CN110083338A - Service system based on intelligent gateway - Google Patents
Service system based on intelligent gateway Download PDFInfo
- Publication number
- CN110083338A CN110083338A CN201910448211.4A CN201910448211A CN110083338A CN 110083338 A CN110083338 A CN 110083338A CN 201910448211 A CN201910448211 A CN 201910448211A CN 110083338 A CN110083338 A CN 110083338A
- Authority
- CN
- China
- Prior art keywords
- service
- access
- intelligent gateway
- gov network
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004891 communication Methods 0.000 claims description 74
- 238000007726 management method Methods 0.000 claims description 42
- 238000012550 audit Methods 0.000 claims description 23
- 230000005540 biological transmission Effects 0.000 claims description 15
- 238000000034 method Methods 0.000 claims description 15
- 238000012795 verification Methods 0.000 claims description 8
- 241000700189 Hystrix <Rodentia> Species 0.000 claims description 7
- 230000037361 pathway Effects 0.000 claims description 5
- 238000012552 review Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 abstract description 9
- 238000011161 development Methods 0.000 description 13
- 230000006870 function Effects 0.000 description 7
- 238000003032 molecular docking Methods 0.000 description 7
- 230000004044 response Effects 0.000 description 5
- 238000013475 authorization Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 239000000470 constituent Substances 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000010030 laminating Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 1
- 230000006641 stabilisation Effects 0.000 description 1
- 238000011105 stabilization Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/20—Software design
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a kind of service systems based on intelligent gateway, which is characterized in that including intelligent gateway, frame API, file repository, database, management services module;Intelligent gateway is bi-directionally connected with frame API;Intelligent gateway is bi-directionally connected with management services module;Frame API is bi-directionally connected with file repository;File repository is bi-directionally connected with database;Database is bi-directionally connected with management services module;Intelligent gateway, for carrying out control operation to the service of access;Frame API, for providing api interface;File repository, the file that the service for storing access generates;Database, the data that the service for storing access generates;Management services module is operated by the control of intelligent gateway for managing database and management intelligent gateway, has unified the entrance and interface standard of service system, ensure that the service safe of service system and convenient for monitoring.
Description
Technical field
The present invention relates to Computer Service technical field more particularly to a kind of service systems based on intelligent gateway.
Background technique
With more and more closer with docking for different product, the service for needing to access is more and more, the problem of bringing therewith
Also more and more:
1, interface specification disunity problem.Specification includes communication protocol, interface specification, interface version etc., and these problems are led
It causes constituent parts or system takes considerable time in communication and energy, and be long-term;
2, network security problem.If it is more and more to be exposed to the service that external client uses, attacked by network
The point hit is also more, increases Network Security Vulnerabilities;
3, authorization check problem.One service can be used to what is provided to another service, be able to use another service
What function, these require each system and respectively realize at present, and the development teams of each service is needed to be linked up, this nothing
Increase development cost in shape.
4, ununified common component library.The technology that current each system has independent component, but uses is unified not to the utmost, and
And data are more dispersed, by taking system of real name as an example, the real name component that each system uses is not quite similar, and real name data are not shared,
It may need to re-start real name when accessing another service, bad experience is brought to user;
5, service monitoring is difficult.If administrator needs to know whether each service is normal, then administrator needs to open each
The log system of service is checked.
6, code security problem.If you need to the exploitation standard of unified projects, then need to provide oneself code to third party,
This safety problem that code may be caused to supervise.
Summary of the invention
(1) technical problems to be solved
For uniform service system standard, the present invention provides a kind of service system based on intelligent gateway.
(2) technical solution
In order to achieve the above object, the main technical schemes that the present invention uses include:
A kind of service system based on intelligent gateway, including intelligent gateway, framework application programming interface API, file
Repository, first database, management services module;
The intelligent gateway and the frame API two-way communication link;The intelligent gateway and the management services module
Two-way communication link;
The frame API and the file repository two-way communication link;
The file repository and the first database two-way communication link;
The first database and the management services module two-way communication link;
The intelligent gateway, for carrying out control operation to the service of access, the control operation includes following one kind
It is or a variety of: access mandate, interface convergence, safety assurance, flow control, the registration and discovery of the service of access, the service of access
Calling and load, route, fusing, front-end specifications audit, rear end specification audit, safety standard audit;
The frame API, for providing api interface for the service of the access by the intelligent gateway control;
The file repository passes through what the service that the api interface that the frame API is provided is accessed generated for storing
File;
The first database passes through what the service that the api interface that the frame API is provided is accessed generated for storing
Data;
The management services module, for managing the first database and managing the intelligent gateway.
Optionally, the registration for the service that intelligent gateway accesses the service of access is operated with discovery
Intelligent gateway constructs a registration center, obtains the information on services that the service of access is registered to the registration center,
Pass through the registration and discovery operation of the service that the information on services calls Eureka to access the service of access;
The information on services includes following one or more: the host of the service of access, port numbers, service release number,
Communications protocol.
Optionally, the calling and load operation for the service that intelligent gateway accesses the service of access include:
Intelligent gateway creation interface simultaneously annotates, and the interface and annotation is based on, by Feign and Ribbon to the clothes of access
The calling and load operation for the service that business is accessed.
Optionally, intelligent gateway includes: to the service progress routing operations of access
Intelligent gateway carries out routing operations by service of the Zuul to access.
Optionally, intelligent gateway includes: to the service progress fusing operation of access
Intelligent gateway carries out fusing operation by service of the hystrix to access.
Optionally, front-end specifications include:
The service of access uses the standard control in user interface UI specification library;
The service of access requests basic widget library data by sdk.request;
The service of access requests basic control combination pattern data by sdk.request;
The service of access requests representative page data by sdk.request;
Standard control in UI specification library includes: drawing board ARTboard, button, chart format ICON, list.
Optionally, rear end specification includes:
The service of access is forbidden in required parameter being the privacy information for carrying plaintext;
The interface of the service of access uses as follows one or more: Https agreement, Json data format, UTF8 coding;
The error code that the service of access returns is 5, or, 0;
When error code is 0, correct return is identified.
Optionally, intelligent gateway includes: to the service progress safety standard review operations of access
Intelligent gateway verifies user's input of the service of access, if verification is illegal, it is illegal simultaneously to alert input
And suggest correcting input;
Intelligent gateway to the service of access can not letter data carry out escape after export;
Intelligent gateway is uploaded according to service of the pre-set file extension white list to access or the files classes of downloading
Type, size are audited;
Intelligent gateway in the annotation information of the service of access whether comprising physical pathway information, database linkage information,
SQL statement information is audited;
Whether intelligent gateway calls sensitive kinds interface to audit the service of access;
Intelligent gateway is examined according to URL page jump request of the pre-set domain name white list to the service of access
Core, the request of URL page jump are jumped after the approval;
Wherein, the text that intelligent gateway is uploaded or downloaded according to service of the pre-set file extension white list to access
The method that part type, size are audited are as follows:
If the service of access uploads or the extension name of the file type of downloading is located in white list, it is determined that the service of access
Normal size corresponding to the extension name for the file type for uploading or downloading, if the service of access uploads or the file size of downloading
It then audits greater than the first value and does not pass through, audit and pass through if being less than or equal to the first value, first value is normal size * (1-
The transmission coefficient of api interface corresponding to service with access), the transmission with api interface corresponding to the service accessed
The default of api interface corresponding to the service of currently processed amount/access of api interface corresponding to coefficient=access service gulps down
The amount of spitting;
If the service of access uploads or the extension name of the file type of downloading is not located in white list, if second value is greater than
The transmission coefficient of api interface corresponding to service with access, which is then audited, not to be passed through, if second value is less than or equal to service, institute is right
The transmission coefficient for the api interface answered, which is then audited, to be passed through, the second value be access service upload or downloading file size/connect
The preset throughputs of api interface corresponding to the service entered.
It optionally, further include the first access service;
First access service and the intelligent gateway two-way communication link;
First access service is generated by the first application;
First application is located at non-E-gov Network;
First application is following one or more: positioned at the application program of non-E-gov Network, positioned at the net of non-E-gov Network
Network web application, positioned at the public platform of non-E-gov Network;
First access service is as follows one or more: positioned at the infrastructure service of non-E-gov Network, being located at non-government affairs
The public service of net, positioned at the Subsystem Service of non-E-gov Network, the service positioned at non-E-gov Network of third party's exploitation;
The intelligent gateway is located at E-gov Network;
The intelligent gateway passes sequentially through the E-gov Network, E-gov Network internet firewall, and internet connects with described first
Enter to service two-way communication link;
The service system further includes the second access service;
Second access service and the intelligent gateway two-way communication link;
Second access service is generated by the second application;
Second application is located at E-gov Network;
Second application is following one or more: positioned at the application program of E-gov Network, the web positioned at E-gov Network is answered
With positioned at the public platform of E-gov Network;
Second access service is as follows one or more: positioned at the infrastructure service of E-gov Network, positioned at E-gov Network
Public service, positioned at the Subsystem Service of E-gov Network, the service positioned at E-gov Network of third party's exploitation;
The intelligent gateway is located at E-gov Network;
Second application includes first database server and the first application service cluster;
Second application generates the second access service by the first database server and the first application service cluster;
The intelligent gateway passes through the E-gov Network and first database server and the first application service cluster two-way
Letter connection.
It optionally, further include real-name authentication service;
The real-name authentication service is located at non-E-gov Network;
The intelligent gateway passes sequentially through the E-gov Network, E-gov Network internet firewall, and internet is recognized with the real name
Card service two-way communication link;
The service system further includes common component service;
The common component service is located at E-gov Network;
The intelligent gateway services two-way communication link by the E-gov Network and the common component;
The service system further includes management service;
The management service is located at E-gov Network;
The management service is generated by the second database server and the second application service cluster;
The intelligent gateway passes through the E-gov Network and the second database server and the second application service cluster two-way
Letter connection;
The service system further includes third party's service;
The third party's service is located at E-gov Network;
The third party's service is generated by the second database and third application;
The intelligent gateway passes through the E-gov Network and the second database and third application two-way communication link;
The service system further includes city's line business system, regional line business system;
City's line business system and the intelligent gateway two-way communication link;
The area line business system and the intelligent gateway two-way communication link.
(3) beneficial effect
The present invention provides a kind of service system based on intelligent gateway, including intelligent gateway, frame API, file repository,
Database, management services module;Intelligent gateway and frame API two-way communication link;Intelligent gateway is two-way with management services module
Communication connection;Frame API and file repository two-way communication link;File repository and database two-way communication link;Data
Library and management services module two-way communication link;Intelligent gateway, for carrying out control operation to the service of access;Frame API is used
Api interface is provided in the service for the access by intelligent gateway control;File repository is mentioned for storing by frame API
The file that the service that the api interface of confession is accessed generates;Database is connect for storing by the api interface that frame API is provided
The data that the service entered generates;Management services module passes through the control of intelligent gateway for managing database and management intelligent gateway
System operation, has unified the entrance and interface standard of service system, ensure that the service safe of service system and convenient for monitoring.
Detailed description of the invention
Fig. 1 is a kind of structural schematic diagram of the service system based on intelligent gateway provided by one embodiment of the present invention;
Fig. 2 is the structural schematic diagram of another service system based on intelligent gateway provided by one embodiment of the present invention;
Fig. 3 is that a kind of network topology structure of the service system based on intelligent gateway provided by one embodiment of the present invention is shown
It is intended to;
Fig. 4 is a kind of Technical Architecture structural schematic diagram of service system provided by one embodiment of the present invention;
Fig. 5 is a kind of development mode signal of third party's service access service system provided by one embodiment of the present invention
Figure;
Fig. 6 is a kind of process signal of third party's service exploitation docking service system provided by one embodiment of the present invention
Figure.
Specific embodiment
With more and more closer with docking for different product, the service for needing to access is more and more, the problem of bringing therewith
Also more and more:
1, interface specification disunity problem.Specification includes communication protocol, interface specification, interface version etc., and these problems are led
It causes constituent parts or system takes considerable time in communication and energy, and be long-term;
2, network security problem.If it is more and more to be exposed to the service that external client uses, attacked by network
The point hit is also more, increases Network Security Vulnerabilities;
3, authorization check problem.One service can be used to what is provided to another service, be able to use another service
What function, these require each system and respectively realize at present, and the development teams of each service is needed to be linked up, this nothing
Increase development cost in shape.
4, ununified common component library.The technology that current each system has independent component, but uses is unified not to the utmost, and
And data are more dispersed, by taking system of real name as an example, the real name component that each system uses is not quite similar, and real name data are not shared,
It may need to re-start real name when accessing another service, bad experience is brought to user;
5, service monitoring is difficult.If administrator needs to know whether each service is normal, then administrator needs to open each
The log system of service is checked.
6, code security problem.If you need to the exploitation standard of unified projects, then need to provide oneself code to third party,
This safety problem that code may be caused to supervise.
Service system provided by the invention based on intelligent gateway, including intelligent gateway, frame API, file repository, number
According to library, management services module;Intelligent gateway and frame API two-way communication link;Intelligent gateway and management services module two-way
Letter connection;Frame API and file repository two-way communication link;File repository and database two-way communication link;Database
With management services module two-way communication link;Intelligent gateway, for carrying out control operation to the service of access;Frame API, is used for
Service for the access by intelligent gateway control provides api interface;File repository is provided for storing by frame API
Api interface accessed service generate file;Database is accessed for storing by the api interface that frame API is provided
Service generate data;Management services module passes through the control of intelligent gateway for managing database and management intelligent gateway
Operation, has unified the entrance and interface standard of service system, ensure that the service safe of service system and convenient for monitoring.
Serving system architecture based on intelligent gateway shown in Figure 1, it is provided in this embodiment based on intelligent gateway
Service system includes: intelligent gateway, frame API, file repository, first database, management services module.
1, intelligent gateway
Intelligent gateway and frame API two-way communication link.
Intelligent gateway and management services module two-way communication link.
Intelligent gateway, to form a good ecosphere, is unified for carrying out control operation to the service of access
The entrance and interface standard of service system ensure that the service safe of service system and convenient for monitoring.
Wherein, control operation includes as follows one or more: access mandate, interface convergence, safety assurance, flow control
System, the registration and discovery of the service of access, the calling and load of the service of access route, fusing, front-end specifications audit, rear end
Specification audit, safety standard audit etc..
The implementation of the registration for the service that intelligent gateway accesses the service of access and discovery operation, including but not
It is limited to:
Intelligent gateway constructs a registration center, obtains the information on services that the service of access is registered to registration center, passes through
The registration and discovery operation for the service that information on services calls Eureka to access the service of access;
Information on services includes following one or more: the host of the service of access, port numbers, service release number, communication
Agreement.
The calling for the service that intelligent gateway accesses the service of access and the implementation of load operation, including but not
It is limited to:
Intelligent gateway creation interface simultaneously annotates, and is based on interface and annotation, by Feign and Ribbon to the service of access into
The calling and load operation of the service of row access.
Intelligent gateway carries out the implementation of routing operations to the service of access, including but not limited to:
Intelligent gateway carries out routing operations by service of the Zuul to access.
Intelligent gateway carries out the implementation of fusing operation to the service of access, including but not limited to:
Intelligent gateway carries out fusing operation by service of the hystrix to access.
For example,
1) registration center, the registration and discovery of service, is realized using Eureka.It is administered in frame in service, one can be constructed
A registration center, each service unit register the service oneself provided to registration center, host and port numbers, clothes including service
Some additional informations such as business version number, communications protocol;And the calling between servicing is no longer by specifying specific instance address come real
It is existing, but request call is initiated by Service name and is realized.
2) service call and load, are realized using Feign+Ribbon.Feign is the pseudo- Http client of a statement formula
End, it, which to write Http client, becomes simpler.Use Feign, it is only necessary to create an interface and explain.It has and can insert
The Annotation property pulled out Feign can be used to explain and explain with JAX-RS.Feign supports pluggable encoder and decoder.
3) Intelligent routing is realized using Zuul.Zuul is the core of intelligent gateway.Micro services in the project, they it
Between mutual call be exactly just to be able to achieve by the setting of zuul.
4) fuse is realized using hystrix.It, inevitably can be by when intelligent gateway calls specific business module
To network, the influence of the factors such as search efficiency leads to response timeout, at this time just needs to configure hystrix, in order to avoid thread one
Straight committed memory, leads to problems such as memory overflow, and calling program is made to hang.
In addition, front-end specifications include:
The service of access uses the standard control in UI (User Interface, user interface) specification library;
The service of access requests basic widget library data by sdk.request;
The service of access requests basic control combination pattern data by sdk.request;
The service of access requests representative page data by sdk.request;
Standard control in UI specification library include: ARTboard (drawing board), button, chart format ICON (chart format),
List.
For example, front end carry out using design when, must use UI specification library in standard control, comprising ARTboard,
The contents such as button, ICON, list, such as: basic widget library, basic control combination pattern, representative page, request data must use
sdk.request.Control seek unity of standard to guarantee the consistency of each function bandwagon effect and request method in program in front end.
Rear end standardizes
The service of access is forbidden in required parameter being the privacy information for carrying plaintext;
The interface of the service of access uses as follows one or more: Https agreement, Json data format, UTF8 coding;
The error code that the service of access returns is 5, or, 0;
When error code is 0, correct return is identified.
For example,
1) front end forbids passing user identity card: front end small routine is forbidden carrying privacy information, example on required parameter in plain text
Such as ID card No..
2) response contents specification: all interfaces of open platform need to use Https agreement, Json data format, UTF8 to compile
Code.
3) error code: 0, which indicates correct, returns, and in addition other wrong code lengths are 5.
Intelligent gateway carries out the implementation of safety standard review operations to the service of access, including but not limited to:
Intelligent gateway verifies user's input of the service of access, if verification is illegal, it is illegal to alert input
And it is recommended that correcting input;
Intelligent gateway to the service of access can not letter data carry out escape after export;
Intelligent gateway is uploaded according to service of the pre-set file extension white list to access or the file of downloading
Type, size are audited;
Wherein, the text that intelligent gateway is uploaded or downloaded according to service of the pre-set file extension white list to access
The method that part type, size are audited are as follows:
If the service of access uploads or the extension name of the file type of downloading is located in white list, it is determined that the service of access
Normal size corresponding to the extension name for the file type for uploading or downloading, if the service of access uploads or the file size of downloading
Then audit greater than the first value and do not pass through, audit and pass through if being less than or equal to the first value, the first value for normal size * (1- with connect
The transmission coefficient of api interface corresponding to the service entered), the transmission coefficient of api interface corresponding to the service with access=connect
The preset throughputs of api interface corresponding to the service of currently processed amount/access of api interface corresponding to the service entered;
If the service of access uploads or the extension name of the file type of downloading is not located in white list, if second value is greater than
The transmission coefficient of api interface corresponding to service with access, which is then audited, not to be passed through, if second value is less than or equal to service, institute is right
The transmission coefficient for the api interface answered, which is then audited, to be passed through, and second value is file size/access that the service of access is uploaded or downloaded
The preset throughputs of the corresponding api interface of service.
The method that service provided in this embodiment to access uploads or the file type of downloading, size are audited, is adopted
Stringent limitation is carried out to the file type, the size that upload or download with white list (file extension white list) mode.
But when limiting size, and the extension name and white name for the file type for uploading or downloading according to the service of access
Single relationship, dynamic adjust restrictive condition.
If the service of access uploads or the extension name of the file type of downloading is located in white list, restrictive condition phase
To lower, as long as the service of access uploads or the file size of downloading is not more than the first value.Wherein the first value is and access
Service upload or downloading file type extension name corresponding to normal size, access the default of the API of this document and handle up
, i.e. normal size * (transmission coefficient of the service of 1- and access corresponding to api interface) relevant with currently processed amount is measured, with
The transmission coefficient=the currently processed amount of api interface corresponding to the service of access/of api interface corresponding to the service of access connects
The preset throughputs of api interface corresponding to the service entered, the first value are as api interface corresponding to the service with access is worked as
Preceding treating capacity dynamic change ensure that and carry out the stringent of suitable present case to the file size for uploading or downloading, dynamic has
Effect control.
If the service of access uploads or the extension name of file type of downloading is not located in white list, not cannot on
It passes or downloads, only have higher requirement to restrictive condition, it is necessary to which second value is no more than api interface corresponding to the service with access
Transmission coefficient.Wherein, api interface corresponding to the file size/access service for servicing upload or downloading of access is pre-
If handling capacity.That is, API corresponding to the service of the service upload of access or the file size of downloading relative to access connects
Mouthful preset throughputs for ratio, be less than or the service equal to access corresponding to api interface currently processed amount phase
The ratio of the preset throughputs of api interface corresponding to service for access.I.e. if what the service of access was uploaded or downloaded
The extension name of file type is not located in white list, uploads or what the file of downloading was more currently processed than corresponding api interface goes back
It is small, at this point it is possible to handle.
Above-mentioned audit is the Stringency that ensure that audit, in turn ensures the laminating degree of audit and actual conditions, that is, protects
It has demonstrate,proved service safe and has not lost flexibility, can effectively promote user experience.
Whether intelligent gateway includes physical pathway information, database connection letter in the annotation information of the service of access
Breath, SQL statement information are audited;
Whether intelligent gateway calls sensitive kinds interface to audit the service of access;
Intelligent gateway is examined according to URL page jump request of the pre-set domain name white list to the service of access
Core, the request of URL page jump are jumped after the approval.
For example,
1) input validation: the input that must be generated to all users verifies, once data are illegal, it should and it informs and uses
Family input is illegal and suggests that user corrects input.
2) for incredible data, escape output must first exports coding: be carried out before being output to client.
3) it uploads downloading: white list (file extension white list) mode must be used to upload or downloading in server end
File type, size carry out stringent limitation.
4) code annotation: forbid in annotation information comprising physical pathway, database connection, SQL statement information.
5) interface security: forbidding sensitive kinds interface-client to call directly, and back-end services mode is called in the rear end Ying Caiyong
6) other: URL page jump just can be carried out and jump after needing to judge domain name white list.
2, frame API
Frame API and file repository two-way communication link.
Frame API, for providing api interface for the service of the access by intelligent gateway control.
After the service of access is operated by the access mandate of intelligent gateway, interface convergence, safety assurance, flow control etc.,
It can be docked with frame API, and then access the service system based on intelligent gateway.
3, file repository
File repository and first database two-way communication link.
File repository, for storing the file generated by the service that the api interface that frame API is provided is accessed.Example
Such as, journal file etc..
4, first database
First database and management services module two-way communication link.
First database herein is database, is accessed for storing by the api interface that frame API is provided
Service the data generated.For example, operation data etc..
" first " therein is only mark action, for distinguishing with the database in the service of subsequent third side, not
Substantive meaning.
5, management services module
Management services module and first database two-way communication link.
Management services module and intelligent gateway two-way communication link.
Management services module, for being managed to the data in first database.
Management services module, for being managed to intelligent gateway.
Service system shown in FIG. 1 based on intelligent gateway can be with access service, and then realizes clothes provided in this embodiment
Business system provides support for the service of access, provides corresponding service jointly for user.
The service of access can there are many, including but not limited to: access service, real-name authentication service, common component service,
Management service, third party's service, the related service of city's line business system, the related service of regional line business system.Below
Only by taking the service system based on intelligent gateway after access service shown in Fig. 2 as an example, the service of access is illustrated.
6, access service
Access service and intelligent gateway two-way communication link.
Access service is generated by following one or more applications: application program, web (network) application, public platform.
Access service includes but is not limited to: infrastructure service, public service, Subsystem Service, the service of third party's exploitation.
The application for generating infrastructure service can be located at E-gov Network (for example, Intranet application, only Intranet user can be used),
It may be alternatively located at non-E-gov Network (such as Internet application, any with can be used per family).The access that application positioned at heterogeneous networks generates
It services different from the two-way communication link mode of intelligent gateway.
The network topology structure of service system based on intelligent gateway as shown in Figure 3, separately below to positioned at different nets
The two-way communication link mode of access service and intelligent gateway that the application of network generates is illustrated.
For ease of description, the application for being located at non-E-gov Network is named as the first application by the present embodiment, and the first application is such as
Under it is one or more: positioned at the application program of non-E-gov Network, the web positioned at non-E-gov Network is applied, positioned at the public of non-E-gov Network
Number.
The access service that first application generates is named as the first access service.
First access service is as follows one or more: positioned at the infrastructure service of non-E-gov Network, positioned at non-E-gov Network
Public service, positioned at the Subsystem Service of non-E-gov Network, the service positioned at non-E-gov Network of third party's exploitation.
The application for being located at E-gov Network is named as the second application, the second application is following one or more: being located at E-gov Network
Application program, positioned at E-gov Network web apply, positioned at the public platform of E-gov Network.
The access service that second application generates is named as the second access service.
Second access service is as follows one or more: positioned at the infrastructure service of E-gov Network, positioned at the public of E-gov Network
Service, positioned at the Subsystem Service of E-gov Network, the service positioned at E-gov Network of third party's exploitation.
" first " herein, " second " are only to identify, in order to distinguish the access clothes of the application and the generation that are located at heterogeneous networks
Business, has no physical meaning.And first has no direct relation using specific form using specific form and second, it can be identical
It can also be different, the first access service content and the second access service content can be the same or different also without direct relation,
The present embodiment is not to the relationship between the first access service and the second access service, and first using the relationship between the second application
It is defined.
For the first access service, with intelligent gateway two-way communication link.Since intelligent gateway is located in E-gov Network, and
First access service is located at non-E-gov Network, therefore, type of attachment are as follows: intelligent gateway passes sequentially through E-gov Network, E-gov Network interconnection
Net firewall, internet and the first access service two-way communication link.I.e. intelligent gateway is connected into E-gov Network interconnection by E-gov Network
Net firewall, then internet is connected by E-gov Network internet firewall, and then two-way by internet and the first access service
Communication connection.
For the second access service, with intelligent gateway two-way communication link.Since intelligent gateway is located in E-gov Network, and
Second access service also is located in E-gov Network, therefore, type of attachment are as follows: intelligent gateway passes through E-gov Network and the second access service
Two-way communication link.
In specific application, it includes first database server and the first application service collection that the second application, which includes the second application,
Group.I.e. second application generates the second access service by first database server and the first application service cluster.Therefore, intelligence
Gateway passes through the specific connection type of E-gov Network and the second access service two-way communication link are as follows: intelligent gateway by E-gov Network and
First database server and the first application service cluster two-way communication link.
7, real-name authentication service
The network topology structure of service system based on intelligent gateway as shown in Figure 3, real-name authentication service are located at non-political affairs
Business net.
Intelligent gateway passes sequentially through E-gov Network, E-gov Network internet firewall, and internet and real-name authentication service two-way
Letter connection.
Real-name authentication service is one kind of third party's service, is located in non-E-gov Network in addition to this it is possible to access other
Third party's service, the present embodiment is without enumerating.Other are located at the access way of the third party's service in non-E-gov Network
Referring to the access way of real-name authentication service, this embodiment is not repeated.
8, common component service
The network topology structure of service system based on intelligent gateway as shown in Figure 3, common component service are located at government affairs
Net.Intelligent gateway services two-way communication link by E-gov Network and common component.
9, management service
The network topology structure of service system based on intelligent gateway as shown in Figure 3, management service are located at E-gov Network.Pipe
Reason service is generated by the second database server and the second application service cluster.Intelligent gateway passes through E-gov Network and the second database
Server and the second application service cluster two-way communication link.
" second " herein is mark, and no physical meaning only for the database server for including with the second application and is answered
It is distinguished with service cluster, i.e., the second application includes that database server and application service cluster are named as first database server
With the first application service cluster, the database server and application service cluster for generating management service are named as the second database clothes
Business device and the second application service cluster.
10, third party's service
The network topology structure of service system based on intelligent gateway as shown in Figure 3, third party's service are located at E-gov Network.
Third party's service is generated by the second database and third application.Intelligent gateway passes through E-gov Network and the second database and third application
Two-way communication link.
" second " herein is mark, no physical meaning, only for including with the serving system architecture based on intelligent gateway
Database distinguish, i.e., the database that the serving system architecture based on intelligent gateway includes is named as first database, generates the
The database of tripartite's service is the second database.
" third " herein be mark, no physical meaning, only for first application and the second application division, i.e., generation connect
The application for entering service is named as the first application or the second application, and the application for generating third party's service is named as third application.
11, line business system
City's line business system and intelligent gateway two-way communication link.
12, regional line business system
Regional line business system and intelligent gateway two-way communication link.
In specific implementation, the service of access can be according to specification to service thing for the above-mentioned service system based on intelligent gateway
Item or sub- grade service development obtain related public service (such as real name authentication information) by intelligent gateway, and finally access is based on
The service system of intelligent gateway, and intelligent gateway accesses authorization, interface convergence, safety assurance, flow to the service of access
The operation such as control, to form a good ecosphere.
Intelligent gateway in service system provided in this embodiment is the sole inlet of service system, it is encapsulated in system
Portion's framework uniformly provides service for client, while also providing some public services unrelated with business, such as flow control, prison
Control, caching etc..It can be exposed to external client 1) to prevent inside from paying close attention to by intelligent gateway, 2) it is that each service is added additionally
Safe floor, 3) Unified Communication agreement, outside intelligent gateway can provide on these different agreements, it is unified based on
The API of REST, 4) reduction micro services complexity etc., 5) unification record operation log.
The intelligent gateway can carry out 1) authenticating when the service of access accesses, such as permission authentication, 2) and caching, in full
According to caching, 3) current limliting, it such as realizes the service access flow rate calculation of access, current limliting is carried out based on flow rate calculation analysis, can be defined
A variety of current limliting rules, 4) log recording, 5) monitoring, record request response data, API time consuming analysis, performance monitoring etc., 6) road
By routing is core function, is realized according to request, and request is simultaneously forwarded, 7 by the service of lock onto target access) gray scale on line
Deployment, can reduce risk.
Wherein, gray scale is disposed and is referred between black and white, a kind of published method that can be seamlessly transitted.It on it can be into
Row A/B testing allows a part of user to continue to use product characteristic A, a part of user starts to use product characteristic B, if with
Family is to what no opposing views of B, then gradually expanded scope, all moves to all users to come above B.Gray scale publication can be with
The stabilization for guaranteeing total system, can find, adjustment problem when initial gray, to guarantee its disturbance degree.
1) service system provided in this embodiment can be to use Eureka to realize registration and the discovery feature of service.For example,
It is administered in frame in service, constructs a registration center, each service unit registers the service oneself provided, packet to registration center
Include some additional informations such as host and port numbers, service release number, the communications protocol of service.2) it is realized using Feign+Ribbon
Service call and loading functional, wherein Feign is the pseudo- Http client of a statement formula, it to write the change of Http client
It obtains simpler.Use Feign, it is only necessary to create an interface and explain.There is pluggable Annotation property Feign can be used for it
It explains and JAX-RS is explained.Feign supports pluggable encoder and decoder.3) intelligent routing function is realized using Zuul,
Wherein, Zuul is the core of intelligent network.Mutual call between the service of access is exactly just to be able to achieve by the setting of zuul
's.The core of pass.Micro services in the project, mutual call between them is exactly just to be able to achieve by the setting of zuul.
4) fuse function is realized using hystrix, when intelligent gateway calls specific business module, inevitably will receive net
Network, the influence of the factors such as search efficiency, leads to response timeout, at this time just needs to configure hystrix.
In specific implementation, the Technical Architecture of service system provided in this embodiment can be as shown in Figure 4.Based on Fig. 4 institute
The Technical Architecture shown third party's service access when, the service of the access do not need carry out front end frame exploitation, intelligent gateway, after
Hold the exploitation of operation management and partial service functional development, it is only necessary to according to specification to service item or sub- grade service development, lead to
It crosses intelligent gateway and obtains related public service (such as real name authentication information), finally access service system provided in this embodiment i.e.
Can, and intelligent gateway to the service of access access authorization, interface convergence, safety assurance, flow control etc. operation, thus shape
At a good ecosphere.
For example, third party's service accesses service system provided in this embodiment by development mode shown in fig. 5.Access clothes
The developer of business is based on git and carries out collaborative development, unified after the completion of exploitation to carry out code by service system provided in this embodiment
Merging treatment, and carry out a series of tests.Its process for developing docking service system is as shown in Figure 6.
In docking, service system provided in this embodiment can carry out safety standard audit by intelligent gateway, such as right
Standard control, representative page, unified request method, standard pattern, uniform protocol, ciphertext request, data format, error code etc. into
Row audit.In order to which by audit, front end must use the standard control in UI specification library, include when carrying out using design
The contents such as ARTboard, button, ICON, list, such as: basic widget library, basic control combination pattern, representative page, number of request
According to sdk.request must be used.Control seek unity of standard to guarantee each function bandwagon effect and request method in program in front end
Consistency.
Rear end specification based on intelligent gateway is as follows: 1) front end forbids passing user identity card: front end small routine is forbidden in plain text
Privacy information, such as ID card No. are carried on required parameter.2) response contents specification: all interfaces of open platform need to make
With Https agreement, Json data format, UTF8 coding.3) error code: 0, which indicates correct, returns, and in addition other wrong code lengths are
5.
In addition to this, also will do it following verification: 1) input validation, the input such as generated to all users verifies,
Once data are illegal, it should inform that user's input is illegal and suggests that user corrects input.2) output verification, such as can not
The data of letter must first carry out escape output before being output to client.3) downloading verification is uploaded, such as uses white name in server end
Single (file extension white list), mode carry out stringent limitation to the file type, the size that upload or download.4) code annotation
Verification is such as forbidden in annotation information comprising physical pathway, database connection, SQL statement information.5) interface security verifies, such as
Sensitive kinds interface-client is forbidden to call directly, back-end services mode is called in the rear end Ying Caiyong.6) other verifications, such as the URL page
It jumps, after needing to judge domain name white list, just can be carried out and jump.
Service system provided in this embodiment ensure that the safety of data interaction, stability between each service;It is unified
The standards and specifications of system docking, substantially reduce docking cost;The complexity for simplifying micro services, improves development efficiency,
Reduce O&M cost.Development cost, raising security protection, promotion development efficiency when saving third party's service access provide one
The completely new mode of kind.
Service system provided in this embodiment, comprising: intelligent gateway, frame API, file repository, database, management clothes
Business module;Intelligent gateway and frame API two-way communication link;Intelligent gateway and management services module two-way communication link;Frame
API and file repository two-way communication link;File repository and database two-way communication link;Database and management service mould
Block two-way communication link;Intelligent gateway, for carrying out control operation to the service of access;Frame API, for for by intelligent network
The service for closing the access of control provides api interface;File repository is connect for storing by the api interface that frame API is provided
The file that the service entered generates;Database, for storing the service generation accessed by the api interface that frame API is provided
Data;Management services module is operated by the control of intelligent gateway, is unified for managing database and management intelligent gateway
The entrance and interface standard of service system ensure that the service safe of service system and convenient for monitoring.
It should be clear that the invention is not limited to specific configuration described above and shown in figure and processing.
For brevity, it is omitted here the detailed description to known method.In the above-described embodiments, several tools have been described and illustrated
The step of body, is as example.But method process of the invention is not limited to described and illustrated specific steps, this field
Technical staff can be variously modified, modification and addition after understanding spirit of the invention, or suitable between changing the step
Sequence.
It should also be noted that, the exemplary embodiment referred in the present invention, is retouched based on a series of step or device
State certain methods or system.But the present invention is not limited to the sequence of above-mentioned steps, that is to say, that can be according in embodiment
The sequence referred to executes step, may also be distinct from that the sequence in embodiment or several steps are performed simultaneously.
Finally, it should be noted that above-described embodiments are merely to illustrate the technical scheme, rather than to it
Limitation;Although the present invention is described in detail referring to the foregoing embodiments, those skilled in the art should understand that:
It can still modify to technical solution documented by previous embodiment, or to part of or all technical features into
Row equivalent replacement;And these modifications or substitutions, it does not separate the essence of the corresponding technical solution various embodiments of the present invention technical side
The range of case.
Claims (10)
1. a kind of service system based on intelligent gateway, which is characterized in that including intelligent gateway, framework application programming interface
API, file repository, first database, management services module;
The intelligent gateway and the frame API two-way communication link;The intelligent gateway and the management services module are two-way
Communication connection;
The frame API and the file repository two-way communication link;
The file repository and the first database two-way communication link;
The first database and the management services module two-way communication link;
The intelligent gateway, for carrying out control operation to the service of access, the control operation includes following one kind or more
Kind: access mandate, interface convergence, safety assurance, flow control, the registration and discovery of the service of access, the tune of the service of access
With and load, route, fusing, front-end specifications audit, rear end specification audit, safety standard audit;
The frame API, for providing api interface for the service of the access by the intelligent gateway control;
The file repository, for storing the text for passing through the service that the api interface that the frame API is provided is accessed and generating
Part;
The first database, for storing the number for passing through the service that the api interface that the frame API is provided is accessed and generating
According to;
The management services module, for managing the first database and managing the intelligent gateway.
2. service system according to claim 1, which is characterized in that the clothes that intelligent gateway accesses the service of access
The registration of business is operated with discovery
Intelligent gateway constructs a registration center, obtains the information on services that the service of access is registered to the registration center, passes through
The registration and discovery operation for the service that the information on services calls Eureka to access the service of access;
The information on services includes following one or more: the host of the service of access, port numbers, service release number, communication
Agreement.
3. service system according to claim 1, which is characterized in that the clothes that intelligent gateway accesses the service of access
The calling and load operation of business include:
Intelligent gateway creation interface simultaneously annotates, and is based on the interface and annotation, by Feign and Ribbon to the service of access into
The calling and load operation of the service of row access.
4. service system according to claim 1, which is characterized in that intelligent gateway carries out routing operations to the service of access
Include:
Intelligent gateway carries out routing operations by service of the Zuul to access.
5. service system according to claim 1, which is characterized in that intelligent gateway carries out fusing operation to the service of access
Include:
Intelligent gateway carries out fusing operation by service of the hystrix to access.
6. service system according to claim 1, which is characterized in that front-end specifications include:
The service of access uses the standard control in user interface UI specification library;
The service of access requests basic widget library data by sdk.request;
The service of access requests basic control combination pattern data by sdk.request;
The service of access requests representative page data by sdk.request;
Standard control in UI specification library includes: drawing board ARTboard, button, chart format ICON, list.
7. service system according to claim 1, which is characterized in that rear end, which standardizes, includes:
The service of access is forbidden in required parameter being the privacy information for carrying plaintext;
The interface of the service of access uses as follows one or more: Https agreement, Json data format, UTF8 coding;
The error code that the service of access returns is 5, or, 0;
When error code is 0, correct return is identified.
8. service system according to claim 1, which is characterized in that intelligent gateway carries out safety standard to the service of access
Review operations include:
Intelligent gateway verifies user's input of the service of access, if verification is illegal, alerts input illegally and builds
View corrects input;
Intelligent gateway to the service of access can not letter data carry out escape after export;
Intelligent gateway is uploaded according to service of the pre-set file extension white list to access or the file type of downloading, big
It is small to be audited;
Whether intelligent gateway includes physical pathway information, database linkage information, SQL language in the annotation information of the service of access
Sentence information is audited;
Whether intelligent gateway calls sensitive kinds interface to audit the service of access;
Intelligent gateway is audited according to URL page jump request of the pre-set domain name white list to the service of access, URL
Page jump request is jumped after the approval;
Wherein, the files classes that intelligent gateway is uploaded or downloaded according to service of the pre-set file extension white list to access
The method that type, size are audited are as follows:
If the service of access uploads or the extension name of the file type of downloading is located in white list, it is determined that the service of access uploads
Or normal size corresponding to the extension name of the file type of downloading, if the service of access uploads or the file size of downloading is greater than
First value, which is then audited, not to be passed through, audit and is passed through if being less than or equal to the first value, first value for normal size * (1- with connect
The transmission coefficient of api interface corresponding to the service entered), the transmission coefficient with api interface corresponding to the service accessed
The default of api interface corresponding to the service of currently processed amount/access of api interface corresponding to the service of=access handles up
Amount;
If the service of access uploads or the extension name of the file type of downloading is not located in white list, if second value is greater than and connects
The transmission coefficient of api interface corresponding to the service entered, which is then audited, not to be passed through, if second value is less than or equal to corresponding to service
The transmission coefficient of api interface, which is then audited, to be passed through, and the second value is file size/access that the service of access is uploaded or downloaded
The preset throughputs of the corresponding api interface of service.
9. service system according to claim 1, which is characterized in that further include the first access service;
First access service and the intelligent gateway two-way communication link;
First access service is generated by the first application;
First application is located at non-E-gov Network;
First application is following one or more: positioned at the application program of non-E-gov Network, positioned at the network web of non-E-gov Network
Using positioned at the public platform of non-E-gov Network;
First access service is as follows one or more: positioned at the infrastructure service of non-E-gov Network, positioned at non-E-gov Network
Public service, positioned at the Subsystem Service of non-E-gov Network, the service positioned at non-E-gov Network of third party's exploitation;
The intelligent gateway is located at E-gov Network;
The intelligent gateway passes sequentially through the E-gov Network, E-gov Network internet firewall, and internet and first access take
Business two-way communication link;
The service system further includes the second access service;
Second access service and the intelligent gateway two-way communication link;
Second access service is generated by the second application;
Second application is located at E-gov Network;
Second application is following one or more: positioned at the application program of E-gov Network, the web positioned at E-gov Network is applied, position
In the public platform of E-gov Network;
Second access service is as follows one or more: positioned at the infrastructure service of E-gov Network, positioned at the public of E-gov Network
Service, positioned at the Subsystem Service of E-gov Network, the service positioned at E-gov Network of third party's exploitation;
The intelligent gateway is located at E-gov Network;
Second application includes first database server and the first application service cluster;
Second application generates the second access service by the first database server and the first application service cluster;
The intelligent gateway is connected by the E-gov Network and first database server and the first application service cluster two-way communication
It connects.
10. according to claim 1 to service system described in 8 any claims, which is characterized in that further include real-name authentication clothes
Business;
The real-name authentication service is located at non-E-gov Network;
The intelligent gateway passes sequentially through the E-gov Network, E-gov Network internet firewall, and internet and the real-name authentication take
Business two-way communication link;
The service system further includes common component service;
The common component service is located at E-gov Network;
The intelligent gateway services two-way communication link by the E-gov Network and the common component;
The service system further includes management service;
The management service is located at E-gov Network;
The management service is generated by the second database server and the second application service cluster;
The intelligent gateway is connected by the E-gov Network and the second database server and the second application service cluster two-way communication
It connects;
The service system further includes third party's service;
The third party's service is located at E-gov Network;
The third party's service is generated by the second database and third application;
The intelligent gateway passes through the E-gov Network and the second database and third application two-way communication link;
The service system further includes city's line business system, regional line business system;
City's line business system and the intelligent gateway two-way communication link;
The area line business system and the intelligent gateway two-way communication link.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910448211.4A CN110083338B (en) | 2019-05-27 | 2019-05-27 | Service system based on intelligent gateway |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910448211.4A CN110083338B (en) | 2019-05-27 | 2019-05-27 | Service system based on intelligent gateway |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110083338A true CN110083338A (en) | 2019-08-02 |
CN110083338B CN110083338B (en) | 2023-12-22 |
Family
ID=67422202
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910448211.4A Active CN110083338B (en) | 2019-05-27 | 2019-05-27 | Service system based on intelligent gateway |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110083338B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111416837A (en) * | 2020-02-20 | 2020-07-14 | 华迪计算机集团有限公司 | Government affair system API interface access gateway, method, electronic equipment and storage medium |
CN113064627A (en) * | 2021-03-23 | 2021-07-02 | 支付宝(杭州)信息技术有限公司 | Service access data processing method, platform, terminal, equipment and system |
CN113449296A (en) * | 2021-07-20 | 2021-09-28 | 恒安嘉新(北京)科技股份公司 | System, method, apparatus, and medium for data security protection |
WO2022068761A1 (en) * | 2020-09-29 | 2022-04-07 | 京东科技控股股份有限公司 | Data processing method and apparatus, electronic device, and storage medium |
CN117376033A (en) * | 2023-12-06 | 2024-01-09 | 浙江网商银行股份有限公司 | File processing method and device |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104753775A (en) * | 2013-12-30 | 2015-07-01 | 中国移动通信集团公司 | Financial service gateway and system |
CN106656630A (en) * | 2017-01-13 | 2017-05-10 | 北京中电普华信息技术有限公司 | Electric marketing service application system, and construction method and platform thereof |
CN107065578A (en) * | 2016-12-28 | 2017-08-18 | 北京极科极客科技有限公司 | A kind of App controls the method and system of smart home |
CN207053537U (en) * | 2017-08-08 | 2018-02-27 | 北京数立通科技有限责任公司 | A kind of intelligent gateway for wisdom government affairs |
US20180218368A1 (en) * | 2017-01-31 | 2018-08-02 | First Data Corporation | Data transformation engine |
CN108446111A (en) * | 2018-03-26 | 2018-08-24 | 国家电网公司客户服务中心 | A kind of micro services construction method based on Spring cloud |
CN108769009A (en) * | 2018-05-28 | 2018-11-06 | 深圳和而泰数据资源与云技术有限公司 | Data communications method, smart machine and intelligent gateway |
CN109710223A (en) * | 2018-12-29 | 2019-05-03 | 北京邮电大学 | API gateway hot plug system based on distributed KV storage system |
-
2019
- 2019-05-27 CN CN201910448211.4A patent/CN110083338B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104753775A (en) * | 2013-12-30 | 2015-07-01 | 中国移动通信集团公司 | Financial service gateway and system |
CN107065578A (en) * | 2016-12-28 | 2017-08-18 | 北京极科极客科技有限公司 | A kind of App controls the method and system of smart home |
CN106656630A (en) * | 2017-01-13 | 2017-05-10 | 北京中电普华信息技术有限公司 | Electric marketing service application system, and construction method and platform thereof |
US20180218368A1 (en) * | 2017-01-31 | 2018-08-02 | First Data Corporation | Data transformation engine |
CN207053537U (en) * | 2017-08-08 | 2018-02-27 | 北京数立通科技有限责任公司 | A kind of intelligent gateway for wisdom government affairs |
CN108446111A (en) * | 2018-03-26 | 2018-08-24 | 国家电网公司客户服务中心 | A kind of micro services construction method based on Spring cloud |
CN108769009A (en) * | 2018-05-28 | 2018-11-06 | 深圳和而泰数据资源与云技术有限公司 | Data communications method, smart machine and intelligent gateway |
CN109710223A (en) * | 2018-12-29 | 2019-05-03 | 北京邮电大学 | API gateway hot plug system based on distributed KV storage system |
Non-Patent Citations (1)
Title |
---|
彭代: ""基于SD-WAN电子政务网的智能化改造"", 《信息通信》, pages 242 - 243 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111416837A (en) * | 2020-02-20 | 2020-07-14 | 华迪计算机集团有限公司 | Government affair system API interface access gateway, method, electronic equipment and storage medium |
WO2022068761A1 (en) * | 2020-09-29 | 2022-04-07 | 京东科技控股股份有限公司 | Data processing method and apparatus, electronic device, and storage medium |
CN113064627A (en) * | 2021-03-23 | 2021-07-02 | 支付宝(杭州)信息技术有限公司 | Service access data processing method, platform, terminal, equipment and system |
CN113064627B (en) * | 2021-03-23 | 2023-04-07 | 支付宝(杭州)信息技术有限公司 | Service access data processing method, platform, terminal, equipment and system |
CN113449296A (en) * | 2021-07-20 | 2021-09-28 | 恒安嘉新(北京)科技股份公司 | System, method, apparatus, and medium for data security protection |
CN113449296B (en) * | 2021-07-20 | 2024-04-23 | 恒安嘉新(北京)科技股份公司 | System, method, device and medium for data security protection |
CN117376033A (en) * | 2023-12-06 | 2024-01-09 | 浙江网商银行股份有限公司 | File processing method and device |
Also Published As
Publication number | Publication date |
---|---|
CN110083338B (en) | 2023-12-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110083338A (en) | Service system based on intelligent gateway | |
US10795992B2 (en) | Self-adaptive application programming interface level security monitoring | |
US20210365571A1 (en) | Partial policy evaluation | |
US9992166B2 (en) | Hierarchical rule development and binding for web application server firewall | |
US9460417B2 (en) | Using dynamic object modeling and business rules to dynamically specify and modify behavior | |
US8166140B1 (en) | Automatic application of implementation-specific configuration policies | |
CN103946834B (en) | virtual network interface objects | |
US20170126743A1 (en) | Attaching web service policies to a group of policy subjects | |
CN101877696B (en) | Equipment and method for reconfiguring false response messages under network application environment | |
US11838355B2 (en) | Auto-documentation for application program interfaces based on network requests and responses | |
US11093641B1 (en) | Anonymizing sensitive data in logic problems for input to a constraint solver | |
CN110521169A (en) | Strategy for service chaining guarantees | |
US20070061125A1 (en) | Enterprise environment analysis | |
JP2009134756A (en) | System and method for actively managing enterprise of configurable components | |
Calcote et al. | Istio: Up and running: Using a service mesh to connect, secure, control, and observe | |
US10560370B1 (en) | Intelligent exception recovery in network services | |
US20220078072A1 (en) | Closed-loop automation of a managed network | |
WO2023071460A1 (en) | Data exchange method, system and apparatus, and device | |
He et al. | Research on network programming language and policy conflicts for SDN | |
CN209728728U (en) | Service system based on intelligent gateway | |
WO2022125760A1 (en) | Analysis of role reachability with transitive tags | |
CN116032510A (en) | Data security protection system | |
CN113726855A (en) | Service aggregation method, device, electronic equipment and computer-readable storage medium | |
JP2004520641A (en) | Event bus architecture | |
WO2023071729A1 (en) | Method and apparatus for managing recommendation policy |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |