CN110222524A - The authorization check method, apparatus and terminal device of uniform resource locator request - Google Patents
The authorization check method, apparatus and terminal device of uniform resource locator request Download PDFInfo
- Publication number
- CN110222524A CN110222524A CN201910374367.2A CN201910374367A CN110222524A CN 110222524 A CN110222524 A CN 110222524A CN 201910374367 A CN201910374367 A CN 201910374367A CN 110222524 A CN110222524 A CN 110222524A
- Authority
- CN
- China
- Prior art keywords
- role
- resource locator
- uniform resource
- request
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 238000013475 authorization Methods 0.000 title claims abstract description 29
- 230000014509 gene expression Effects 0.000 claims abstract description 54
- 238000012795 verification Methods 0.000 claims abstract description 8
- 238000004590 computer program Methods 0.000 claims description 15
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 8
- 238000003860 storage Methods 0.000 claims description 8
- 238000012937 correction Methods 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims description 4
- 230000004044 response Effects 0.000 abstract description 8
- 238000012545 processing Methods 0.000 abstract description 6
- 230000006870 function Effects 0.000 description 15
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000005856 abnormality Effects 0.000 description 1
- 230000002547 anomalous effect Effects 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 230000005611 electricity Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides the authorization check method, apparatus and terminal device of a kind of request of uniform resource locator, suitable for technical field of data processing, this method comprises: obtaining the corresponding N number of role's label of user when the uniform resource locator for receiving user is requested, wherein, N is positive integer;The uniform resource locator that uniform resource locator request is directed toward is searched, the corresponding role's regular expression of uniform resource locator is obtained, and is judged in N number of role's label with the presence or absence of the role's tag combination for meeting role's regular expression;If there is the role's tag combination for meeting role's regular expression in N number of role's label, response uniform resource locator request.Bright embodiment can correspond to role's access authority by configuring the practical role having of each user and each URL, realize the flexible control to URL access authority, simultaneously relatively for a fixed permission is directly arranged in each user, the safety of regular expression verification is also higher.
Description
Technical field
The authorization check method requested the invention belongs to technical field of data processing more particularly to uniform resource locator and
Terminal device.
Background technique
Current uniform resource locator (Uniform Resource Locator, URL) permission control, is all by each
Independent code carries out user right verification in interface, and the method for verification is typically all fixed to each user setting one
URL access authority when user needs to carry out URL access, then inquires whether user has corresponding URL access authority, in this way
Although doing the URL access privilege control that can be realized to a certain extent to different user, control mode is excessively single, it is difficult to meet
The user's actual environment to become increasingly complex, so that present URL permission controls the inflexible safety of method of calibration, Wu Faman
Demand in sufficient practical application.
Summary of the invention
In view of this, the embodiment of the invention provides the power of the uniform resource locator request of uniform resource locator request
Limit method of calibration, device and terminal device, with solve uniform resource locator authorization check method security in the prior art and
The lower problem of flexibility.
The first aspect of the embodiment of the present invention provides a kind of authorization check method of uniform resource locator request, packet
It includes:
When the uniform resource locator for receiving user is requested, the corresponding N number of role's label of the user is obtained,
In, N is positive integer;
The uniform resource locator that the uniform resource locator request is directed toward is searched, the uniform resource locator is obtained
Corresponding role's regular expression, and judge to whether there is in N number of role's label and meet role's regular expression
Role's tag combination;
If there is the role's tag combination for meeting role's regular expression in N number of role's label, described in response
Uniform resource locator request.
The second aspect of the embodiment of the present invention provides a kind of authorization check device of uniform resource locator request, packet
It includes:
Role obtains module, for it is corresponding to obtain the user when the uniform resource locator for receiving user is requested
N number of role's label, wherein N is positive integer;
Role's correction verification module, the uniform resource locator being directed toward for searching the uniform resource locator request, obtains
The corresponding role's regular expression of the uniform resource locator, and judge in N number of role's label with the presence or absence of meeting institute
State role's tag combination of role's regular expression;
Ask respond module, if for there is the role for meeting role's regular expression in N number of role's label
Tag combination responds the uniform resource locator request.
The third aspect of the embodiment of the present invention provides a kind of terminal device, and the terminal device includes memory, processing
Device, the computer program that can be run on the processor is stored on the memory, and the processor executes the calculating
The step of authorization check method of uniform resource locator request as described above is realized when machine program.
The fourth aspect of the embodiment of the present invention provides a kind of computer readable storage medium, comprising: is stored with computer
Program, which is characterized in that the computer program realizes uniform resource locator request as described above when being executed by processor
Authorization check method the step of.
Existing beneficial effect is the embodiment of the present invention compared with prior art: right to each user setting one or more
Role is answered, while contents of object difference is actually pointed to according to URL, corresponding role's regular expression is set, is had with record
The role combinations of URL access authority, finally according to role's canonical of the practical role having of user and its URL requested access to
Expression formula is to determine whether respond the request of the user, since in practical application, each user may have one or more simultaneously
A different role, at the same each URL it is accessible role it is also different, the embodiment of the present invention can be by configuring each user
The role and each URL actually having correspond to role's access authority, realize the flexible control to URL access authority, same to phase
To for a fixed permission is directly arranged in each user, the safety of regular expression verification is also higher.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some
Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is that the implementation process of the authorization check method for the uniform resource locator request that the embodiment of the present invention one provides is shown
It is intended to;
Fig. 2 is that the implementation process of the authorization check method of uniform resource locator request provided by Embodiment 2 of the present invention is shown
It is intended to;
Fig. 3 is that the implementation process of the authorization check method for the uniform resource locator request that the embodiment of the present invention three provides is shown
It is intended to;
Fig. 4 is that the implementation process of the authorization check method for the uniform resource locator request that the embodiment of the present invention four provides is shown
It is intended to;
Fig. 5 is the structural representation of the authorization check device for the uniform resource locator request that the embodiment of the present invention five provides
Figure;
Fig. 6 is the schematic diagram for the terminal device that the embodiment of the present invention six provides.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed
Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
To facilitate the understanding of the present invention, first the embodiment of the present invention is briefly described herein: due to every in practical application
URL access authority possessed by a user is both to be influenced by user's actual identity, as complexity also by URL itself
Be directed toward the limitation of contents of object, if therefore be only the URL access authority fixed to each user setting, on the one hand have every time new
The addition of user requires to consider new user comprehensively and has the case where all URL permission is arranged, operates extremely complex numerous
It is trivial and error-prone, on the other hand, if there is new URL access, need to consider respectively the feelings of each existing subscriber and Xin URL
Condition is modified come the URL access authority to all existing subscribers, also needs extremely cumbersome operation, therefore existing URL
Authority control method flexibility ratio is extremely low and safety is not high.In order to promote the flexibility ratio to the control of URL permission, avoid as above-mentioned
There are new user or URL to be added every time and require excessively cumbersome authority setting operation, the embodiment of the present invention is on the one hand from user
Actual identity, which is set out, meets one or more roles of its actual identity for each user setting, on the other hand refers to from URL is practical
To contents of object difference, corresponding role's regular expression is set, to record the role combinations with URL access authority, finally
According to role's regular expression of the practical role having of user and its URL requested access to determine whether responding the user
Request so that also only needing to carry out corresponding angle to the user being newly added or URL even if thering is new user or URL to be added
Color or role's regular expression are configured, without modifying to existing user and url data, therefore to each
The addressable URL permission control of user becomes more flexible safety, and details are as follows:
Fig. 1 shows the realization stream of the authorization check method of the uniform resource locator request of the offer of the embodiment of the present invention one
Cheng Tu, details are as follows:
S101 obtains the corresponding N number of role's label of user when the uniform resource locator for receiving user is requested,
In, N is positive integer.
Wherein role's label, can by technical staff according to all permissions role that may be present in practical application scene with
And user's actual identity, determine the corresponding one or more roles of user, then the label of these roles is closed with user
Connection, or pre-sets the relationship corresponding with role's of user identity in practical application scene by technical staff, further according to
The actual identity at family being that user distributes corresponding role's label automatically.
As one embodiment of the invention, comprising: obtain the identity information of user, and distribute identity information for user and correspond to
N number of role's label.
In embodiments of the present invention, technical staff can pre-set the pass corresponding with role of user identity in application scenarios
System, for example, for producing dangerous system its there may be many different roles, such as inquiry role, quotation role, system pipes
Reason person and product manager etc., a user identity often corresponds to more than one role in practical application, it is assumed for example that uses
Family identity is product manager, either producing dangerous product price administrator, while being also possible to carry out producing dangerous product price
Inquiry user, therefore user just simultaneously correspond to inquiry two kinds of roles of role+product manager, with should user identity be
When developer of uniting, inquiry role+system manager can be configured for it.It is corresponding with role having pre-set user identity
On the basis of relationship, the embodiment of the present invention can identify its corresponding role according to the identity information of user, and be user's distribution pair
The one or more role's labels answered.
S102 searches the uniform resource locator that uniform resource locator request is directed toward, obtains uniform resource locator pair
The role's regular expression answered, and judge in N number of role's label with the presence or absence of the role's set of tags for meeting role's regular expression
It closes.
Wherein, the combination for having the corresponding role's label with access authority of each URL is recorded in role's regular expression,
It is set by technical staff according to the URL access authority situation in practical application.Since each URL contents of object being directed toward is not
With, for instance it can be possible that different function or resource etc., and different contents of object and not all role can access,
By taking contents of object is to produce the system function of dangerous system as an example, there is inquiry to produce dangerous product price, modification product price and management and produce
The system functions such as product restocking undercarriage, each these different system functions only have some corresponding roles that could use, such as practical
The system function of dangerous product price is produced for inquiry in, all roles can use, for modifying price function, only
Product manager can be used, and only while be system manager+product manager's dual role for the upper undercarriage of product
It could use, therefore in order to realize the flexible configuration to URL access right, can be remembered using role's regular expression in this programme
Record the corresponding usable role combinations of each URL.
In embodiments of the present invention, role's regular expression includes two kinds of packed formats: a or b and a and b, wherein
As long as the one of role of character representation of or connection can access corresponding URL, the role of and connection represents needs
It is simultaneously that wherein all roles could access corresponding URL.For example, for the query function of above-mentioned production danger system, all angles
Color can use, and the form that a or b or ... or z can be used at this time connects all roles with or, for product
Upper and lower holder function then obtains corresponding role's regular expression using the form of system manager and product manager.
S103 responds unified resource if there is the role's tag combination for meeting role's regular expression in N number of role's label
Finger URL request.
If having the combination for meeting role's regular expression in role's label of user, illustrate that there is the user access to correspond to
The permission of URL, it is assumed for example that user requests is the URL of holder function above and below product, has obtained corresponding role's canonical table at this time
It is system manager and product manager up to formula, and reads in the corresponding role of user, while including system manager and production
Product administrator may determine that user meets role's regular expression at this time, therefore the embodiment of the present invention can normal response use
The URL request at family.
As another embodiment of the invention, if there is no the angles for meeting role's regular expression in N number of role's label
Color tag combination then refuses the URL request of user.
If lacking required any role in role's regular expression in the corresponding role's label of user, illustrate that user is not
With corresponding URL access authority, therefore the embodiment of the present invention can directly refuse the URL request of user.Wherein, it is unsatisfactory for angle
Color regular expression means that for the combination of a or b format, role's label in a or b combination is used
One, family does not all include, and for the combination of a and b format, does not include in the corresponding role's label of user and wherein appoints
One or more of anticipating role's labels.
As an embodiment of the present invention, in order to realize effective record to each URL role's regular expression, this hair
Role's regular expression can be stored in bright embodiment in the form of metadata, and needs to obtain role in the embodiment of the present invention one
Metadata is read out when regular expression, to search required role's regular expression, comprising:
The corresponding metadata of uniform resource locator is obtained, and extracts role's regular expression from metadata.
Metadata is a kind of other explanation of code level, it is the characteristic that JDK1.5 and later version introduce, with class, connect
Mouthful and to enumerate be in the same level, it can be stated before packet, class, field, method, local variable and method parameter etc.
Face, for being illustrated annotation to these elements.In embodiments of the present invention, annotate each URL's in the form of metadata
Role's regular expression is only needed for every URL in the annotation mark for increasing a line metadata, since this programme exists
It when carrying out permission control, is operated according to role's regular expression of URL annotation, therefore, among this programme, if needing
Permission control setting is carried out to URL, it is only necessary to increase as the annotation of URL a line metadata, compared with the prior art
In to each interface carry out code setting for the operation is more convenient flexibly, and carry out role's regular expression extract when,
Only need to directly read the role's regular expression data for including in metadata.
As a kind of specific implementation for responding user's URL request in the embodiment of the present invention one, it is contemplated that actual conditions
Middle URL, which is directed toward contents of object, may have certain security level to limit, i.e., the corresponding security level of different URL may have compared with
Big difference, therefore, in order to adapt to the demand for security of difference URL in practical application, as shown in Fig. 2, the embodiment of the present invention two, packet
It includes:
S201 obtains unified resource if there is the role's tag combination for meeting role's regular expression in N number of role's label
The security level of finger URL, and judge whether the security level of uniform resource locator is lower than pre-set level threshold value.
Wherein the corresponding security level of each URL needs to be directed toward contents of object according to practical URL by technical staff come in advance
Setting, such as some critical functions and resource or some sensitive resources etc., higher URL security level can be set,
And for some common functions and resource, then can be set lower URL security level, specific security level setting rule this
Place not limits.Level threshold is for distinguishing whether URL security level reaches security classification demand of the embodiment of the present invention, grade
Other threshold value occurrence size can be set according to actual needs by technical staff.
S202, if the corresponding security level of uniform resource locator is lower than pre-set level threshold value, response unified resource positioning
Symbol request.
When the URL security level of the access needed for user is lower, illustrate that its access security is of less demanding, therefore only need
User role meets role's regular expression demand of URL, and the embodiment of the present invention can normally ring user's URL request
It answers.
As a kind of specific implementation for responding user's URL request in the embodiment of the present invention two, it is contemplated that when user institute
When the URL security level that need to be accessed is higher, directly accesses to request and most likely result in the security risk of URL, in order to protect
The safety management of URL access is demonstrate,proved, the embodiment of the present invention can carry out the security level of user when URL security level is higher
Automatic assessment, and it is all in the case where user security rank is greater than the security level of URL, the request of user is just responded, such as Fig. 3 institute
Show, the embodiment of the present invention three, comprising:
S301 obtains user's hair if the corresponding security level of uniform resource locator is greater than or equal to pre-set level threshold value
The Internet protocol address and physical address for the terminal device for sending uniform resource locator to request, and send unified resource positioning
Accord with the interface type and sending time of request.
S302, internet protocol-based address, physical address, interface type and sending time calculate the safety of user
Rank, and judge whether the security level of user is higher than the security level of uniform resource locator.
In order to realize the accurate evaluation to user security rank, the embodiment of the present invention can be from Internet protocol address, physics
Address, interface type and sending time four dimensions carry out comprehensive assessment, and details are as follows:
Interface type, being primarily referred to as user is the URL request sent by which kind of approach interface, in this way by client,
Webpage or small routine, since there are larger differences for security risk under different approach interfaces, webpage is hidden as security risk
Suffer from larger, next small routine, last client, therefore this programme can evaluate the safety of hidden danger from the interface type of transmission such as
What.
Equally, for Internet protocol address, if company's internal network safety certainly will be greater than general network, and it is general
Therefore the safety of open network can be greater than some abnormal networks again by Internet protocol address, can also know to a certain extent
The safety of other user.As being also for accessing terminal (identifying different access terminals by physical address), one
A little intra-companies Terminal security certainly will be higher.For the sending time of request, since some URL are using under normal circumstances
Have the regular hour regular, valence and upper undercarriage are changed to product as, it all will not be in the biggish work of customer traffic
Period carries out, therefore the safety evaluation to user also may be implemented to a certain extent.
After getting the data of four dimensions, the embodiment of the present invention can quantify each dimension data, with true
Make the corresponding security level of user, wherein specific quantizing rule not limits herein, can be by technical staff according to actually answering
Including but not limited to corresponding classification grade form such as is arranged to each dimension in demand sets itself, and record is good in table may
The dimension data of appearance and corresponding security score, then four dimensions number is calculated based on look-up table and preset dimension weighted value
According to corresponding security score summation, finally according to preset security level and score and corresponding relationship, to determine that user is final
Security level, such as Internet protocol address, internal network, general network and abnormal network can be divided into, and be
(library of some internal networks and abnormal network can be set here to identify, then will in the corresponding recognition rule of every kind of network settings
All non-internal networks and abnormal network are identified as general network) and security score, then to inquire user actually corresponding
It is which kind of network, and determines corresponding security score.
S303 responds uniform resource locator if the security level of user is higher than the security level of uniform resource locator
Request.
When the security level of user is higher than the security level of URL, illustrate that user has the permission for accessing the URL, therefore
The URL request of the normal response user of meeting of the embodiment of the present invention at this time.
As a kind of specific implementation for obtaining user's four dimensions data in the embodiment of the present invention three, it is contemplated that practical
Some criminals may pretend to be ordinary user to carry out illegal URL request in situation, such as common ddos attack is exactly
Pretend to be ordinary user to carry out a large amount of access request to server, therefore, for prevent illegal request from visiting normal user URL
It asks and interferes, as shown in figure 4, the embodiment of the present invention four, comprising:
S401 is obtained if the corresponding security level of uniform resource locator is greater than or equal to pre-set level threshold value default
Historical requests data of the user received in period to uniform resource locator.
S402, based on historical requests data identification user with the presence or absence of request abnormal behaviour.
In embodiments of the present invention, historical requests data include but is not limited to the Internet protocol of user's history URL request
Address, physical address, interface type and sending time etc..Due to the embodiment of the present invention three in URL security level compared with Gao Shihui
The security level of user is analyzed and compared, but in actual conditions, if URL request is that criminal pretends to be ordinary user to send out
Out, carry out that user security grade analysis is not only nonsensical can also bring a large amount of workload every time.For guarantee to URL
Normal response, anomalous identification can be carried out to user when URL security level is higher in the embodiment of the present invention, whether judge user
In the presence of exception.
Wherein, specific abnormality recognition method not limits herein, is including but not limited to such as sentenced according to historical requests data
Disconnected user requests behavior (frequency that URL request is sent in certain time period is higher than predeterminated frequency threshold value) with the presence or absence of high frequency,
Internet protocol address, physical address and interface type whether high frequency conversion, whether the sending time of URL request includes a large amount of
Improper period of time etc..
S403, if user, there is no request abnormal behaviour, the terminal for obtaining user's transmission uniform resource locator request is set
Standby Internet protocol address and physical address, and send the interface type of uniform resource locator request and when transmission
Between.
When user is there is no when request abnormal behaviour, it is right in the embodiment of the present invention three that the embodiment of the present invention just will continue to execute
The security level of user carries out the relevant operation of analysis comparison, to realize the safe normal request to URL request.
As an embodiment of the present invention, if user has request abnormal behaviour, the embodiment of the present invention can directly be refused
The URL request of user, to guarantee the safety of URL request response.
Corresponding to the method for foregoing embodiments, Fig. 5 shows uniform resource locator request provided in an embodiment of the present invention
Authorization check device structural block diagram, for ease of description, only parts related to embodiments of the present invention are shown.Fig. 5 shows
The uniform resource locator that the authorization check device of the uniform resource locator request of example can be the offer of previous embodiment one is asked
The executing subject for the authorization check method asked.
Referring to Fig. 5, the authorization check device of uniform resource locator request includes:
Role obtains module 51, for obtaining the user couple when the uniform resource locator for receiving user is requested
The N number of role's label answered, wherein N is positive integer.
Role's correction verification module 52, the uniform resource locator being directed toward for searching the uniform resource locator request, is obtained
The corresponding role's regular expression of the uniform resource locator is taken, and is judged in N number of role's label with the presence or absence of satisfaction
Role's tag combination of role's regular expression.
Ask respond module 53, if for there is the angle for meeting role's regular expression in N number of role's label
Color tag combination responds the uniform resource locator request.
Further, role obtains module 51, comprising:
The identity information of the user is obtained, and distributes the identity information corresponding N number of role's label for the user.
Further, role's correction verification module 52, comprising:
The corresponding metadata of the uniform resource locator is obtained, and extracts role's canonical table from the metadata
Up to formula.
Further, ask respond module 53 are used for:
If there is the role's tag combination for meeting role's regular expression in N number of role's label, described in acquisition
The security level of uniform resource locator, and judge whether the security level of the uniform resource locator is lower than pre-set level threshold
Value.
If the corresponding security level of the uniform resource locator is lower than the pre-set level threshold value, the unified money is responded
The request of source finger URL.
Further, the authorization check device of uniform resource locator request further include:
Data acquisition module, if being greater than or equal to for the corresponding security level of the uniform resource locator described default
Level threshold obtains Internet protocol address and object that the user sends the terminal device of the uniform resource locator request
Address is managed, and sends the interface type and sending time of the uniform resource locator request.
Security level computing module, for being based on the Internet protocol address, the physical address, the interface type
And the sending time, the security level of the user is calculated, and it is described to judge whether the security level of the user is higher than
The security level of uniform resource locator.
Safety response module, if being higher than the safety level of the uniform resource locator for the security level of the user
Not, the uniform resource locator request is responded.
Further, data acquisition module, comprising:
If the corresponding security level of the uniform resource locator is greater than or equal to the pre-set level threshold value, obtain pre-
If the user received in the period is to the historical requests data of uniform resource locator.
Identify the user with the presence or absence of request abnormal behaviour based on the historical requests data.
If the request abnormal behaviour is not present in the user, obtains user's transmission uniform resource locator and ask
The Internet protocol address and physical address for the terminal device asked, and send the interface class of the uniform resource locator request
Type and sending time.
Each module realizes respective function in the authorization check device of uniform resource locator request provided in an embodiment of the present invention
The process of energy, specifically refers to the description of aforementioned embodiment illustrated in fig. 1 one, details are not described herein again.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
Although will also be appreciated that term " first ", " second " etc. are used in some embodiment of the present invention in the text
Various elements are described, but these elements should not be limited by these terms.These terms are used only to an element
It is distinguished with another element.For example, the first table can be named as the second table, and similarly, the second table can be by
It is named as the first table, without departing from the range of various described embodiments.First table and the second table are all tables, but
It is them is not same table.
Fig. 6 is the schematic diagram for the terminal device that one embodiment of the invention provides.As shown in fig. 6, the terminal of the embodiment is set
Standby 6 include: processor 60, memory 61, and the computer that can be run on the processor 60 is stored in the memory 61
Program 62.The processor 60 realizes the permission of above-mentioned each uniform resource locator request when executing the computer program 62
Step in method of calibration embodiment, such as step 101 shown in FIG. 1 is to 103.Alternatively, the processor 60 executes the meter
The function of each module/unit in above-mentioned each Installation practice, such as the function of module 51 to 53 shown in Fig. 5 are realized when calculation machine program 62
Energy.
The terminal device 6 can be the calculating such as desktop PC, notebook, palm PC and cloud server and set
It is standby.The terminal device may include, but be not limited only to, processor 60, memory 61.It will be understood by those skilled in the art that Fig. 6
The only example of terminal device 6 does not constitute the restriction to terminal device 6, may include than illustrating more or fewer portions
Part perhaps combines certain components or different components, such as the terminal device can also include input sending device, net
Network access device, bus etc..
Alleged processor 60 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor is also possible to any conventional processor
Deng.
The memory 61 can be the internal storage unit of the terminal device 6, such as the hard disk or interior of terminal device 6
It deposits.The memory 61 is also possible to the External memory equipment of the terminal device 6, such as be equipped on the terminal device 6
Plug-in type hard disk, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) card dodge
Deposit card (Flash Card) etc..Further, the memory 61 can also both include the storage inside list of the terminal device 6
Member also includes External memory equipment.The memory 61 is for storing needed for the computer program and the terminal device
Other programs and data.The memory 61, which can be also used for temporarily storing, have been sent or data to be sent.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or
In use, can store in a computer readable storage medium.Based on this understanding, the present invention realizes above-mentioned implementation
All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation
Code can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium
It may include: any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic that can carry the computer program code
Dish, CD, computer storage, read-only memory (Read-Only Memory, ROM), random access memory (Random
Access Memory, RAM), electric carrier signal, telecommunication signal and software distribution medium etc..
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the essence of corresponding technical solution is departed from the spirit and scope of the technical scheme of various embodiments of the present invention, it should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of authorization check method of uniform resource locator request characterized by comprising
When the uniform resource locator for receiving user is requested, the corresponding N number of role's label of the user is obtained, wherein N is
Positive integer;
The uniform resource locator that the uniform resource locator request is directed toward is searched, it is corresponding to obtain the uniform resource locator
Role's regular expression, and judge in N number of role's label with the presence or absence of meeting the role of role's regular expression
Tag combination;
If there is the role's tag combination for meeting role's regular expression in N number of role's label, the unification is responded
Resource Locator request.
2. the authorization check method of uniform resource locator request as described in claim 1, which is characterized in that the acquisition institute
State the corresponding N number of role's label of user, comprising:
The identity information of the user is obtained, and distributes the identity information corresponding N number of role's label for the user.
3. the authorization check method of uniform resource locator request as described in claim 1, which is characterized in that the acquisition institute
State the corresponding role's regular expression of uniform resource locator, comprising:
The corresponding metadata of the uniform resource locator is obtained, and extracts role's regular expressions from the metadata
Formula.
4. the authorization check method of uniform resource locator request as described in claim 1, which is characterized in that if described N number of
There is the role's tag combination for meeting role's regular expression in role's label, responds the uniform resource locator
Request, comprising:
If there is the role's tag combination for meeting role's regular expression in N number of role's label, the unification is obtained
The security level of Resource Locator, and judge whether the security level of the uniform resource locator is lower than pre-set level threshold value;
If the corresponding security level of the uniform resource locator is lower than the pre-set level threshold value, it is fixed to respond the unified resource
Position symbol request.
5. the authorization check method of uniform resource locator request as claimed in claim 4, which is characterized in that further include:
If the corresponding security level of the uniform resource locator is greater than or equal to the pre-set level threshold value, the user is obtained
The Internet protocol address and physical address of the terminal device of the uniform resource locator request are sent, and sends the system
The interface type and sending time of one Resource Locator request;
Based on the Internet protocol address, the physical address, the interface type and the sending time, described in calculating
The security level of user, and judge whether the security level of the user is higher than the security level of the uniform resource locator;
If the security level of the user is higher than the security level of the uniform resource locator, the unified resource positioning is responded
Symbol request.
6. the authorization check method of uniform resource locator request as claimed in claim 5, which is characterized in that if described
The corresponding security level of uniform resource locator is greater than or equal to the pre-set level threshold value, obtains the user and sends the system
The Internet protocol address and physical address of the terminal device of one Resource Locator request, and send the unified resource positioning
Accord with the interface type and sending time of request, comprising:
If the corresponding security level of the uniform resource locator is greater than or equal to the pre-set level threshold value, obtain when default
Between the user that receives in section to the historical requests data of uniform resource locator;
Identify the user with the presence or absence of request abnormal behaviour based on the historical requests data;
If the request abnormal behaviour is not present in the user, obtains the user and send the uniform resource locator request
The Internet protocol address and physical address of terminal device, and send the interface type of uniform resource locator request with
And sending time.
7. a kind of authorization check device of uniform resource locator request characterized by comprising
Role obtains module, for it is corresponding N number of to obtain the user when the uniform resource locator for receiving user is requested
Role's label, wherein N is positive integer;
Role's correction verification module, the uniform resource locator being directed toward for searching uniform resource locator request, described in acquisition
The corresponding role's regular expression of uniform resource locator, and judge to whether there is in N number of role's label and meet the angle
Role's tag combination of color regular expression;
Ask respond module, if for there is the role's label for meeting role's regular expression in N number of role's label
Combination responds the uniform resource locator request.
8. the authorization check device of uniform resource locator request as described in claim 1, which is characterized in that the request is rung
Answer module, comprising:
If there is the role's tag combination for meeting role's regular expression in N number of role's label, the unification is obtained
The security level of Resource Locator, and judge whether the security level of the uniform resource locator is lower than pre-set level threshold value;
If the corresponding security level of the uniform resource locator is lower than the pre-set level threshold value, it is fixed to respond the unified resource
Position symbol request.
9. a kind of terminal device, which is characterized in that the terminal device includes memory, processor, is stored on the memory
There is the computer program that can be run on the processor, is realized when the processor executes the computer program as right is wanted
The step of seeking any one of 1 to 6 the method.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In when the computer program is executed by processor the step of any one of such as claim 1 to 6 of realization the method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910374367.2A CN110222524A (en) | 2019-05-07 | 2019-05-07 | The authorization check method, apparatus and terminal device of uniform resource locator request |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910374367.2A CN110222524A (en) | 2019-05-07 | 2019-05-07 | The authorization check method, apparatus and terminal device of uniform resource locator request |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110222524A true CN110222524A (en) | 2019-09-10 |
Family
ID=67820575
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910374367.2A Pending CN110222524A (en) | 2019-05-07 | 2019-05-07 | The authorization check method, apparatus and terminal device of uniform resource locator request |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110222524A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110781505A (en) * | 2019-10-11 | 2020-02-11 | 南京医基云医疗数据研究院有限公司 | System construction method and device, retrieval method and device, medium and equipment |
| CN111062028A (en) * | 2019-12-13 | 2020-04-24 | 腾讯科技(深圳)有限公司 | Authority management method and device, storage medium and electronic equipment |
| CN112596812A (en) * | 2020-12-22 | 2021-04-02 | 深圳集智数字科技有限公司 | Method, device and equipment for responding operation request and storage medium |
| CN113486382A (en) * | 2021-07-27 | 2021-10-08 | 中国银行股份有限公司 | Authority control method and system |
| CN116821879A (en) * | 2023-08-31 | 2023-09-29 | 四川集鲜数智供应链科技有限公司 | Visual system role management system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101441688A (en) * | 2007-11-20 | 2009-05-27 | 阿里巴巴集团控股有限公司 | User authority allocation method and user authority control method |
| CN106375794A (en) * | 2016-08-30 | 2017-02-01 | 浙江宇视科技有限公司 | Video-on-demand method and device |
| CN107612880A (en) * | 2017-07-28 | 2018-01-19 | 深圳竹云科技有限公司 | One kind applies access method and device |
| CN108664811A (en) * | 2018-05-11 | 2018-10-16 | 北京汉能光伏投资有限公司 | A kind of right management method and device |
-
2019
- 2019-05-07 CN CN201910374367.2A patent/CN110222524A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101441688A (en) * | 2007-11-20 | 2009-05-27 | 阿里巴巴集团控股有限公司 | User authority allocation method and user authority control method |
| CN106375794A (en) * | 2016-08-30 | 2017-02-01 | 浙江宇视科技有限公司 | Video-on-demand method and device |
| CN107612880A (en) * | 2017-07-28 | 2018-01-19 | 深圳竹云科技有限公司 | One kind applies access method and device |
| CN108664811A (en) * | 2018-05-11 | 2018-10-16 | 北京汉能光伏投资有限公司 | A kind of right management method and device |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110781505A (en) * | 2019-10-11 | 2020-02-11 | 南京医基云医疗数据研究院有限公司 | System construction method and device, retrieval method and device, medium and equipment |
| CN111062028A (en) * | 2019-12-13 | 2020-04-24 | 腾讯科技(深圳)有限公司 | Authority management method and device, storage medium and electronic equipment |
| CN111062028B (en) * | 2019-12-13 | 2023-11-24 | 腾讯科技(深圳)有限公司 | Authority management method and device, storage medium and electronic equipment |
| CN112596812A (en) * | 2020-12-22 | 2021-04-02 | 深圳集智数字科技有限公司 | Method, device and equipment for responding operation request and storage medium |
| CN112596812B (en) * | 2020-12-22 | 2024-05-31 | 深圳集智数字科技有限公司 | Response method, device, equipment and storage medium of operation request |
| CN113486382A (en) * | 2021-07-27 | 2021-10-08 | 中国银行股份有限公司 | Authority control method and system |
| CN116821879A (en) * | 2023-08-31 | 2023-09-29 | 四川集鲜数智供应链科技有限公司 | Visual system role management system |
| CN116821879B (en) * | 2023-08-31 | 2023-11-07 | 四川集鲜数智供应链科技有限公司 | Visual system role management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110222524A (en) | The authorization check method, apparatus and terminal device of uniform resource locator request | |
| US11711374B2 (en) | Systems and methods for understanding identity and organizational access to applications within an enterprise environment | |
| Rathee et al. | A secure communicating things network framework for industrial IoT using blockchain technology | |
| CN108886483B (en) | System and method for automatic device detection | |
| Hu et al. | A review on cloud computing: Design challenges in architecture and security | |
| JP5961638B2 (en) | System and method for application certification | |
| US11328073B1 (en) | Robust data tagging | |
| Kim et al. | Data governance framework for big data implementation with a case of Korea | |
| WO2015168203A1 (en) | Characterizing user behavior via intelligent identity analytics | |
| CN109063138A (en) | For in block chain, that is, service platform search data method, equipment and storage medium | |
| CN112202708A (en) | Identity authentication method and device, electronic equipment and storage medium | |
| CN110348725A (en) | Risk policy method of adjustment, device and electronic equipment based on regional society environmental information | |
| Damera et al. | Trust evaluation models for cloud computing | |
| CN112615808B (en) | Method, device and medium for representing white list of process layer messages of intelligent substation | |
| Lakshmi et al. | Emerging Technologies and Security in Cloud Computing | |
| Empl et al. | Digital Twins for IoT Security Management | |
| Liu et al. | Application of blockchain technology in electric vehicle charging piles based on electricity Internet of Things | |
| CN113347042A (en) | Data security protection method and server based on digitization and artificial intelligence | |
| US20180307810A1 (en) | Analysis of output files | |
| AU2022200807B2 (en) | Systems and Methods for Understanding Identity and Organizational Access to Applications within an Enterprise Environment | |
| CN116346432A (en) | Access control system, electronic equipment and storage medium of energy industry internet | |
| Gallege et al. | Understanding the trust of software‐intensive distributed systems | |
| US10757216B1 (en) | Group profiles for group item recommendations | |
| Stübs et al. | OpenDISCO–Open simulation framework for distributed smart grid control | |
| CN103634326B (en) | A kind of method and device for processing application system request message |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |