CN110601832A - Data access method and device - Google Patents

Data access method and device Download PDF

Info

Publication number
CN110601832A
CN110601832A CN201910929438.0A CN201910929438A CN110601832A CN 110601832 A CN110601832 A CN 110601832A CN 201910929438 A CN201910929438 A CN 201910929438A CN 110601832 A CN110601832 A CN 110601832A
Authority
CN
China
Prior art keywords
token
information
server
data
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910929438.0A
Other languages
Chinese (zh)
Inventor
雷欢欢
张弓
樊伟平
田骊宁
魏克明
曹福娟
骆庚
崔元祺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Coal (xi'an) Underground Space Technology Development Co Ltd
China Coal Survey & Remote Sensing Group Co Ltd
Aerial Photogrammetry and Remote Sensing Co Ltd
Original Assignee
China Coal (xi'an) Underground Space Technology Development Co Ltd
China Coal Survey & Remote Sensing Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Coal (xi'an) Underground Space Technology Development Co Ltd, China Coal Survey & Remote Sensing Group Co Ltd filed Critical China Coal (xi'an) Underground Space Technology Development Co Ltd
Priority to CN201910929438.0A priority Critical patent/CN110601832A/en
Publication of CN110601832A publication Critical patent/CN110601832A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Abstract

The application provides a data access method and device, and relates to the technical field of front-end and back-end separation. The method comprises the following steps: obtaining an access request of a front end, wherein the access request comprises: interface path and token identification of the access function; verifying the token identification; if the verification is successful, acquiring the data of the access function according to the interface path; and returning the data of the access function to the front end. Compared with the prior art, the data security is improved, and meanwhile, the problem of front-end data redundancy is avoided.

Description

Data access method and device
Technical Field
The present application relates to the field of front-end and back-end technologies, and in particular, to a data access method and apparatus.
Background
The front-end separation and the back-end separation become an industry standard use mode of internet project development, the front-end separation and the back-end separation can effectively perform decoupling, and the front-end separation can lay a solid foundation for future large-scale distributed architectures, elastic computing architectures, micro-service architectures and multi-end services (various clients, such as browsers, vehicle-mounted terminals, android clients and IOS clients).
The idea of separating front and back end is that the front end page performs data interaction by calling the interface of the back end.
However, in the separation of the front end and the back end in the prior art, the front end generally accesses the data in the back end database directly through the user name and the password, and the accessed data can be directly stored in the front end, and such a storage mode can cause the problem of low security of the data.
Disclosure of Invention
An object of the present application is to provide a data access method, aiming at the above deficiencies in the prior art, so as to solve the problem that when the front end accesses data to the back end in the prior art, the accessed data is stored in the front end, which results in low security of the data.
In order to achieve the above purpose, the technical solutions adopted in the embodiments of the present application are as follows:
in a first aspect, an embodiment of the present application provides a data access method, where the method includes:
obtaining an access request of a front end, wherein the access request comprises: interface path and token identification of the access function;
verifying the token identification;
if the verification is successful, acquiring the data of the access function according to the interface path;
and returning the data of the access function to the front end.
Optionally, before the obtaining the access request of the front end, the method further includes:
receiving login information sent by the front end, wherein the login information comprises: user information of the front end and device information of the front end;
verifying the user information;
if the verification is passed, generating token information and the token identifier corresponding to the token information according to the equipment information;
and sending the token identification to the front end.
Optionally, the device information includes: a Media Access Control (MAC) address and an accessed Internet Protocol (IP) address;
the generating token information and the token identifier corresponding to the token information according to the device information includes:
and generating unique token information by adopting a preset generation rule according to the MAC address and the IP address, and generating a unique token identifier according to the token information.
Optionally, the verifying the token identifier includes:
performing authority verification on the token identification;
if the authority passes the verification, obtaining token information corresponding to the token identification in the cache of the server according to the token identification;
verifying whether the token information corresponding to the token identification is expired;
if the token information corresponding to the token identification is not expired, determining that the token identification passes verification;
and if the token information corresponding to the token identification is expired, determining that the token identification is not verified.
Optionally, the access request further includes: the device identification of the front end, the method further comprising:
if the token information corresponding to the token identification is not expired, updating the corresponding token information according to the token identification;
and updating the updated token information to the cache of the server.
Optionally, the method further comprises:
and if the token identification fails to be verified, sending failure indication information to the front end, wherein the failure indication information is used for enabling the front end to resend the login information.
In a second aspect, another embodiment of the present application provides a data access method, including:
sending an access request to a server, wherein the access request comprises: an interface path and a token identifier of an access function, wherein the access request is used for enabling the server to verify the token identifier;
and receiving the data of the access function returned by the server after the token identification passes the verification, wherein the data of the access function is the data acquired by the server according to the interface path.
Optionally, before sending the access request to the server, the method further includes:
sending login information to the server, wherein the login information comprises: the login information is used for enabling a server to verify the user information;
receiving the token identification sent by the server after the user information passes the verification; the token identification is the token identification corresponding to the token information generated by the server according to the equipment information.
Optionally, the method further comprises:
and receiving failure indication information sent by the server after the token identification fails to be verified, wherein the failure indication information is used for enabling the front end to resend the login information.
In a third aspect, another embodiment of the present application provides a data access apparatus, including: the system comprises an acquisition module, a verification module and a return module, wherein:
the obtaining module is configured to obtain an access request of a front end, where the access request includes: interface path and token identification of the access function;
the verification module is used for verifying the token identification;
the obtaining module is further configured to obtain the data of the access function according to the interface path if the verification is successful;
and the return module is used for returning the data of the access function to the front end.
In a fourth aspect, another embodiment of the present application provides a data access apparatus, including: a transmitting module and a receiving module, wherein:
the sending module is configured to send an access request to a server, where the access request includes: an interface path and a token identifier of an access function, wherein the access request is used for enabling the server to verify the token identifier;
the receiving module is configured to receive the data of the access function returned by the server after the token identifier is verified, where the data of the access function is obtained by the server according to the interface path.
In a fifth aspect, another embodiment of the present application provides a server device, including: a processor, a storage medium and a bus, wherein the storage medium stores machine-readable instructions executable by the processor, when a server device runs, the processor communicates with the storage medium through the bus, and the processor executes the machine-readable instructions to perform the steps of the method according to any one of the first aspect.
In a sixth aspect, another embodiment of the present application provides a front-end device, including: a processor, a storage medium and a bus, wherein the storage medium stores machine-readable instructions executable by the processor, when the front-end device runs, the processor and the storage medium communicate with each other through the bus, and the processor executes the machine-readable instructions to perform the steps of the method according to any one of the second aspect.
In a seventh aspect, another embodiment of the present application provides a storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the steps of the method according to any one of the above first aspects.
In an eighth aspect, another embodiment of the present application provides a storage medium, on which a computer program is stored, where the computer program is executed by a processor to perform the steps of the method according to any one of the above second aspects.
The beneficial effect of this application is: by adopting the data access method provided by the application, the data is stored in the server, when the front end needs to access, the access request with the token identification is sent to the server, the server verifies the token identification, if the verification is passed, the data of the access function is obtained according to the interface path in the access request, and the accessed data is returned to the front end, so that when the front end accesses the data, only the access request with the token identification needs to be sent to the server, the data is stored in the server, and the front end can only access the data in the authority limit through the token identification, thereby ensuring the security of the data.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a schematic flowchart of a data access method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of a data access method according to another embodiment of the present application;
fig. 3 is a schematic flowchart of a data access method according to another embodiment of the present application;
fig. 4 is a schematic flowchart of a data access method according to another embodiment of the present application;
fig. 5 is a schematic flowchart of a data access method according to another embodiment of the present application;
fig. 6 is a schematic flowchart of a data access method according to another embodiment of the present application;
FIG. 7 is an interaction diagram of a front end and a back end provided by an embodiment of the present application;
fig. 8 is a schematic structural diagram of a data access device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of a data access device according to another embodiment of the present application;
fig. 10 is a schematic structural diagram of a data access device according to an embodiment of the present application;
fig. 11 is a schematic structural diagram of a data access device according to another embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments.
In order to make the contents of the following embodiments of the present application easier to understand, the terms necessary for the parts are explained as follows:
token: in computer authentication, this means a token (temporary) and in lexical analysis, this means a token. Generally, the system is used as an invitation and login system. Token is generated at the server. If the front end uses the user name/password to request authentication from the server, and the server successfully authenticates, the server returns Token to the front end. The front-end can take Token to prove its legitimacy at the time of each request. If the Token is persisted (e.g., stored in a database) at the server, it is a permanent identity Token.
Redis: the key-value storage system is a key-value storage system based on keywords, and supports relatively more types of stored values, including character strings (string), linked lists (list), sets (set), ordered sets (sorted set) and hash types (hash). On this basis, redis supports various different ways of ordering. To ensure efficiency, data is cached in memory. The redis periodically writes updated data to the disk or writes modification operations to an additional record file, and realizes master-slave synchronization on the basis of the updated data or the modification operations.
The methods proposed in the following embodiments of the present application are all applied to a front-end and back-end separation system, the system comprising: a front end and a server.
Optionally, in an embodiment of the present application, the front end may be a front frame built by an vue frame, and the server may be a backend service built by a springboot frame, but the building manner in the specific implementation process is not limited thereto, and any frame that can successfully build the front end and the server may be used for building, and the present application is not limited thereto.
Fig. 1 is a flowchart illustrating a data access method according to an embodiment of the present application, as shown in fig. 1, the method may be executed by a server (also referred to as a server), and may include:
s101: and acquiring an access request of the front end.
Wherein the access request comprises: and accessing an interface path of the function and a token identifier, wherein the token identifier is a symbol of the front-end identity, and data in the token identifier authority can be accessed through the verified token identifier.
The interface path of the access function may be an interface path of the access function acquired by the front end according to the system resource permission data of the front end and acquired based on the menu. S102: the token identity is verified.
Optionally, the verifying may include: rights verification and/or term verification, for example: if the authority verification is included, the token identification verification is determined to be successful when the authority verification passes, and the token identification verification is determined to be failed when the authority verification fails. If the time limit verification is included, when the time limit verification passes, the token identification verification can be determined to be successful, and when the time limit verification fails, the token identification verification can be determined to be failed; if the authority verification and the deadline verification are included, the token identification verification can be determined to be successful when the authority verification and the deadline verification both pass, and the token identification verification can be determined to be failed if at least one of the authority verification and the deadline verification fails. The content of the specific authentication is set according to the user requirement, and is not limited to the three ways provided by the above embodiments, and the application is not limited thereto.
If the verification is successful, executing S103: and acquiring the data of the access function according to the interface path.
The data of the access function is acquired through the interface path, and the safety of the data in the data access process can be guaranteed.
S104: and returning the data of the access function to the front end.
And returning the data of the access function, wherein the returned data of the access function is the data in the returned front-end access authority on the basis of the token identification verification.
In this embodiment, by using the data access method provided by the present application, data is stored in the server, when a front end needs to access, an access request with a token identifier may be sent to the server, the server verifies the token identifier, and if the token identifier passes the verification, data of an access function is obtained according to an interface path in the access request, and the accessed data is returned to the front end.
Fig. 2 is a schematic flowchart of a data access method according to another embodiment of the present application, and as shown in fig. 2, the method further includes:
if the token id verification fails, then execute S105: and sending failure indication information to the front end.
The failure indication information is used to cause the head-end to resend the login information.
Alternatively, the failure indication information may be a dialog box, such as: there is shown "this authentication failed, please retry! "dialog box; two close prompt tones can also be returned for prompting the user that the current verification is not passed; the dialog box can be added with prompt tone; the form of the specific indication information is designed according to the needs of the user, and the application is not limited herein.
Fig. 3 is a schematic flowchart of a data access method according to another embodiment of the present application, and as shown in fig. 3, before S101, the method further includes:
s106: and receiving the login information sent by the front end.
Wherein, the login information comprises: user information of the head end and device information of the head end.
Optionally, the device information may include a MAC address and an IP address, and any information that can uniquely represent the device may be used as the device information, which is not limited herein.
The user information may be information input by the user through a login page displayed at the front end.
Alternatively, the user information may be: the user name and password, the fingerprint information, the face information, the pupil information and the like, and any information which can prove the identity of the user can be used as the user information, and the application is not limited at all.
S107: and verifying the user information.
If the verification is passed, executing S108: and generating token information and a token identifier corresponding to the token information according to the equipment information.
If the verification fails, the process returns to the step S106, and the login information sent by the front end is received again for verification.
The token identifier may be an index of token information, and after the server generates the token information and a corresponding token identifier, the server returns the token identifier to the front end, and stores the token information, for example, the token information and the token identifier corresponding to the token information are stored in a cache or a database. When the front end initiates an access request comprising the token identification, the server can verify the token identification, and if the token identification passes the verification, the server can obtain token information corresponding to the token identification from the server according to the token identification.
Optionally, if the user information passes the verification, it may be determined that the front end has successfully logged in, and the system resource permission corresponding to the user role of the front end and the data permission corresponding to the user role may be obtained according to the user information. And the server side sends the information of the system resource authority, the information of the data authority and the token identification to the front end.
The front end can obtain the menu in the front end authority according to the information of the system resource authority of the front end and the information of the data authority, and the interface path of the access function is obtained based on the menu.
Optionally, S108 may include: and generating unique token information by adopting a preset generation rule according to the MAC address and the IP address, and generating a unique token identifier according to the token information.
The token information comprises a token identifier, a MAC address and an IP address corresponding to the token and effective time information of the token; the token valid time information is a preset time period, and may be set arbitrarily according to user needs, for example, the token valid time may be set to be valid within half an hour, valid within one hour, or valid within three hours, and the specific token valid time is set according to user needs, which is not limited herein.
S109: and sending the token identification to the front end.
Optionally, verifying the token identification may be:
carrying out authority verification on the token identification; if the authority passes the verification, obtaining token information corresponding to the token identifier in the cache of the server according to the token identifier; and verifying whether the token information corresponding to the token identification is expired.
And if the token information corresponding to the token identification is not expired, determining that the token identification passes verification, updating the corresponding token information according to the token identification, and updating the updated token information to a cache of the server.
And updating the token information, wherein the updated token information is the valid time information of the token. For example, the following steps are carried out: if in one embodiment, the valid time of the token is half an hour, and fifteen minutes after the first time of acquiring the data of the access function, the front end sends an access request with the token identifier to the server, at this time, the server verifies the token identifier, and after the verification is passed, fifteen minutes after the valid time of the current token is detected, that is, the token information is not expired, it is determined that the token identifier is verified, and the valid time of the token is reset to half an hour.
And if the token information corresponding to the token identification is expired, determining that the token identification is not verified.
Fig. 4 is a flowchart illustrating a data access method according to another embodiment of the present application, as shown in fig. 4, the method may be executed by a front end corresponding to a server, and may include:
s201: and sending an access request to the server.
Wherein the access request comprises: the access function comprises an interface path and a token identifier of the access function, and the access request is used for enabling the server to verify the token identifier.
S202: and receiving the data of the access function returned by the server after the token identification passes the verification.
The data of the access function is the data acquired by the server according to the interface path.
After receiving the data of the access function sent by the server, the front end can display the data of the access function on the function page so as to display the data of the access function to the user.
The data access method may be a front-end executed method corresponding to the server-side executed method, and the description of the corresponding technical features is referred to above and is not repeated herein.
By adopting the data access method provided by the application, the data is stored in the server, when the front end needs to access, only the access request with the token identification needs to be sent to the server, the server verifies the token identification, if the verification is passed, the data of the access function is obtained according to the interface path in the access request, and the accessed data is returned to the front end, so that when the front end accesses the data, only the access request with the token identification needs to be sent to the server, the data is stored in the server, and the front end can only access the data in the authority limit through the token identification, thereby ensuring the security of the data.
Fig. 5 is a schematic flowchart of a data access method according to another embodiment of the present application, and as shown in fig. 5, the method may further include:
s203: and receiving failure indication information sent by the server side after the token identification verification fails.
Wherein the failure indication information is used to cause the head end to resend the login information.
For example, after receiving the failure indication information sent by the server, the front end may redisplay the login page to receive the user information input by the user, and then send login information including the user information and the device information to the server again in combination with the device information of the front end.
Fig. 6 is a schematic flowchart of a data access method according to another embodiment of the present application, and as shown in fig. 6, before S201, the method may further include:
s204: and sending login information to the server.
Wherein, the login information comprises: the user information of the front end and the equipment information of the front end, and the login information are used for enabling the server to verify the user information.
S205: and receiving the token identification sent by the server after the user information passes the verification.
The token identification is the token identification corresponding to the token information generated by the server according to the equipment information.
Fig. 7 is an interaction diagram of a front end and a server according to an embodiment of the present application, and as shown in fig. 7, an interaction process of the front end 100 and the server 200 is as follows:
when accessing the data of the server 200 for the first time, the front end 100 first needs to log in, that is, executes S301: and sending login information to the server 200.
Subsequently, the server 200 verifies the login information of the front end 100, and if the login information is verified, the server 200 respectively executes S302 and S303:
s302: and (4) successful login.
S303: and the cache of the server generates token information and token identification.
And sends the token identification to the front end 100, and in the subsequent login process of the front end 100, the following steps are executed:
s304: and sending an access request to the server.
Wherein the access request comprises: an interface path and token identification of the access function.
S305: the token identity is verified.
If the verification is not passed, then execution proceeds to S306 a: and sending failure indication information to the front end so that the front end resends the login information.
If the authority verification passes, then execution proceeds to S306 b: and obtaining token information corresponding to the token identifier in the server cache according to the token identifier.
Subsequently, S307 is executed: and judging whether the token information is expired.
If the token information is detected to be expired, then the step S308a is executed: and returning the instruction that the token information is expired to the front end. After receiving the instruction, the front end executes S301.
If the token information is detected not to be expired, then S308b is executed: and updating the token information corresponding to the token identification according to the equipment identification of the front end.
Then, S309 and S310 are performed, respectively:
s309: and updating the updated token information to a cache of the server.
S310: data for the access function is returned. The front end 100 then performs S311: the front page shows the data.
Fig. 8 is a schematic structural diagram of a data access device according to an embodiment of the present application, and as shown in fig. 8, the data access device includes: an acquisition module 401, a verification module 402, and a return module 403, wherein:
an obtaining module 401, configured to obtain an access request of a front end, where the access request includes: an interface path and token identification of the access function.
A verification module 402, configured to verify the token identifier.
The obtaining module 401 is further configured to obtain data of the access function according to the interface path if the verification is successful.
A returning module 403, configured to return the data of the access function to the front end.
The above-mentioned apparatus is used for executing the method provided by the foregoing embodiment, and the implementation principle and technical effect are similar, which are not described herein again.
FIG. 9 is a schematic structural diagram of a data access device according to an embodiment of the present application, such as
As shown in fig. 9, the apparatus includes: a sending module 501 and a receiving module 502, wherein:
a sending module 501, configured to send an access request to a server, where the access request includes: the access function comprises an interface path and a token identifier of the access function, and the access request is used for enabling the server to verify the token identifier.
The receiving module 502 is configured to receive data of the access function returned by the server after the token identifier passes the verification, where the data of the access function is data obtained by the server according to the interface path.
These above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when one of the above modules is implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
Fig. 10 is a schematic structural diagram of a server device according to an embodiment of the present application, where the server device may be integrated in a server or a chip of the server.
The server device includes: a processor 601, a storage medium 602, and a bus 603.
The processor 601 is configured to store a program, and the processor 601 calls the program stored in the storage medium 602 to execute the data access method embodiment executed by the server shown in any one of fig. 1 to fig. 3. The specific implementation and technical effects are similar, and are not described herein again.
Fig. 11 is a schematic structural diagram of a front-end device according to an embodiment of the present application, where the front-end device may be integrated in a terminal device or a chip of the terminal device.
The front-end device includes: a processor 701, a storage medium 702, and a bus 703.
The processor 701 is configured to store a program, and the processor 701 calls the program stored in the storage medium 702 to execute the embodiment of the data access method executed by the front end shown in any one of fig. 4 to fig. 6. The specific implementation and technical effects are similar, and are not described herein again.
Optionally, the present application further provides a program product, for example, a storage medium, on which a computer program is stored, including a program, when the program is executed by a processor, the program performs the embodiment of the data access method executed by the server shown in any of fig. 1 to 3.
Optionally, the present application also provides a program product, such as a storage medium, on which a computer program is stored, including a program, which when executed by a processor, performs the embodiment of the data access method performed by the front end shown in any of fig. 4 to 6.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to perform some steps of the methods according to the embodiments of the present application. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.

Claims (10)

1. A method of data access, the method comprising:
obtaining an access request of a front end, wherein the access request comprises: interface path and token identification of the access function;
verifying the token identification;
if the verification is successful, acquiring the data of the access function according to the interface path;
and returning the data of the access function to the front end.
2. The method of claim 1, wherein prior to obtaining the access request of the front end, the method further comprises:
receiving login information sent by the front end, wherein the login information comprises: user information of the front end and device information of the front end;
verifying the user information;
if the verification is passed, generating token information and the token identifier corresponding to the token information according to the equipment information;
and sending the token identification to the front end.
3. The method of claim 2, wherein the device information comprises: a Media Access Control (MAC) address and an accessed Internet Protocol (IP) address;
the generating token information and the token identifier corresponding to the token information according to the device information includes:
and generating unique token information by adopting a preset generation rule according to the MAC address and the IP address, and generating a unique token identifier according to the token information.
4. The method of claim 1, wherein said verifying said token identification comprises:
performing authority verification on the token identification;
if the authority passes the verification, obtaining token information corresponding to the token identification in the cache of the server according to the token identification;
verifying whether the token information corresponding to the token identification is expired;
if the token information corresponding to the token identification is not expired, determining that the token identification passes verification;
and if the token information corresponding to the token identification is expired, determining that the token identification is not verified.
5. The method of claim 4, wherein the access request further comprises: the device identification of the front end, the method further comprising:
if the token information corresponding to the token identification is not expired, updating the corresponding token information according to the token identification;
and updating the updated token information to the cache of the server.
6. The method of any one of claims 1-5, wherein the method further comprises:
and if the token identification fails to be verified, sending failure indication information to the front end, wherein the failure indication information is used for enabling the front end to resend the login information.
7. A method of data access, the method comprising:
sending an access request to a server, wherein the access request comprises: an interface path and a token identifier of an access function, wherein the access request is used for enabling the server to verify the token identifier;
and receiving the data of the access function returned by the server after the token identification passes the verification, wherein the data of the access function is the data acquired by the server according to the interface path.
8. The method of claim 7, wherein prior to sending the access request to the server, the method further comprises:
sending login information to the server, wherein the login information comprises: the login information is used for enabling a server to verify the user information;
receiving the token identification sent by the server after the user information passes the verification; the token identification is the token identification corresponding to the token information generated by the server according to the equipment information.
9. A data access apparatus, characterized in that the apparatus comprises: the system comprises an acquisition module, a verification module and a return module, wherein:
the obtaining module is configured to obtain an access request of a front end, where the access request includes: interface path and token identification of the access function;
the verification module is used for verifying the token identification;
the obtaining module is further configured to obtain the data of the access function according to the interface path if the verification is successful;
and the return module is used for returning the data of the access function to the front end.
10. A data access apparatus, characterized in that the apparatus comprises: a transmitting module and a receiving module, wherein:
the sending module is configured to send an access request to a server, where the access request includes: an interface path and a token identifier of an access function, wherein the access request is used for enabling the server to verify the token identifier;
the receiving module is configured to receive the data of the access function returned by the server after the token identifier is verified, where the data of the access function is obtained by the server according to the interface path.
CN201910929438.0A 2019-09-27 2019-09-27 Data access method and device Pending CN110601832A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910929438.0A CN110601832A (en) 2019-09-27 2019-09-27 Data access method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910929438.0A CN110601832A (en) 2019-09-27 2019-09-27 Data access method and device

Publications (1)

Publication Number Publication Date
CN110601832A true CN110601832A (en) 2019-12-20

Family

ID=68864375

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910929438.0A Pending CN110601832A (en) 2019-09-27 2019-09-27 Data access method and device

Country Status (1)

Country Link
CN (1) CN110601832A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112104673A (en) * 2020-11-12 2020-12-18 中博信息技术研究院有限公司 Multimedia resource web access authority authentication method
CN113051611A (en) * 2021-03-15 2021-06-29 上海商汤智能科技有限公司 Authority control method of online file and related product
WO2022126968A1 (en) * 2020-12-15 2022-06-23 平安科技(深圳)有限公司 Micro-service access method, apparatus and device, and storage medium
CN114978733A (en) * 2022-05-30 2022-08-30 阿里巴巴(中国)有限公司 Access processing method based on light application, electronic device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685086A (en) * 2011-04-14 2012-09-19 天脉聚源(北京)传媒科技有限公司 File access method and system
CN107395648A (en) * 2017-09-06 2017-11-24 深圳峰创智诚科技有限公司 Authority control method and service end
CN108462671A (en) * 2017-02-20 2018-08-28 沪江教育科技(上海)股份有限公司 A kind of authentication protection method and system based on reverse proxy
CN109802941A (en) * 2018-12-14 2019-05-24 平安科技(深圳)有限公司 A kind of login validation method, device, storage medium and server
CN109861968A (en) * 2018-12-13 2019-06-07 平安科技(深圳)有限公司 Resource access control method, device, computer equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685086A (en) * 2011-04-14 2012-09-19 天脉聚源(北京)传媒科技有限公司 File access method and system
CN108462671A (en) * 2017-02-20 2018-08-28 沪江教育科技(上海)股份有限公司 A kind of authentication protection method and system based on reverse proxy
CN107395648A (en) * 2017-09-06 2017-11-24 深圳峰创智诚科技有限公司 Authority control method and service end
CN109861968A (en) * 2018-12-13 2019-06-07 平安科技(深圳)有限公司 Resource access control method, device, computer equipment and storage medium
CN109802941A (en) * 2018-12-14 2019-05-24 平安科技(深圳)有限公司 A kind of login validation method, device, storage medium and server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
管增辉,曾凡浪, 中国铁道出版社 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112104673A (en) * 2020-11-12 2020-12-18 中博信息技术研究院有限公司 Multimedia resource web access authority authentication method
WO2022126968A1 (en) * 2020-12-15 2022-06-23 平安科技(深圳)有限公司 Micro-service access method, apparatus and device, and storage medium
CN113051611A (en) * 2021-03-15 2021-06-29 上海商汤智能科技有限公司 Authority control method of online file and related product
WO2022193494A1 (en) * 2021-03-15 2022-09-22 上海商汤智能科技有限公司 Permission control method, server, terminal, storage medium, and computer program
CN114978733A (en) * 2022-05-30 2022-08-30 阿里巴巴(中国)有限公司 Access processing method based on light application, electronic device and storage medium

Similar Documents

Publication Publication Date Title
CN110602052B (en) Micro-service processing method and server
CN110493202B (en) Login token generation and verification method and device and server
CN110601832A (en) Data access method and device
CN110879903A (en) Evidence storage method, evidence verification method, evidence storage device, evidence verification device, evidence storage equipment and evidence verification medium
CN111935094A (en) Database access method, device, system and computer readable storage medium
CN103220344B (en) Microblogging licenses method and system
US20110113251A1 (en) Method for improving network application security and system thereof
CN111030812A (en) Token verification method, device, storage medium and server
CN110784450A (en) Single sign-on method and device based on browser
KR20160083930A (en) Method and system for determining whether a terminal logging into a website is a mobile terminal
WO2015143855A1 (en) Method, apparatus and system for accessing data resources
CN103139200A (en) Single sign-on method of web service
CN109474600B (en) Account binding method, system, device and equipment
CN111475795A (en) Method and device for unified authentication and authorization facing to multiple applications
CN109639719B (en) Identity verification method and device based on temporary identifier
CN112528262A (en) Application program access method, device, medium and electronic equipment based on token
CN107835160A (en) Third party's user authen method based on Quick Response Code
CN110708335A (en) Access authentication method and device and terminal equipment
CN113505354B (en) Data processing method, device and storage medium
CN105162774A (en) Virtual machine login method and device used for terminal
CN112434054A (en) Audit log updating method and device
CN108234122B (en) Token checking method and device
CN109088872B (en) Using method and device of cloud platform with service life, electronic equipment and medium
CN115102744A (en) Data access method and device
CN109271775A (en) A kind of login authentication method enabled based on two dimension

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20191220