CN110971563B - Authority information processing method and device - Google Patents
Authority information processing method and device Download PDFInfo
- Publication number
- CN110971563B CN110971563B CN201811141116.1A CN201811141116A CN110971563B CN 110971563 B CN110971563 B CN 110971563B CN 201811141116 A CN201811141116 A CN 201811141116A CN 110971563 B CN110971563 B CN 110971563B
- Authority
- CN
- China
- Prior art keywords
- user
- access
- authority
- session
- webpage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/108—Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time
Abstract
The invention discloses a method and a device for processing authority information. The method comprises the following steps: after the webpage is successfully logged in, if the fact that the access user operates the user permission module is detected, whether the login duration of the access user on the webpage is larger than the effective duration of Session is judged; if the login duration of the access user in the webpage is longer than the effective duration of the Session, acquiring the access right corresponding to the access user from the database; a manner of operation at the user rights module based on the access rights. The invention solves the technical problem that the authority control is difficult to carry out due to the fact that the validity of the user authority in the Session cannot be ensured in the related technology.
Description
Technical Field
The invention relates to the field of information processing, in particular to a method and a device for processing authority information.
Background
At present, many methods for realizing RBAC access authority control based on SSH websites and light applications are through Session. And when the user logs in, the user information and the user related authority information inquired through the database are stored in the Session. And reading the user authority from the Session during the module operation to check the authority so as to control the authority. Therefore, the time consumption for directly inquiring the user authority through the database during module operation can be reduced, and the efficiency is improved. However, since the user right changes all the time, if the timeliness and validity of the user right in the Session cannot be guaranteed, a right verification error is caused, and the timeliness and validity of the user right in the Session cannot be guaranteed.
Aiming at the problem that the validity of the user authority in the Session cannot be guaranteed in the related technology, so that the authority control is difficult to carry out, an effective solution is not provided at present.
Disclosure of Invention
The embodiment of the invention provides a method and a device for processing authority information, which are used for at least solving the technical problem that the authority control is difficult to perform because the validity of the user authority in the Session cannot be ensured in the related technology.
According to an aspect of the embodiments of the present invention, there is provided a method for processing rights information, including: after successfully logging in a webpage, if it is detected that an access user operates a user authority module, judging whether the logging-in duration of the access user on the webpage is greater than the effective duration of Session; if the login duration of the access user in the webpage is longer than the effective duration of Session, acquiring the access right corresponding to the access user from a database; and operating in the user authority module based on the access authority.
Further, the method further comprises: and if the login duration of the access user in the webpage is less than the effective duration of the Session, acquiring the access authority of the access user from the Session of the webpage.
Further, the operation in the user authority module based on the access authority comprises: judging whether the access user has the authority to operate on the user authority module; if the access user has the authority to operate on the user authority module, detecting whether the operation of the access user on the user authority module relates to authority modification; and if the permission modification is involved, clearing the access permission of the user with the modified permission in the Session of the webpage.
Further, if the access user does not have the authority to operate in the user authority module, a reminder of the operation without the authority is triggered.
Further, before detecting that the accessing user operates the user authority module, the method further includes: judging whether the information of the access user exists in the Session of the webpage; if the information of the access user does not exist in the Session of the webpage, jumping to a login page to enable the access user to log in again; and after the access user logs in again, storing the information of the access user and the authority information of the access user in a Session of the webpage.
Further, after obtaining the access right corresponding to the access user from the database, the method further includes: storing the access authority corresponding to the access user in a Session of the webpage; and obtaining the access authority corresponding to the access user from the Session of the webpage, and operating the access authority in the user authority module.
According to another aspect of the embodiments of the present invention, there is also provided an apparatus for processing rights information, including: the first judgment module is used for judging whether the login duration of an access user on a webpage is longer than the effective duration of Session if the access user is detected to operate a user authority module after the webpage is successfully logged in; a first clearing module, configured to obtain, from a database, an access right corresponding to the access user if the login duration of the access user in the web page is longer than the effective duration of the Session, where the access right of the access user stored in the Session of the web page is cleared if the login duration of the access user in the web page is longer than the effective duration of the Session; and the user authority module is used for operating in the user authority module based on the access authority.
Further, the apparatus further comprises: and the first obtaining module is used for obtaining the access authority of the access user from the Session of the webpage if the login duration of the access user in the webpage is less than the effective duration of the Session.
According to another aspect of the embodiments of the present invention, there is also provided a storage medium, where the storage medium includes a stored program, and the program executes the method for processing the authority information according to any one of the above descriptions.
According to another aspect of the embodiments of the present invention, there is also provided a processor, where the processor is configured to execute a program, where the program executes the method for processing the authority information according to any one of the above descriptions.
In the embodiment of the invention, after the webpage is successfully logged in, if the fact that the access user operates the user authority module is detected, whether the login duration of the access user on the webpage is greater than the effective duration of Session is judged; if the login duration of the access user on the webpage is longer than the effective duration of the Session, acquiring the access authority corresponding to the access user from the database; and operating in the user authority module based on the access authority. The method comprises the steps that when the login duration of an access user on a webpage is longer than the effective duration of a Session, the access authority corresponding to the access user is obtained from a database, so that operation is carried out in a user authority module based on the access authority obtained from the database, authority control is achieved, the access authority of the access user stored in the Session of the webpage can be cleared under the condition that the login duration of the access user is longer than the effective duration of the Session, meanwhile, the technical effect of validity of the user authority in the Session is guaranteed, and the technical problem that in the related technology, due to the fact that the validity of the user authority in the Session cannot be guaranteed, authority control is difficult to carry out is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a flowchart of a processing method of rights information according to an embodiment of the present invention;
fig. 2 is a flowchart of a processing method of rights information according to a preferred embodiment of the present invention; and
fig. 3 is a schematic diagram of a processing method and device of authority information according to an embodiment of the invention.
Detailed Description
In order to make those skilled in the art better understand the technical solutions of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in other sequences than those illustrated or described herein. Moreover, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
According to an embodiment of the present invention, there is provided a method embodiment of a method for processing rights information, it should be noted that the steps shown in the flowchart of the figure may be executed in a computer system such as a set of computer executable instructions, and that although a logical order is shown in the flowchart, in some cases, the steps shown or described may be executed in an order different from that here.
Fig. 1 is a flowchart of a processing method of rights information according to an embodiment of the present invention, as shown in fig. 1, the method including the steps of:
step S102, after the webpage is successfully logged in, if the fact that the access user operates the user authority module is detected, whether the login duration of the access user on the webpage is larger than the effective duration of the Session is judged.
Before detecting that the access user operates the user authority module, the method may further include: judging whether the Session of the webpage contains the information of the access user; if the Session of the webpage does not contain the information of the access user, jumping to a login page to enable the access user to log in again; and after the access user logs in again, saving the information of the access user and the authority information of the access user in the Session of the webpage.
And step S104, if the login duration of the access user in the webpage is longer than the effective duration of the Session, acquiring the access authority corresponding to the access user from the database.
It should be noted that, if the login duration of the access user in the web page is longer than the effective duration of the Session, the access right of the access user stored in the Session of the web page is cleared. That is, when the login duration of the access user in the webpage is longer than the effective duration of the Session, the access permission of the access user stored in the Session of the webpage is cleared, so that the purpose of timeliness of the user permission is achieved, and the technical effect of timeliness of the user permission in the Session can be achieved.
It should be further noted that, after obtaining the access right corresponding to the access user from the database, the method may further include: storing the access authority corresponding to the access user in a Session of the webpage; and obtaining the access authority corresponding to the access user from the Session of the webpage, and operating the access authority in the user authority module.
And step S106, operating in the user authority module based on the access authority.
It should be noted that, performing an operation in the user right module based on the access right may include: judging whether the access user has the authority to operate on the user authority module; if the access user has the authority to operate on the user authority module, detecting whether the operation of the access user on the user authority module relates to authority modification; and if the permission modification is involved, clearing the access permission of the modified permission user in the Session of the webpage.
If the access user does not have the authority to operate in the user authority module, the reminding of the operation without the authority is triggered.
It should be further noted that the operation performed in the user right module based on the access right includes at least one of the following: deleting access authority operation, adding access authority operation and changing access authority operation.
After the access right is changed, the user can acquire the access right again from the database, so that the timeliness of the access right of the user is guaranteed.
Through the steps, after the webpage is successfully logged in, if the fact that the access user operates the user permission module is detected, whether the login duration of the access user on the webpage is larger than the effective duration of the Session is judged; if the login duration of the access user in the webpage is longer than the effective duration of the Session, acquiring the access right corresponding to the access user from the database; and operating in the user authority module based on the access authority. The method comprises the steps that when the login duration of an access user on a webpage is longer than the effective duration of a Session, the access authority corresponding to the access user is obtained from a database, so that operation is carried out in a user authority module based on the access authority obtained from the database, authority control is achieved, the access authority of the access user stored in the Session of the webpage can be cleared under the condition that the login duration of the access user is longer than the effective duration of the Session, meanwhile, the technical effect of validity of the user authority in the Session is guaranteed, and the technical problem that in the related technology, due to the fact that the validity of the user authority in the Session cannot be guaranteed, authority control is difficult to carry out is solved.
As an alternative embodiment, the method may further include: and if the login duration of the access user in the webpage is less than the effective duration of the Session, acquiring the access authority of the access user from the Session of the webpage.
As an alternative embodiment, the method may further include: after the access right corresponding to the access user is stored in the Session of the webpage, timing is started, and when the timing time reaches the effective duration of the Session, the access right of the access user stored in the Session of the webpage is cleared. And then the user can be ensured to acquire the access right of the current user in time.
The invention also provides a preferred embodiment, which provides a processing method of the authority information.
Fig. 2 is a flowchart of a processing method of rights information according to a preferred embodiment of the present invention, as shown in fig. 2, the method including the steps of:
step S201 starts.
Wherein the start indicates that processing of the permission information in the Session is started.
Step S202, the user logs in the page and saves the authority information to Session.
And step S203, clearing authority information of the user in the Session every 30min, and carrying out module operation by the user.
Wherein step S203 may be implemented in step S202.
Step S204, judging whether the information of the user acquired in the Session is empty. If yes, the process returns to step S202, and if no, step S205 is performed.
Step S205, determining that the user right information obtained in the Session is empty. If yes, step S206 is executed, and if no, step S207 is executed.
Step S206, the authority information of the user is inquired from the database and is stored in the Session.
Step S207, judging whether the authority operation exists according to the acquired user authority. If yes, step S209 is performed, and if no, step S208 is performed.
And step S208, throwing out an unauthorized prompt.
In step S209, a module operation is performed.
Step S210, determining whether the operation involves user right modification. If yes, step S211 is performed, and if no, step S212 is performed.
And step S211, deleting the authority information in the Session corresponding to the modified user.
And step S212, ending.
Wherein ending means ending the processing of the authority information in the Session.
The method mainly guarantees the correctness of the user permission in Session from two aspects of timeliness and timeliness.
The method for passing the timeliness comprises the following steps: an interval period of 30 minutes may be set. And after the user logs in, storing the user information and the authority information into the Session, and clearing the authority information of the user in the Session every 30 minutes.
The method for passing the timeliness comprises the following steps: operations related to the modification of user authority, including adding, modifying and deleting authority operation interfaces of users and local adding and clearing cache methods. The method for clearing the cache mainly comprises the step of clearing authority information in a Session corresponding to a modified user.
And when the user performs module operation, reading the information of the user from the Session. And if the information of the Session user is empty, jumping back to the login page to log in the user again, and storing the inquired user information and the authority information into the Session. And if the authority information of the user in the Session is empty, reading the authority information of the user through the database, storing the authority information of the user in the Session corresponding to the user, and then acquiring the authority of the user from the Session again. And after the user authority is successfully acquired from the Session, authority judgment is carried out.
The example process flow is: for example, the access user a has the authority of the module A, and the module A is a module related to the user authority. The specific scene application is as follows:
scene one: and b, after the login is successful, performing the read operation of the module A within 30 minutes. And (6) successfully reading and verifying the authority, and ending.
Scene two: and b, after the login is successful, performing the read operation of the module A within 31 th minute. The authority is refreshed and cleared regularly, the Session is read, the inquiry cannot be carried out, and the system automatically inquires the database to obtain the user authority and stores the user authority in the Session again. And (6) successfully verifying the permission reading, and ending.
Scene three: and (B) after the login is successful, modifying the module A within 30 minutes, and giving the user B the right to the module E. The rights are read and verified successfully. The operation relates to the modification of the user authority, at this time, the system searches the Session corresponding to the user B, clears the authority in the Session, and the operation is finished.
The correctness of the user authority in the Session is maintained by the method of refreshing the timing and clearing the cache when the authority operation is involved.
By the preferred embodiment, the timeliness and the effectiveness of the user authority in the Session can be maintained by the method of timing refreshing and clearing the cache when the authority operation is involved, and the user authority is ensured to be checked correctly. And (4) RBAC optimization based on the Session, and timeliness and effectiveness of permission in the Session are maintained.
According to the embodiment of the present invention, an embodiment of a device for processing authority information is further provided, and it should be noted that the device for processing authority information may be configured to execute a method for processing authority information in the embodiment of the present invention, that is, the method for processing authority information in the embodiment of the present invention may be executed in the device for processing authority information.
Fig. 3 is a schematic diagram of a device for processing rights information according to an embodiment of the present invention, and as shown in fig. 3, the device may include: a first judging module 31, a first clearing module 33 and a user authority module 35. The details will be described below.
The first determining module 31 is configured to, after successfully logging in the web page, determine whether a login duration of the access user in the web page is greater than an effective duration of a Session if it is detected that the access user operates the user permission module.
The first clearing module 33 is configured to, if the login duration of the access user in the webpage is longer than the effective duration of the Session, obtain the access right corresponding to the access user from the database.
And the user authority module 35 is used for operating in the user authority module based on the access authority.
The operation of operating in the user authority module based on the access authority comprises at least one of the following operations: deleting access authority operation, adding access authority operation and changing access authority operation.
Wherein, the user authority module may include: the judging submodule is used for judging whether the access user has the authority to operate on the user authority module; the detection submodule is used for detecting whether the operation of the access user on the user authority module relates to authority modification or not if the access user has the authority to operate on the user authority module; and the clearing submodule is used for clearing the access authority of the modified authority user in the Session of the webpage if the authority modification is involved.
By the device, after the first judging module 31 successfully logs in the webpage, if the user permission module is detected to be operated by the access user, whether the login duration of the access user in the webpage is longer than the effective duration of the Session is judged; the clearing module, namely a first clearing module 33, acquires the access right corresponding to the access user from the database if the login duration of the access user on the webpage is longer than the effective duration of the Session; the user authority module 35 operates at the user authority module based on the access authority. The access authority corresponding to the access user is obtained from the database, so that operation is performed in the user authority module based on the access authority obtained from the database to realize authority control, the access authority of the access user stored in the Session of the webpage can be cleared when the effective duration of the Session is longer than the effective duration of the Session, the technical effect of validity of the authority of the user in the Session is guaranteed, and the technical problem that the authority control is difficult to perform due to the fact that the validity of the authority of the user in the Session cannot be guaranteed in the related technology is solved.
It should be noted that the first determining module 31 in this embodiment may be configured to execute step S102 in this embodiment of the present invention, the first clearing module 33 in this embodiment may be configured to execute step S104 in this embodiment of the present invention, and the user authority module 35 in this embodiment may be configured to execute step S106 in this embodiment of the present invention. The modules are the same as the corresponding steps in the realized examples and application scenarios, but are not limited to the disclosure of the above embodiments.
Optionally, the apparatus further comprises: the first obtaining module is used for obtaining the access authority of the access user from the Session of the webpage if the login duration of the access user on the webpage is less than the effective duration of the Session.
Optionally, the apparatus further includes a reminding module, configured to trigger a reminder of an unauthorized operation if the access user does not have an authority to perform an operation in the user authority module.
Optionally, the apparatus further comprises: the second judgment module is used for judging whether the Session of the webpage contains the information of the access user before the access user is detected to operate the user authority module; the login module is used for jumping to a login page if the information of the access user does not exist in the Session of the webpage so as to enable the access user to log in again; and the first storage module is used for storing the information of the access user and the authority information of the access user in the Session of the webpage after the access user logs in again.
Optionally, the apparatus further comprises: the second storage module is used for storing the access authority corresponding to the access user in the Session of the webpage after the access authority corresponding to the access user is obtained from the database; and the second acquisition module is used for acquiring the access right corresponding to the access user from the Session of the webpage and operating the access right in the user right module.
Optionally, the apparatus may further include: and the second clearing module is used for starting timing after the access authority corresponding to the access user is stored in the Session of the webpage, and clearing the access authority of the access user stored in the Session of the webpage when the timing time reaches the effective duration of the Session.
The processing device of the authority information comprises a processor and a memory, the first judging module 31, the first clearing module 33, the user authority module 35 and the like are all stored in the memory as program units, and the processor executes the program units stored in the memory to realize corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, and timeliness and effectiveness of user permission information are achieved by adjusting kernel parameters.
The memory may include volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), including at least one memory chip.
An embodiment of the present invention provides a storage medium, on which a program is stored, and the program implements the processing method of the authority information when executed by a processor.
The embodiment of the invention provides a processor, which is used for running a program, wherein the program executes the processing method of the authority information during running.
The embodiment of the invention provides equipment, which comprises a processor, a memory and a program which is stored on the memory and can run on the processor, wherein the processor executes the program and realizes the following steps: after successfully logging in the webpage, if the fact that the access user operates the user authority module is detected, whether the logging-in duration of the access user on the webpage is larger than the effective duration of Session is judged; if the login duration of the access user in the webpage is longer than the effective duration of the Session, acquiring the access right corresponding to the access user from the database; and operating in the user authority module based on the access authority.
And if the login duration of the access user in the webpage is less than the effective duration of the Session, acquiring the access authority of the access user from the Session of the webpage.
The operation in the user authority module based on the access authority comprises the following steps: judging whether the access user has the authority to operate on the user authority module; if the access user has the authority to operate on the user authority module, detecting whether the operation of the access user on the user authority module relates to authority modification; and if the permission modification is involved, clearing the access permission of the modified permission user in the Session of the webpage.
And if the access user does not have the authority to operate in the user authority module, triggering the reminding of the operation without the authority.
Before detecting that the access user operates the user authority module, the method further comprises the following steps: judging whether the Session of the webpage contains the information of the access user; if the Session of the webpage does not contain the information of the access user, jumping to a login page to enable the access user to log in again; and after the access user logs in again, saving the information of the access user and the authority information of the access user in the Session of the webpage.
After obtaining the access right corresponding to the access user from the database, the method further comprises: storing the access authority corresponding to the access user in a Session of the webpage; and obtaining the access authority corresponding to the access user from the Session of the webpage, and operating the access authority in the user authority module.
After the access right corresponding to the access user is saved in the Session of the web page, the method further includes: and starting timing, and clearing the access authority of the access user stored in the Session of the webpage when the timing time reaches the effective time of the Session.
The operation of the user authority module based on the access authority comprises at least one of the following operations: deleting access authority operation, adding access authority operation and changing access authority operation. The device herein may be a server, a PC, a PAD, a mobile phone, etc.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: after successfully logging in the webpage, if the fact that the access user operates the user authority module is detected, whether the logging-in duration of the access user on the webpage is larger than the effective duration of Session is judged; if the login duration of the access user on the webpage is longer than the effective duration of the Session, acquiring the access authority corresponding to the access user from the database; and operating in the user authority module based on the access authority.
And if the login duration of the access user in the webpage is less than the effective duration of the Session, acquiring the access authority of the access user from the Session of the webpage.
The operation in the user authority module based on the access authority comprises the following steps: judging whether the access user has the authority to operate on the user authority module; if the access user has the authority to operate on the user authority module, detecting whether the operation of the access user on the user authority module relates to authority modification; if the permission modification is involved, the access permission of the user with the modified permission in the Session of the webpage is cleared.
And if the access user does not have the authority to operate in the user authority module, triggering the reminding of the operation without the authority.
Before detecting that the access user operates the user authority module, the method further comprises the following steps: judging whether the Session of the webpage contains the information of the access user; if the Session of the webpage does not contain the information of the access user, jumping to a login page to enable the access user to log in again; and after the access user logs in again, saving the information of the access user and the authority information of the access user in the Session of the webpage.
After obtaining the access right corresponding to the access user from the database, the method further comprises: storing the access authority corresponding to the access user in a Session of the webpage; and obtaining the access authority corresponding to the access user from the Session of the webpage, and operating the access authority in the user authority module.
After the access right corresponding to the access user is saved in the Session of the web page, the method further includes: and starting timing, and clearing the access authority of the access user stored in the Session of the webpage when the timing time reaches the effective time of the Session.
The operation of the user authority module based on the access authority comprises at least one of the following operations: deleting access authority operation, adding access authority operation and changing access authority operation.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technical content can be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (9)
1. A method for processing authority information is characterized by comprising the following steps:
after successfully logging in a webpage, if it is detected that an access user operates a user authority module, judging whether the logging-in duration of the access user on the webpage is greater than the effective duration of Session;
if the login duration of the access user in the webpage is longer than the effective duration of the Session, acquiring the access right corresponding to the access user from a database, wherein the access right is the right for accessing the user right module;
performing an operation at the user authority module based on the access authority, including: judging whether the access user has the authority to operate on the user authority module; if the access user has the authority to operate on the user authority module, detecting whether the operation of the access user on the user authority module relates to authority modification; and if the permission modification is involved, clearing the access permission of the user with the modified permission in the Session of the webpage.
2. The method of claim 1, further comprising: and if the login duration of the access user in the webpage is less than the effective duration of the Session, acquiring the access authority of the access user from the Session of the webpage.
3. The method of claim 1, wherein if the accessing user does not have the right to operate in the user right module, triggering a reminder of no right operation.
4. The method of claim 1, wherein prior to detecting the access user operating a user rights module, the method further comprises:
judging whether the information of the access user exists in the Session of the webpage or not;
if the Session of the webpage does not contain the information of the access user, jumping to a login page to enable the access user to log in again;
and after the access user logs in again, storing the information of the access user and the authority information of the access user in a Session of the webpage.
5. The method of claim 1, wherein after obtaining the access right corresponding to the access user from the database, the method further comprises:
storing the access authority corresponding to the access user in a Session of the webpage;
and obtaining the access authority corresponding to the access user from the Session of the webpage, and operating the access authority in the user authority module.
6. An apparatus for processing rights information, comprising:
the first judgment module is used for judging whether the login duration of an access user on a webpage is longer than the effective duration of Session if the access user is detected to operate a user authority module after the webpage is successfully logged in;
a first clearing module, configured to obtain an access right corresponding to the access user from a database if a login duration of the access user in the web page is longer than an effective duration of the Session, where the access right is a right to access the user right module;
the user authority module is used for operating in the user authority module based on the access authority;
wherein the user authority module comprises: the judging submodule is used for judging whether the access user has the authority to operate on the user authority module; the detection submodule is used for detecting whether the operation of the access user on the user permission module relates to permission modification or not if the access user has permission to operate on the user permission module; and the clearing submodule is used for clearing the access authority of the user with the modified authority in the Session of the webpage if the authority modification is involved.
7. The apparatus of claim 6, further comprising:
and the first acquisition module is used for acquiring the access authority of the access user from the Session of the webpage if the login duration of the access user on the webpage is less than the effective duration of the Session.
8. A storage medium, characterized in that the storage medium includes a stored program, wherein when the program runs, a device where the storage medium is located is controlled to execute the processing method of authority information according to any one of claims 1 to 5.
9. A processor, configured to execute a program, wherein the program executes to perform the method for processing the rights information according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811141116.1A CN110971563B (en) | 2018-09-28 | 2018-09-28 | Authority information processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811141116.1A CN110971563B (en) | 2018-09-28 | 2018-09-28 | Authority information processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110971563A CN110971563A (en) | 2020-04-07 |
| CN110971563B true CN110971563B (en) | 2022-10-04 |
Family
ID=70027855
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811141116.1A Active CN110971563B (en) | 2018-09-28 | 2018-09-28 | Authority information processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110971563B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486357A (en) * | 2014-12-30 | 2015-04-01 | 北京经开投资开发股份有限公司 | Method for achieving role-based access control (RBAC) based on SSH website |
| CN107147671A (en) * | 2017-06-19 | 2017-09-08 | 上海斐讯数据通信技术有限公司 | One kind is based on website route access right control method, access method and system |
| CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106209744B (en) * | 2015-05-07 | 2019-08-06 | 阿里巴巴集团控股有限公司 | Subscriber sign-in conversation management-control method, device and server |
-
2018
- 2018-09-28 CN CN201811141116.1A patent/CN110971563B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486357A (en) * | 2014-12-30 | 2015-04-01 | 北京经开投资开发股份有限公司 | Method for achieving role-based access control (RBAC) based on SSH website |
| CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
| CN107147671A (en) * | 2017-06-19 | 2017-09-08 | 上海斐讯数据通信技术有限公司 | One kind is based on website route access right control method, access method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110971563A (en) | 2020-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106682028B (en) | Method, device and system for acquiring webpage application | |
| CN104580074B (en) | The login method of client application and its corresponding server | |
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| CN104426885B (en) | Abnormal account providing method and device | |
| CN105591743B (en) | Method and device for identity authentication through equipment operation characteristics of user terminal | |
| CN107943949B (en) | Method and server for determining web crawler | |
| US20160065613A1 (en) | System and method for detecting malicious code based on web | |
| CN103607385A (en) | Method and apparatus for security detection based on browser | |
| CN104836781A (en) | Method distinguishing identities of access users, and device | |
| CN104580075A (en) | User login validation method, device and system | |
| US9973525B1 (en) | Systems and methods for determining the risk of information leaks from cloud-based services | |
| CN107332804B (en) | Method and device for detecting webpage bugs | |
| CN106030527B (en) | By the system and method for application notification user available for download | |
| US20180198685A1 (en) | Method and apparatus for processing delivery data, and storage medium | |
| CN107302586A (en) | A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing | |
| Kaur et al. | Browser fingerprinting as user tracking technology | |
| TWI701932B (en) | Identity authentication method, server and client equipment | |
| CN111131221A (en) | Interface checking device, method and storage medium | |
| CN108600259B (en) | Authentication and binding method of equipment, computer storage medium and server | |
| CN102946391A (en) | Method for prompting malicious website in browser and browser | |
| CN104978523A (en) | Malicious sample capture method and system based on network hot word recognition | |
| CN114124414B (en) | Method and device for generating honey service, method for capturing attack behavior data, computer equipment and storage medium | |
| CN109547427A (en) | Black list user's recognition methods, device, computer equipment and storage medium | |
| CN109088872A (en) | Application method, device, electronic equipment and the medium of cloud platform with service life | |
| CN111723083B (en) | User identity recognition method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |