and the service party configuration file of the service party;
when the website server receives an access request sent by a service party, a service party key is obtained from the access request;
sending the service party key to the management server, so that the management server sends the identification information of the service party corresponding to the service party key to the website server according to the pre-stored corresponding relationship between each service party key and the identification information of the service party;
the obtaining of the service party configuration file of the service party from the pre-stored service party configuration file according to the access request is as follows: and acquiring a service party configuration file corresponding to the identification information of the service party from a pre-stored service party configuration file according to the identification information of the service party sent by the management server.
Preferably, the method further comprises:
receiving authentication failure information sent by the management server when the identification information of the service party corresponding to the service party key cannot be obtained;
and stopping executing the access request according to the authentication failure information.
Preferably, the method further comprises:
receiving key replacement prompt information which is sent by the management server and contains identification information of a service party; the key replacement prompt message is generated and sent to the website server by the management server when the service time of the service side key reaches a first preset threshold;
and sending the key replacement prompt message to the corresponding service party according to the identification information of the service party in the key replacement prompt message.
In order to achieve the above object, an embodiment of the present invention further discloses a method for configuring an access rule of a service party, where the method is applied to a management server connected to a website server, and includes the steps of:
receiving a configuration instruction of an access rule; the configuration instructions include: identification information of a service party and all access rules of the service party;
judging whether an access rule configuration set of the service party is cached or not according to the identification information of the service party;
if yes, determining all the access rules contained in the configuration instruction as the updated access rule configuration set of the business party, and replacing the cached access rule configuration set of the business party;
interpreting the updated access rule configuration set, generating a new service party configuration file of the service party which can be identified by the website server, and sending the new service party configuration file to the website server, so that the website server updates the existing service party configuration file of the service party by using the new service party configuration file;
if not, determining all the access rules contained in the configuration instruction as an access rule configuration set of the service party, and caching;
and interpreting the cached access rule configuration set, generating a service party configuration file of the service party which can be identified by the website server, and sending the service party configuration file to the website server, so that the website server stores the service party configuration file of the service party.
Preferably, the management server provides an access rule configuration management interface, and the access rule configuration management interface includes all selectable access rule options;
receiving, via the access rule configuration management interface: identification information of a service party and an access rule option selected according to the requirement of the service party;
and generating a configuration instruction aiming at the access rule of the service party according to the selected access rule option.
In order to achieve the above object, an embodiment of the present invention further discloses a device for a service party to access, where the device is applied to a website server, and the device includes: the device comprises an access request receiving unit, a configuration file obtaining unit and an executing unit;
the access request receiving unit is used for receiving an access request sent by a service party;
the configuration file obtaining unit is used for obtaining a service party configuration file of the service party from a pre-stored service party configuration file according to the access request; the pre-stored business party configuration files are generated and sent to the website server by a management server connected with the website server according to the requirements of business parties, and all access rules aiming at the business parties are stored in each business party configuration file;
and the execution unit is used for executing the access request according to the access rule in the service party configuration file.
Preferably, the access request includes identification information of a service party; the pre-stored service party configuration file comprises the corresponding relation between the service party identification information and the service party configuration file of the service party;
the configuration file obtaining unit is specifically configured to obtain, according to the identification information of the service party, a service party configuration file corresponding to the identification information of the service party from a pre-stored service party configuration file.
Preferably, the apparatus further comprises: a key transmitting unit;
the access request comprises a service party key, and the service party key is pre-allocated to a service party by the management server; the pre-stored service party configuration file comprises the corresponding relation between the identification information of the service party and the service party configuration file of the service party;
the access request receiving unit is specifically configured to, when receiving an access request sent by a service party, the website server first obtain a service party key from the access request;
the key sending unit is used for sending the service party key to the management server, so that the management server sends the identification information of the service party corresponding to the service party key to the website server according to the pre-stored corresponding relationship between each service party key and the identification information of the service party;
the configuration file obtaining unit is specifically configured to obtain, from a pre-stored service party configuration file, a service party configuration file corresponding to the identification information of the service party according to the identification information of the service party sent by the management server.
Preferably, the apparatus further comprises: a failure information receiving unit and a stopping unit;
the failure information receiving unit is used for receiving authentication failure information sent by the management server when the identification information of the service party corresponding to the service party key cannot be obtained;
the stopping unit is used for stopping executing the access request according to the authentication failure information.
Preferably, the apparatus further comprises: the device comprises a prompt message receiving unit and a prompt message sending unit;
the prompt information receiving unit is used for receiving the key replacement prompt information which is sent by the management server and contains the identification information of the service party; the key replacement prompt message is generated and sent to the website server by the management server when the service time of the service side key reaches a first preset threshold;
and the prompt information sending unit is used for sending the key replacement prompt information to the corresponding service party according to the identification information of the service party in the key replacement prompt information.
In order to achieve the above object, an embodiment of the present invention further discloses a device for configuring access rules of a service party, where the device is applied to a management server connected to a website server, and the device includes: the device comprises a configuration instruction receiving unit, a judging unit, a replacing unit, a storage unit, a first configuration file generating unit and a second configuration file generating unit;
the configuration instruction receiving unit is used for receiving a configuration instruction of an access rule; the configuration instructions include: identification information of a service party and all access rules of the service party;
the judging unit is used for judging whether an access rule configuration set of the service party is cached or not according to the identification information of the service party; if yes, triggering the replacement unit and the first configuration file generation unit in sequence; if not, the storage unit and the second configuration file generation unit are triggered successively;
the replacing unit is configured to determine all the access rules included in the configuration instruction as the updated access rule configuration set of the service party, and replace the cached access rule configuration set of the service party;
the first configuration file generating unit is used for explaining the updated access rule configuration set, generating a new service party configuration file of the service party which can be identified by the website server, and sending the new service party configuration file to the website server, so that the website server updates the existing service party configuration file of the service party by using the new service party configuration file;
the storage unit is used for determining all the access rules contained in the configuration instruction as an access rule configuration set of the service party and caching the access rules;
the second configuration file generating unit is configured to interpret the cached access rule configuration set, generate a service party configuration file of the service party that can be identified by the website server, and send the service party configuration file to the website server, so that the website server stores the service party configuration file of the service party.
Preferably, the apparatus further comprises: the device comprises a receiving unit and a configuration instruction generating unit;
the management server provides an access rule configuration management interface which comprises all selectable access rule options;
the receiving unit is configured to receive, through the access rule configuration management interface: identification information of a service party and an access rule option selected according to the requirement of the service party;
and the configuration instruction generating unit is used for generating a configuration instruction of the access rule aiming at the service party according to the selected access rule option.
It can be seen from the foregoing technical solutions that, embodiments of the present invention provide a method and an apparatus for service party access and configuration of an access rule, where the method and apparatus are respectively applied to a website server and a management server, in an access method, the website server receives an access request sent by a service party, obtains a service party configuration file of the service party from a pre-stored service party configuration file according to the access request, and executes the access request according to the access rule in the service party configuration file.
Therefore, in the embodiment of the invention, the business party needs to access according to the access rules in the business party configuration file, the business party configuration file contains all the access rules which the corresponding business party needs to obey, and the access exceeding the access rules in the business party configuration file cannot be executed, so that the differentiated requirements of each business party on the website service can be met. Of course, it is not necessary for any product or method of practicing the invention to achieve all of the above-described advantages at the same time.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for accessing by a service party according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a method for configuring an access rule of a service party according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a device accessed by a service party according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a configuration apparatus for business party access rules according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The embodiment of the invention provides a method and a device for business party access and access rule configuration, which are respectively applied to a website server and a management server.
The present invention will be described in detail below with reference to specific examples.
Referring to fig. 1, fig. 1 is a schematic flowchart of a method for a service party to access according to an embodiment of the present invention, where the method is applied to a website server, and includes the following steps:
s101: receiving an access request sent by a service party;
s102: according to the access request, obtaining a service party configuration file of the service party from a pre-stored service party configuration file;
the pre-stored service party configuration files are generated and sent to the website server by a management server connected with the website server according to the requirements of service parties, and all access rules aiming at the service parties are stored in each service party configuration file.
S103: and executing the access request according to the access rule in the service party configuration file.
In practical applications, the access request can be executed in two ways:
first, if the access request includes identification information of a service party and a pre-stored configuration file includes a correspondence between the identification information of the service party and the configuration file of the service party, then:
according to the access request, obtaining the service party profile of the service party from the pre-stored service party profile may be: and obtaining a service party configuration file corresponding to the identification information of the service party from a pre-stored service party configuration file according to the identification information of the service party.
The identification information of the service party may be a self-defined name of the service party or an IP address of the service party.
Suppose that the service party is a, and the access request includes its identification information a. When the website server receives an access request sent by a service party, a service party configuration file corresponding to the identification information a of the service party A is obtained from a service party configuration file pre-stored in the website server according to the identification information a of the service party in the access request.
The service party configuration file contains all the access rules of the service party, and the service party can access according to the access rules. Wherein the access rules include: internal and external network access control, access ip limitation, access file type limitation, download bandwidth limitation and download frequency limitation.
Assume that the access rule of business party a is: only access is allowed through an intranet, only machine access in a specific ip set is allowed, the types of files allowed to be accessed are mp4 and acc formats, the speed is limited to 2Mbit/sec during downloading, the access is operated 1000 times per minute, the downloading frequency is limited to 2 times/h, the service party A can access according to the access rules, and the service party A cannot access beyond the access rules in the service party configuration file, for example, the service party A cannot access a video file with the file type of mov format.
Second, if the access request includes a service party key, where the service party key is pre-allocated to a service party by the management server, and a pre-stored service party profile includes a correspondence between identification information of the service party and the service party profile of the service party, then:
when receiving an access request sent by a service party, a website server firstly obtains a service party key from the access request;
and sending the service party key to a management server, so that the management server sends the identification information of the service party corresponding to the service party key to a website server according to the pre-stored corresponding relationship between each service party key and the identification information of the service party.
Meanwhile, according to the access request, obtaining the service party profile of the service party from the pre-stored service party profile may be: and acquiring a service party configuration file corresponding to the identification information of the service party from a pre-stored service party configuration file according to the identification information of the service party sent by the management server.
Assume that the service party is a and the access request includes a service party key 123456 pre-assigned to it by the management server. When receiving an access request sent by the service party a, the website server first obtains a service party key 123456 of the service party a from the access request, and sends the service party key to the management server; the management server stores the corresponding of the key of each service party and the identification information of the service party in advance, and when receiving the key of the service party sent by the website server, the management server can obtain the identification information a of the service party A according to the corresponding relation between the key of the service party and the identification information of the service party and send the identification information a to the website server; the website server obtains a service party configuration file corresponding to the identification information a of the service party A from a service party configuration file pre-stored in the website server according to the received identification information a of the service party, wherein the configuration file comprises all access rules of the service party A; business a may access according to these access rules.
In practical application, the method may further include:
receiving authentication failure information sent by the management server when the identification information of the service party corresponding to the service party key cannot be obtained;
and stopping executing the access request according to the authentication failure information.
Assume that the service party a sends a service party key of 1234. After receiving the service party key, the management server cannot find the identification information of the service party corresponding to the service party key, the management server fails authentication and sends the authentication failure information to the website server, and the website server stops executing the access request and forbids the service party A to access after receiving the authentication failure information.
In addition, the method may further include:
receiving key replacement prompt information which is sent by a management server and contains identification information of a service party, wherein the key replacement prompt information is generated and sent to a website server by the management server when the service time of a service party key reaches a first preset threshold;
and sending the key replacement prompt message to the corresponding service party according to the identification information of the service party in the key replacement prompt message.
In practical application, a service side key expiration mechanism can be provided. Assume an expiration time of 30 days and a first preset threshold of 27 days. When the service side key is used for 27 days, the prompt message of changing the overdue service side key into the new service side key is sent to the website server, the website server outputs the prompt message to the corresponding service side according to the identification information of the service side in the prompt message, wherein the new service side key is distributed for the service side by the management server and can be informed to the corresponding service side by a manager, and the management server can also send the new service side key to the service side through the website server.
And when the use time reaches the expiration time, namely 30 days, the new service party key replaces the stored service party key and is correspondingly stored with the identification information of the corresponding service party. This avoids security problems due to leakage of the service side key.
In practical applications, there may be one management server in a region, and there are multiple website servers under the management server, wherein there may be some website servers where there may not be a configuration file of a certain service party. Supposing that the existing website servers a and b and the service party a exist configuration files of the service party a in the website server a and do not exist configuration files of the service party a in the website server b, after the website servers a and b receive identification information of the service party a sent by the management server, the service party can access the video stream service through a but cannot access the video stream service through b. The method for accessing a service party, which is provided by applying the embodiment shown in fig. 1 of the present invention, is applied to a website server, receives an access request sent by a service party, obtains a service party profile of the service party from a pre-stored service party profile according to the access request, and executes the access request according to an access rule in the service party profile.
The method for accessing a service party, provided by applying the embodiment shown in fig. 1 of the present invention, is applied to a website server, where the website server receives an access request sent by a service party, obtains a service party profile of the service party from pre-stored service party profiles according to the access request, and executes the access request according to an access rule in the service party profile.
Therefore, in the embodiment of the invention, the business party needs to access according to the access rules in the business party configuration file, the business party configuration file contains all the access rules which the corresponding business party needs to obey, and the access exceeding the access rules in the business party configuration file cannot be executed, so that the differentiated requirements of each business party on the website service can be met.
Referring to fig. 2, fig. 2 is a schematic flowchart of a method for configuring an access rule of a service party according to an embodiment of the present invention, where the method is applied to a management server, and includes the following steps:
s201: receiving a configuration instruction of an access rule;
wherein the configuration instruction comprises: identification information of a business party and all access rules of the business party.
In practical application, the management server can provide an access rule configuration management interface, and the access rule configuration management interface comprises all selectable access rule options;
receiving, via the access rule configuration management interface: identification information of a service party and an access rule option selected according to the requirement of the service party;
and generating a configuration instruction of the access rule aiming at the service party according to the selected access rule option.
For example, according to the requirement of a business party, a manager selects all access rules of the business party from the selectable access rules provided by the access rule configuration management interface, and then generates a configuration instruction of the business party according to the identification information of the business party.
S202: judging whether an access rule configuration set of the service party is cached or not according to the identification information of the service party; if yes, executing steps S203 and S204 in sequence; if not, executing steps S213 and S214 successively;
s203: determining all the access rules contained in the configuration instruction as an updated access rule configuration set of the service party, and replacing the cached access rule configuration set of the service party;
s204: interpreting the updated access rule configuration set, generating a new service party configuration file of the service party which can be identified by the website server, and sending the new service party configuration file to the website server;
in this way, the website server can update the existing service party profile of the service party with the new service party profile. And when receiving the access request of the service party, executing access according to the access rule in the new service party configuration file.
In practical application, for the access rule configuration set of the service party cached in the management server, the access rule used in the configuration instruction is compared with the access rule used in the cached access rule configuration set of the service party: if the access rule configuration set does not contain a certain access rule in the configuration instruction, adding the access rule into the access rule configuration set; if the access rule configuration set contains a certain access rule in the configuration instruction, updating the access rule in the access rule configuration set; if the access rule configuration set contains the access rule but the configuration instruction does not contain a certain access rule, deleting the access rule in the access rule configuration set; and finally, generating an updated access rule configuration set, replacing the cached access rule configuration set of the service party with the updated access rule configuration set, interpreting the updated access rule configuration set into a new configuration file of the service party, which can be identified by the website server, and sending the new configuration file to the website server so as to replace the configuration file of the service party stored by the website server.
S213: determining all the access rules contained in the configuration instruction as an access rule configuration set of the service party, and caching;
s214: and interpreting the cached access rule configuration set, generating a service party configuration file of the service party which can be identified by the website server, and sending the service party configuration file to the website server.
In this way, the website server may be caused to store a service party profile for the service party. And when receiving the access request of the service party, executing access according to the access rule in the service party configuration file.
Assuming that only the access rule for limiting the access frequency exists in the access rule configuration set of the service party, the configuration file identifiable by the website server obtained by analysis is as follows:
limit_req_zone$binary_remote_addr zone=one:10m rate=1r/s;
i.e. representing a restriction of access frequency to one request per second.
The embodiment of fig. 2 of the present invention provides a method for configuring an access rule of a service party, which is applied to a management server, where the management server receives a configuration instruction of the access rule, and determines whether an access rule configuration set of the service party is cached according to identification information of the service party: if so, determining all the access rules contained in the configuration instruction as an updated access rule configuration set of the service party, replacing the cached access rule configuration set of the service party, explaining the updated access rule configuration set, generating a new service party configuration file of the service party which can be identified by the website server, and sending the new service party configuration file to the website server; if not, determining all the access rules contained in the configuration instruction as the access rule configuration set of the service party, caching, explaining the cached access rule configuration set, generating a service party configuration file of the service party which can be identified by the website server, and sending the service party configuration file to the website server.
Therefore, in the embodiment of the invention, the business party needs to access according to the access rules in the business party configuration file, the business party configuration file contains all the access rules which the corresponding business party needs to obey, and the access exceeding the access rules in the business party configuration file cannot be executed, so that the differentiated requirements of each business party on the website service can be met.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a device accessed by a service party according to an embodiment of the present invention, which is mainly applied to a website server, and corresponds to the flow shown in fig. 1, and includes: an access request receiving unit 301, a configuration file obtaining unit 302, and an executing unit 303.
The access request receiving unit 301 is configured to receive an access request sent by a service party.
A configuration file obtaining unit 302, configured to obtain, according to the access request, a service side configuration file of the service side from pre-stored service side configuration files. The pre-stored service party configuration files are generated and sent to the website server by a management server connected with the website server according to the requirements of service parties, and all access rules aiming at the service parties are stored in each service party configuration file.
The executing unit 303 is configured to execute the access request according to the access rule in the service side configuration file.
In practical applications, the access request may include identification information of a service party, and the pre-stored configuration file may include a correspondence between the identification information of the service party and the configuration file of the service party.
Then, the configuration file obtaining unit 302 in this embodiment is specifically configured to obtain, according to the identification information of the service party, a service party configuration file corresponding to the identification information of the service party from a pre-stored service party configuration file.
In addition, the access request may further include a service party key, where the service party key is pre-allocated to the service party by the management server, and the pre-stored service party profile may include a correspondence between the identification information of the service party and the service party profile of the service party.
Then, the apparatus may further include: a key sending unit (not shown in fig. 3).
In this case, the access request receiving unit 301 is specifically configured to, when the website server receives an access request sent by a service party, first obtain a service party key from the access request.
And the key sending unit is used for sending the service party key to the management server, so that the management server sends the identification information of the service party corresponding to the service party key to the website server according to the pre-stored corresponding relationship between each service party key and the identification information of the service party.
The configuration file obtaining unit 302 is specifically configured to obtain, according to the identification information of the service party sent by the management server, a service party configuration file corresponding to the identification information of the service party from a pre-stored service party configuration file.
In this embodiment, the apparatus may further include: a failure information receiving unit and a stopping unit (not shown in fig. 3).
The management server is used for acquiring the identification information of the service party corresponding to the service party key, and the management server is used for acquiring the identification information of the service party corresponding to the service party key.
And the stopping unit is used for stopping executing the access request according to the authentication failure information.
In practical application, the device may further include: a reminder information receiving unit and a reminder information transmitting unit (not shown in fig. 3).
The prompt information receiving unit is used for receiving the key replacement prompt information which is sent by the management server and contains the identification information of the service party. The key replacement prompt message is generated and sent to the website server by the management server when the service time of the service side key reaches a first preset threshold.
And the prompt information sending unit is used for sending the key replacement prompt information to the corresponding service party according to the identification information of the service party in the key replacement prompt information.
The method for accessing the service party provided by the embodiment shown in fig. 3 of the present invention is applied to a website server, and the website server receives an access request sent by the service party, obtains a service party profile of the service party from a pre-stored service party profile according to the access request, and executes the access request according to an access rule in the service party profile.
Therefore, in the embodiment of the invention, the business party needs to access according to the access rules in the business party configuration file, the business party configuration file contains all the access rules which the corresponding business party needs to obey, and the access exceeding the access rules in the business party configuration file cannot be executed, so that the differentiated requirements of each business party on the website service can be met.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a configuration apparatus for a business side access rule according to an embodiment of the present invention, which is mainly applied to a management server, and corresponding to the flow shown in fig. 2, the configuration apparatus may include: a configuration instruction receiving unit 401, a judging unit 402, a replacing unit 403, a storing unit 413, a first configuration file generating unit 404, and a second configuration file generating unit 414.
The configuration instruction receiving unit 401 is configured to receive a configuration instruction of an access rule, where the configuration instruction includes: identification information of a business party and all access rules of the business party.
A determining unit 402, configured to determine whether an access rule configuration set of a service party is cached according to identification information of the service party; if yes, the replacing unit 403 and the first configuration file generating unit 404 are triggered successively; if not, the storage unit 413 and the second configuration file generation unit 414 are triggered successively.
The replacing unit 403 is configured to determine all the access rules included in the configuration instruction as the updated access rule configuration set of the service party, and replace the cached access rule configuration set of the service party.
A first configuration file generating unit 404, configured to interpret the updated access rule configuration set, generate a new service party configuration file of the service party that can be identified by the web server, and send the new service party configuration file to the web server, so that the web server updates the existing service party configuration file of the service party with the new service party configuration file.
The storage unit 413 is configured to determine all the access rules included in the configuration instruction as the access rule configuration set of the service party, and cache the access rules.
A second configuration file generating unit 414, configured to interpret the cached access rule configuration set, generate a service party configuration file of the service party that can be identified by the website server, and send the service party configuration file to the website server, so that the website server stores the service party configuration file of the service party.
In practical application, the device may further include: a receiving unit and a configuration instruction generating unit (not shown in fig. 4).
The management server provides an access rule configuration management interface, and the access rule configuration management interface comprises all selectable access rule options.
In this embodiment, the receiving unit is configured to receive, through the access rule configuration management interface: identification information of a service party and an access rule option selected according to the requirements of the service party.
And the configuration instruction generating unit is used for generating a configuration instruction of the access rule aiming at the service party according to the selected access rule option.
The embodiment of fig. 4 of the present invention provides a method for configuring an access rule of a service party, which is applied to a management server, where the management server receives a configuration instruction of the access rule, and determines whether an access rule configuration set of the service party is cached according to identification information of the service party: if so, determining all the access rules contained in the configuration instruction as an updated access rule configuration set of the service party, replacing the cached access rule configuration set of the service party, explaining the updated access rule configuration set, generating a new service party configuration file of the service party which can be identified by the website server, and sending the new service party configuration file to the website server; if not, determining all the access rules contained in the configuration instruction as the access rule configuration set of the service party, caching, explaining the cached access rule configuration set, generating a service party configuration file of the service party which can be identified by the website server, and sending the service party configuration file to the website server.
Therefore, in the embodiment of the invention, the business party needs to access according to the access rules in the business party configuration file, the business party configuration file contains all the access rules which the corresponding business party needs to obey, and the access exceeding the access rules in the business party configuration file cannot be executed, so that the differentiated requirements of each business party on the website service can be met.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (4)

1. A business side access rule configuration method is applied to a management server connected with a website server, and comprises the following steps:
receiving a configuration instruction of an access rule; the configuration instructions include: identification information of a service party and all access rules of the service party; the access rules include: internal and external network access control, access ip limitation, access file type limitation, download bandwidth limitation and download frequency limitation;
judging whether an access rule configuration set of the service party is cached or not according to the identification information of the service party;
if yes, determining all the access rules contained in the configuration instruction as the updated access rule configuration set of the business party, and replacing the cached access rule configuration set of the business party;
interpreting the updated access rule configuration set, generating a new service party configuration file of the service party which can be identified by the website server, and sending the new service party configuration file to the website server, so that the website server updates the existing service party configuration file of the service party by using the new service party configuration file;
if not, determining all the access rules contained in the configuration instruction as an access rule configuration set of the service party, and caching;
and interpreting the cached access rule configuration set, generating a service party configuration file of the service party which can be identified by the website server, and sending the service party configuration file to the website server, so that the website server stores the service party configuration file of the service party.
2. The method of claim 1, wherein:
the management server provides an access rule configuration management interface which comprises all selectable access rule options;
receiving, via the access rule configuration management interface: identification information of a service party and an access rule option selected according to the requirement of the service party;
and generating a configuration instruction aiming at the access rule of the service party according to the selected access rule option.
3. An apparatus for configuring access rules of business parties, applied to a management server connected to a website server, the apparatus comprising: the device comprises a configuration instruction receiving unit, a judging unit, a replacing unit, a storage unit, a first configuration file generating unit and a second configuration file generating unit;
the configuration instruction receiving unit is used for receiving a configuration instruction of an access rule; the configuration instructions include: identification information of a service party and all access rules of the service party; the access rules include: internal and external network access control, access ip limitation, access file type limitation, download bandwidth limitation and download frequency limitation;
the judging unit is used for judging whether an access rule configuration set of the service party is cached or not according to the identification information of the service party; if yes, triggering the replacement unit and the first configuration file generation unit in sequence; if not, the storage unit and the second configuration file generation unit are triggered successively;
the replacing unit is configured to determine all the access rules included in the configuration instruction as the updated access rule configuration set of the service party, and replace the cached access rule configuration set of the service party;
the first configuration file generating unit is used for explaining the updated access rule configuration set, generating a new service party configuration file of the service party which can be identified by the website server, and sending the new service party configuration file to the website server, so that the website server updates the existing service party configuration file of the service party by using the new service party configuration file;
the storage unit is used for determining all the access rules contained in the configuration instruction as an access rule configuration set of the service party and caching the access rules;
the second configuration file generating unit is configured to interpret the cached access rule configuration set, generate a service party configuration file of the service party that can be identified by the website server, and send the service party configuration file to the website server, so that the website server stores the service party configuration file of the service party.
4. The apparatus of claim 3, further comprising: the device comprises a receiving unit and a configuration instruction generating unit;
the management server provides an access rule configuration management interface which comprises all selectable access rule options;
the receiving unit is configured to receive, through the access rule configuration management interface: identification information of a service party and an access rule option selected according to the requirement of the service party;
and the configuration instruction generating unit is used for generating a configuration instruction of the access rule aiming at the service party according to the selected access rule option.
CN201811252202.XA 2015-11-30 2015-11-30 Method and device for configuring access rules of business party Active CN109347840B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811252202.XA CN109347840B (en) 2015-11-30 2015-11-30 Method and device for configuring access rules of business party

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811252202.XA CN109347840B (en) 2015-11-30 2015-11-30 Method and device for configuring access rules of business party
CN201510857687.5A CN105516099B (en) 2015-11-30 2015-11-30 A kind of method and apparatus of business side access and the configuration of access rule

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN201510857687.5A Division CN105516099B (en) 2015-11-30 2015-11-30 A kind of method and apparatus of business side access and the configuration of access rule

Publications (2)

Publication Number Publication Date
CN109347840A CN109347840A (en) 2019-02-15
CN109347840B true CN109347840B (en) 2021-09-24

Family

ID=55723737

Family Applications (2)

Application Number Title Priority Date Filing Date
CN201510857687.5A Active CN105516099B (en) 2015-11-30 2015-11-30 A kind of method and apparatus of business side access and the configuration of access rule
CN201811252202.XA Active CN109347840B (en) 2015-11-30 2015-11-30 Method and device for configuring access rules of business party

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN201510857687.5A Active CN105516099B (en) 2015-11-30 2015-11-30 A kind of method and apparatus of business side access and the configuration of access rule

Country Status (1)

Country Link
CN (2) CN105516099B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109327321B (en) * 2017-08-01 2021-10-15 中兴通讯股份有限公司 Network model service execution method and device, SDN controller and readable storage medium
CN107967159B (en) * 2017-11-22 2021-08-24 腾讯科技(深圳)有限公司 Method for configuring file application and server
CN107948314B (en) * 2017-12-21 2021-07-06 泰康保险集团股份有限公司 Business processing method and device based on rule file and server
CN110971572A (en) * 2018-09-29 2020-04-07 北京华为数字技术有限公司 Authentication method, server and client
CN109413110A (en) * 2018-12-19 2019-03-01 武汉思普崚技术有限公司 A kind of method and system of the managing main frame strategy based on firewall policy linkage
CN110213331B (en) * 2019-04-29 2022-02-11 北京奇艺世纪科技有限公司 Service request processing method, terminal device, electronic device and storage medium
CN113076502A (en) * 2021-04-23 2021-07-06 南京始云网络科技有限公司 Parameter control method and system based on request identification
CN114245349A (en) * 2021-12-17 2022-03-25 中国电信股份有限公司 Service opening method, device, equipment and computer readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874226A (en) * 2006-06-26 2006-12-06 杭州华为三康技术有限公司 Terminal access method and system
CN101540757A (en) * 2008-03-19 2009-09-23 北京艾科网信科技有限公司 Method and system for identifying network and identification equipment
CN103927174A (en) * 2014-04-17 2014-07-16 北京视博数字电视科技有限公司 Service processing method and device

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100553273B1 (en) * 2003-11-14 2006-02-22 주식회사 넷츠 Extranet access management apparatus and method
CN101166265B (en) * 2005-01-24 2011-06-01 华为技术有限公司 An access method for broadband video service
CN101365096B (en) * 2007-08-09 2012-05-23 华为技术有限公司 Method for providing video content, related service apparatus and system
CN101197675B (en) * 2007-11-14 2010-06-09 杭州华三通信技术有限公司 Accesses control list configuration method and device
CN101729574B (en) * 2008-10-31 2013-05-08 中兴通讯股份有限公司 System, device and method for cascade protection of contents of IPTV service
US20110106835A1 (en) * 2009-10-29 2011-05-05 International Business Machines Corporation User-Defined Profile Tags, Rules, and Recommendations for Portal
US8966576B2 (en) * 2012-02-27 2015-02-24 Axiomatics Ab Provisioning access control using SDDL on the basis of a XACML policy
CN102843366B (en) * 2012-08-13 2019-05-28 北京百度网讯科技有限公司 A kind of network resource accession authority control method and device
CN103312716B (en) * 2013-06-20 2016-08-10 北京蓝汛通信技术有限责任公司 A kind of method and system accessing internet information
CN103501465A (en) * 2013-09-06 2014-01-08 上海骋娱传媒技术有限公司 Method and equipment used for video resource access control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1874226A (en) * 2006-06-26 2006-12-06 杭州华为三康技术有限公司 Terminal access method and system
CN101540757A (en) * 2008-03-19 2009-09-23 北京艾科网信科技有限公司 Method and system for identifying network and identification equipment
CN103927174A (en) * 2014-04-17 2014-07-16 北京视博数字电视科技有限公司 Service processing method and device

Also Published As

Publication number Publication date
CN105516099A (en) 2016-04-20
CN109347840A (en) 2019-02-15
CN105516099B (en) 2019-02-22

Similar Documents

Publication Publication Date Title
CN109347840B (en) Method and device for configuring access rules of business party
US7752296B2 (en) Device management system and device management command scheduling method thereof
EP3120501B1 (en) Low latency, high payload, high volume api gateway
CN110569109B (en) Container updating method, control node and edge node
CN112789832B (en) Dynamic slice priority handling
US20170142024A1 (en) Orchestrating physical and virtual resources for delivering digital contents
US9544288B2 (en) Messaging gateway
CN110163003B (en) Password management method and device
CN113572746A (en) Data processing method and device, electronic equipment and storage medium
CN105307052B (en) A kind of video request processing method and processing device
CN101873354A (en) Data synchronization method and system thereof in interactive television
CN110933152B (en) Preheating method, device and system and electronic equipment
CN112087335A (en) Flow experiment method, device and storage medium
CN112953719B (en) Token authentication method and device
CN111008023B (en) Instance deployment method and system
CN103327026B (en) A kind of data-updating method and the system of renewal
CN103916489A (en) Method and system for resolving single-domain-name multi-IP domain name
CN103440145A (en) Method and device for updating application programs and mobile terminal
CN106534300B (en) Data-updating method, user equipment, server and system
CN101399826B (en) Signaling management system and method for session initiation protocol
CN107124627A (en) A kind of update method of interface typesetting
GB2607871A (en) Improvements in and relating to multi-access edge computing (MEC)
US10789336B2 (en) Access management for digital content
CN111404980B (en) Data storage method and object storage system
CN108076091A (en) For the method and system of application program hair version

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant