CN109445766A - One kind being based on event driven file security control strategy flow engine system - Google Patents

One kind being based on event driven file security control strategy flow engine system Download PDF

Info

Publication number
CN109445766A
CN109445766A CN201811318583.7A CN201811318583A CN109445766A CN 109445766 A CN109445766 A CN 109445766A CN 201811318583 A CN201811318583 A CN 201811318583A CN 109445766 A CN109445766 A CN 109445766A
Authority
CN
China
Prior art keywords
flow
workflow
engine
engine system
movement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811318583.7A
Other languages
Chinese (zh)
Inventor
曾淑娟
常承伟
施雪成
吴明杰
贾琼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201811318583.7A priority Critical patent/CN109445766A/en
Publication of CN109445766A publication Critical patent/CN109445766A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/20Software design
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • G06Q10/103Workflow collaboration or project management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • Strategic Management (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Data Mining & Analysis (AREA)
  • Marketing (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Economics (AREA)
  • Bioethics (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Stored Programmes (AREA)

Abstract

The present invention relates to one kind to be based on event driven file security control strategy flow engine system, is related to field of information security technology.The flow engine system of researching and designing of the present invention can provide various Customization Tools and logic expression way for file security control person, which uses B/S application model, can clearly quickly show design cycle.The file security strategy approval process that design is completed is mapped in database in the form of an xml-file, arbitrarily additions and deletions it can change and look into any examination & approval link, flow engine externally provides the design interface of omnibearing stereo formula, it can support the serial process of file security control strategy, parallel process, distributed process and nested type process, it can be applied in OA system in real time, great convenience is provided for the safety control strategy design of file, and for can timely make modification there are the approval process of security risk and loophole makes up, greatly improve the design efficiency of approval process.

Description

One kind being based on event driven file security control strategy flow engine system
Technical field
The present invention relates to field of information security technology, and in particular to one kind is based on event driven file security control strategy Flow engine system.
Background technique
With information-based, intelligentized rapid development, more and more physical works are changed into quick, convenient electronization Office, not only shortens the working time, also greatly improves work efficiency.In the working environment for being related to sensitive information processing, In the presence of a large amount of review operation demands for being directed to electronic document security management and control, as file it is fixed it is close, encrypt, decrypt, print, send outside, Various examination & approval events, the approval process such as exchange, shared generally involve the leaders of multiple departments.Existing approval system is logical It is often solidificated in OA system, approval process is because program can not be changed arbitrarily, and when approval process occurs, there are loophole or needs When making change to approval process, often because examination & approval control lacks flexibility and can not be adjusted in time, easily lead to electricity The generation of the security incidents such as secret leaking, the unauthorized access of subdocument.
Summary of the invention
(1) technical problems to be solved
The technical problem to be solved by the present invention is how to design a kind of file security control strategy flow engine system, solve Certainly in the working environment for being related to sensitive information processing, when former approval process there are loophole or needs to change approval process When, the problem of can not modifying in time.
(2) technical solution
In order to solve the above-mentioned technical problems, the present invention provides one kind to be based on event driven file security control strategy stream Journey automotive engine system, comprising: flow engine modeling tool, workflow engine, flow engine application environment and process analysis monitor work Tool;
Wherein, the flow engine modeling tool is for adopting graphically to model;The workflow engine is used Process is realized according to the model of modeled completion, is finally completed whole flow process, and control whole flow process, Manage the intermediate data of circulation process;The flow engine application environment with external environment for interacting;The process point Monitoring tools are analysed to be used for the simulation test of process, discovery process there are the problem of and record.
Preferably, the flow engine application environment is specifically used for calling external module or external tool.
Preferably, the workflow engine is specifically used for fixed by designing workflows metadata schema progress workflow engine Justice, the flow definition for generating different modeling tools is loaded into the running environment of other working flow products, described Workflow metadata model includes two kinds of elements, the first element is step, for stating which step work at present is in, often All comprising movement, processing people in a step;Second of element is movement, and for stating which movement current procedures have, triggering should Which step is workflow can jump to after movement;
Preferably, the workflow engine be specifically used for using XML language in workflow metadata model step and Movement is described, wherein describing have which movement in the step using Actions node;It is retouched using Assignment node State the processing people in the step;Which step is jumped to after indicating trigger action using transition node, uses meta Node indicates that current action supports other extension demands.
Preferably, the workflow engine also passes through API to four kinds of interfaces of outside offer: first interface is as flow definition Input and output;Second interface is as the interactive interface between workflow clients;Third interface provides management and backstage is supervised Visual function;4th interface is used to carry out data interaction with backstage memory module.
Preferably, the automotive engine system is designed using service-oriented SOA architectural framework.
Preferably, institute's automotive engine system is designed using B/S mode.
(3) beneficial effect
The flow engine system of researching and designing of the present invention can provide various customization works for file security control person Tool and logic expression way, the flow engine use B/S application model, can clearly quickly show design cycle. The file security strategy approval process that design is completed is mapped in database in the form of an xml-file, arbitrarily additions and deletions can be changed and is looked into Any examination & approval link, flow engine externally provide the design interface of omnibearing stereo formula, can support file security control strategy Serial process, parallel process, distributed process and nested type process, can be applied in OA system in real time, be file Safety control strategy design provides great convenience, and repairs for can timely make there are the approval process of security risk Change and made up with loophole, greatly improves the design efficiency of approval process.
Detailed description of the invention
Fig. 1 is the functional block diagram for the flow engine that the present invention designs;
Fig. 2 is step and action relationships figure in workflow engine definition of the invention;
Fig. 3 is step designing legend in workflow engine in the present invention;
Fig. 4 is movements design legend in workflow engine in the present invention;
Fig. 5 is interface diagram provided by workflow engine in the present invention;
Fig. 6 is the application environment schematic diagram of flow engine of the invention.
Specific embodiment
To keep the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to of the invention Specific embodiment is described in further detail.
One kind provided by the invention includes four portions based on event driven file security control strategy flow engine system Point: flow engine modeling tool, workflow engine, flow engine application environment and process analysis monitoring tools.Flow engine General frame is as shown in Figure 1:
Wherein, the flow engine modeling tool is for adopting graphically to model, it can be readily appreciated that structure is clear It is clear, facilitate developer to control entire frame;The workflow engine be used for according to the model of modeled completion to process into Row is realized, is finally completed whole flow process, it is the core of flow engine system, is controlled whole flow process, and management flows through The intermediate data of journey;The flow engine system application environment for interaction with external environment, such as call external module or External tool;The process analysis monitoring tools are used for the simulation test of process, discovery process there are the problem of and record.
Work stream data processing is that main infrastructure service, in the entire system, workflow are provided by workflow platform Processing is most important function embodiment, the flow instance for being abstracted and defining including patterned operation flow, automate Parsing and propulsion, task management, business handling process monitoring etc..Working flow software has enough flexibilities, meets branch, follows The various circulation requirements such as ring, rollback, and flexible flow custom, management and monitoring capacity.Simultaneously be also equipped with fast custom and Allocative abilities are able to carry out flexible configuration, to meet the short requirement of project implementation period.In addition to this, it can also properly settle The Research on Interactive Problem of on-line approval class business, by workflow management services, user, which can easily realize, automates business procedure Processing.
It describes in detail below to the realization of workflow engine module.
It is bridge between design environment and running environment, the stream for generating different modeling tools that workflow engine, which defines, Cheng Dingyi can be loaded into the running environment of other working flow products.In order to provide an access and description workflow defining Universal method, need to introduce workflow metadata model herein.Workflow metadata model mainly includes following two element, The first element is step, is in which step for stating work at present, includes movement, processing people in each step;The Two kinds of elements are movements, and for stating which movement current procedures have, which step is workflow can jump to after triggering the movement. Step and the relationship of movement are as shown in Figure 2:
Since XML language has stronger scalability and descriptive, the work in the flow engine system of design of the invention Stream definition is described step and movement using XML language, the design of step in upper figure using XML language can be described as Shown in Fig. 3:
Wherein Actions node describes have which movement in the step, such as " submits countersign " and acts;Assignment section Processing people in point description the step, such as " wf_actor:Caller " this processing people.The design of movement uses XML language It can be described as shown in Figure 4:
Transition node jumps to " checkDraft " step after indicating trigger action, and meta node indicates the movement Support other extension demands.
Workflow engine is mainly responsible for the direct interaction of connection foreground the visual design tool and backstage storage, to entire work Make stream and carries out management and running.It is the main component for driving process flowing, takes charge of the explanation work process flow definition, create and initialize Flow instance, the path of control flow flowing, records process motion state, hangs up or wakes up process, terminate the process in operation, Communication etc. between other engines.It is specific as shown in Figure 5:
Workflow engine provides following four interface to outside by API:
Interface 1: the input and output of flow definition;
Interface 2: the interaction between workflow clients;
Interface 3: management and background monitoring function;
Interface 4: the data interaction with backstage memory module.
Interface 2 mainly provides the interaction channel between workflow engine and user, can be more convenient user in this way and participate in In the design and operation of system.Interactive interface between workflow engine and user mainly includes the function of five aspects: work The foundation and revocation of stream, obtain the definition and state of work process flow, and operation, hang-up and the termination of working example change work The operation of flow step and state, acquisition and setting procedure attribute, the operation of Work List and work item.
Interface 3 is mainly supplied to the operating status of user management and monitoring system, checks the function of system history run record Can, user can obtain all data of workflow engine with real time inspection audit information.Audit information includes the following contents:
Flow instance audit information, including creation, Booting sequence example, flow instance state change, flow instance attribute Variation;
Work flow step audit information: the Audit data including step state change, the Audit data of attribute change;
Workflow operations audit information: the audit information including flow operations triggering;
Flow definition audit information.
E) interface 4 mainly carries out storage to all data during work flow operation
Workflow instance analysis is carried out below.
Workflow instance is the object that workflow engine automatically creates out, for recording after Business Entity is created that The essential information of workflow, specific as shown in table 1:
1 workflow instance tables of data of table
Work flow step is the object that workflow engine automatically creates out after each trigger action of workflow (action), It is specific as shown in table 2 for recording the information of each step (step) of workflow:
2 workflow instance step of table
Precedence relationship between workflow instance step relationship essential record work flow step, specific as shown in table 3:
3 workflow instance step relationship of table
Title Explanation
SID SID
Process step ID External key, related job flow step, refers to current procedures
Previous process step ID External key, related job flow step refer to the previous step of current procedures
Workflow instance ID External key, related job stream example
Workflow instance acts the relevant information of each trigger action of essential record workflow, specific as shown in table 4:
The movement of 4 workflow instance of table
The flow engine system that the present invention designs has used service-oriented (SOA) architectural framework, and function is packaged by SOA completely Publication, service interface and function realization are independent from each other, and this mode is for developer, it is not necessary to understand system function The Lower level logical being able to achieve, user only need to complete a business operation or realization one by customizing one or a set of function Item business function.SOA is recorded and is retouched to the standard language that Web service uses using a set of XML document independently of platform It states, when application system calls relevant interface, SOA carries out the parsing of information according to the document.
In SOA framework, all applications can be connected by standardized service interface, exchange data, without Consider that application is to be developed with what programming language or run under what operating system.In such a mode, all systems Functional module is a kind of service, can be shared and be reused by arbitrary system.
The flow engine system that the present invention designs uses B/S mode, and flow engine systematic difference environment is as shown in Figure 6.
Flow engine is embedded into the office platform in client rs PC, can be made in any hardware platform by browser With, J2EE technology of the flow engine system based on Java language, by service-oriented architectural framework foreground design interface and Back-end data links together, so that flow engine system can be all applied on office platform immediately after having designed any example.
The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, several improvement and deformations can also be made, these improvement and deformations Also it should be regarded as protection scope of the present invention.

Claims (7)

1. one kind is based on event driven file security control strategy flow engine system characterized by comprising flow engine Modeling tool, workflow engine, flow engine application environment and process analysis monitoring tools;
Wherein, the flow engine modeling tool is for adopting graphically to model;The workflow engine is used for root Process is realized according to the model of modeled completion, is finally completed whole flow process, and control whole flow process, is managed The intermediate data of circulation process;The flow engine application environment with external environment for interacting;The process analysis prison Control tool is used for the simulation test of process, discovery process there are the problem of and record.
2. automotive engine system as described in claim 1, which is characterized in that the flow engine application environment is specifically used for calling outer Parts or external tool.
3. automotive engine system as described in claim 1, which is characterized in that the workflow engine is specifically used for passing through design work It flows metadata schema and carries out workflow engine definition, the flow definition for generating different modeling tools is loaded into others In the running environment of working flow products, the workflow metadata model includes two kinds of elements, the first element is step, is used for Which step statement work at present is in, and includes movement, processing people in each step;Second of element is movement, is used for table State which movement current procedures have, which step is workflow can jump to after triggering the movement.
4. automotive engine system as claimed in claim 3, which is characterized in that the workflow engine is specifically used for using XML language To in workflow metadata model step and movement be described, wherein describing to have in the step using Actions node Which movement;Processing people in the step is described using Assignment node;It indicates to trigger using transition node Which step is jumped to after movement, indicates that current action supports other extension demands using meta node.
5. automotive engine system as described in claim 1, which is characterized in that the workflow engine also passes through API and provides to outside Four kinds of interfaces: input and output of the first interface as flow definition;Second interface is as the interaction between workflow clients Interface;Third interface provides management and background monitoring function;4th interface is used to carry out data interaction with backstage memory module.
6. automotive engine system as described in claim 1, which is characterized in that the automotive engine system uses service-oriented SOA system frame Structure design.
7. automotive engine system as described in claim 1, which is characterized in that institute's automotive engine system is designed using B/S mode.
CN201811318583.7A 2018-11-07 2018-11-07 One kind being based on event driven file security control strategy flow engine system Pending CN109445766A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811318583.7A CN109445766A (en) 2018-11-07 2018-11-07 One kind being based on event driven file security control strategy flow engine system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811318583.7A CN109445766A (en) 2018-11-07 2018-11-07 One kind being based on event driven file security control strategy flow engine system

Publications (1)

Publication Number Publication Date
CN109445766A true CN109445766A (en) 2019-03-08

Family

ID=65550653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811318583.7A Pending CN109445766A (en) 2018-11-07 2018-11-07 One kind being based on event driven file security control strategy flow engine system

Country Status (1)

Country Link
CN (1) CN109445766A (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1766835A (en) * 2004-10-01 2006-05-03 微软公司 A framework for seamlessly authoring and editing workflows at design and runtime
CN101160563A (en) * 2005-04-18 2008-04-09 捷讯研究有限公司 Method and system for hosting and executing a component application
CN102609271A (en) * 2012-02-20 2012-07-25 山东大学 Metadata-driven visual SaaS (Software as a Service) application customizing method and metadata-driven visual SaaS application customizing system
US20120254291A1 (en) * 2011-03-31 2012-10-04 Nash Controlware, Inc. Workflow management in distributed systems
CN103279840A (en) * 2013-06-08 2013-09-04 北京首钢自动化信息技术有限公司 Workflow engine implement method based on dynamic language and event processing mechanism
CN103605705A (en) * 2013-11-11 2014-02-26 国家电网公司 SCD (substation configuration description) file management system
CN108596573A (en) * 2018-05-25 2018-09-28 青岛国际机场集团有限公司 A kind of SMS safety management systems based on workflow engine

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1766835A (en) * 2004-10-01 2006-05-03 微软公司 A framework for seamlessly authoring and editing workflows at design and runtime
CN101160563A (en) * 2005-04-18 2008-04-09 捷讯研究有限公司 Method and system for hosting and executing a component application
US20120254291A1 (en) * 2011-03-31 2012-10-04 Nash Controlware, Inc. Workflow management in distributed systems
CN102609271A (en) * 2012-02-20 2012-07-25 山东大学 Metadata-driven visual SaaS (Software as a Service) application customizing method and metadata-driven visual SaaS application customizing system
CN103279840A (en) * 2013-06-08 2013-09-04 北京首钢自动化信息技术有限公司 Workflow engine implement method based on dynamic language and event processing mechanism
CN103605705A (en) * 2013-11-11 2014-02-26 国家电网公司 SCD (substation configuration description) file management system
CN108596573A (en) * 2018-05-25 2018-09-28 青岛国际机场集团有限公司 A kind of SMS safety management systems based on workflow engine

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
黄琪等: "支撑国网业务系统的企业级业务流程管理平台研究与应用", 《大众用电》 *

Similar Documents

Publication Publication Date Title
CN103441900B (en) Centralized cross-platform automatization test system and control method thereof
US8832662B2 (en) Rules engine for architectural governance
CN103336705B (en) Automatic transcoding between script process and Workflow system and semantic self adaptation
US20150142949A1 (en) System and method for collaborative designing, development, deployment, execution, monitoring and maintenance of enterprise applications
US20100064275A1 (en) Extracting platform independent models from composite applications
US8904357B2 (en) Dashboard for architectural governance
CN102375731A (en) Coding-free integrated application platform system
CN104615617A (en) Dispatch monitoring information processing system for substation equipment
CN103412745B (en) A kind of exploitation and application platform
Scacchi Experience with software process simulation and modeling
WO2012062385A1 (en) A method and a system for service lifecycle management in networked environments
CN103049264A (en) Method for controlling business system by dynamic modeling of state machine
US20110264592A1 (en) Template-based technique for making a best practices framework actionable
US7295957B2 (en) Dynamic process management for the recording, modeling, documentation and validation of complex processes and systems
Graupner et al. Making processes from best practice frameworks actionable
Vidoni et al. Towards a Reference Architecture for Advanced Planning Systems.
Cheong et al. Frame-based method for customizing generic software architectures
CN109445766A (en) One kind being based on event driven file security control strategy flow engine system
Man Woo et al. Modeling of a quality control information system for small‐to medium‐sized enterprises
KR101194379B1 (en) Method and System for supporting execution of collaborative process among enterprises
KR102355791B1 (en) Tools to define requirements specification for the screen developing a software, web based service and mobile platform service
Gaulke et al. Rule-enhanced task models for increased expressiveness and compactness
Sandberg et al. Decelerated IT innovation: Negotiating global IT innovation initiatives in local settings
Nordstrom et al. Model integrated computing-based software design and evolution
Dang et al. Human workflows via document-driven process choreography

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20190308

RJ01 Rejection of invention patent application after publication