CN109388958A - A kind of data permission management service middleware platform scheme based on section - Google Patents
A kind of data permission management service middleware platform scheme based on section Download PDFInfo
- Publication number
- CN109388958A CN109388958A CN201811159574.8A CN201811159574A CN109388958A CN 109388958 A CN109388958 A CN 109388958A CN 201811159574 A CN201811159574 A CN 201811159574A CN 109388958 A CN109388958 A CN 109388958A
- Authority
- CN
- China
- Prior art keywords
- module
- data
- management
- former operation
- operation system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The data permission management service middleware platform scheme based on section that the invention discloses a kind of, including former operation system, former operation system includes front end display module, data processing logic module, inquiry realizes that module and system interaction interface realize module, it is characterized in that, including data permission management service platform, the data permission management platform includes bottom nucleus module, system interaction interface module, system interaction realizes module, subscriber interface module, the subscriber interface module includes group management module, resource management module and data type management module, system interaction interface module includes that data area selection interface module and object user select interface module.
Description
Technical field
The invention belongs to software technology field, specially a kind of data permission management service middleware platform based on section
Scheme.
Background technique
The data permission of traditional web application generally provides control and management by the business of application itself, and which is inevitable
Cause permission business relatively fixed, flexibility is low, and permission service code is coupled with system main business code level.If related to
And permission business changes, and gently then changes data, heavy then need to change service code, it is wide to be related to code repetition measurement, causes to be modified to
This high problem.
Summary of the invention
The data permission management service middleware platform scheme based on section that the purpose of the present invention is to provide a kind of, can
The main business of application and rights management business are decoupled, achievees the purpose that system main business and permission business are divided and rule, has
The advantages of cost is relatively low.
Above-mentioned purpose of the invention has the technical scheme that
A kind of data permission management service middleware platform scheme based on section, including former operation system, former business system
System includes that front end display module, data processing logic module, inquiry realization module and system interaction interface realize module, packet
Include data permission management service platform, the data permission management platform include bottom nucleus module, system interaction interface module,
System interaction realizes module, subscriber interface module, and the subscriber interface module includes group management module, resource management module sum number
According to type management module, system interaction interface module includes that data area selection interface module and object user select interface mould
Block, further comprising the steps of:
S1, data permission configuration is carried out, specifically by subscriber interface module to a group module, resource management module, data
Type management module is managed and configures, and configuration result will be stored into the database of bottom nucleus module management, has stored
Data permission configuration flow is completed at rear;
S2, data permission control is carried out, user accesses former operation system, and former operation system is patrolled in progress data processing business
When collecting, incision needs to carry out the logic of permission control, and realizes module with system interaction interface of the configuration in former operation system
It interacts, system interaction interface realizes that module can be communicated with bottom nucleus module, obtains the business being currently executing
The data permission of logic configures, i.e. data of the configuration in the database of bottom nucleus module management in S1, and to current business
Logic is accordingly changed, and data permission control flow is completed after the completion of change, after former operation system continues to execute change
Service logic returns data to front end display module after having executed.
Further, in the step S1, group management module, resource management module, the data of data type management module are next
Source is provided by system interaction interface module, system interaction interface module be by with configuration system interaction interface realize module into
Row interaction obtains related data information.
Further, the step S1 includes:
S11: former operation system introduces system interaction and realizes module, and realizes relevant data-interface;
S12: former operation system data processing flow codes are corrected by the specification of data permission management service platform and configuration.
S13: start former operation system and data rights management service platform, pass through the use of data permission management service platform
Family interface module configuring authority management data.
In conclusion the invention has the following advantages:
(1) main business of application and rights management business are decoupled, reaches system main business and permission business is divided and rule
Purpose, have the advantages that cost is relatively low
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the system architecture diagram of the embodiment of the present invention.
Specific embodiment
In the following detailed description, many details are proposed, in order to complete understanding of the present invention.But
It will be apparent to those skilled in the art that the present invention can not need some details in these details
In the case of implement.Below to the description of embodiment just for the sake of provided by showing example of the invention to it is of the invention more
Understand well.
Below in conjunction with attached drawing, the technical solution of the embodiment of the present invention is described.
Embodiment:
As shown in Figure 1, a kind of data permission management service middleware platform scheme based on section, including former business system
System, former operation system include front end display module, data processing logic module, inquiry realization module and system interaction interface
Realize module, including data permission management service platform, data permission management platform includes that bottom nucleus module, system interaction connect
Mouth mold block, system interaction realize module, subscriber interface module, and subscriber interface module includes group management module, resource management module
With data type management module, system interaction interface module includes that data area selection interface module and object user select interface
Module, further comprising the steps of:
S1, data permission configuration is carried out, specifically by subscriber interface module to a group module, resource management module, data
Type management module is managed and configures, and configuration result will be stored into the database of bottom nucleus module management, has stored
Data permission configuration flow is completed at rear;
S2, data permission control is carried out, user accesses former operation system, and former operation system is patrolled in progress data processing business
When collecting, incision needs to carry out the logic of permission control, and realizes module with system interaction interface of the configuration in former operation system
It interacts, system interaction interface realizes that module can be communicated with bottom nucleus module, obtains the business being currently executing
The data permission of logic configures, i.e. data of the configuration in the database of bottom nucleus module management in S1, and to current business
Logic is accordingly changed, and data permission control flow is completed after the completion of change, after former operation system continues to execute change
Service logic returns data to front end display module after having executed.
In step sl, organize management module, resource management module, data type management module data source handed over by system
Mutual interface module provides, and system interaction interface module is by realizing that module interacts acquisition in system interaction interface with configuration
Related data information.
Specifically, step S1 includes:
S11: former operation system introduces system interaction and realizes module, and realizes relevant data-interface;
S12: former operation system data processing flow codes are corrected by the specification of data permission management service platform and configuration.
S13: start former operation system and data rights management service platform, pass through the use of data permission management service platform
Family interface module configuring authority management data.
Data permission management with former operation system compares, and the present invention provides full decoupled frameworks and rights management industry
Business service, former operation system only need to realize basic data processing service logic, and rights management transfers to data permission management flat
Platform is handled.
The above embodiments are merely illustrative of the technical solutions of the present invention, rather than limits the protection scope of invention.It is aobvious
So, described embodiment is only section Example of the present invention, rather than whole embodiments.Based on these embodiments, ability
Domain those of ordinary skill every other embodiment obtained without creative efforts, belongs to institute of the present invention
Scope of protection.
Although referring to above-described embodiment, invention is explained in detail, and those of ordinary skill in the art still can be with
In the absence of conflict, creative work is not made to be according to circumstances combined with each other the feature in various embodiments of the present invention, increase
It deletes or makees other adjustment, to obtain other technologies scheme different, that essence is without departing from design of the invention, these technical sides
Case similarly belongs to invention which is intended to be protected.
Claims (3)
1. a kind of data permission management service middleware platform scheme based on section, including former operation system, former operation system
Realize that module and system interaction interface realize module including front end display module, data processing logic module, inquiry, it is special
Sign is, including data permission management service platform, and the data permission management platform includes bottom nucleus module, system interaction
Interface module, system interaction realize module, subscriber interface module, and the subscriber interface module includes group management module, resource pipe
Module and data type management module are managed, system interaction interface module includes data area selection interface module and object user choosing
Interface module is selected, further comprising the steps of:
S1, data permission configuration is carried out, specifically by subscriber interface module to a group module, resource management module, data type
Management module is managed and configures, and configuration result will be stored into the database of bottom nucleus module management, after the completion of storage
Complete data permission configuration flow;
S2, data permission control is carried out, user accesses former operation system, and former operation system is carrying out data processing service logic
When, incision needs to carry out the logic of permission control, and with system interaction interface of the configuration in former operation system realize module into
Row interaction, system interaction interface realize that module can be communicated with bottom nucleus module, obtain the business being currently executing and patrol
The data permission collected configures, i.e. data of the configuration in the database of bottom nucleus module management in S1, and patrols current business
It collects and is accordingly changed, data permission control flow is completed after the completion of change, former operation system continues to execute the industry after changing
Business logic, returns data to front end display module after having executed.
2. a kind of data permission management service middleware platform scheme based on section according to claim 1, feature
Be, in the step S1, group management module, resource management module, data type management module data source handed over by system
Mutual interface module provides, and system interaction interface module is by realizing that module interacts acquisition in system interaction interface with configuration
Related data information.
3. a kind of data permission management service middleware platform scheme based on section according to claim 1, feature
It is, the step S1 includes:
S11: former operation system introduces system interaction and realizes module, and realizes relevant data-interface;
S12: former operation system data processing flow codes are corrected by the specification of data permission management service platform and configuration.
S13: start former operation system and data rights management service platform, pass through user circle of data permission management service platform
Face mould block configuring authority management data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811159574.8A CN109388958A (en) | 2018-09-30 | 2018-09-30 | A kind of data permission management service middleware platform scheme based on section |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811159574.8A CN109388958A (en) | 2018-09-30 | 2018-09-30 | A kind of data permission management service middleware platform scheme based on section |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109388958A true CN109388958A (en) | 2019-02-26 |
Family
ID=65419045
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811159574.8A Pending CN109388958A (en) | 2018-09-30 | 2018-09-30 | A kind of data permission management service middleware platform scheme based on section |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109388958A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113434228A (en) * | 2021-06-21 | 2021-09-24 | 青岛海尔科技有限公司 | Page request method and device, storage medium and electronic device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6163794A (en) * | 1998-10-23 | 2000-12-19 | General Magic | Network system extensible by users |
| CN103186826A (en) * | 2011-12-30 | 2013-07-03 | 鼎捷软件股份有限公司 | Service processing method and service processing device |
| CN103646218A (en) * | 2013-12-12 | 2014-03-19 | 用友软件股份有限公司 | Device and method for defining data access right and behavior right |
| CN104683313A (en) * | 2013-11-27 | 2015-06-03 | 中兴通讯股份有限公司 | Multimedia business processing device, multimedia business processing method and multimedia business processing system |
| CN107426169A (en) * | 2017-05-24 | 2017-12-01 | 阿里巴巴集团控股有限公司 | A kind of method for processing business and device based on authority |
| CN107908973A (en) * | 2017-11-22 | 2018-04-13 | 中国南方电网有限责任公司超高压输电公司 | A kind of dynamic data authority control method based on AOP technologies |
-
2018
- 2018-09-30 CN CN201811159574.8A patent/CN109388958A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6163794A (en) * | 1998-10-23 | 2000-12-19 | General Magic | Network system extensible by users |
| CN103186826A (en) * | 2011-12-30 | 2013-07-03 | 鼎捷软件股份有限公司 | Service processing method and service processing device |
| CN104683313A (en) * | 2013-11-27 | 2015-06-03 | 中兴通讯股份有限公司 | Multimedia business processing device, multimedia business processing method and multimedia business processing system |
| CN103646218A (en) * | 2013-12-12 | 2014-03-19 | 用友软件股份有限公司 | Device and method for defining data access right and behavior right |
| CN107426169A (en) * | 2017-05-24 | 2017-12-01 | 阿里巴巴集团控股有限公司 | A kind of method for processing business and device based on authority |
| CN107908973A (en) * | 2017-11-22 | 2018-04-13 | 中国南方电网有限责任公司超高压输电公司 | A kind of dynamic data authority control method based on AOP technologies |
Non-Patent Citations (3)
| Title |
|---|
| PAUL GRACE: "The Case for Aspect-Oriented Reflective Middleware", 《ACM"07》 * |
| 奋斗终生: "面向切面编程-AOP", 《HTTPS://WWW.CNBLOGS.COM/AJIANBEYOURSELF/P/3665996.HTML》 * |
| 邵奇峰: "基于AOP的细粒度RBAC模型的设计与实现", 《北京交通大学学报》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113434228A (en) * | 2021-06-21 | 2021-09-24 | 青岛海尔科技有限公司 | Page request method and device, storage medium and electronic device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mayer et al. | Fogstore: Toward a distributed data store for fog computing | |
| CN101620609B (en) | Multi-tenant data storage and access method and device | |
| CN110795486A (en) | Micro-service platform | |
| CN109344153A (en) | The processing method and terminal device of business datum | |
| CN101876984A (en) | Data management system and data relation query method and device thereof | |
| CN106202236A (en) | A kind of customer location Forecasting Methodology and device | |
| CN102014282A (en) | Distributed video transcoding scheduling method and system | |
| CN103152390A (en) | Method and device and nodes and system for node configuration of distributed storage system | |
| CN109710235B (en) | Transaction implementation system and method based on Java intelligent contract service logic | |
| CN109445711A (en) | A kind of method and device for business processing based on cloud platform | |
| CN102629220A (en) | Dynamic task allocation and management method | |
| CN106649869A (en) | Statistical method and statistical device for big data in database | |
| CN108833584A (en) | Information push method, terminal, server and computer storage medium | |
| CN109388958A (en) | A kind of data permission management service middleware platform scheme based on section | |
| CN104484619B (en) | It is a kind of to solve the method that client multi-logical channel accesses PKCS#15 file conflicts | |
| CN104731804B (en) | A kind of method and device for establishing general polling frame | |
| CN102945264A (en) | Method for intelligently starting distributed transaction | |
| CN108668244A (en) | Method for processing business, device and storage medium | |
| CN101714236A (en) | Method and device for automatically extending participant types | |
| CN104123135A (en) | Method and device for unifying background interfaces | |
| CN103095833A (en) | Updating method of cloud service system and device | |
| CN103051478A (en) | Large-capacity telecommunication network management system as well as setting and application methods thereof | |
| CN100512303C (en) | Method for confirming mapping relation between cross-domain service domain interior domains | |
| CN106462421A (en) | Telecommunication device and method for updating software in a telecommunication device | |
| CN105721527A (en) | Data processing method and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190226 |