CN110278192A - Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet - Google Patents
Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet Download PDFInfo
- Publication number
- CN110278192A CN110278192A CN201910419273.2A CN201910419273A CN110278192A CN 110278192 A CN110278192 A CN 110278192A CN 201910419273 A CN201910419273 A CN 201910419273A CN 110278192 A CN110278192 A CN 110278192A
- Authority
- CN
- China
- Prior art keywords
- message
- access
- intranet
- request
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/50—Address allocation
- H04L61/5007—Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Abstract
The invention discloses a kind of method bodies of extranet access Intranet, this method comprises: when external network server receive by extranet access end send when requesting access to message for accessing the first of Intranet function, send the request company's of building message to intranet server;The external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, described to agree to that the company's of building message includes: the temporary ip address by the intranet server for external network server distribution;The external network server establishes the interim connection with the intranet server according to the temporary ip address;The external network server, which by described first requests access to message, repacks and requests access to message for second, and request access to message for described second and the intranet server is sent to by the interim connection, so that the intranet server requests access to the corresponding Intranet function of message call according to described second.
Description
Technical field
The present invention relates to field of computer technology, and in particular to a kind of method, apparatus of extranet access Intranet, computer are set
Standby and readable storage medium storing program for executing.
Background technique
It is currently, there are the concept of Intranet and outer net, Intranet is the local area network of enterprises, and outer net is developed towards masses
Internet;Based on the considerations of safety, external network user cannot drop by the function of Intranet;But with internet and letter
The development and application of breath technology, more and more enterprise requirements external network users are able to access that the function of corporate intranet;But at present
There are no a kind of i.e. safety and the convenient and fast methods for allowing external network user to access Intranet function.
Summary of the invention
The purpose of the present invention is to provide method, apparatus, computer equipment and the readable storages of a kind of extranet access Intranet
Medium solves outer net function in the prior art and the technical issues of Intranet function cannot interconnect.
The present invention is to solve above-mentioned technical problem by following technical proposals:
According to an aspect of the invention, there is provided a kind of method of extranet access Intranet, includes the following steps:
It is requested access to by what extranet access end was sent for accessing the first of Intranet function when external network server is received
When message, the request company's of building message is sent to intranet server;
The external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, the agreement
The company's of building message includes: the temporary ip address by the intranet server for external network server distribution;
The external network server establishes the interim connection with the intranet server according to the temporary ip address;
The external network server, which by described first requests access to message, repacks and requests access to message for second, and by institute
State second and request access to message and the intranet server is sent to by the interim connection, for the intranet server according to
Described second requests access to the corresponding Intranet function of message call.
Further, described to be used to access Intranet function by what extranet access end was sent when external network server is received
First when requesting access to message, sends the request company's of building message to intranet server, specifically includes:
The external network server reception requests access to message by first that the extranet access end is sent;Wherein, described
First requests access to the function number that message includes: the system function that needs access;
According to the function number, using preset mapping table, function corresponding with the function number is determined
Type;Wherein, the function type includes: Intranet function and outer net function;
When it is Intranet function that the function number is corresponding, Xiang Suoshu intranet server sends the request company's of building message.
Further, it is sent described to intranet server before requesting the company's of building message, the method also includes:
Obtain includes described first to request access to the identity identification information at the extranet access end in message, and judge
The identity identification information whether there is in preset white and black list;
If it exists in the white list, then authentication passes through, and Xiang Suoshu intranet server sends the request company's of building message;
If it exists in the blacklist, then authentication fails, and Xiang Suoshu extranet access end sends denied access message;
If it does not exist in the white and black list, then the identity identification information is sent to default terminal, with
Authentication is carried out for the default terminal;And receive message is passed through by the authentication that the default terminal is sent when
The request company's of building message is sent to the intranet server, or is lost receiving by the authentication that the default terminal is sent
When losing message, Xiang Suoshu extranet access end sends denied access message.
Further, in the case where authentication passes through, the method also includes:
The access level at the extranet access end, the access searched and determined are determined according to the identity identification information
Rank is corresponding to forbid accessing list, and judges that the function number whether there is and forbid accessing in list in what is found;
If so, sending denied access message to the extranet access end;
If it is not, then sending the request company's of building message to the intranet server.
Further, the external network server requests access to described first message and repacks to request access to for second and disappears
Breath, specifically includes:
The temporary ip address is set by the destination address that described second requests access to message, and described second is requested
The source address of access message is set as the IP address of the external network server;
It obtains described first and requests access to message content in message, and the message content is added to described second and is asked
It asks in access message.
Further, described to request access to message for described second the Intranet service is sent to by the interim connection
After device, the method also includes:
The external network server receives the first request-reply message sent by the intranet server, and by described the
One request-reply message is repacked as the second request-reply message, and the second request-reply message is sent to described outer
Net access end.
Further, described to repack the first request-reply message for the second request-reply message, specific packet
It includes:
Set the destination address of the second request-reply message to the IP address at the extranet access end, and will be described
The source address of second request-reply message is set as the IP address of the external network server;
The message content in the first request-reply message is obtained, and the message content is added to described second and is asked
It asks in response message.
To achieve the goals above, it the present invention also provides a kind of device of extranet access Intranet, specifically includes:
Sending module, for being used to access Intranet function by what extranet access end was sent when external network server is received
First when requesting access to message, sends the request company's of building message to intranet server;
Receiving module receives for the external network server and builds even message by the agreement that the intranet server is fed back to;
Wherein, described to agree to that the company's of building message includes: the temporary ip address by the intranet server for external network server distribution;
Gang mould block is built, is established for the external network server according to the temporary ip address and is faced with the intranet server
When connect;
Forwarding module requests access to message for described first for the external network server and repacks as the second request visit
It asks message, and requests access to message for described second and the intranet server is sent to by the interim connection, for described
Intranet server requests access to the corresponding Intranet function of message call according to described second.
To achieve the goals above, the present invention also provides a kind of computer equipment, specifically include: memory, processor with
And it is stored in the computer program that can be run on the memory and on the processor, the processor executes described program
The step of Shi Shixian above method.
To achieve the goals above, the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer
Program, when described program is executed by processor the step of the realization above method.
Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet provided by the invention, can pass through
The access request at extranet access end is transmitted to intranet server by external network server, so that access described in Intranet project treatment is asked
It asks, and the access response that Intranet engineering is fed back to is transmitted to extranet access end;Solves outer net function in the prior art and interior
The technical issues of net function cannot interconnect;In addition, in the present invention, being compiled by configuring corresponding function for each system function
Code, and distinguished by type of the function coding to system function, it solves developer in the prior art and needs separately to go
The technical issues of developing Intranet function and outer net function, reduces the hair opening amount of developer.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is a kind of optional flow diagram of the method for the extranet access Intranet that embodiment one provides;
Fig. 2 is a kind of optional program module schematic diagram of the device for the extranet access Intranet that embodiment three provides;
Fig. 3 is a kind of optional hardware structure schematic diagram for the computer equipment that example IV provides.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not
For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work
Every other embodiment obtained is put, shall fall within the protection scope of the present invention.
Embodiment one
The method of extranet access Intranet provided by the invention is illustrated with reference to the accompanying drawing.
Fig. 1 is a kind of optional flow diagram of the method for extranet access Intranet of the present invention, as shown in Figure 1, this method
It may comprise steps of:
Step S101: it is used to access the first of Intranet function by what extranet access end was sent when external network server is received
When requesting access to message, the request company's of building message is sent to intranet server.
Specifically, step S101, comprising:
Step A1: the external network server reception requests access to message by first that the extranet access end is sent;Its
In, described first requests access to the function number that message includes: the system function that needs access;
Step A2: it according to the function number, using preset mapping table, determines corresponding with the function number
Function type;Wherein, the function type includes: Intranet function and outer net function;
Step A3: when it is Intranet function that the function number is corresponding, Xiang Suoshu intranet server sends the request company of building
Message.
Wherein, prior to step A1, the method also includes:
The external network server of working as receives mapping table, and is stored;Wherein, the mapping table includes: function
Energy number and respectively function type corresponding with each function number;
Conventionally, as some functions need to execute in Intranet, and some functions need to execute in outer net, so
The exploitation code of Intranet function and the exploitation code of outer net function cannot be general;Therefore, it is necessary to which developer is divided into two batches, respectively
From the corresponding system function of exploitation.Need to know oneself exploitation due to developer is Intranet function or outer net function, and
The code of Intranet function and outer net function is handled differently, so each developer cannot be absorbed in business logic codes
Exploitation, increases the workload of developer.And in the present embodiment, although developer needs to know oneself exploitation
It is Intranet function or outer net function, it is however possible to use a set of code develops Intranet function and outer net function, does not need pair
The code of Intranet function and the code of outer net function are distinguished;After what a system function developer develops, can be
The system function distributes corresponding function number, and record in mapping table the system function function number and should
The function type of system function, to establish out the corresponding relationship of function number and function type, and by the mapping table
It stores in the external network server, for later period use.
It can unify to be each system function distribution function number after system function exploitation, and establish each function and compile
Corresponding relationship number with function type, by checking mapping table, can know function number it is corresponding be Intranet function also
It is outer net function.When the corresponding function type of the function number is Intranet function, the system function that the needs access is
Intranet function;When the corresponding function type of the function number is outer net function, the system function that the needs access is outer
Net function.
Further, it is sent described to intranet server before requesting the company's of building message, the method also includes:
Obtain includes described first to request access to the identity identification information at the extranet access end in message, and judge
The identity identification information whether there is in preset white and black list;
If it exists in the white list, then authentication passes through, and Xiang Suoshu intranet server sends the request company's of building message;
If it exists in the blacklist, then authentication fails, and Xiang Suoshu extranet access end sends denied access message;
If it does not exist in the white and black list, then the identity identification information is sent to default terminal, with
Authentication is carried out for the default terminal;And receive message is passed through by the authentication that the default terminal is sent when
The request company's of building message is sent to the intranet server, or is lost receiving by the authentication that the default terminal is sent
When losing message, Xiang Suoshu extranet access end sends denied access message.
Preferably, identity identification information are as follows: MAC (Media Access Control Address, media access control
Location).
In the present embodiment, authentication is carried out to outer net access end by white and black list;Wherein, described white
It is stored with the identity identification information of each trusted terminal in list, the body of each insincere terminal is stored in the blacklist
Part identification information.When the identity identification information at extranet access end is there is no in white and black list, by the identification
Information is sent to default terminal, so that the default terminal carries out authentication, and is sent receiving by the default terminal
Come when being verified message, the identity identification information is added in the white list, or is receiving by described pre-
If the identity identification information is added in the blacklist when authentication failed message that terminal is sent.
It certainly, in practical applications, can also be by other authentication modes such as signature, code key to outer net access end
Identity is verified.For example, external network server judges to request access in message first when carrying out authentication using signature
It whether include default signature, if so, authentication passes through, if it is not, then authentication fails.
Further, in the case where authentication passes through, the method also includes:
The access level at the extranet access end, the access searched and determined are determined according to the identity identification information
Rank is corresponding to forbid accessing list, and judges that the function number whether there is and forbid accessing in list in what is found;
If so, sending denied access message to the extranet access end;
If it is not, then sending the request company's of building message to the intranet server.
Wherein, the access level that the extranet access end is determined according to the identity identification information, specifically includes:
The corresponding access level of the identity identification information is determined in the white list.
Also record has access level corresponding with each identity identification information in the white list;For example, setting height,
In, low three access levels, the addressable Intranet function in the corresponding extranet access end of the identity identification information of high access level
Quantity of the quantity more than the addressable Intranet function in the corresponding extranet access end of identification new information of low access level.
It should be noted that the access level of each identity identification information sets in advance and is recorded in the white name
In list.
Wherein, each access level have it is corresponding forbid access list, forbid access list in include forbid it is outer
The function number of the Intranet function of net access end access.When the function number that external network server is judged to request access in message goes out
When forbidding accessing in list of present corresponding access level, external network server sends denied access message to outer net access end,
The corresponding Intranet function of the function number is accessed to refuse extranet access end.
Step S102: the external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein,
It is described to agree to that the company's of building message includes: the temporary ip address by the intranet server for external network server distribution.
In the present embodiment, in order to improve the safety of extranet access Intranet, intranet server can be external network server point
With a temporary ip address, and the temporary ip address has the service life of certain time length, i.e., the described interim connection has certain
The service life of duration, in the service life, external network server can send message and Intranet clothes to intranet server
Being engaged in device can be to external network server transmission message, outside the service life, the external network server and the intranet server
It disconnects.
Step S103: the external network server is established according to the temporary ip address to be connected with the interim of the intranet server
It connects.
Step S104: the external network server requests access to described first message and repack to request access to for second to disappear
Breath, and request access to message for described second and the intranet server is sent to by the interim connection, for the Intranet
Server requests access to the corresponding Intranet function of message call according to described second.
Disappear specifically, the external network server requests access to described first message and repack to request access to for second
Breath, comprising:
The temporary ip address is set by the destination address that described second requests access to message, and described second is requested
The source address of access message is set as the IP address of the external network server;
It obtains described first and requests access to message content in message, and the message content is added to described second and is asked
It asks in access message.
In the present embodiment, external network server can send a new request, this new request meeting to intranet server
Comprising former request entrained data and parameter, when Intranet gets this new request, corresponding business processing can be done.
Wherein, when the intranet server receive described second request access to message when perform the following operations:
Step B1: whether the second source address requested access in message that the intranet server judgement receives is described
The address of external network server;If so, B2 is thened follow the steps, if it is not, then sending denied access message to the external network server.
When the intranet server receives the request company's of building message, with obtaining the source in the request company's of building message
Location, and establish the incidence relation of the source address Yu the temporary ip address.
When the intranet server receive described second request access to message when can request access to message to second source
It is verified address.
Step B2: the intranet server requests access to message according to described second and executes corresponding feature operation, and to
The external network server sends the first request-reply message.
Further, message is requested access to by described second described the Intranet is sent to by the interim connection take
It is engaged in after device, the method also includes:
The external network server receives the first request-reply message sent by the intranet server, and by described the
One request-reply message is repacked as the second request-reply message, and the second request-reply message is sent to described outer
Net access end.
Further, described to repack the first request-reply message for the second request-reply message, specifically
Include:
Set the destination address of the second request-reply message to the IP address at the extranet access end, and will be described
The source address of second request-reply message is set as the IP address of the external network server;
The message content in the first request-reply message is obtained, and the message content is added to described second and is asked
It asks in response message.
In the present embodiment, if extranet access end requests access to the Intranet function of Intranet engineering, outer net engineering can be passed through
In external network server access the forwarding of request;After external network server forwarded access request, the logic flow of outer net
Journey pause, waits the return of Intranet processing result.After Intranet has handled request, corresponding request-reply can be generated, and by outer
The request-reply is transmitted to extranet access end by network server.In the process, extranet access end does not perceive, and does not influence
Other logical process.
Embodiment two
The present invention also provides the method for another optional extranet access Intranet, this method specifically includes following step
It is rapid:
Step S1: external network server reception requests access to message by first that extranet access end is sent;Wherein, described
One requests access to the function number that message includes: the system function that needs access.
Specifically, before step S1, the method also includes:
Mapping table is received, and is stored;Wherein, the mapping table include: function number and respectively with
The corresponding function type of each function number;
The function type includes: Intranet function and outer net function.
Step S2: the external network server judges to need whether the system function accessed is interior according to the function number
Net function.
Specifically, step S2 includes:
According to the function number, using the mapping table, function class corresponding with the function number is determined
Type.
When the corresponding function type of the function number is Intranet function, the system function for needing to access is Intranet
Function;When the corresponding function type of the function number is outer net function, the system function for needing to access is outer net function
Energy.
Step S3: in the case where the system function for needing to access is Intranet function, the external network server is to institute
It states extranet access end and carries out authentication.
Specifically, being requested access in message described first further include: the identity identification information at the extranet access end.
Preferably, identity identification information are as follows: MAC (Media Access Control Address, media access control
Location).
Further, step S3, comprising:
Judge that the identity identification information whether there is in preset white and black list;
If it exists in the white list, then authentication passes through, and executes step S4;
If it exists in the blacklist, then authentication fails, and sends denied access to the extranet access end and disappear
Breath;
If it does not exist in the white and black list, then the identity identification information is sent to default terminal, with
Authentication is carried out for the default terminal;Step is executed when being verified message by what the default terminal was sent receiving
Rapid S4, or when receiving the authentication failed message sent by the default terminal, Xiang Suoshu extranet access end sends and refuses
Access message absolutely.
Step S4: in the case where authentication passes through, the external network server is determined according to the identity identification information
The access level at the extranet access end out, search it is corresponding with the access level determined forbid accessing list, and judge institute
Function number is stated to forbid accessing in list with the presence or absence of in what is found;
If so, sending denied access message to the extranet access end;
If it is not, thening follow the steps S5.
Further, the access level that the extranet access end is determined according to the identity identification information, specifically
Include:
The corresponding access level of the identity identification information is determined in the white list.
Also record has access level corresponding with each identity identification information in the white list;For example, setting height,
In, low three access levels, the addressable Intranet function in the corresponding extranet access end of the identity identification information of high access level
Quantity of the quantity more than the addressable Intranet function in the corresponding extranet access end of identification new information of low access level.
Wherein, the access level of each identity identification information sets in advance and is recorded in the white list.
Further, each access level have it is corresponding forbid access list, forbid access list in include prohibit
The function number for the Intranet function of only being accessed by extranet access end.When external network server judges to request access to the function in message
Number appears in when forbidding accessing in list of corresponding access level, and external network server sends denied access to outer net access end
Message accesses the corresponding Intranet function of the function number to refuse extranet access end.
Step S5: the external network server sends the request company's of building message to the intranet server, and receives by described interior
Even message is built in the agreement that network server is fed back to;It wherein, include by the intranet server in the agreement company of building message is institute
State the temporary ip address that external network server is temporarily distributed.
Step S6: the external network server is established according to the temporary ip address to be connected with the interim of the intranet server
It connects.
Step S7: the external network server requests access to described first message and repack to request access to for second to disappear
Breath, and request access to message for described second and the intranet server is sent to by the interim connection, for the Intranet
Server requests access to the corresponding Intranet function of message call according to described second.
Disappear specifically, the external network server requests access to described first message and repack to request access to for second
Breath, comprising:
The temporary ip address is set by the destination address that described second requests access to message, and described second is requested
The source address of access message is set as the IP address of the outer net service;
It obtains described first and requests access to message content in message, and the message content is added to described second and is asked
It asks in access message.
Step S8: whether the second source address requested access in message that the intranet server judgement receives is described
The address of external network server;If so, S9 is thened follow the steps, if it is not, then sending denied access message to the external network server.
Specifically, obtaining the request company of building message when the intranet server receives the request company's of building message
In source address, and establish the incidence relation of the source address Yu the temporary ip address.
When the intranet server receive described second request access to message when can request access to message to second source
It is verified address.
Step S9: the intranet server requests access to message according to described second and executes corresponding feature operation, and to
The external network server sends the first request-reply message.
Step S10: the external network server receives the first request-reply message, and first request-reply is disappeared
Breath is repacked to be transmitted to the second request-reply message at the extranet access end.
Specifically, step S10, comprising:
Set the destination address of the second request-reply message to the IP address at the extranet access end, and will be described
The source address of second request-reply message is set as the IP address of the outer net service;
The message content in the first request-reply message is obtained, and the message content is added to described second and is asked
It asks in response message.
Step S11: the second request-reply message is sent to the extranet access end by the external network server.
Embodiment three
The method of the extranet access Intranet provided in one based on the above embodiment provides a kind of extranet access in the present embodiment
The device of Intranet, specifically, Fig. 2 shows the optional structural block diagram of the device of the extranet access Intranet, in the extranet access
The device of net is divided into one or more program modules, one or more program module is stored in storage medium, and
As performed by one or more processors, to complete the present invention.The so-called program module of the present invention is to refer to complete specific function
The series of computation machine program instruction section of energy is more suitable for describing the device of extranet access Intranet in storage medium than program itself
Implementation procedure, the function of each program module of the present embodiment will specifically be introduced by being described below.
As shown in Fig. 2, the device of the extranet access Intranet specifically includes consisting of part:
Sending module 201, for being used to access Intranet function by what extranet access end was sent when external network server is received
When the first of energy requests access to message, the request company's of building message is sent to intranet server;
Receiving module 202 is built by the agreement that the intranet server is fed back to for external network server reception and is even disappeared
Breath;Wherein, described to agree to that company of building message include: by the intranet server is temporary IP that the external network server is distributed
Location;
Gang mould block 203 is built, is established and the intranet server for the external network server according to the temporary ip address
Interim connection;
Forwarding module 204 by described first requests access to message for the external network server and repacks and asks for second
Access message is sought, and requests access to message for described second and the intranet server is sent to by the interim connection, for
The intranet server requests access to the corresponding Intranet function of message call according to described second.
Specifically, sending module 201, comprising:
Receiving unit receives for the external network server and first is requested access to and disappeared by the extranet access end is sent
Breath;Wherein, described first the function number that message includes: the system function that needs access is requested access to;
Determination unit, for using preset mapping table, determining to compile with the function according to the function number
Number corresponding function type;Wherein, the function type includes: Intranet function and outer net function;
Transmission unit, for when it is Intranet function that the function number is corresponding, the transmission of Xiang Suoshu intranet server to be asked
Seek the company's of building message.
Further, described device further include:
Authentication module, for it is described send request company of building message to intranet server before, obtain included in described the
One requests access to the identity identification information at the extranet access end in message, and judges that the identity identification information whether there is
In preset white and black list;If it exists in the white list, then authentication passes through, Xiang Suoshu intranet server
Send the request company's of building message;If it exists in the blacklist, then authentication fails, and Xiang Suoshu extranet access end sends refusal
Access message;If it does not exist in the white and black list, then the identity identification information is sent to default terminal, with
Authentication is carried out for the default terminal;And receive message is passed through by the authentication that the default terminal is sent when
The request company's of building message is sent to the intranet server, or is lost receiving by the authentication that the default terminal is sent
When losing message, Xiang Suoshu extranet access end sends denied access message.
Wherein, the authentication module, is also used to:
In the case where authentication passes through, the access at the extranet access end is determined according to the identity identification information
Rank, search it is corresponding with the access level determined forbid accessing list, and judge that the function number whether there is in looking into
That finds forbids accessing in list;If so, sending denied access message to the extranet access end;If it is not, then to described interior
Network server sends the request company's of building message.
Further, the forwarding module 204, is specifically used for:
The temporary ip address is set by the destination address that described second requests access to message, and described second is requested
The source address of access message is set as the IP address of the external network server;It obtains described first and requests access to message in message
Content, and the message content is added to described second and is requested access in message.
Further, described device further include:
Processing module, for it is described by described second request access to message by the interim connection be sent to it is described in
After network server, the external network server receives the first request-reply message sent by the intranet server, and will
The first request-reply message is repacked as the second request-reply message, and the second request-reply message is sent to
The extranet access end.
Wherein, the processing module, is specifically used for:
Set the destination address of the second request-reply message to the IP address at the extranet access end, and will be described
The source address of second request-reply message is set as the IP address of the external network server;Obtain the first request-reply message
In message content, and the message content is added in the second request-reply message.
Example IV
The present embodiment also provides a kind of computer equipment, can such as execute the smart phone, tablet computer, notebook of program
Computer, desktop computer, rack-mount server, blade server, tower server or Cabinet-type server are (including independent
Server cluster composed by server or multiple servers) etc..As shown in figure 3, the computer equipment 30 of the present embodiment to
It is few to include but is not limited to: memory 301, the processor 302 of connection can be in communication with each other by system bus.It should be pointed out that
Fig. 3 illustrates only the computer equipment 30 with component 301-302, it should be understood that being not required for implementing all show
Component, the implementation that can be substituted is more or less component.
In the present embodiment, memory 301 (i.e. readable storage medium storing program for executing) includes flash memory, hard disk, multimedia card, card-type memory
(for example, SD or DX memory etc.), random access storage device (RAM), static random-access memory (SRAM), read-only memory
(ROM), electrically erasable programmable read-only memory (EEPROM), programmable read only memory (PROM), magnetic storage, magnetic
Disk, CD etc..In some embodiments, memory 301 can be the internal storage unit of computer equipment 30, such as the calculating
The hard disk or memory of machine equipment 30.In further embodiments, memory 301 is also possible to the external storage of computer equipment 30
The plug-in type hard disk being equipped in equipment, such as the computer equipment 30, intelligent memory card (Smart Media Card, SMC), peace
Digital (Secure Digital, SD) card, flash card (Flash Card) etc..Certainly, memory 301 can also both include meter
The internal storage unit for calculating machine equipment 30 also includes its External memory equipment.In the present embodiment, memory 301 is commonly used in depositing
Storage is installed on the operating system and types of applications software of computer equipment 30, for example, embodiment two extranet access Intranet device
Program code etc..In addition, memory 301 can be also used for temporarily storing all kinds of numbers that has exported or will export
According to.
Processor 302 can be in some embodiments central processing unit (Central Processing Unit, CPU),
Controller, microcontroller, microprocessor or other data processing chips.The processor 302 is commonly used in control computer equipment
30 overall operation.
Specifically, in the present embodiment, processor 302 is for executing the extranet access Intranet stored in processor 302
The program of the program of method, the method for the extranet access Intranet is performed realization following steps:
It is requested access to by what extranet access end was sent for accessing the first of Intranet function when external network server is received
When message, the request company's of building message is sent to intranet server;
The external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, the agreement
The company's of building message includes: the temporary ip address by the intranet server for external network server distribution;
The external network server establishes the interim connection with the intranet server according to the temporary ip address;
The external network server, which by described first requests access to message, repacks and requests access to message for second, and by institute
State second and request access to message and the intranet server is sent to by the interim connection, for the intranet server according to
Described second requests access to the corresponding Intranet function of message call.
The specific embodiment process of above method step can be found in first embodiment, and the present embodiment is not repeated to go to live in the household of one's in-laws on getting married herein
It states.
Embodiment five
The present embodiment also provides a kind of computer readable storage medium, such as flash memory, hard disk, multimedia card, card-type memory
(for example, SD or DX memory etc.), random access storage device (RAM), static random-access memory (SRAM), read-only memory
(ROM), electrically erasable programmable read-only memory (EEPROM), programmable read only memory (PROM), magnetic storage, magnetic
Disk, CD, server, App are stored thereon with computer program, the computer program is held by processor using store etc.
Following method and step is realized when row:
It is requested access to by what extranet access end was sent for accessing the first of Intranet function when external network server is received
When message, the request company's of building message is sent to intranet server;
The external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, the agreement
The company's of building message includes: the temporary ip address by the intranet server for external network server distribution;
The external network server establishes the interim connection with the intranet server according to the temporary ip address;
The external network server, which by described first requests access to message, repacks and requests access to message for second, and by institute
State second and request access to message and the intranet server is sent to by the interim connection, for the intranet server according to
Described second requests access to the corresponding Intranet function of message call.
The specific embodiment process of above method step can be found in first embodiment, and the present embodiment is not repeated to go to live in the household of one's in-laws on getting married herein
It states.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or device.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of method of extranet access Intranet, which is characterized in that the described method includes:
Message is requested access to for accessing the first of Intranet function by what extranet access end was sent when external network server is received
When, the request company's of building message is sent to intranet server;
The external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, the agreement company of building
Message includes: the temporary ip address by the intranet server for external network server distribution;
The external network server establishes the interim connection with the intranet server according to the temporary ip address;
The external network server, which by described first requests access to message, repacks and requests access to message for second, and by described
Two, which request access to message, is sent to the intranet server by the interim connection, so that the intranet server is according to
Second requests access to the corresponding Intranet function of message call.
2. the method for extranet access Intranet according to claim 1, which is characterized in that described when external network server receives
By extranet access end send when requesting access to message for accessing the first of Intranet function, send and request to intranet server
The company's of building message, specifically includes:
The external network server reception requests access to message by first that the extranet access end is sent;Wherein, described first
Requesting access to message includes: to need the function number of the system function accessed;
According to the function number, using preset mapping table, function type corresponding with the function number is determined;
Wherein, the function type includes: Intranet function and outer net function;
When it is Intranet function that the function number is corresponding, Xiang Suoshu intranet server sends the request company's of building message.
3. the method for extranet access Intranet according to claim 2, which is characterized in that sent described to intranet server
Before requesting the company's of building message, the method also includes:
Obtaining includes the described first identity identification information for requesting access to the extranet access end in message, and described in judgement
Identity identification information whether there is in preset white and black list;
If it exists in the white list, then authentication passes through, and Xiang Suoshu intranet server sends the request company's of building message;
If it exists in the blacklist, then authentication fails, and Xiang Suoshu extranet access end sends denied access message;
If it does not exist in the white and black list, then the identity identification information is sent to default terminal, for institute
It states default terminal and carries out authentication;And receive message is passed through from the authentication that the default terminal is sent when to institute
It states intranet server and sends the request company's of building message, or unsuccessfully disappeared receiving by the authentication that the default terminal is sent
When breath, Xiang Suoshu extranet access end sends denied access message.
4. the method for extranet access Intranet according to claim 3, which is characterized in that the case where authentication passes through
Under, the method also includes:
The access level at the extranet access end, the access level searched and determined are determined according to the identity identification information
It is corresponding to forbid accessing list, and judge that the function number whether there is and forbid accessing in list in what is found;
If so, sending denied access message to the extranet access end;
If it is not, then sending the request company's of building message to the intranet server.
5. the method for extranet access Intranet according to claim 1, which is characterized in that the external network server is by described
One, which requests access to message, repacks and requests access to message for second, specifically includes:
The temporary ip address is set by the destination address that described second requests access to message, and described second is requested access to
The source address of message is set as the IP address of the external network server;
It obtains described first and requests access to message content in message, and the message content is added to second request and is visited
It asks in message.
6. the method for extranet access Intranet according to claim 1, which is characterized in that visit second request described
After asking that message is sent to the intranet server by the interim connection, the method also includes:
The external network server receives the first request-reply message sent by the intranet server, and described first is asked
It asks response message to repack for the second request-reply message, and the second request-reply message is sent to the outer net and is visited
Ask end.
7. the method for extranet access Intranet according to claim 6, which is characterized in that described by first request-reply
Message is repacked as the second request-reply message, is specifically included:
Set the destination address of the second request-reply message to the IP address at the extranet access end, and by described second
The source address of request-reply message is set as the IP address of the external network server;
The message content in the first request-reply message is obtained, and the message content is added to second request and is answered
It answers in message.
8. a kind of device of extranet access Intranet, which is characterized in that described device includes:
Sending module, for being used to access the first of Intranet function by what extranet access end was sent when external network server is received
When requesting access to message, the request company's of building message is sent to intranet server;
Receiving module receives for the external network server and builds even message by the agreement that the intranet server is fed back to;Wherein,
It is described to agree to that the company's of building message includes: the temporary ip address by the intranet server for external network server distribution;
Gang mould block is built, is established for the external network server according to the temporary ip address and is connected with the interim of the intranet server
It connects;
Forwarding module, requests access to message and repacks to request access to for second and disappear for the external network server by described first
Breath, and request access to message for described second and the intranet server is sent to by the interim connection, for the Intranet
Server requests access to the corresponding Intranet function of message call according to described second.
9. a kind of computer equipment, the computer equipment includes: memory, processor and is stored on the memory simultaneously
The computer program that can be run on the processor, which is characterized in that the processor realizes right when executing described program
It is required that the step of any one of 1 to 7 the method.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that described program is processed
The step of any one of claim 1 to 7 the method is realized when device executes.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910419273.2A CN110278192B (en) | 2019-05-20 | 2019-05-20 | Method and device for accessing intranet by extranet, computer equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910419273.2A CN110278192B (en) | 2019-05-20 | 2019-05-20 | Method and device for accessing intranet by extranet, computer equipment and readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110278192A true CN110278192A (en) | 2019-09-24 |
CN110278192B CN110278192B (en) | 2022-10-25 |
Family
ID=67960142
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910419273.2A Active CN110278192B (en) | 2019-05-20 | 2019-05-20 | Method and device for accessing intranet by extranet, computer equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110278192B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111131303A (en) * | 2019-12-31 | 2020-05-08 | 苏宁云计算有限公司 | Request data verification system and method |
CN111683045A (en) * | 2020-04-28 | 2020-09-18 | 中国平安财产保险股份有限公司 | Session information processing method, device, equipment and storage medium |
CN111818100A (en) * | 2020-09-04 | 2020-10-23 | 腾讯科技(深圳)有限公司 | Method for configuring channel across networks, related equipment and storage medium |
CN113709162A (en) * | 2021-08-30 | 2021-11-26 | 康键信息技术(深圳)有限公司 | Method, device and equipment for acquiring intranet data and storage medium |
WO2022143127A1 (en) * | 2020-12-31 | 2022-07-07 | 华为技术有限公司 | Method for accessing local area network service device, and electronic device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1968181A (en) * | 2005-11-15 | 2007-05-23 | 中兴通讯股份有限公司 | Method for implementing media stream message passing through network address converter |
CN101656645A (en) * | 2008-08-20 | 2010-02-24 | 华为技术有限公司 | Method, equipment and system for communication between external equipment and internal equipment of home network |
CN102111311A (en) * | 2011-03-18 | 2011-06-29 | 杭州华三通信技术有限公司 | Method for accessing and monitoring private network through layer 2 tunnel protocol and server |
CN102148767A (en) * | 2011-05-12 | 2011-08-10 | 杭州华三通信技术有限公司 | Network address translation (NAT)-based data routing method and device |
CN104811507A (en) * | 2014-01-26 | 2015-07-29 | 中国移动通信集团湖南有限公司 | IP address acquiring method and IP address acquiring device |
CN105162787A (en) * | 2015-09-17 | 2015-12-16 | 深圳市深信服电子科技有限公司 | Method and apparatus of external network terminal for accessing manufacture device or internal network terminal |
-
2019
- 2019-05-20 CN CN201910419273.2A patent/CN110278192B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1968181A (en) * | 2005-11-15 | 2007-05-23 | 中兴通讯股份有限公司 | Method for implementing media stream message passing through network address converter |
CN101656645A (en) * | 2008-08-20 | 2010-02-24 | 华为技术有限公司 | Method, equipment and system for communication between external equipment and internal equipment of home network |
CN102111311A (en) * | 2011-03-18 | 2011-06-29 | 杭州华三通信技术有限公司 | Method for accessing and monitoring private network through layer 2 tunnel protocol and server |
CN102148767A (en) * | 2011-05-12 | 2011-08-10 | 杭州华三通信技术有限公司 | Network address translation (NAT)-based data routing method and device |
CN104811507A (en) * | 2014-01-26 | 2015-07-29 | 中国移动通信集团湖南有限公司 | IP address acquiring method and IP address acquiring device |
CN105162787A (en) * | 2015-09-17 | 2015-12-16 | 深圳市深信服电子科技有限公司 | Method and apparatus of external network terminal for accessing manufacture device or internal network terminal |
Non-Patent Citations (1)
Title |
---|
郑春阳等: "基于VPN的校园网络资源的访问", 《沧州师范专科学校学报》 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111131303A (en) * | 2019-12-31 | 2020-05-08 | 苏宁云计算有限公司 | Request data verification system and method |
CN111683045A (en) * | 2020-04-28 | 2020-09-18 | 中国平安财产保险股份有限公司 | Session information processing method, device, equipment and storage medium |
CN111818100A (en) * | 2020-09-04 | 2020-10-23 | 腾讯科技(深圳)有限公司 | Method for configuring channel across networks, related equipment and storage medium |
CN111818100B (en) * | 2020-09-04 | 2021-02-02 | 腾讯科技(深圳)有限公司 | Method for configuring channel across networks, related equipment and storage medium |
WO2022143127A1 (en) * | 2020-12-31 | 2022-07-07 | 华为技术有限公司 | Method for accessing local area network service device, and electronic device |
CN113709162A (en) * | 2021-08-30 | 2021-11-26 | 康键信息技术(深圳)有限公司 | Method, device and equipment for acquiring intranet data and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110278192B (en) | 2022-10-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110278192A (en) | Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet | |
CN103607385B (en) | Method and apparatus for security detection based on browser | |
CN109818937A (en) | For the control method of Android permission, device and storage medium, electronic device | |
CN111355723B (en) | Single sign-on method, device, equipment and readable storage medium | |
CN111988337B (en) | Authority management method and system | |
CN107196951A (en) | The implementation method and firewall system of a kind of HDFS systems fire wall | |
CN109462601B (en) | Multi-platform access method and device based on eSIM | |
KR20010088528A (en) | A portable storage device and Method for using a remote storage device in the network as auxiliary memory of the local computer system by using the same device | |
CN107197462B (en) | Wireless network type detection method and device and electronic equipment | |
CN110138767B (en) | Transaction request processing method, device, equipment and storage medium | |
CN104639650A (en) | Fine granularity distributive interface access control method and device | |
WO2013173238A1 (en) | Electronic transaction notification system and method | |
US11816249B2 (en) | System and method for dynamic management of private data | |
CN112448956B (en) | Authority processing method and device of short message verification code and computer equipment | |
CN113158196A (en) | Login verification method, device, equipment and medium | |
CN114138590A (en) | Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment | |
CN111563215A (en) | Method and device for controlling front-end operation authority and related equipment | |
CN111885184A (en) | Method and device for processing hot spot access keywords in high concurrency scene | |
CN113722114A (en) | Data service processing method and device, computing equipment and storage medium | |
CN110880990A (en) | Configuration checking method and device for big data cluster component and computing equipment | |
CN113645060B (en) | Network card configuration method, data processing method and device | |
CN114567678A (en) | Resource calling method and device of cloud security service and electronic equipment | |
WO2006059852A1 (en) | Method and system for providing resources by using virtual path | |
CN116628696A (en) | Vulnerability detection method based on proxy client and related equipment | |
CN113468579A (en) | Data access method, device, equipment and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |