CN110083338B - Service system based on intelligent gateway - Google Patents
Service system based on intelligent gateway Download PDFInfo
- Publication number
- CN110083338B CN110083338B CN201910448211.4A CN201910448211A CN110083338B CN 110083338 B CN110083338 B CN 110083338B CN 201910448211 A CN201910448211 A CN 201910448211A CN 110083338 B CN110083338 B CN 110083338B
- Authority
- CN
- China
- Prior art keywords
- service
- intelligent gateway
- accessed
- government network
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000007175 bidirectional communication Effects 0.000 claims description 60
- 238000007726 management method Methods 0.000 claims description 40
- 230000006854 communication Effects 0.000 claims description 16
- 238000004891 communication Methods 0.000 claims description 16
- 230000005540 biological transmission Effects 0.000 claims description 13
- 238000000034 method Methods 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 8
- 241000700189 Hystrix <Rodentia> Species 0.000 claims description 6
- 238000013475 authorization Methods 0.000 claims description 6
- 238000012550 audit Methods 0.000 claims description 4
- 238000012937 correction Methods 0.000 claims description 3
- 238000012544 monitoring process Methods 0.000 abstract description 10
- 230000002457 bidirectional effect Effects 0.000 abstract 5
- 239000008186 active pharmaceutical agent Substances 0.000 description 75
- 238000011161 development Methods 0.000 description 14
- 230000006870 function Effects 0.000 description 11
- 238000003032 molecular docking Methods 0.000 description 7
- 238000012795 verification Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000004044 response Effects 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000007774 longterm Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/20—Software design
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention relates to a service system based on an intelligent gateway, which is characterized by comprising the intelligent gateway, a framework API, a file storage library, a database and a management service module; the intelligent gateway is connected with the framework API in a bidirectional manner; the intelligent gateway is connected with the management service module in a bidirectional way; the framework API is in bidirectional connection with the file storage library; the file storage library is connected with the database in a bidirectional way; the database is connected with the management service module in a bidirectional way; the intelligent gateway is used for controlling and operating the accessed service; a framework API for providing an API interface; the file storage bank is used for storing files generated by the accessed service; a database for storing data generated by the accessed service; the management service module is used for managing the database and the intelligent gateway, unifies the access and interface standards of the service system through the control operation of the intelligent gateway, and ensures the service safety of the service system and is convenient for monitoring.
Description
Technical Field
The invention relates to the technical field of computer service, in particular to a service system based on an intelligent gateway.
Background
As docking with different products becomes tighter, more services need to be accessed, and the problems that follow are also more and more:
1. The interface specification is not uniform. Specifications include communication protocols, interface specifications, interface versions, etc., which cause units or systems to expend a great deal of time and effort in communicating and are long-term;
2. network security issues. If the service exposed to the external client is more and more, the more points are attacked by the network, and the potential safety hazard of the network is increased;
3. and (5) checking the authority. What one service can offer for another service and what the function of another service can be used, these currently require each system to implement individually and require development teams of each service to communicate with, which adds to development costs.
4. There is no unified common component library. At present, each system has independent components, but the used technology is not uniform, the data is scattered, the real-name components used by each system are different by taking a real-name system as an example, the real-name data are not shared, real-name can need to be carried out again when accessing another service, and bad experience is brought to users;
5. service monitoring is difficult. If the administrator needs to know whether each service is normal, the administrator needs to open the log system of each service to view.
6. Code security issues. If development standards of each item need to be unified, own codes need to be provided to third parties, which may cause security problems in code supervision.
Disclosure of Invention
First, the technical problem to be solved
In order to unify service system standards, the invention provides a service system based on an intelligent gateway.
(II) technical scheme
In order to achieve the above purpose, the main technical scheme adopted by the invention comprises the following steps:
the service system based on the intelligent gateway comprises the intelligent gateway, a framework application programming interface API, a file storage library, a first database and a management service module;
the intelligent gateway is in bidirectional communication connection with the framework API; the intelligent gateway is in bidirectional communication connection with the management service module;
the framework API is in bidirectional communication connection with the file storage library;
the file storage library is in bidirectional communication connection with the first database;
the first database is in bidirectional communication connection with the management service module;
the intelligent gateway is configured to perform a control operation on an accessed service, where the control operation includes one or more of the following: access authorization, interface convergence, security assurance, flow control, registration and discovery of accessed services, call and load of accessed services, routing, fusing, front end specification auditing, back end specification auditing, security specification auditing;
The framework API is used for providing an API interface for the accessed service controlled by the intelligent gateway;
the file repository is used for storing files generated by services accessed by an API interface provided by the framework API;
the first database is used for storing data generated by services accessed by an API interface provided by the framework API;
and the management service module is used for managing the first database and the intelligent gateway.
Optionally, the registering and discovering operation of the service accessed by the intelligent gateway to the accessed service includes:
the intelligent gateway constructs a registration center, acquires service information registered by the accessed service to the registration center, and invokes registration and discovery operations of the Eureka on the accessed service through the service information;
the service information includes one or more of the following: the host, port number, service version number, and communication protocol of the accessed service.
Optionally, the calling and loading operation of the service accessed by the intelligent gateway to the accessed service comprises:
the intelligent gateway creates an interface and annotates, and calls and loads the accessed service through Feign and Ribbon based on the interface and the annotation.
Optionally, the intelligent gateway performing a routing operation on the accessed service includes:
the intelligent gateway routes the accessed service through Zuul.
Optionally, the intelligent gateway fusing the accessed service includes:
the intelligent gateway fuses the accessed service through hystrix.
Optionally, the front end gauge Fan Baokuo:
the accessed service uses standard controls in a UI specification library;
the accessed service requests basic control library data through sdk.request;
the accessed service requests basic control combination style data through sdk.request;
the accessed service requests typical page data through sdk.request;
standard controls within the UI specification library include: drawing board, buttons, chart format ICON, forms.
Optionally, the back end gauge Fan Baokuo:
the accessed service prohibits the privacy information carrying the plaintext when the request parameter is;
the interfaces of the accessed services use one or more of the following: https protocol, json data format, UTF8 encoding;
the error code returned by the accessed service is 5 bits or 0;
when the error code is 0, the identification returns correctly.
Optionally, the security specification auditing operation of the access service by the intelligent gateway includes:
The intelligent gateway checks the user input of the accessed service, if the check is illegal, the alarm input is illegal and correction input is suggested;
the intelligent gateway outputs the un-trusted data of the accessed service after escape;
the intelligent gateway checks the type and the size of the file uploaded or downloaded by the accessed service according to a preset file extension white list;
the intelligent gateway checks whether the annotation information of the accessed service contains physical path information, database connection information and SQL statement information;
the intelligent gateway checks whether the accessed service invokes the sensitive interface;
the intelligent gateway examines the URL page jump request of the accessed service according to a preset domain name white list, and jumps after the URL page jump request passes the examination;
the method for the intelligent gateway to audit the type and the size of the file uploaded or downloaded by the accessed service according to the preset file extension white list comprises the following steps:
if the extension of the file type uploaded or downloaded by the accessed service is in the white list, determining the standard size corresponding to the extension of the file type uploaded or downloaded by the accessed service, if the file size uploaded or downloaded by the accessed service is larger than a first value, checking that the file size is not passed, and if the file size is smaller than or equal to the first value, checking that the file size passes, wherein the first value is the standard size (1-transmission coefficient of an API interface corresponding to the accessed service), and the transmission coefficient of the API interface corresponding to the accessed service = the current processing capacity of the API interface corresponding to the accessed service/the preset throughput of the API interface corresponding to the accessed service;
If the extension of the file type uploaded or downloaded by the accessed service is not in the white list, if the second value is larger than the transmission coefficient of the API interface corresponding to the accessed service, the second value is not passed, and if the second value is smaller than or equal to the transmission coefficient of the API interface corresponding to the service, the second value is the file size uploaded or downloaded by the accessed service/the preset throughput of the API interface corresponding to the accessed service.
Optionally, a first access service is also included;
the first access service is in bidirectional communication connection with the intelligent gateway;
the first access service is generated by a first application;
the first application is located in a non-government network;
the first application is one or more of the following: the application program is positioned in the non-government network, the web application is positioned in the non-government network, and the public number is positioned in the non-government network;
the first access service is one or more of the following: basic service located in the non-government network, public service located in the non-government network, subsystem service located in the non-government network, and service located in the non-government network developed by a third party;
the intelligent gateway is positioned in a government network;
the intelligent gateway sequentially passes through the government network, the government network Internet firewall and the Internet to be in bidirectional communication connection with the first access service;
The service system further comprises a second access service;
the second access service is in bidirectional communication connection with the intelligent gateway;
the second access service is generated by a second application;
the second application is located in a government network;
the second application is one or more of the following: the application program is positioned in the government network, the web application is positioned in the government network, and the public number is positioned in the government network;
the second access service is one or more of the following: basic service located in government network, public service located in government network, subsystem service located in government network, and service developed by third party and located in government network;
the intelligent gateway is positioned in a government network;
the second application comprises a first database server and a first application service cluster;
generating a second access service by a second application through the first database server and the first application service cluster;
the intelligent gateway is in bidirectional communication connection with the first database server and the first application service cluster through the government network.
Optionally, the system also comprises a real-name authentication service;
the real-name authentication service is located in a non-government network;
the intelligent gateway sequentially passes through the government network, the government network Internet firewall, and the Internet is in bidirectional communication connection with the real-name authentication service;
The service system also comprises public component services;
the public component service is located in a government network;
the intelligent gateway is in bidirectional communication connection with the public component service through the government network;
the service system further comprises a management service;
the management service is located in a government network;
the management service is generated by a second database server and a second application service cluster;
the intelligent gateway is in bidirectional communication connection with a second database server and a second application service cluster through the government network;
the service system further comprises a third party service;
the third party service is located in a government network;
the third party service is generated by a second database and a third application;
the intelligent gateway is in bidirectional communication connection with a second database and a third application through the government network;
the service system also comprises a city vertical service system and a region vertical service system;
the city vertical service system is in bidirectional communication connection with the intelligent gateway;
and the regional vertical service system is in bidirectional communication connection with the intelligent gateway.
(III) beneficial effects
The invention provides a service system based on an intelligent gateway, which comprises the intelligent gateway, a framework API, a file storage library, a database and a management service module; the intelligent gateway is in bidirectional communication connection with the framework API; the intelligent gateway is in bidirectional communication connection with the management service module; the framework API is in bidirectional communication connection with the file storage library; the file storage library is in bidirectional communication connection with the database; the database is in bidirectional communication connection with the management service module; the intelligent gateway is used for controlling and operating the accessed service; a framework API for providing an API interface for the accessed service controlled by the intelligent gateway; a file repository for storing files generated by services accessed through an API interface provided by the framework API; a database for storing data generated by services accessed through an API interface provided by the framework API; the management service module is used for managing the database and the intelligent gateway, unifies the access and interface standards of the service system through the control operation of the intelligent gateway, and ensures the service safety of the service system and is convenient for monitoring.
Drawings
Fig. 1 is a schematic structural diagram of a service system based on an intelligent gateway according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of another service system based on an intelligent gateway according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a network topology of a service system based on an intelligent gateway according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a technical architecture of a service system according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a development mode of a third party service access service system according to an embodiment of the present invention;
fig. 6 is a schematic flow chart of a third party service development docking service system according to an embodiment of the present invention.
Detailed Description
As docking with different products becomes tighter, more services need to be accessed, and the problems that follow are also more and more:
1. the interface specification is not uniform. Specifications include communication protocols, interface specifications, interface versions, etc., which cause units or systems to expend a great deal of time and effort in communicating and are long-term;
2. network security issues. If the service exposed to the external client is more and more, the more points are attacked by the network, and the potential safety hazard of the network is increased;
3. And (5) checking the authority. What one service can offer for another service and what the function of another service can be used, these currently require each system to implement individually and require development teams of each service to communicate with, which adds to development costs.
4. There is no unified common component library. At present, each system has independent components, but the used technology is not uniform, the data is scattered, the real-name components used by each system are different by taking a real-name system as an example, the real-name data are not shared, real-name can need to be carried out again when accessing another service, and bad experience is brought to users;
5. service monitoring is difficult. If the administrator needs to know whether each service is normal, the administrator needs to open the log system of each service to view.
6. Code security issues. If development standards of each item need to be unified, own codes need to be provided to third parties, which may cause security problems in code supervision.
The invention provides a service system based on an intelligent gateway, which comprises the intelligent gateway, a framework API, a file storage library, a database and a management service module; the intelligent gateway is in bidirectional communication connection with the framework API; the intelligent gateway is in bidirectional communication connection with the management service module; the framework API is in bidirectional communication connection with the file storage library; the file storage library is in bidirectional communication connection with the database; the database is in bidirectional communication connection with the management service module; the intelligent gateway is used for controlling and operating the accessed service; a framework API for providing an API interface for the accessed service controlled by the intelligent gateway; a file repository for storing files generated by services accessed through an API interface provided by the framework API; a database for storing data generated by services accessed through an API interface provided by the framework API; the management service module is used for managing the database and the intelligent gateway, unifies the access and interface standards of the service system through the control operation of the intelligent gateway, and ensures the service safety of the service system and is convenient for monitoring.
Referring to the service system architecture based on the intelligent gateway shown in fig. 1, the service system based on the intelligent gateway provided in this embodiment includes: the system comprises an intelligent gateway, a framework API, a file storage library, a first database and a management service module.
1. Intelligent gateway
The intelligent gateway is in bidirectional communication connection with the framework API.
The intelligent gateway is in bidirectional communication connection with the management service module.
The intelligent gateway is used for controlling and operating the accessed service, thereby forming a good ecological circle, unifying the access and interface standards of the service system, ensuring the service safety of the service system and facilitating the monitoring.
Wherein the control operation includes one or more of: access authorization, interface convergence, security assurance, flow control, registration and discovery of accessed services, invocation and loading of accessed services, routing, fusing, front end specification auditing, back end specification auditing, security specification auditing, and the like.
Implementation manners of service registration and discovery operation of the intelligent gateway for accessing the accessed service include, but are not limited to:
the intelligent gateway constructs a registration center, acquires service information registered by the accessed service to the registration center, and invokes registration and discovery operations of the Eureka on the accessed service through the service information;
The service information includes one or more of the following: the host, port number, service version number, and communication protocol of the accessed service.
The intelligent gateway performs the calling and load operation of the accessed service, including but not limited to:
the intelligent gateway creates an interface and annotates, and calls and loads the accessed service through Feign and Ribbon based on the interface and the annotation.
Implementation manners of routing operations performed by the intelligent gateway on the accessed service include, but are not limited to:
the intelligent gateway routes the accessed service through Zuul.
Implementation manners of fusing the accessed service by the intelligent gateway include, but are not limited to:
the intelligent gateway fuses the accessed service through hystrix.
For example, the number of the cells to be processed,
1) Registration center, registration and discovery of services are implemented using Eureka. In the service management framework, a registry is constructed, and each service unit registers the service provided by itself to the registry, wherein the service comprises additional information such as a host and a port number of the service, a service version number, a communication protocol and the like; instead, inter-service calls are no longer made by specifying a specific instance address, but rather by a service name initiated request call.
2) Service invocation and loading, implemented using feign+rib. Feign is a declarative pseudo Http client that makes writing Http clients simpler. With Feign, only one interface needs to be created and annotated. It has pluggable annotation properties, and Feign annotation and JAX-RS annotation can be used. Feign supports pluggable encoders and decoders.
3) Intelligent routing, implemented using Zuul. Zuul is the core of the intelligent gateway. The micro-services in the project, the mutual call between them is realized by the setting of zuul.
4) A fuse, implemented using hystrix. When the intelligent gateway calls a specific service module, the intelligent gateway is inevitably influenced by factors such as a network, query efficiency and the like, so that response is overtime, and then, the hyperstrict needs to be configured to avoid the problems of memory overflow and the like caused by the fact that threads always occupy memory, and a program is suspended.
In addition, the front gauge Fan Baokuo:
the accessed service uses standard controls in a UI (User Interface) specification library;
the accessed service requests basic control library data through sdk.request;
the accessed service requests basic control combination style data through sdk.request;
the accessed service requests typical page data through sdk.request;
Standard controls within the UI specification library include: ARTboard, buttons, chart format ICON, form.
For example, when the front end performs application design, the front end needs to use standard controls in the UI specification library, including contents such as ARTboard, buttons, ICON, forms, and the like, for example: the base control library, base control combination style, typical page, request data must use sdk. The front end unifies standard controls to ensure the consistency of the display effect and the request mode of each function in the program.
Rear end gauge Fan Baokuo:
the accessed service prohibits the privacy information carrying the plaintext when the request parameter is;
the interfaces of the accessed services use one or more of the following: https protocol, json data format, UTF8 encoding;
the error code returned by the accessed service is 5 bits or 0;
when the error code is 0, the identification returns correctly.
For example, the number of the cells to be processed,
1) The front end prohibits the transmission of the user ID card: the front end applet prohibits the plaintext from carrying private information, such as an identification number, on the requested parameters.
2) Response content specification: all interfaces of the open platform need to use Https protocol, json data format, UTF8 coding.
3) Error code: a 0 indicates a correct return and the other error codes are 5 bits in length.
Implementation manners of security specification auditing operation of the intelligent gateway on the accessed service include, but are not limited to:
the intelligent gateway checks the user input of the accessed service, if the check is illegal, the alarm input is illegal and the correction input is suggested;
the intelligent gateway outputs the un-trusted data of the accessed service after escape;
the intelligent gateway checks the type and the size of the file uploaded or downloaded by the accessed service according to a preset file extension white list;
the method for the intelligent gateway to audit the type and the size of the file uploaded or downloaded by the accessed service according to the preset file extension white list comprises the following steps:
if the extension of the file type uploaded or downloaded by the accessed service is in the white list, determining the standard size corresponding to the extension of the file type uploaded or downloaded by the accessed service, if the file size uploaded or downloaded by the accessed service is larger than a first value, checking that the file size is not passed, if the file size is smaller than or equal to the first value, checking that the file size passes, wherein the first value is the standard size (1-transmission coefficient of an API interface corresponding to the accessed service), and the transmission coefficient of the API interface corresponding to the accessed service = the current processing capacity of the API interface corresponding to the accessed service/the preset throughput of the API interface corresponding to the accessed service;
If the extension of the file type uploaded or downloaded by the accessed service is not in the white list, if the second value is larger than the transmission coefficient of the API interface corresponding to the accessed service, the auditing is not passed, and if the second value is smaller than or equal to the transmission coefficient of the API interface corresponding to the service, the auditing is passed, and the second value is the file size uploaded or downloaded by the accessed service/the preset throughput of the API interface corresponding to the accessed service.
The method for auditing the type and the size of the file uploaded or downloaded by the accessed service provided by the embodiment adopts a white list (file extension white list) mode to strictly limit the type and the size of the file uploaded or downloaded.
However, when the size is limited, the limiting condition is dynamically adjusted according to the relation between the extension of the file type uploaded or downloaded by the accessed service and the white list.
If the extension of the file type uploaded or downloaded by the accessed service is in the white list, the constraint is relatively low, as long as the size of the file uploaded or downloaded by the accessed service is not greater than the first value. The first value is a standard size corresponding to an extension of a file type uploaded or downloaded by an accessed service, and the preset throughput and the current processing amount of an API accessed to the file are related, namely, the standard size is (1-transmission coefficient of an API interface corresponding to the accessed service), the transmission coefficient of the API interface corresponding to the accessed service = the current processing amount of the API interface corresponding to the accessed service/the preset throughput of the API interface corresponding to the accessed service, and the first value dynamically changes along with the current processing amount of the API interface corresponding to the accessed service, so that the uploaded or downloaded file size is ensured to be strictly, dynamically and effectively controlled in a manner suitable for the current situation.
If the extension of the file type uploaded or downloaded by the accessed service is not in the white list, the file type cannot be uploaded or downloaded, only the limitation condition is required to be high, and the second value is not more than the transmission coefficient of the API interface corresponding to the accessed service. The method comprises the steps of uploading or downloading file size of an accessed service, and presetting throughput of an API interface corresponding to the accessed service. That is, the ratio of the size of the file uploaded or downloaded by the accessed service to the preset throughput of the API interface corresponding to the accessed service is smaller than or equal to the ratio of the current throughput of the API interface corresponding to the accessed service to the preset throughput of the API interface corresponding to the accessed service. I.e. if the extension of the file type uploaded or downloaded by the accessed service is not in the white list, the uploaded or downloaded file is smaller than the current processing of the corresponding API interface, and at this time, the file can be processed.
The auditing method ensures the severity of auditing and the fitting degree of auditing and actual conditions, ensures the service safety without losing flexibility, and can effectively promote user experience.
The intelligent gateway checks whether the annotation information of the accessed service contains physical path information, database connection information and SQL statement information;
The intelligent gateway checks whether the accessed service invokes the sensitive class interface;
and the intelligent gateway examines the URL page jump request of the accessed service according to the preset domain name white list, and jumps after the URL page jump request passes the examination.
For example, the number of the cells to be processed,
1) And (3) input verification: all user generated inputs must be checked and once the data is illegal, the user should be informed that the input is illegal and advised to correct the input.
2) Output coding: for untrusted data, an escape output must be made before output to the client.
3) Uploading and downloading: the server side must adopt a white list (file extension white list) mode to strictly limit the type and size of the uploaded or downloaded files.
4) Code annotation: the annotation information is prohibited from containing physical paths, database connections, and SQL statement information.
5) Interface safety: the client side of the sensitive class interface is forbidden to directly call, and a back-end service mode is adopted for back-end call
6) Other: and the URL page jumps, and the jump can be performed only after the white list of the domain name is judged.
2. Framework API
The framework API is in two-way communication with the file repository.
And the framework API is used for providing an API interface for the accessed service controlled by the intelligent gateway.
The accessed service is connected with the framework API after the operations of access authorization, interface convergence, security assurance, flow control and the like of the intelligent gateway, and then is accessed into the service system based on the intelligent gateway.
3. File storage library
The file repository is in two-way communication with the first database.
And the file storage library is used for storing files generated by services accessed by an API interface provided by the framework API. Such as log files, etc.
4. A first database
The first database is in two-way communication connection with the management service module.
The first database is herein a database for storing data generated by services accessed through an API interface provided by the framework API. Such as operational data, etc.
The "first" is merely an identification function, and is used for distinguishing from databases in subsequent third party services, and has no substantial meaning.
5. Management service module
The management service module is in two-way communication connection with the first database.
The management service module is in bidirectional communication connection with the intelligent gateway.
And the management service module is used for managing the data in the first database.
And the management service module is used for managing the intelligent gateway.
The service system based on the intelligent gateway shown in fig. 1 can access the service, so that the service system provided by the embodiment provides support for the accessed service, and provides corresponding service for the user together.
The services accessed may be of a variety including, but not limited to: access services, real name authentication services, public component services, management services, third party services, related services for the urban vertical business system, related services for the regional vertical business system. The following describes an access service by taking the service system based on the intelligent gateway after the access service shown in fig. 2 as an example.
6. Access service
The access service is in two-way communication connection with the intelligent gateway.
The access service is generated by one or more of the following applications: application, web application, public number.
Access services include, but are not limited to: basic services, public services, subsystem services, and services developed by third parties.
The application that generates the base service may be located in a government network (e.g., an intranet application, where only intranet users are available) or in a non-government network (e.g., an internet application, where any user is available). The access service generated by the application located in different networks is different from the two-way communication connection mode of the intelligent gateway.
The network topology of the service system based on the intelligent gateway as shown in fig. 3 is described below as a bidirectional communication connection method between the access service generated by the application located in different networks and the intelligent gateway.
For convenience of explanation, in this embodiment, an application located in a non-government network is named as a first application, where the first application is one or more of the following: the application program is located in the non-government network, the web application is located in the non-government network, and the public number is located in the non-government network.
The access service generated by the first application is named as the first access service.
The first access service is one or more of the following: the system comprises a basic service located in the non-government network, a public service located in the non-government network, a subsystem service located in the non-government network and a service developed by a third party and located in the non-government network.
The application located in the government network is named as a second application, and the second application is one or more of the following: the application program is located in the government network, the web application is located in the government network, and the public number is located in the government network.
The access service generated by the second application is named the second access service.
The second access service is one or more of the following: the system comprises basic services located in the government network, public services located in the government network, subsystem services located in the government network and developed by a third party.
The terms "first" and "second" are used herein for identification purposes only and are not meant to be actual in order to distinguish between applications located in different networks and access services that are generated. The specific form of the first application and the specific form of the second application are not directly related, can be the same or different, and the first access service content and the second access service content are not directly related, can be the same or different, and the relation between the first access service and the second access service is not limited in the embodiment.
For the first access service, it is connected in bidirectional communication with the intelligent gateway. Because the intelligent gateway is located in the government network, and the first access service is located in the non-government network, the connection mode is as follows: the intelligent gateway sequentially passes through a government network, a government network Internet firewall, and the Internet is in bidirectional communication connection with the first access service. The intelligent gateway is connected to the government network Internet firewall through the government network, then connected to the Internet through the government network Internet firewall, and further connected with the first access service in a two-way communication manner through the Internet.
For the second access service, it is in bi-directional communication connection with the intelligent gateway. Because the intelligent gateway is located in the government network, and the second access service is also located in the government network, the connection mode is as follows: the intelligent gateway is in bidirectional communication connection with the second access service through the government network.
When the application is specific, the second application comprises a second application comprising a first database server and a first application service cluster. I.e. the second application generates the second access service via the first database server and the first application service cluster. Therefore, the specific connection mode of the intelligent gateway through the government network and the second access service bidirectional communication connection is as follows: the intelligent gateway is in bidirectional communication connection with the first database server and the first application service cluster through the government network.
7. Real name authentication service
As shown in fig. 3, the network topology of the service system based on the intelligent gateway, the real-name authentication service is located in the non-government network.
The intelligent gateway sequentially passes through a government network, a government network Internet firewall, and the Internet is in bidirectional communication connection with the real-name authentication service.
The real-name authentication service is one of third party services, and in addition, other third party services in the non-government network can be accessed, which is not listed in this embodiment. The access mode of the third party service in the non-government network refers to the access mode of the real-name authentication service, and this embodiment will not be described again.
8. Public component service
As shown in fig. 3, the network topology of the intelligent gateway-based service system, the public component services are located in the government network. The intelligent gateway is in two-way communication connection with the public component service through a government network.
9. Managing services
The management service is located in the government network according to the network topology of the service system based on the intelligent gateway as shown in fig. 3. The management service is generated by a second database server and a second application service cluster. The intelligent gateway is in bidirectional communication connection with the second database server and the second application service cluster through the government network.
The "second" is used herein as an identification, and has no practical meaning, only for distinguishing from the database server and the application service cluster included in the second application, that is, the second application includes the database server and the application service cluster named as the first database server and the first application service cluster, and the database server and the application service cluster that generate the management service are named as the second database server and the second application service cluster.
10. Third party services
As shown in fig. 3, the third party service is located in the government network. The third party service is generated by the second database and the third application. The intelligent gateway is in bidirectional communication connection with the second database and the third application through the government network.
The "second" is used herein as an identification, and has no practical meaning, only for distinguishing from the database included in the service system architecture based on the intelligent gateway, that is, the database included in the service system architecture based on the intelligent gateway is named as a first database, and the database generating the third party service is named as a second database.
The "third" is used herein as an identification, and has no actual meaning, and is only used for distinguishing from the first application and the second application, i.e., the application that generates the access service is named as the first application or the second application, and the application that generates the third party service is named as the third application.
11. Vertical business system
The city vertical business system is in bidirectional communication connection with the intelligent gateway.
12. Regional vertical business system
The regional vertical service system is in bidirectional communication connection with the intelligent gateway.
When the service system based on the intelligent gateway is specifically implemented, the accessed service can be developed for service matters or sub-level services according to specifications, related public services (such as real-name authentication information and the like) are obtained through the intelligent gateway, and finally the service system based on the intelligent gateway is accessed, and the intelligent gateway performs access authorization, interface convergence, security assurance, flow control and other operations on the accessed service, so that a good ecological circle is formed.
The intelligent gateway in the service system provided by the embodiment is the only entry of the service system, encapsulates the internal architecture of the system, uniformly provides services for clients, and simultaneously provides some public services which are irrelevant to the services, such as flow control, monitoring, buffering and the like. Through the intelligent gateway, 1) internal concerns can be prevented from being exposed to external clients, 2) additional security layers are added for each service, 3) unified communication protocols, the intelligent gateway can provide external, unified REST-based APIs over these different protocols, 4) reduce micro-service complexity, etc., 5) record operation logs in a unified manner.
The intelligent gateway can perform 1) authentication, such as authority identity authentication, 2) caching, such as data caching, 3) flow limiting, such as service access flow calculation, based on flow calculation analysis, flow limiting, various flow limiting rules can be defined, 4) log recording, 5) monitoring, request response data recording, API time-consuming analysis, performance monitoring and the like, 6) routing, which is a core function, can lock target access service and forward the request according to the request, and 7) online gray scale deployment can reduce risks.
The gray level deployment refers to a release mode capable of smoothly transitioning between black and white. On which a/B testing can be performed, i.e. letting a part of the users continue to use the product property a and a part of the users start to use the product property B, if the users do not have any objection to B, the scope is gradually expanded and all users are migrated to B. The gray level release can ensure the stability of the whole system, and the problems can be found and adjusted during the initial gray level so as to ensure the influence degree.
The service system provided in this embodiment may 1) implement a registration and discovery function of a service using Eureka. For example, in the service administration framework, a registry is constructed, and each service unit registers its own service with the registry, including some additional information such as host and port numbers of the service, service version numbers, communication protocols, etc. 2) Service invocation and load functions are implemented using Feign+Ribbon, where Feign is a declarative pseudo Http client that makes writing Http clients simpler. With Feign, only one interface needs to be created and annotated. The annotation property with pluggable property can use Feign annotation and JAX-RS annotation. Feign supports pluggable encoders and decoders. 3) The intelligent routing function is implemented using Zuul, which is the core of the intelligent network. The interaction with the accessed service is realized by the setting of zuul. The core of the gateway. The micro-services in the project, the mutual call between them is realized by the setting of zuul. 4) When the intelligent gateway calls a specific service module, the fuse function is realized by using hystrix, the influence of factors such as a network, query efficiency and the like is unavoidable, and response time-out is caused, so that the hystrix needs to be configured.
In a specific implementation, the technical architecture of the service system provided in this embodiment may be as shown in fig. 4. When a third party service is accessed based on the technical architecture shown in fig. 4, the accessed service does not need to develop a front end framework, an intelligent gateway, a back end operation management and a part of service functions, only needs to develop service matters or sub-level services according to specifications, obtains related public services (such as real name authentication information) through the intelligent gateway, and finally accesses the service system provided by the embodiment, and the intelligent gateway performs operations such as access authorization, interface convergence, security assurance, flow control and the like on the accessed service, thereby forming a good ecological circle.
For example, the third party service accesses the service system provided in the present embodiment through the development mode shown in fig. 5. And the developer accessing the service performs collaborative development based on the git, and after the development is completed, the service system provided by the embodiment is unified to perform code merging processing and a series of tests. The flow of developing a docking service system is shown in fig. 6.
During docking, the service system provided by the embodiment can perform security specification auditing through the intelligent gateway, for example, auditing standard controls, typical pages, unified request methods, standard styles, unified protocols, ciphertext requests, data formats, error codes and the like. In order to pass the audit, the front end needs to use standard controls in the UI standard library when carrying out application design, including contents such as an ARTIDAR, buttons, ICON, forms and the like, such as: the base control library, base control combination style, typical page, request data must use sdk. The front end unifies standard controls to ensure the consistency of the display effect and the request mode of each function in the program.
Back end gauge Fan Ruxia based on intelligent gateway: 1) The front end prohibits the transmission of the user ID card: the front end applet prohibits the plaintext from carrying private information, such as an identification number, on the requested parameters. 2) Response content specification: all interfaces of the open platform need to use Https protocol, json data format, UTF8 coding. 3) Error code: a 0 indicates a correct return and the other error codes are 5 bits in length.
In addition, the following checks are performed: 1) Input verification, such as verifying all user generated inputs, should inform the user that the input is illegal and suggest that the user correct the input once the data is illegal. 2) Output verification, such as for untrusted data, must be overridden before output to the client. 3) Uploading and downloading verification, such as adopting a white list (file extension white list) at a server side, strictly limiting the type and size of the uploaded or downloaded file. 4) Code annotation verification, such as prohibiting the inclusion of physical paths, database connections, SQL statement information in the annotation information. 5) And interface security verification, such as prohibiting a sensitive class interface client from directly calling, adopting a back-end calling back-end service mode. 6) Other checks, such as URL page skip, need to determine the white list of domain name before skip, etc.
The service system provided by the embodiment ensures the safety and stability of data interaction among the services; the standard and specification of system docking are unified, and the docking cost is greatly reduced; the complexity of micro service is simplified, the development efficiency is improved, and the operation and maintenance cost is reduced. The method has the advantages that the development cost of the third party service access is saved, the safety protection is improved, and the development efficiency is improved.
The service system provided in this embodiment includes: the system comprises an intelligent gateway, a framework API, a file storage library, a database and a management service module; the intelligent gateway is in bidirectional communication connection with the framework API; the intelligent gateway is in bidirectional communication connection with the management service module; the framework API is in bidirectional communication connection with the file storage library; the file storage library is in bidirectional communication connection with the database; the database is in bidirectional communication connection with the management service module; the intelligent gateway is used for controlling and operating the accessed service; a framework API for providing an API interface for the accessed service controlled by the intelligent gateway; a file repository for storing files generated by services accessed through an API interface provided by the framework API; a database for storing data generated by services accessed through an API interface provided by the framework API; the management service module is used for managing the database and the intelligent gateway, unifies the access and interface standards of the service system through the control operation of the intelligent gateway, and ensures the service safety of the service system and is convenient for monitoring.
It should be understood that the invention is not limited to the particular arrangements and instrumentality described above and shown in the drawings. For the sake of brevity, a detailed description of known methods is omitted here. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and shown, and those skilled in the art can make various changes, modifications and additions, or change the order between steps, after appreciating the spirit of the present invention.
It should also be noted that the exemplary embodiments mentioned in this disclosure describe some methods or systems based on a series of steps or devices. However, the present invention is not limited to the order of the above-described steps, that is, the steps may be performed in the order mentioned in the embodiments, or may be performed in a different order from the order in the embodiments, or several steps may be performed simultaneously.
Finally, it should be noted that: the embodiments described above are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced with equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (9)
1. The service system based on the intelligent gateway is characterized by comprising the intelligent gateway, a framework application programming interface API, a file storage library, a first database, a management service module, a real-name authentication service, a public component service, a management service, a third party service and a city vertical service system, and a region vertical service system;
the intelligent gateway is in bidirectional communication connection with the framework application programming interface API; the intelligent gateway is in bidirectional communication connection with the management service module;
the framework application programming interface API is in bidirectional communication connection with the file storage library;
the file storage library is in bidirectional communication connection with the first database;
the first database is in bidirectional communication connection with the management service module;
the intelligent gateway is configured to perform a control operation on an accessed service, where the control operation includes one or more of the following: access authorization, interface convergence, security assurance, flow control, registration and discovery of accessed services, call and load of accessed services, routing, fusing, front end specification auditing, back end specification auditing, security specification auditing;
the framework application programming interface API is used for providing an API interface for the accessed service controlled by the intelligent gateway;
The file repository is used for storing files generated by services accessed by an API interface provided by the framework application programming interface API;
the first database is used for storing data generated by services accessed by an API interface provided by the framework application programming interface API;
the management service module is used for managing the first database and the intelligent gateway;
the real-name authentication service is located in a non-government network;
the intelligent gateway sequentially passes through the government network, the government network Internet firewall, and the Internet is in bidirectional communication connection with the real-name authentication service;
the public component service is located in a government network;
the intelligent gateway is in bidirectional communication connection with the public component service through the government network;
the management service is located in a government network;
the management service is generated by a second database server and a second application service cluster;
the intelligent gateway is in bidirectional communication connection with a second database server and a second application service cluster through the government network;
the third party service is located in a government network;
the third party service is generated by a second database and a third application;
the intelligent gateway is in bidirectional communication connection with a second database and a third application through the government network;
The city vertical service system is in bidirectional communication connection with the intelligent gateway;
and the regional vertical service system is in bidirectional communication connection with the intelligent gateway.
2. The service system of claim 1, wherein the service registration and discovery operation of the intelligent gateway for accessing the accessed service comprises:
the intelligent gateway constructs a registration center, acquires service information registered by the accessed service to the registration center, and invokes registration and discovery operations of the Eureka on the accessed service through the service information;
the service information includes one or more of the following: the host, port number, service version number, and communication protocol of the accessed service.
3. The service system of claim 1, wherein the intelligent gateway invoking and loading operations of the accessed service comprises:
the intelligent gateway creates an interface and annotates, and calls and loads the accessed service through Feign and Ribbon based on the interface and the annotation.
4. The service system of claim 1, wherein the intelligent gateway routing the accessed service comprises:
The intelligent gateway routes the accessed service through Zuul.
5. The service system of claim 1, wherein the intelligent gateway fusing the accessed service comprises:
the intelligent gateway fuses the accessed service through hystrix.
6. The service system of claim 1, wherein the front end gauge Fan Baokuo:
the accessed service uses standard controls in a UI specification library;
the accessed service requests basic control library data through sdk.request;
the accessed service requests basic control combination style data through sdk.request;
the accessed service requests typical page data through sdk.request;
standard controls within the UI specification library include: drawing board, buttons, chart format ICON, forms.
7. The service system of claim 1, wherein the back-end gauge Fan Baokuo:
the accessed service prohibits the privacy information carrying the plaintext when the request parameter is;
the interfaces of the accessed services use one or more of the following: https protocol, json data format, UTF8 encoding;
the error code returned by the accessed service is 5 bits or 0;
when the error code is 0, the identification returns correctly.
8. The service system of claim 1, wherein the intelligent gateway performing security specification auditing operations on the accessed service comprises:
the intelligent gateway checks the user input of the accessed service, if the check is illegal, the alarm input is illegal and correction input is suggested;
the intelligent gateway outputs the un-trusted data of the accessed service after escape;
the intelligent gateway checks the type and the size of the file uploaded or downloaded by the accessed service according to a preset file extension white list;
the intelligent gateway checks whether the annotation information of the accessed service contains physical path information, database connection information and SQL statement information;
the intelligent gateway checks whether the accessed service invokes the sensitive interface;
the intelligent gateway examines the URL page jump request of the accessed service according to a preset domain name white list, and jumps after the URL page jump request passes the examination;
the method for the intelligent gateway to audit the type and the size of the file uploaded or downloaded by the accessed service according to the preset file extension white list comprises the following steps:
if the extension of the file type uploaded or downloaded by the accessed service is in the white list, determining the standard size corresponding to the extension of the file type uploaded or downloaded by the accessed service, if the file size uploaded or downloaded by the accessed service is larger than a first value, checking that the file size is not passed, and if the file size is smaller than or equal to the first value, checking that the file size passes, wherein the first value is the standard size (1-transmission coefficient of an API interface corresponding to the accessed service), and the transmission coefficient of the API interface corresponding to the accessed service = the current processing capacity of the API interface corresponding to the accessed service/the preset throughput of the API interface corresponding to the accessed service;
If the extension of the file type uploaded or downloaded by the accessed service is not in the white list, if the second value is larger than the transmission coefficient of the API interface corresponding to the accessed service, the second value is not passed, and if the second value is smaller than or equal to the transmission coefficient of the API interface corresponding to the service, the second value is the file size uploaded or downloaded by the accessed service/the preset throughput of the API interface corresponding to the accessed service.
9. The service system of claim 1, further comprising a first access service;
the first access service is in bidirectional communication connection with the intelligent gateway;
the first access service is generated by a first application;
the first application is located in a non-government network;
the first application is one or more of the following: the application program is positioned in the non-government network, the web application is positioned in the non-government network, and the public number is positioned in the non-government network;
the first access service is one or more of the following: basic service located in the non-government network, public service located in the non-government network, subsystem service located in the non-government network, and service located in the non-government network developed by a third party;
the intelligent gateway is positioned in a government network;
The intelligent gateway sequentially passes through the government network, the government network Internet firewall and the Internet to be in bidirectional communication connection with the first access service;
the service system further comprises a second access service;
the second access service is in bidirectional communication connection with the intelligent gateway;
the second access service is generated by a second application;
the second application is located in a government network;
the second application is one or more of the following: the application program is positioned in the government network, the web application is positioned in the government network, and the public number is positioned in the government network;
the second access service is one or more of the following: basic service located in government network, public service located in government network, subsystem service located in government network, and service developed by third party and located in government network;
the intelligent gateway is positioned in a government network;
the second application comprises a first database server and a first application service cluster;
generating a second access service by a second application through the first database server and the first application service cluster;
the intelligent gateway is in bidirectional communication connection with the first database server and the first application service cluster through the government network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910448211.4A CN110083338B (en) | 2019-05-27 | 2019-05-27 | Service system based on intelligent gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910448211.4A CN110083338B (en) | 2019-05-27 | 2019-05-27 | Service system based on intelligent gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110083338A CN110083338A (en) | 2019-08-02 |
| CN110083338B true CN110083338B (en) | 2023-12-22 |
Family
ID=67422202
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910448211.4A Active CN110083338B (en) | 2019-05-27 | 2019-05-27 | Service system based on intelligent gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110083338B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111416837A (en) * | 2020-02-20 | 2020-07-14 | 华迪计算机集团有限公司 | Government affair system API interface access gateway, method, electronic equipment and storage medium |
| CN112181541A (en) * | 2020-09-29 | 2021-01-05 | 京东数字科技控股股份有限公司 | Data processing method and device, electronic equipment and storage medium |
| CN113064627B (en) * | 2021-03-23 | 2023-04-07 | 支付宝(杭州)信息技术有限公司 | Service access data processing method, platform, terminal, equipment and system |
| CN113449296B (en) * | 2021-07-20 | 2024-04-23 | 恒安嘉新(北京)科技股份公司 | System, method, device and medium for data security protection |
| CN117376033A (en) * | 2023-12-06 | 2024-01-09 | 浙江网商银行股份有限公司 | File processing method and device |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104753775A (en) * | 2013-12-30 | 2015-07-01 | 中国移动通信集团公司 | Financial service gateway and system |
| CN106656630A (en) * | 2017-01-13 | 2017-05-10 | 北京中电普华信息技术有限公司 | Electric marketing service application system, and construction method and platform thereof |
| CN107065578A (en) * | 2016-12-28 | 2017-08-18 | 北京极科极客科技有限公司 | A kind of App controls the method and system of smart home |
| CN207053537U (en) * | 2017-08-08 | 2018-02-27 | 北京数立通科技有限责任公司 | A kind of intelligent gateway for wisdom government affairs |
| CN108446111A (en) * | 2018-03-26 | 2018-08-24 | 国家电网公司客户服务中心 | A kind of micro services construction method based on Spring cloud |
| CN108769009A (en) * | 2018-05-28 | 2018-11-06 | 深圳和而泰数据资源与云技术有限公司 | Data communications method, smart machine and intelligent gateway |
| CN109710223A (en) * | 2018-12-29 | 2019-05-03 | 北京邮电大学 | API gateway hot plug system based on distributed KV storage system |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20180218368A1 (en) * | 2017-01-31 | 2018-08-02 | First Data Corporation | Data transformation engine |
-
2019
- 2019-05-27 CN CN201910448211.4A patent/CN110083338B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104753775A (en) * | 2013-12-30 | 2015-07-01 | 中国移动通信集团公司 | Financial service gateway and system |
| CN107065578A (en) * | 2016-12-28 | 2017-08-18 | 北京极科极客科技有限公司 | A kind of App controls the method and system of smart home |
| CN106656630A (en) * | 2017-01-13 | 2017-05-10 | 北京中电普华信息技术有限公司 | Electric marketing service application system, and construction method and platform thereof |
| CN207053537U (en) * | 2017-08-08 | 2018-02-27 | 北京数立通科技有限责任公司 | A kind of intelligent gateway for wisdom government affairs |
| CN108446111A (en) * | 2018-03-26 | 2018-08-24 | 国家电网公司客户服务中心 | A kind of micro services construction method based on Spring cloud |
| CN108769009A (en) * | 2018-05-28 | 2018-11-06 | 深圳和而泰数据资源与云技术有限公司 | Data communications method, smart machine and intelligent gateway |
| CN109710223A (en) * | 2018-12-29 | 2019-05-03 | 北京邮电大学 | API gateway hot plug system based on distributed KV storage system |
Non-Patent Citations (1)
| Title |
|---|
| "基于SD-WAN电子政务网的智能化改造";彭代;《信息通信》;第242-243页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110083338A (en) | 2019-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110083338B (en) | Service system based on intelligent gateway | |
| US20230273971A1 (en) | System and method for third party application activity data collection | |
| EP2976709B1 (en) | Systems and methods for intercepting, processing, and protecting user data through web application pattern detection | |
| US9143511B2 (en) | Validation of conditional policy attachments | |
| US9237130B2 (en) | Hierarchical rule development and binding for web application server firewall | |
| KR102433089B1 (en) | System and method for third party application activity data collection | |
| US10891357B2 (en) | Managing the display of hidden proprietary software code to authorized licensed users | |
| US11882154B2 (en) | Template representation of security resources | |
| US11468189B1 (en) | Method, system, apparatus and device for data exchange | |
| CN115934202A (en) | Data management method, system, data service gateway and storage medium | |
| US11568069B1 (en) | Data security protection system | |
| CN114070618A (en) | Data processing method and system based on micro front end | |
| Kelbert et al. | Compliance monitoring of third-party applications in online social networks | |
| US11637781B1 (en) | Method, apparatus and system for managing traffic data of client application | |
| US8214499B2 (en) | System and method for enabling software applications as a service in a non-intrusive manner | |
| US11586773B1 (en) | Method, apparatus for managing recommendation policy | |
| CN116346479A (en) | Data access method, device, equipment and storage medium | |
| CN116028057A (en) | Code management method and device | |
| CN116455950A (en) | Request response method, device, computer equipment and storage medium | |
| CN115484051A (en) | Cloud product management platform system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |