CN110278192A - Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet - Google Patents

Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet Download PDF

Info

Publication number
CN110278192A
CN110278192A CN201910419273.2A CN201910419273A CN110278192A CN 110278192 A CN110278192 A CN 110278192A CN 201910419273 A CN201910419273 A CN 201910419273A CN 110278192 A CN110278192 A CN 110278192A
Authority
CN
China
Prior art keywords
message
access
intranet
request
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910419273.2A
Other languages
Chinese (zh)
Other versions
CN110278192B (en
Inventor
钱克功
马晨阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201910419273.2A priority Critical patent/CN110278192B/en
Publication of CN110278192A publication Critical patent/CN110278192A/en
Application granted granted Critical
Publication of CN110278192B publication Critical patent/CN110278192B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/141Setup of application sessions

Abstract

The invention discloses a kind of method bodies of extranet access Intranet, this method comprises: when external network server receive by extranet access end send when requesting access to message for accessing the first of Intranet function, send the request company's of building message to intranet server;The external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, described to agree to that the company's of building message includes: the temporary ip address by the intranet server for external network server distribution;The external network server establishes the interim connection with the intranet server according to the temporary ip address;The external network server, which by described first requests access to message, repacks and requests access to message for second, and request access to message for described second and the intranet server is sent to by the interim connection, so that the intranet server requests access to the corresponding Intranet function of message call according to described second.

Description

Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet
Technical field
The present invention relates to field of computer technology, and in particular to a kind of method, apparatus of extranet access Intranet, computer are set Standby and readable storage medium storing program for executing.
Background technique
It is currently, there are the concept of Intranet and outer net, Intranet is the local area network of enterprises, and outer net is developed towards masses Internet;Based on the considerations of safety, external network user cannot drop by the function of Intranet;But with internet and letter The development and application of breath technology, more and more enterprise requirements external network users are able to access that the function of corporate intranet;But at present There are no a kind of i.e. safety and the convenient and fast methods for allowing external network user to access Intranet function.
Summary of the invention
The purpose of the present invention is to provide method, apparatus, computer equipment and the readable storages of a kind of extranet access Intranet Medium solves outer net function in the prior art and the technical issues of Intranet function cannot interconnect.
The present invention is to solve above-mentioned technical problem by following technical proposals:
According to an aspect of the invention, there is provided a kind of method of extranet access Intranet, includes the following steps:
It is requested access to by what extranet access end was sent for accessing the first of Intranet function when external network server is received When message, the request company's of building message is sent to intranet server;
The external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, the agreement The company's of building message includes: the temporary ip address by the intranet server for external network server distribution;
The external network server establishes the interim connection with the intranet server according to the temporary ip address;
The external network server, which by described first requests access to message, repacks and requests access to message for second, and by institute State second and request access to message and the intranet server is sent to by the interim connection, for the intranet server according to Described second requests access to the corresponding Intranet function of message call.
Further, described to be used to access Intranet function by what extranet access end was sent when external network server is received First when requesting access to message, sends the request company's of building message to intranet server, specifically includes:
The external network server reception requests access to message by first that the extranet access end is sent;Wherein, described First requests access to the function number that message includes: the system function that needs access;
According to the function number, using preset mapping table, function corresponding with the function number is determined Type;Wherein, the function type includes: Intranet function and outer net function;
When it is Intranet function that the function number is corresponding, Xiang Suoshu intranet server sends the request company's of building message.
Further, it is sent described to intranet server before requesting the company's of building message, the method also includes:
Obtain includes described first to request access to the identity identification information at the extranet access end in message, and judge The identity identification information whether there is in preset white and black list;
If it exists in the white list, then authentication passes through, and Xiang Suoshu intranet server sends the request company's of building message;
If it exists in the blacklist, then authentication fails, and Xiang Suoshu extranet access end sends denied access message;
If it does not exist in the white and black list, then the identity identification information is sent to default terminal, with Authentication is carried out for the default terminal;And receive message is passed through by the authentication that the default terminal is sent when The request company's of building message is sent to the intranet server, or is lost receiving by the authentication that the default terminal is sent When losing message, Xiang Suoshu extranet access end sends denied access message.
Further, in the case where authentication passes through, the method also includes:
The access level at the extranet access end, the access searched and determined are determined according to the identity identification information Rank is corresponding to forbid accessing list, and judges that the function number whether there is and forbid accessing in list in what is found;
If so, sending denied access message to the extranet access end;
If it is not, then sending the request company's of building message to the intranet server.
Further, the external network server requests access to described first message and repacks to request access to for second and disappears Breath, specifically includes:
The temporary ip address is set by the destination address that described second requests access to message, and described second is requested The source address of access message is set as the IP address of the external network server;
It obtains described first and requests access to message content in message, and the message content is added to described second and is asked It asks in access message.
Further, described to request access to message for described second the Intranet service is sent to by the interim connection After device, the method also includes:
The external network server receives the first request-reply message sent by the intranet server, and by described the One request-reply message is repacked as the second request-reply message, and the second request-reply message is sent to described outer Net access end.
Further, described to repack the first request-reply message for the second request-reply message, specific packet It includes:
Set the destination address of the second request-reply message to the IP address at the extranet access end, and will be described The source address of second request-reply message is set as the IP address of the external network server;
The message content in the first request-reply message is obtained, and the message content is added to described second and is asked It asks in response message.
To achieve the goals above, it the present invention also provides a kind of device of extranet access Intranet, specifically includes:
Sending module, for being used to access Intranet function by what extranet access end was sent when external network server is received First when requesting access to message, sends the request company's of building message to intranet server;
Receiving module receives for the external network server and builds even message by the agreement that the intranet server is fed back to; Wherein, described to agree to that the company's of building message includes: the temporary ip address by the intranet server for external network server distribution;
Gang mould block is built, is established for the external network server according to the temporary ip address and is faced with the intranet server When connect;
Forwarding module requests access to message for described first for the external network server and repacks as the second request visit It asks message, and requests access to message for described second and the intranet server is sent to by the interim connection, for described Intranet server requests access to the corresponding Intranet function of message call according to described second.
To achieve the goals above, the present invention also provides a kind of computer equipment, specifically include: memory, processor with And it is stored in the computer program that can be run on the memory and on the processor, the processor executes described program The step of Shi Shixian above method.
To achieve the goals above, the present invention also provides a kind of computer readable storage medium, it is stored thereon with computer Program, when described program is executed by processor the step of the realization above method.
Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet provided by the invention, can pass through The access request at extranet access end is transmitted to intranet server by external network server, so that access described in Intranet project treatment is asked It asks, and the access response that Intranet engineering is fed back to is transmitted to extranet access end;Solves outer net function in the prior art and interior The technical issues of net function cannot interconnect;In addition, in the present invention, being compiled by configuring corresponding function for each system function Code, and distinguished by type of the function coding to system function, it solves developer in the prior art and needs separately to go The technical issues of developing Intranet function and outer net function, reduces the hair opening amount of developer.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 is a kind of optional flow diagram of the method for the extranet access Intranet that embodiment one provides;
Fig. 2 is a kind of optional program module schematic diagram of the device for the extranet access Intranet that embodiment three provides;
Fig. 3 is a kind of optional hardware structure schematic diagram for the computer equipment that example IV provides.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that described herein, specific examples are only used to explain the present invention, not For limiting the present invention.Based on the embodiments of the present invention, those of ordinary skill in the art are not before making creative work Every other embodiment obtained is put, shall fall within the protection scope of the present invention.
Embodiment one
The method of extranet access Intranet provided by the invention is illustrated with reference to the accompanying drawing.
Fig. 1 is a kind of optional flow diagram of the method for extranet access Intranet of the present invention, as shown in Figure 1, this method It may comprise steps of:
Step S101: it is used to access the first of Intranet function by what extranet access end was sent when external network server is received When requesting access to message, the request company's of building message is sent to intranet server.
Specifically, step S101, comprising:
Step A1: the external network server reception requests access to message by first that the extranet access end is sent;Its In, described first requests access to the function number that message includes: the system function that needs access;
Step A2: it according to the function number, using preset mapping table, determines corresponding with the function number Function type;Wherein, the function type includes: Intranet function and outer net function;
Step A3: when it is Intranet function that the function number is corresponding, Xiang Suoshu intranet server sends the request company of building Message.
Wherein, prior to step A1, the method also includes:
The external network server of working as receives mapping table, and is stored;Wherein, the mapping table includes: function Energy number and respectively function type corresponding with each function number;
Conventionally, as some functions need to execute in Intranet, and some functions need to execute in outer net, so The exploitation code of Intranet function and the exploitation code of outer net function cannot be general;Therefore, it is necessary to which developer is divided into two batches, respectively From the corresponding system function of exploitation.Need to know oneself exploitation due to developer is Intranet function or outer net function, and The code of Intranet function and outer net function is handled differently, so each developer cannot be absorbed in business logic codes Exploitation, increases the workload of developer.And in the present embodiment, although developer needs to know oneself exploitation It is Intranet function or outer net function, it is however possible to use a set of code develops Intranet function and outer net function, does not need pair The code of Intranet function and the code of outer net function are distinguished;After what a system function developer develops, can be The system function distributes corresponding function number, and record in mapping table the system function function number and should The function type of system function, to establish out the corresponding relationship of function number and function type, and by the mapping table It stores in the external network server, for later period use.
It can unify to be each system function distribution function number after system function exploitation, and establish each function and compile Corresponding relationship number with function type, by checking mapping table, can know function number it is corresponding be Intranet function also It is outer net function.When the corresponding function type of the function number is Intranet function, the system function that the needs access is Intranet function;When the corresponding function type of the function number is outer net function, the system function that the needs access is outer Net function.
Further, it is sent described to intranet server before requesting the company's of building message, the method also includes:
Obtain includes described first to request access to the identity identification information at the extranet access end in message, and judge The identity identification information whether there is in preset white and black list;
If it exists in the white list, then authentication passes through, and Xiang Suoshu intranet server sends the request company's of building message;
If it exists in the blacklist, then authentication fails, and Xiang Suoshu extranet access end sends denied access message;
If it does not exist in the white and black list, then the identity identification information is sent to default terminal, with Authentication is carried out for the default terminal;And receive message is passed through by the authentication that the default terminal is sent when The request company's of building message is sent to the intranet server, or is lost receiving by the authentication that the default terminal is sent When losing message, Xiang Suoshu extranet access end sends denied access message.
Preferably, identity identification information are as follows: MAC (Media Access Control Address, media access control Location).
In the present embodiment, authentication is carried out to outer net access end by white and black list;Wherein, described white It is stored with the identity identification information of each trusted terminal in list, the body of each insincere terminal is stored in the blacklist Part identification information.When the identity identification information at extranet access end is there is no in white and black list, by the identification Information is sent to default terminal, so that the default terminal carries out authentication, and is sent receiving by the default terminal Come when being verified message, the identity identification information is added in the white list, or is receiving by described pre- If the identity identification information is added in the blacklist when authentication failed message that terminal is sent.
It certainly, in practical applications, can also be by other authentication modes such as signature, code key to outer net access end Identity is verified.For example, external network server judges to request access in message first when carrying out authentication using signature It whether include default signature, if so, authentication passes through, if it is not, then authentication fails.
Further, in the case where authentication passes through, the method also includes:
The access level at the extranet access end, the access searched and determined are determined according to the identity identification information Rank is corresponding to forbid accessing list, and judges that the function number whether there is and forbid accessing in list in what is found;
If so, sending denied access message to the extranet access end;
If it is not, then sending the request company's of building message to the intranet server.
Wherein, the access level that the extranet access end is determined according to the identity identification information, specifically includes:
The corresponding access level of the identity identification information is determined in the white list.
Also record has access level corresponding with each identity identification information in the white list;For example, setting height, In, low three access levels, the addressable Intranet function in the corresponding extranet access end of the identity identification information of high access level Quantity of the quantity more than the addressable Intranet function in the corresponding extranet access end of identification new information of low access level.
It should be noted that the access level of each identity identification information sets in advance and is recorded in the white name In list.
Wherein, each access level have it is corresponding forbid access list, forbid access list in include forbid it is outer The function number of the Intranet function of net access end access.When the function number that external network server is judged to request access in message goes out When forbidding accessing in list of present corresponding access level, external network server sends denied access message to outer net access end, The corresponding Intranet function of the function number is accessed to refuse extranet access end.
Step S102: the external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, It is described to agree to that the company's of building message includes: the temporary ip address by the intranet server for external network server distribution.
In the present embodiment, in order to improve the safety of extranet access Intranet, intranet server can be external network server point With a temporary ip address, and the temporary ip address has the service life of certain time length, i.e., the described interim connection has certain The service life of duration, in the service life, external network server can send message and Intranet clothes to intranet server Being engaged in device can be to external network server transmission message, outside the service life, the external network server and the intranet server It disconnects.
Step S103: the external network server is established according to the temporary ip address to be connected with the interim of the intranet server It connects.
Step S104: the external network server requests access to described first message and repack to request access to for second to disappear Breath, and request access to message for described second and the intranet server is sent to by the interim connection, for the Intranet Server requests access to the corresponding Intranet function of message call according to described second.
Disappear specifically, the external network server requests access to described first message and repack to request access to for second Breath, comprising:
The temporary ip address is set by the destination address that described second requests access to message, and described second is requested The source address of access message is set as the IP address of the external network server;
It obtains described first and requests access to message content in message, and the message content is added to described second and is asked It asks in access message.
In the present embodiment, external network server can send a new request, this new request meeting to intranet server Comprising former request entrained data and parameter, when Intranet gets this new request, corresponding business processing can be done.
Wherein, when the intranet server receive described second request access to message when perform the following operations:
Step B1: whether the second source address requested access in message that the intranet server judgement receives is described The address of external network server;If so, B2 is thened follow the steps, if it is not, then sending denied access message to the external network server.
When the intranet server receives the request company's of building message, with obtaining the source in the request company's of building message Location, and establish the incidence relation of the source address Yu the temporary ip address.
When the intranet server receive described second request access to message when can request access to message to second source It is verified address.
Step B2: the intranet server requests access to message according to described second and executes corresponding feature operation, and to The external network server sends the first request-reply message.
Further, message is requested access to by described second described the Intranet is sent to by the interim connection take It is engaged in after device, the method also includes:
The external network server receives the first request-reply message sent by the intranet server, and by described the One request-reply message is repacked as the second request-reply message, and the second request-reply message is sent to described outer Net access end.
Further, described to repack the first request-reply message for the second request-reply message, specifically Include:
Set the destination address of the second request-reply message to the IP address at the extranet access end, and will be described The source address of second request-reply message is set as the IP address of the external network server;
The message content in the first request-reply message is obtained, and the message content is added to described second and is asked It asks in response message.
In the present embodiment, if extranet access end requests access to the Intranet function of Intranet engineering, outer net engineering can be passed through In external network server access the forwarding of request;After external network server forwarded access request, the logic flow of outer net Journey pause, waits the return of Intranet processing result.After Intranet has handled request, corresponding request-reply can be generated, and by outer The request-reply is transmitted to extranet access end by network server.In the process, extranet access end does not perceive, and does not influence Other logical process.
Embodiment two
The present invention also provides the method for another optional extranet access Intranet, this method specifically includes following step It is rapid:
Step S1: external network server reception requests access to message by first that extranet access end is sent;Wherein, described One requests access to the function number that message includes: the system function that needs access.
Specifically, before step S1, the method also includes:
Mapping table is received, and is stored;Wherein, the mapping table include: function number and respectively with The corresponding function type of each function number;
The function type includes: Intranet function and outer net function.
Step S2: the external network server judges to need whether the system function accessed is interior according to the function number Net function.
Specifically, step S2 includes:
According to the function number, using the mapping table, function class corresponding with the function number is determined Type.
When the corresponding function type of the function number is Intranet function, the system function for needing to access is Intranet Function;When the corresponding function type of the function number is outer net function, the system function for needing to access is outer net function Energy.
Step S3: in the case where the system function for needing to access is Intranet function, the external network server is to institute It states extranet access end and carries out authentication.
Specifically, being requested access in message described first further include: the identity identification information at the extranet access end.
Preferably, identity identification information are as follows: MAC (Media Access Control Address, media access control Location).
Further, step S3, comprising:
Judge that the identity identification information whether there is in preset white and black list;
If it exists in the white list, then authentication passes through, and executes step S4;
If it exists in the blacklist, then authentication fails, and sends denied access to the extranet access end and disappear Breath;
If it does not exist in the white and black list, then the identity identification information is sent to default terminal, with Authentication is carried out for the default terminal;Step is executed when being verified message by what the default terminal was sent receiving Rapid S4, or when receiving the authentication failed message sent by the default terminal, Xiang Suoshu extranet access end sends and refuses Access message absolutely.
Step S4: in the case where authentication passes through, the external network server is determined according to the identity identification information The access level at the extranet access end out, search it is corresponding with the access level determined forbid accessing list, and judge institute Function number is stated to forbid accessing in list with the presence or absence of in what is found;
If so, sending denied access message to the extranet access end;
If it is not, thening follow the steps S5.
Further, the access level that the extranet access end is determined according to the identity identification information, specifically Include:
The corresponding access level of the identity identification information is determined in the white list.
Also record has access level corresponding with each identity identification information in the white list;For example, setting height, In, low three access levels, the addressable Intranet function in the corresponding extranet access end of the identity identification information of high access level Quantity of the quantity more than the addressable Intranet function in the corresponding extranet access end of identification new information of low access level.
Wherein, the access level of each identity identification information sets in advance and is recorded in the white list.
Further, each access level have it is corresponding forbid access list, forbid access list in include prohibit The function number for the Intranet function of only being accessed by extranet access end.When external network server judges to request access to the function in message Number appears in when forbidding accessing in list of corresponding access level, and external network server sends denied access to outer net access end Message accesses the corresponding Intranet function of the function number to refuse extranet access end.
Step S5: the external network server sends the request company's of building message to the intranet server, and receives by described interior Even message is built in the agreement that network server is fed back to;It wherein, include by the intranet server in the agreement company of building message is institute State the temporary ip address that external network server is temporarily distributed.
Step S6: the external network server is established according to the temporary ip address to be connected with the interim of the intranet server It connects.
Step S7: the external network server requests access to described first message and repack to request access to for second to disappear Breath, and request access to message for described second and the intranet server is sent to by the interim connection, for the Intranet Server requests access to the corresponding Intranet function of message call according to described second.
Disappear specifically, the external network server requests access to described first message and repack to request access to for second Breath, comprising:
The temporary ip address is set by the destination address that described second requests access to message, and described second is requested The source address of access message is set as the IP address of the outer net service;
It obtains described first and requests access to message content in message, and the message content is added to described second and is asked It asks in access message.
Step S8: whether the second source address requested access in message that the intranet server judgement receives is described The address of external network server;If so, S9 is thened follow the steps, if it is not, then sending denied access message to the external network server.
Specifically, obtaining the request company of building message when the intranet server receives the request company's of building message In source address, and establish the incidence relation of the source address Yu the temporary ip address.
When the intranet server receive described second request access to message when can request access to message to second source It is verified address.
Step S9: the intranet server requests access to message according to described second and executes corresponding feature operation, and to The external network server sends the first request-reply message.
Step S10: the external network server receives the first request-reply message, and first request-reply is disappeared Breath is repacked to be transmitted to the second request-reply message at the extranet access end.
Specifically, step S10, comprising:
Set the destination address of the second request-reply message to the IP address at the extranet access end, and will be described The source address of second request-reply message is set as the IP address of the outer net service;
The message content in the first request-reply message is obtained, and the message content is added to described second and is asked It asks in response message.
Step S11: the second request-reply message is sent to the extranet access end by the external network server.
Embodiment three
The method of the extranet access Intranet provided in one based on the above embodiment provides a kind of extranet access in the present embodiment The device of Intranet, specifically, Fig. 2 shows the optional structural block diagram of the device of the extranet access Intranet, in the extranet access The device of net is divided into one or more program modules, one or more program module is stored in storage medium, and As performed by one or more processors, to complete the present invention.The so-called program module of the present invention is to refer to complete specific function The series of computation machine program instruction section of energy is more suitable for describing the device of extranet access Intranet in storage medium than program itself Implementation procedure, the function of each program module of the present embodiment will specifically be introduced by being described below.
As shown in Fig. 2, the device of the extranet access Intranet specifically includes consisting of part:
Sending module 201, for being used to access Intranet function by what extranet access end was sent when external network server is received When the first of energy requests access to message, the request company's of building message is sent to intranet server;
Receiving module 202 is built by the agreement that the intranet server is fed back to for external network server reception and is even disappeared Breath;Wherein, described to agree to that company of building message include: by the intranet server is temporary IP that the external network server is distributed Location;
Gang mould block 203 is built, is established and the intranet server for the external network server according to the temporary ip address Interim connection;
Forwarding module 204 by described first requests access to message for the external network server and repacks and asks for second Access message is sought, and requests access to message for described second and the intranet server is sent to by the interim connection, for The intranet server requests access to the corresponding Intranet function of message call according to described second.
Specifically, sending module 201, comprising:
Receiving unit receives for the external network server and first is requested access to and disappeared by the extranet access end is sent Breath;Wherein, described first the function number that message includes: the system function that needs access is requested access to;
Determination unit, for using preset mapping table, determining to compile with the function according to the function number Number corresponding function type;Wherein, the function type includes: Intranet function and outer net function;
Transmission unit, for when it is Intranet function that the function number is corresponding, the transmission of Xiang Suoshu intranet server to be asked Seek the company's of building message.
Further, described device further include:
Authentication module, for it is described send request company of building message to intranet server before, obtain included in described the One requests access to the identity identification information at the extranet access end in message, and judges that the identity identification information whether there is In preset white and black list;If it exists in the white list, then authentication passes through, Xiang Suoshu intranet server Send the request company's of building message;If it exists in the blacklist, then authentication fails, and Xiang Suoshu extranet access end sends refusal Access message;If it does not exist in the white and black list, then the identity identification information is sent to default terminal, with Authentication is carried out for the default terminal;And receive message is passed through by the authentication that the default terminal is sent when The request company's of building message is sent to the intranet server, or is lost receiving by the authentication that the default terminal is sent When losing message, Xiang Suoshu extranet access end sends denied access message.
Wherein, the authentication module, is also used to:
In the case where authentication passes through, the access at the extranet access end is determined according to the identity identification information Rank, search it is corresponding with the access level determined forbid accessing list, and judge that the function number whether there is in looking into That finds forbids accessing in list;If so, sending denied access message to the extranet access end;If it is not, then to described interior Network server sends the request company's of building message.
Further, the forwarding module 204, is specifically used for:
The temporary ip address is set by the destination address that described second requests access to message, and described second is requested The source address of access message is set as the IP address of the external network server;It obtains described first and requests access to message in message Content, and the message content is added to described second and is requested access in message.
Further, described device further include:
Processing module, for it is described by described second request access to message by the interim connection be sent to it is described in After network server, the external network server receives the first request-reply message sent by the intranet server, and will The first request-reply message is repacked as the second request-reply message, and the second request-reply message is sent to The extranet access end.
Wherein, the processing module, is specifically used for:
Set the destination address of the second request-reply message to the IP address at the extranet access end, and will be described The source address of second request-reply message is set as the IP address of the external network server;Obtain the first request-reply message In message content, and the message content is added in the second request-reply message.
Example IV
The present embodiment also provides a kind of computer equipment, can such as execute the smart phone, tablet computer, notebook of program Computer, desktop computer, rack-mount server, blade server, tower server or Cabinet-type server are (including independent Server cluster composed by server or multiple servers) etc..As shown in figure 3, the computer equipment 30 of the present embodiment to It is few to include but is not limited to: memory 301, the processor 302 of connection can be in communication with each other by system bus.It should be pointed out that Fig. 3 illustrates only the computer equipment 30 with component 301-302, it should be understood that being not required for implementing all show Component, the implementation that can be substituted is more or less component.
In the present embodiment, memory 301 (i.e. readable storage medium storing program for executing) includes flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), random access storage device (RAM), static random-access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read only memory (PROM), magnetic storage, magnetic Disk, CD etc..In some embodiments, memory 301 can be the internal storage unit of computer equipment 30, such as the calculating The hard disk or memory of machine equipment 30.In further embodiments, memory 301 is also possible to the external storage of computer equipment 30 The plug-in type hard disk being equipped in equipment, such as the computer equipment 30, intelligent memory card (Smart Media Card, SMC), peace Digital (Secure Digital, SD) card, flash card (Flash Card) etc..Certainly, memory 301 can also both include meter The internal storage unit for calculating machine equipment 30 also includes its External memory equipment.In the present embodiment, memory 301 is commonly used in depositing Storage is installed on the operating system and types of applications software of computer equipment 30, for example, embodiment two extranet access Intranet device Program code etc..In addition, memory 301 can be also used for temporarily storing all kinds of numbers that has exported or will export According to.
Processor 302 can be in some embodiments central processing unit (Central Processing Unit, CPU), Controller, microcontroller, microprocessor or other data processing chips.The processor 302 is commonly used in control computer equipment 30 overall operation.
Specifically, in the present embodiment, processor 302 is for executing the extranet access Intranet stored in processor 302 The program of the program of method, the method for the extranet access Intranet is performed realization following steps:
It is requested access to by what extranet access end was sent for accessing the first of Intranet function when external network server is received When message, the request company's of building message is sent to intranet server;
The external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, the agreement The company's of building message includes: the temporary ip address by the intranet server for external network server distribution;
The external network server establishes the interim connection with the intranet server according to the temporary ip address;
The external network server, which by described first requests access to message, repacks and requests access to message for second, and by institute State second and request access to message and the intranet server is sent to by the interim connection, for the intranet server according to Described second requests access to the corresponding Intranet function of message call.
The specific embodiment process of above method step can be found in first embodiment, and the present embodiment is not repeated to go to live in the household of one's in-laws on getting married herein It states.
Embodiment five
The present embodiment also provides a kind of computer readable storage medium, such as flash memory, hard disk, multimedia card, card-type memory (for example, SD or DX memory etc.), random access storage device (RAM), static random-access memory (SRAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), programmable read only memory (PROM), magnetic storage, magnetic Disk, CD, server, App are stored thereon with computer program, the computer program is held by processor using store etc. Following method and step is realized when row:
It is requested access to by what extranet access end was sent for accessing the first of Intranet function when external network server is received When message, the request company's of building message is sent to intranet server;
The external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, the agreement The company's of building message includes: the temporary ip address by the intranet server for external network server distribution;
The external network server establishes the interim connection with the intranet server according to the temporary ip address;
The external network server, which by described first requests access to message, repacks and requests access to message for second, and by institute State second and request access to message and the intranet server is sent to by the interim connection, for the intranet server according to Described second requests access to the corresponding Intranet function of message call.
The specific embodiment process of above method step can be found in first embodiment, and the present embodiment is not repeated to go to live in the household of one's in-laws on getting married herein It states.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or device.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of method of extranet access Intranet, which is characterized in that the described method includes:
Message is requested access to for accessing the first of Intranet function by what extranet access end was sent when external network server is received When, the request company's of building message is sent to intranet server;
The external network server, which is received, builds even message by the agreement that the intranet server is fed back to;Wherein, the agreement company of building Message includes: the temporary ip address by the intranet server for external network server distribution;
The external network server establishes the interim connection with the intranet server according to the temporary ip address;
The external network server, which by described first requests access to message, repacks and requests access to message for second, and by described Two, which request access to message, is sent to the intranet server by the interim connection, so that the intranet server is according to Second requests access to the corresponding Intranet function of message call.
2. the method for extranet access Intranet according to claim 1, which is characterized in that described when external network server receives By extranet access end send when requesting access to message for accessing the first of Intranet function, send and request to intranet server The company's of building message, specifically includes:
The external network server reception requests access to message by first that the extranet access end is sent;Wherein, described first Requesting access to message includes: to need the function number of the system function accessed;
According to the function number, using preset mapping table, function type corresponding with the function number is determined; Wherein, the function type includes: Intranet function and outer net function;
When it is Intranet function that the function number is corresponding, Xiang Suoshu intranet server sends the request company's of building message.
3. the method for extranet access Intranet according to claim 2, which is characterized in that sent described to intranet server Before requesting the company's of building message, the method also includes:
Obtaining includes the described first identity identification information for requesting access to the extranet access end in message, and described in judgement Identity identification information whether there is in preset white and black list;
If it exists in the white list, then authentication passes through, and Xiang Suoshu intranet server sends the request company's of building message;
If it exists in the blacklist, then authentication fails, and Xiang Suoshu extranet access end sends denied access message;
If it does not exist in the white and black list, then the identity identification information is sent to default terminal, for institute It states default terminal and carries out authentication;And receive message is passed through from the authentication that the default terminal is sent when to institute It states intranet server and sends the request company's of building message, or unsuccessfully disappeared receiving by the authentication that the default terminal is sent When breath, Xiang Suoshu extranet access end sends denied access message.
4. the method for extranet access Intranet according to claim 3, which is characterized in that the case where authentication passes through Under, the method also includes:
The access level at the extranet access end, the access level searched and determined are determined according to the identity identification information It is corresponding to forbid accessing list, and judge that the function number whether there is and forbid accessing in list in what is found;
If so, sending denied access message to the extranet access end;
If it is not, then sending the request company's of building message to the intranet server.
5. the method for extranet access Intranet according to claim 1, which is characterized in that the external network server is by described One, which requests access to message, repacks and requests access to message for second, specifically includes:
The temporary ip address is set by the destination address that described second requests access to message, and described second is requested access to The source address of message is set as the IP address of the external network server;
It obtains described first and requests access to message content in message, and the message content is added to second request and is visited It asks in message.
6. the method for extranet access Intranet according to claim 1, which is characterized in that visit second request described After asking that message is sent to the intranet server by the interim connection, the method also includes:
The external network server receives the first request-reply message sent by the intranet server, and described first is asked It asks response message to repack for the second request-reply message, and the second request-reply message is sent to the outer net and is visited Ask end.
7. the method for extranet access Intranet according to claim 6, which is characterized in that described by first request-reply Message is repacked as the second request-reply message, is specifically included:
Set the destination address of the second request-reply message to the IP address at the extranet access end, and by described second The source address of request-reply message is set as the IP address of the external network server;
The message content in the first request-reply message is obtained, and the message content is added to second request and is answered It answers in message.
8. a kind of device of extranet access Intranet, which is characterized in that described device includes:
Sending module, for being used to access the first of Intranet function by what extranet access end was sent when external network server is received When requesting access to message, the request company's of building message is sent to intranet server;
Receiving module receives for the external network server and builds even message by the agreement that the intranet server is fed back to;Wherein, It is described to agree to that the company's of building message includes: the temporary ip address by the intranet server for external network server distribution;
Gang mould block is built, is established for the external network server according to the temporary ip address and is connected with the interim of the intranet server It connects;
Forwarding module, requests access to message and repacks to request access to for second and disappear for the external network server by described first Breath, and request access to message for described second and the intranet server is sent to by the interim connection, for the Intranet Server requests access to the corresponding Intranet function of message call according to described second.
9. a kind of computer equipment, the computer equipment includes: memory, processor and is stored on the memory simultaneously The computer program that can be run on the processor, which is characterized in that the processor realizes right when executing described program It is required that the step of any one of 1 to 7 the method.
10. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that described program is processed The step of any one of claim 1 to 7 the method is realized when device executes.
CN201910419273.2A 2019-05-20 2019-05-20 Method and device for accessing intranet by extranet, computer equipment and readable storage medium Active CN110278192B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910419273.2A CN110278192B (en) 2019-05-20 2019-05-20 Method and device for accessing intranet by extranet, computer equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910419273.2A CN110278192B (en) 2019-05-20 2019-05-20 Method and device for accessing intranet by extranet, computer equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN110278192A true CN110278192A (en) 2019-09-24
CN110278192B CN110278192B (en) 2022-10-25

Family

ID=67960142

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910419273.2A Active CN110278192B (en) 2019-05-20 2019-05-20 Method and device for accessing intranet by extranet, computer equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN110278192B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131303A (en) * 2019-12-31 2020-05-08 苏宁云计算有限公司 Request data verification system and method
CN111683045A (en) * 2020-04-28 2020-09-18 中国平安财产保险股份有限公司 Session information processing method, device, equipment and storage medium
CN111818100A (en) * 2020-09-04 2020-10-23 腾讯科技(深圳)有限公司 Method for configuring channel across networks, related equipment and storage medium
CN113709162A (en) * 2021-08-30 2021-11-26 康键信息技术(深圳)有限公司 Method, device and equipment for acquiring intranet data and storage medium
WO2022143127A1 (en) * 2020-12-31 2022-07-07 华为技术有限公司 Method for accessing local area network service device, and electronic device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968181A (en) * 2005-11-15 2007-05-23 中兴通讯股份有限公司 Method for implementing media stream message passing through network address converter
CN101656645A (en) * 2008-08-20 2010-02-24 华为技术有限公司 Method, equipment and system for communication between external equipment and internal equipment of home network
CN102111311A (en) * 2011-03-18 2011-06-29 杭州华三通信技术有限公司 Method for accessing and monitoring private network through layer 2 tunnel protocol and server
CN102148767A (en) * 2011-05-12 2011-08-10 杭州华三通信技术有限公司 Network address translation (NAT)-based data routing method and device
CN104811507A (en) * 2014-01-26 2015-07-29 中国移动通信集团湖南有限公司 IP address acquiring method and IP address acquiring device
CN105162787A (en) * 2015-09-17 2015-12-16 深圳市深信服电子科技有限公司 Method and apparatus of external network terminal for accessing manufacture device or internal network terminal

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1968181A (en) * 2005-11-15 2007-05-23 中兴通讯股份有限公司 Method for implementing media stream message passing through network address converter
CN101656645A (en) * 2008-08-20 2010-02-24 华为技术有限公司 Method, equipment and system for communication between external equipment and internal equipment of home network
CN102111311A (en) * 2011-03-18 2011-06-29 杭州华三通信技术有限公司 Method for accessing and monitoring private network through layer 2 tunnel protocol and server
CN102148767A (en) * 2011-05-12 2011-08-10 杭州华三通信技术有限公司 Network address translation (NAT)-based data routing method and device
CN104811507A (en) * 2014-01-26 2015-07-29 中国移动通信集团湖南有限公司 IP address acquiring method and IP address acquiring device
CN105162787A (en) * 2015-09-17 2015-12-16 深圳市深信服电子科技有限公司 Method and apparatus of external network terminal for accessing manufacture device or internal network terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
郑春阳等: "基于VPN的校园网络资源的访问", 《沧州师范专科学校学报》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111131303A (en) * 2019-12-31 2020-05-08 苏宁云计算有限公司 Request data verification system and method
CN111683045A (en) * 2020-04-28 2020-09-18 中国平安财产保险股份有限公司 Session information processing method, device, equipment and storage medium
CN111818100A (en) * 2020-09-04 2020-10-23 腾讯科技(深圳)有限公司 Method for configuring channel across networks, related equipment and storage medium
CN111818100B (en) * 2020-09-04 2021-02-02 腾讯科技(深圳)有限公司 Method for configuring channel across networks, related equipment and storage medium
WO2022143127A1 (en) * 2020-12-31 2022-07-07 华为技术有限公司 Method for accessing local area network service device, and electronic device
CN113709162A (en) * 2021-08-30 2021-11-26 康键信息技术(深圳)有限公司 Method, device and equipment for acquiring intranet data and storage medium

Also Published As

Publication number Publication date
CN110278192B (en) 2022-10-25

Similar Documents

Publication Publication Date Title
CN110278192A (en) Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet
CN103607385B (en) Method and apparatus for security detection based on browser
CN109818937A (en) For the control method of Android permission, device and storage medium, electronic device
CN111355723B (en) Single sign-on method, device, equipment and readable storage medium
CN111988337B (en) Authority management method and system
CN107196951A (en) The implementation method and firewall system of a kind of HDFS systems fire wall
CN109462601B (en) Multi-platform access method and device based on eSIM
KR20010088528A (en) A portable storage device and Method for using a remote storage device in the network as auxiliary memory of the local computer system by using the same device
CN107197462B (en) Wireless network type detection method and device and electronic equipment
CN110138767B (en) Transaction request processing method, device, equipment and storage medium
CN104639650A (en) Fine granularity distributive interface access control method and device
WO2013173238A1 (en) Electronic transaction notification system and method
US11816249B2 (en) System and method for dynamic management of private data
CN112448956B (en) Authority processing method and device of short message verification code and computer equipment
CN113158196A (en) Login verification method, device, equipment and medium
CN114138590A (en) Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment
CN111563215A (en) Method and device for controlling front-end operation authority and related equipment
CN111885184A (en) Method and device for processing hot spot access keywords in high concurrency scene
CN113722114A (en) Data service processing method and device, computing equipment and storage medium
CN110880990A (en) Configuration checking method and device for big data cluster component and computing equipment
CN113645060B (en) Network card configuration method, data processing method and device
CN114567678A (en) Resource calling method and device of cloud security service and electronic equipment
WO2006059852A1 (en) Method and system for providing resources by using virtual path
CN116628696A (en) Vulnerability detection method based on proxy client and related equipment
CN113468579A (en) Data access method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant