CN111083093A - Method and device for calling terminal capability - Google Patents

Method and device for calling terminal capability Download PDF

Info

Publication number
CN111083093A
CN111083093A CN201811228436.0A CN201811228436A CN111083093A CN 111083093 A CN111083093 A CN 111083093A CN 201811228436 A CN201811228436 A CN 201811228436A CN 111083093 A CN111083093 A CN 111083093A
Authority
CN
China
Prior art keywords
page
capability
verification
calling
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811228436.0A
Other languages
Chinese (zh)
Other versions
CN111083093B (en
Inventor
吴杰
王继春
赵巍
邵仁俊
余思文
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Zhejiang Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Zhejiang Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Zhejiang Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201811228436.0A priority Critical patent/CN111083093B/en
Publication of CN111083093A publication Critical patent/CN111083093A/en
Application granted granted Critical
Publication of CN111083093B publication Critical patent/CN111083093B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention provides a method and a device for calling terminal capability. The method comprises the following steps: after the page is triggered through the APP client, receiving verification information sent by the page, and sending the verification information to the server, so that the server verifies the verification information to generate a verification result corresponding to the page; if the verification result is passed, receiving the verification result sent by the server and the legal end capability of the service platform corresponding to the page; if the page requests to call the end capability of the APP client, the URL of the page is obtained, whether the page has the authority for calling the end capability requested to be called is judged according to the URL and the legal end capability, and if the page has the authority, the page is allowed to call the end capability requested to be called. The method and the device for calling the end capability provided by the embodiment of the invention can realize the management and control of the authority of the calling end capability, effectively prevent the unauthorized calling of the end capability needing authorization on the page, and improve the security of the calling of the end capability.

Description

Method and device for calling terminal capability
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a method and a device for calling terminal capability.
Background
At present, the diversification of APP bearing content is becoming a trend, and the hybrid architecture mode has become a mainstream architecture mode of the APP client. The APP client needs to enrich the bearing content, improve the use viscosity of the user and introduce part of external pages. In the use process of the external page, in order to meet business requirements, the requirements of calling some capabilities of the APP client exist.
End capability, refers to the function or power that the APP client can implement. The end capabilities of the APP client include at least the functionality of the APP client and the configuration of the APP client with respect to the external page. The functions of the APP client include, but are not limited to, any functions that can be implemented by the APP client, and these functions can be extended or enhanced as the technology advances, for example, pulling up a system album, reading an address book, and the like. The APP client may encapsulate the end capabilities into capability components.
Currently, a large number of HTML5 (H5) pages need to depend on the end capability provided by the APP client when the APP client carries the bearer based on the requirement of the service function. In the prior art, in the development process of the external H5 page, a developer obtains a method of calling the end capability of the APP client through the developer of the APP client, so that the external H5 page borne by the APP client directly calls the end capability through the JS method according to the method. Furthermore, the external H5 page is not managed, and the external H5 page calling side capability cannot be known.
Therefore, in the prior art, the calling of the terminal capability completely depends on the autonomous calling of the front-end page, autonomous behaviors are not controlled, real-time control is not possible, the risk of leaking the terminal capability exists, the risk is huge, and the safety of the calling terminal capability cannot be guaranteed.
Disclosure of Invention
Aiming at the problem of poor safety of the calling terminal capability in the prior art, the embodiment of the invention provides a method and a device for calling the terminal capability.
According to a first aspect of the present invention, an embodiment of the present invention provides a method for invoking a peer capability, including:
after triggering a page through an APP client, receiving verification information sent by the page, and sending the verification information to a server, so that the server verifies the verification information to generate a verification result corresponding to the page;
if the verification result is passed, receiving the verification result sent by the server and the legal end capability of the service platform corresponding to the page;
if the page requests to call the end capability of the APP client, the URL of the page is obtained, whether the page has the authority for calling the end capability requested to be called is judged according to the URL and the legal end capability, and if the judgment result shows that the page has the authority, the page is allowed to call the end capability requested to be called.
According to a second aspect of the present invention, an embodiment of the present invention provides an apparatus for invoking a peer capability, including:
the information sending module is used for receiving the verification information sent by the page after the page is triggered by the APP client, and sending the verification information to the server, so that the server verifies the verification information and generates a verification result corresponding to the page;
the result receiving module is used for receiving the verification result sent by the server and the legal end capability of the service platform corresponding to the page if the verification result is passed;
and the permission verification module is used for acquiring the URL of the page if the page requests to call the end capability of the APP client, judging whether the page has the permission for calling the end capability requested to be called or not according to the URL and the legal end capability, and allowing the page to call the end capability requested to be called if the judgment result shows that the page has the permission.
According to a third aspect of the present invention, an embodiment of the present invention provides an electronic apparatus, including:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor to invoke a method by which the program instructions are capable of performing the calling side capability provided by any of the various possible implementations of the first aspect.
According to a fourth aspect of the present invention, embodiments of the present invention provide a non-transitory computer-readable storage medium storing computer instructions for causing a computer to perform a method of calling end capability provided by any one of the various possible implementations of the first aspect.
According to the method and the device for calling the end capability, whether the page has the authority for calling the end capability requested to be called is verified, the calling of the end capability requested to be called is allowed only when the verification is passed, the authority of the calling end capability can be managed and controlled, the end capability which needs to be authorized is effectively prevented from being called without authorization, the end capability calling safety is guaranteed, the use safety of an APP client side is guaranteed, and the safety risk is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a method for calling terminal capability according to an embodiment of the present invention;
FIG. 2 is a functional block diagram of an apparatus for invoking peer capabilities provided in accordance with an embodiment of the present invention;
fig. 3 is a block diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The embodiments of the present invention, and all other embodiments obtained by a person of ordinary skill in the art without any inventive step, are within the scope of the present invention.
In order to overcome the above problems in the prior art, an embodiment of the present invention provides a method for calling a capability of a calling terminal, and an inventive concept thereof is that when a page calls the capability of the calling terminal, a right of the capability of the calling terminal is verified, and only the page is allowed to call the terminal capability in the right, so as to ensure the security of the capability of the calling terminal.
Fig. 1 is a flowchart illustrating a method for calling a capability of a terminal according to an embodiment of the present invention. As shown in fig. 1, a method for calling end capability includes: step S101, after the page is triggered through the APP client, the verification information sent by the page is received, and the verification information is sent to the server, so that the server verifies the verification information, and a verification result corresponding to the page is generated.
It should be noted that the execution subject of the embodiment of the present invention is a mobile terminal. The mobile terminal is provided with an APP client. The APP client side is provided with a corresponding server side, and the server side corresponding to the APP client side is called a first server side.
It can be understood that a page is a page developed for carrying several services of its corresponding service platform, and the service platform includes a server, which is a server corresponding to the page and is called a second server. Each page corresponds to a second server; one second server corresponds to several pages, usually to several pages.
Embodiments of the present invention are not limited with respect to the specific type of page. For example, the type of page may be HTML5 page (H5 page for short).
The page is triggered through the APP client, and after the page is triggered through the APP client, the page sends a request for acquiring the check information to the corresponding second server. And after receiving the request, the second server generates verification information according to a preset verification information generation algorithm and returns the generated verification information to the page.
And the verification information is used for verifying the validity of the service platform corresponding to the page.
The verification information includes a number of verification parameters. The verification parameters may include a list of end capabilities that the service platform may invoke, a number of the service platform, a signature, a timestamp, and a random string. The signature is obtained by calculation through a preset signature algorithm.
It should be noted that the callable end capability list and the serial number of the service platform are obtained by the second server from the unified end capability management platform, and the access token is obtained by the second server from the first server.
And for each service platform, registering through the second server login end capability management platform, and obtaining a corresponding verification file after registration verification is passed.
The service platform side places the corresponding verification file on a domain name server corresponding to the service platform; if only the domain name is provided, the corresponding verification file is placed under the root path of the domain name association service.
And after storing the corresponding verification file, the request end capacity management platform verifies the domain name of the service platform.
It can be understood that the domain names in the URLs of the pages corresponding to the service platform are domain names of the service platform. Namely, the domain names in the URLs of the pages corresponding to the service platform are the same.
And the terminal capability management platform feeds the domain name verification result back to the second server terminal. If the domain name passes the verification, the service platform can be successfully accessed, the end capacity management platform distributes the serial number and the secret key of the service platform to the service platform, and sends the serial number and the secret key of the service platform to the second server. The key is used to obtain the access token.
The end capability management platform can allocate the end capability of the APP client which can be called by the service platform for the service platform passing the domain name verification.
In order to reduce the complexity of the distribution end capability, all the end capabilities of the APP client can be divided into different security levels in advance, and all the end capabilities belonging to a plurality of security levels are distributed to each service platform, so that the service platform can call all the end capabilities of the authorized security levels.
When the service needs to call the end capabilities except the end capabilities of the plurality of default security levels, the authorization application needs to be carried out, and the authorization application is checked through the end capability management platform, and the application is approved or not approved.
The method comprises the steps that all end capabilities of an APP client can be divided into a core area, an internal function area and a public area from high to low security levels in advance; therefore, the terminal capability calling authorities of three security levels of the core area, the internal function area and the public area, the terminal capability calling authorities of two security levels of the internal function area and the public area or the terminal capability calling authority of one security level of the public area can be respectively granted to different services. And granting terminal capability calling authorities of two security levels of the internal functional area and the public area, wherein the terminal capability of the APP client which can be called by the service is all terminal capabilities belonging to the internal functional area and the public area.
The end capabilities belonging to the core area mainly include capabilities of acquiring user privacy, such as reading an address book, reading an album, reading an IMEI, and the like.
The terminal capability belonging to the internal functional area mainly refers to the capability of using internal components of the APP client, such as internal skip, shake, call payment components and the like.
The terminal capability belonging to the public area mainly refers to conventional functions, such as obtaining the version number of the APP client, detecting the network type, closing the webpage container Webview, backing and the like.
And after the invocable end capability is distributed to the service platform, allowing each page corresponding to the service platform to be triggered through the APP client.
Through the matching verification authorization of the end capacity management platform and the APP client, when the page of the external service is borne in the APP client accurately in real time, whether the end capacity needing to be authorized can be used for management and control is achieved, the distribution of the end capacity which can be called by each service according to needs is achieved, and the calling safety of the end capacity is greatly improved. Furthermore, the security level of the pyramid is established based on the characteristics and the use scenes of the end capability of the opposite end capability, the security level of the end capability which can be called by the page is determined based on the source of the page and the loaded service content, and the intelligent dynamic allocation of the opposite end capability is realized. Different calling strategies are adopted for the end capabilities which need platform authorization and do not need platform authorization, so that the security classification management and control are realized, and the method has high flexibility.
After the page sends a request for acquiring the verification information to the corresponding second server, the second server initiates a request for acquiring the access token to the first server, and requests to acquire the access token. The request carries the number and key of the service platform. And the first server returns the access token and the expiration time of the access token to the second server according to the serial number and the key of the service platform. And the second server caches the access token before the access token is invalid.
And the second server side sends the verification information and the access token to the mobile terminal, and the mobile terminal receives the verification information and the access token through the page.
After the mobile terminal receives the check information and the access token through the page, the page sends the check information to the APP client through the access token, so that the APP client sends the check information to the first server, the first server performs initial check on the check information, and a check result corresponding to the page is generated.
A unified JavaScript (JS) method can be encapsulated in the APP client, and the verification information is sent to the first server to perform initial verification by executing the JS method.
The initialization verification process of the first service end is as follows:
after receiving an initialization check request of an APP client, acquiring a check parameter carried by the initialization check request, and checking whether a domain name in a URL (uniform resource locator) of a page is in a white list corresponding to the number of a service platform corresponding to the page;
if the current time is not in the white list, the verification result is that the current time is not passed;
if the verification result is in the white list, the signature is verified, namely the signature is obtained through calculation of a preset signature algorithm, and the signature obtained through calculation is compared with the signature in the verification parameters;
if the two are different, the check result is that the test result is not passed;
if the two are the same, verifying the terminal capability list which can be called by the service platform, namely verifying whether the terminal capability list which can be called in the verification parameters is consistent with the terminal capability which can be called and allocated to the service platform by the terminal capability management platform according to the serial number of the service platform, and if any terminal capability in the terminal capability list which can be called in the verification parameters is not authorized and allocated by the terminal capability management platform, determining that the verification result is not passed; and if each end capability in the callable end capability list in the verification parameters is authorized and distributed by the end capability management platform, the verification result is passed.
And S102, if the verification result is passed, receiving the verification result sent by the server and the legal end capability of the service platform corresponding to the page.
And if the verification result is passed, verifying whether the invokable end capability list in the parameters is consistent with the invokable end capability distributed to the service platform by the end capability management platform, taking the invokable end capability list in the verification parameters as the legal end capability of the service platform corresponding to the page, and sending the verification result and the legal end capability of the service platform corresponding to the page to the APP client by the first service end for receiving by the APP client.
The APP client also returns the verification result to the page.
Step S103, if the page requests to call the end capability of the APP client, acquiring the URL of the page, judging whether the page has the authority of calling the end capability requested to be called according to the URL and the legal end capability, and if the page has the authority, allowing the page to call the end capability requested to be called.
When a page requests to call the end capability of an APP client, acquiring a URL of the page, judging whether the page can call the end capability requested to be called or not according to the URL of the page and the legal end capability, if so, indicating that the page has the authority of calling the end capability requested to be called, and allowing the page to call the end capability requested to be called; if not, the page is not allowed to call the requested end capability if the page does not have the authority of calling the requested end capability.
According to the embodiment of the invention, whether the page has the authority of calling the requested calling end capability is verified, and the calling of the requested calling end capability is allowed only when the verification is passed, so that the authority of the calling end capability can be managed and controlled, the unauthorized calling of the page to the end capability needing authorization is effectively prevented, the calling safety of the end capability is ensured, the use safety of the APP client is ensured, and the safety risk is avoided.
Based on the content of the above embodiment, the method for determining whether the page has the authority to invoke the end capability called by the invocation request between the step of obtaining the URL of the page and the step of judging whether the page has the authority to invoke the end capability called by the invocation request according to the URL and the legal end capability further includes: and locally caching the verification result and the legal end capability.
Specifically, after receiving the verification result sent by the first server and the legal end capability of the service platform corresponding to the page, the APP client performs local caching on the verification result and the legal end capability and caches the verification result and the legal end capability to the mobile terminal.
After the URL of the page is obtained, when the information of the legal end capability of the service platform is stored in a local cache, the domain name in the URL of the page is used as a core parameter, and the memory function of the end capability of the APP client which can be called by the service platform corresponding to the page is realized.
After the verification result and the legal end capability are locally cached, whether the page has the authority of calling the end capability called by the request or not is judged according to the URL and the legal end capability.
When the verification result and the legal end capability are cached locally, the caching can be carried out through an encryption algorithm, the possibility that the information of the legal end capability of the service platform is stolen is reduced, and the safety is improved.
According to the embodiment of the invention, the information of the terminal capability of the APP client allowing the page calling is stored in the local cache, so that when the page is jumped and accessed, all the pages belonging to the domain name in the URL of the page have the terminal capability use permission for calling the corresponding service platform, and the legal use of the terminal capability is effectively ensured. Furthermore, the efficiency of verifying the authority of the calling terminal capability can be effectively improved, the verification that a user does not sense is realized, the user experience is improved, the calling of the server terminal is reduced, the repeated calling of the server terminal is avoided, and the pressure of the server terminal is reduced.
Based on the content of the above embodiment, the specific step of locally caching the verification result includes: and storing the check result into a local cache, and setting an error count corresponding to the page to be 0.
Specifically, the passed verification result is stored in the local cache, the flag indicating whether the verification is passed is set to true, and the error count corresponding to the page is set to 0 because the current initialized verification result is passed.
And the error count corresponding to the page refers to the error count corresponding to the service platform corresponding to the page.
It can be understood that, since the verification parameter is generated by the second server and sent to the page, the verification result is the verification result corresponding to the page and is also the verification result of the service platform corresponding to the page.
If the verification result of the service platform corresponding to the page exists in the local cache, modifying the existing verification result into a pass verification result; if not, the passed check result is saved in a local cache.
According to the embodiment of the invention, the verification result is locally cached, so that the imperceptible verification of the user can be realized, the user experience is improved, the calling of the server is reduced, the repeated calling of the server for multiple times is avoided, and the pressure of the server is reduced.
Based on the content of the above embodiment, the specific step of determining whether the page has the authority to invoke the end capability of the request invocation includes: and judging whether the domain name in the URL of the page is an internal domain name.
Specifically, when judging whether the page has the right of calling the end capability called by the request according to the URL and the legal end capability, firstly judging whether the domain name in the URL of the page is an internal domain name.
The internal domain name refers to a domain name of a domain name owner or a tenant, which is the same as a domain name corresponding to a service borne by the APP client.
If the domain name in the URL of the page is an internal domain name, the service borne by the page belongs to the system to which the service borne by the APP client belongs, and therefore the page has the authority of calling the end capability requested to be called.
If the domain name in the URL of the page is not the internal domain name, the service borne by the page does not belong to the system to which the service borne by the APP client belongs, and further verification is needed to determine whether the page has the authority of calling the requested terminal capability.
And if the domain name in the URL of the page is not the internal domain name, judging whether the terminal capability requested to be called is the sensitive terminal capability according to the legal terminal capability.
Specifically, if the domain name in the URL of the page is not the internal domain name, first, whether the end capability requested to be called is the sensitive end capability is determined according to the legal end capability. And when the terminal capabilities requested to be called by the page are multiple items, judging whether sensitive terminal capabilities exist in the terminal capabilities requested to be called by the page.
And the sensitive end capability refers to the end capability which may bring security risk to the APP client.
And according to different sources of the page, using the terminal capabilities with different security levels as sensitive terminal capabilities. The source of a page refers to the domain name in the URL of the page.
For example, the part of the end capability with the lowest security level is not the sensitive end capability for all pages.
And if the terminal capability requested to be called is the sensitive terminal capability, inquiring the local cache.
Specifically, when the end capability requested to be called is the sensitive end capability, the local cache is queried according to the domain name in the URL of the page, and whether a verification result corresponding to the page exists in the local cache is queried.
And if the local cache is inquired to obtain a verification result corresponding to the passed page in the local cache, and the terminal capability requested to be called belongs to the legal terminal capability, determining the judgment result as having the authority.
Specifically, if a verification result of the service platform corresponding to the page exists in the local cache and the verification result is passed, whether the terminal capability requested to be called belongs to the legal terminal capability is judged; if the terminal capabilities requested to be called all belong to legal terminal capabilities, determining the judgment result as that the page has the authority for calling the terminal capabilities requested to be called; if any one end capability in the end capabilities requested to be called does not belong to the legal end capability, determining the judgment result as that the page does not have the authority for calling the end capability requested to be called; and if the verification result of the service platform corresponding to the page exists in the local cache and the verification result is failed, determining the judgment result that the page does not have the authority of calling the end capability of the request calling.
The embodiment of the invention can flexibly judge in a grading way by judging whether the authority of the calling end capability has the authority of the calling request calling end capability or not according to whether the domain name is the internal domain name or not, whether the domain name is the sensitive end capability or not, whether the verification result exists in the local cache or not and whether the authority of the calling request calling end capability has the authority or not is judged according to the legal end capability, thereby effectively improving the efficiency of verifying the authority of the calling end capability and saving the authority verification time.
Based on the content of the foregoing embodiment, after determining whether the end capability requested to be called is the sensitive end capability according to the legal end capability, the method further includes: and if the terminal capability requested to be called is not the sensitive terminal capability, analyzing the page, and determining a judgment result according to an analysis result.
Specifically, if the domain name in the URL of the page is not the internal domain name, the result of determining whether the end capability requested to be called is the sensitive end capability according to the legal end capability is not the sensitive end capability, the page is analyzed, and the determination result is determined according to the analysis result.
The page is analyzed, after multi-dimensional data such as text content, pictures and labels in the page are captured, the data such as the text content, the pictures and the labels in the page are analyzed according to a preset algorithm, and whether the page has the authority of calling the end capability requested to be called is determined according to an analysis result.
The embodiment of the invention judges whether the page has the authority of the terminal capability of the call request through analyzing the page, can flexibly judge in a grading way and saves the authority verification time.
Based on the content of the above embodiment, after generating the verification result corresponding to the page, the method further includes: and if the verification result is not passed, receiving the verification result sent by the server side, and caching the verification result.
Specifically, if the initial check result is failed, the first server sends the check result to the APP client, and the APP client receives the check result.
After the APP client receives the check result sent by the first server, the check result is cached.
Correspondingly, the specific step of locally caching the verification result comprises the following steps: and storing the check result into a local cache, and adding 1 to the error count corresponding to the page.
Specifically, the verification result that is not passed is stored in the local cache, the flag indicating whether the verification is passed is set to false, and since the current initialization verification result is not passed, the error count corresponding to the page is increased by 1, and a failure callback function is called.
If the verification result of the service platform corresponding to the page exists in the local cache, modifying the existing verification result into a non-pass verification result; if not, the passed check result is saved in a local cache.
Correspondingly, the steps of receiving the verification information sent by the page and sending the verification information to the server further comprise: querying a local cache; and if the local cache is inquired to obtain the verification result corresponding to the page which does not pass in the local cache, and the error count corresponding to the page does not reach the preset maximum number, sending the verification information to the server.
As the check result and the error count corresponding to each service platform are stored in the local cache, the local cache is inquired after the check information sent by the page is received.
And if the local cache is inquired to obtain that the verification result corresponding to the service platform corresponding to the page exists in the local cache and the verification result does not pass, judging whether the error count corresponding to the page reaches the preset maximum number of times.
The embodiment of the present invention does not specifically limit the specific maximum times.
If the preset maximum times are reached, directly returning error information to the page, wherein the verification does not pass; and if the preset maximum times are not reached, sending the verification information to the first server side, and performing initialization verification by the first server side.
For example, the preset maximum number of times is 3, if the error count is 0 to 2 times, the check information is sent to the first service end, and the first service end performs initialization verification; if the error count is 3 times, the result of the verification error is directly returned, and the verification information is not sent to the first server.
According to the embodiment of the invention, the verification result is locally cached, so that the imperceptible verification of the user can be realized, the user experience is improved, the calling of the server is reduced, the repeated calling of the server for multiple times is avoided, and the pressure of the server is reduced. Further, whether the error count corresponding to the page in the local cache reaches the preset maximum number is judged, and the check information is sent to the first server side for initialization verification when the error count does not reach the preset maximum number, so that the calling of the server side can be further reduced, and the pressure of the server side is reduced.
Based on the content of the above embodiment, after the page is triggered by the APP client, the method further includes: when the page is triggered through the APP client, the page is operated in the webpage container, and if the webpage container monitors that a preset cache clearing condition is met, the local cache is emptied.
When a page is triggered through an APP client, the page runs in a webpage container.
Embodiments of the present invention are not limited with respect to the particular type of web page container. For example, the page runs in a Webview container.
When JS or CSS in a page is loaded in a webpage container through an APP client, the default loading method is that when the same JS or CSS file content exists in a cache, the local cache is loaded firstly by default. When the Webview container is abnormal or the file is loaded successfully, the situation that the opening is abnormal and the like occurs, the subsequent opening is a failed page easily. In addition, the JS or CSS file in the page is updated, and the file name or link is not time-stamped, so that various errors occur when the local cache is directly loaded. In order to avoid the problems, a cache clearing condition is preset, and the Webview container monitors whether the Webview container meets the requirements or not.
When the end capability of the APP client that can be called by the service platform changes, that is, part of the end capability of the service platform corresponding to the page is recovered, if the information of the end capability of the APP client that can be called by the service platform in the cache is not changed, the recovered end capability may still be called, so that a risk exists.
If the webpage container monitors that the preset cache clearing condition is met, the client capability of the APP client which can be called by the service platform is changed, and the local cache is automatically cleared, so that when the page is verified whether to have the authority of calling the requested calling client capability, the local cache is empty, the original local cache is not queried to be verified actually, and initialization verification is performed again.
According to the embodiment of the invention, through the buried point destruction mechanism, when the preset cache removal condition is met, the local cache is emptied, so that the intelligent destruction of the local cache can be completed, the timeliness of the authorization and the effectiveness of the end capability is ensured, and the possibility that the recovered end capability is still called is avoided.
Fig. 2 is a functional block diagram of an apparatus for calling end capability according to an embodiment of the present invention. Based on the content of the above embodiment, as shown in fig. 3, an apparatus for calling side capability includes an information sending module 201, a result receiving module 202, and a right verification module 203, where:
the information sending module 201 is configured to receive the verification information sent by the page after the page is triggered by the APP client, and send the verification information to the server, so that the server verifies the verification information to generate a verification result corresponding to the page;
the result receiving module 202 is configured to receive, if the verification result is that the verification result passes, the verification result sent by the server and the legal end capability of the service platform corresponding to the page;
the permission verification module 203 is configured to, if the page requests to invoke the end capability of the APP client, obtain a URL of the page, determine whether the page has a permission to invoke the end capability requested to be invoked according to the URL and the legal end capability, and if the determination result is that the page has the permission, allow the page to invoke the end capability requested to be invoked.
The specific method and flow for implementing the corresponding function by each module included in the device for calling the end capability according to the embodiment of the present invention are detailed in the embodiment of the method for calling the end capability, and are not described herein again.
The device for calling terminal capability is used for the method for calling terminal capability in the foregoing embodiments. Therefore, the description and definition in the method for calling the capability in the foregoing embodiments may be used for understanding each execution module in the embodiments of the present invention.
According to the embodiment of the invention, whether the page has the authority of calling the requested calling end capability is verified, and the calling of the requested calling end capability is allowed only when the verification is passed, so that the authority of the calling end capability can be managed and controlled, the unauthorized calling of the page to the end capability needing authorization is effectively prevented, the calling safety of the end capability is ensured, the use safety of the APP client is ensured, and the safety risk is avoided.
Fig. 3 is a block diagram of an electronic device according to an embodiment of the present invention. Based on the content of the above-described embodiment, as shown in fig. 3, an electronic apparatus includes: a processor (processor)301, a memory (memory)302, and a bus 303; wherein, the processor 301 and the memory 302 complete the communication with each other through the bus 303; processor 301 is configured to call program instructions in memory 302 to perform the methods provided by the various method embodiments described above, including, for example: after the page is triggered through the APP client, receiving verification information sent by the page, and sending the verification information to the server, so that the server verifies the verification information to generate a verification result corresponding to the page; if the verification result is passed, receiving the verification result sent by the server and the legal end capability of the service platform corresponding to the page; if the page requests to call the end capability of the APP client, the URL of the page is obtained, whether the page has the authority for calling the end capability requested to be called is judged according to the URL and the legal end capability, and if the page has the authority, the page is allowed to call the end capability requested to be called.
Another embodiment of the present invention discloses a computer program product comprising a computer program stored on a non-transitory computer-readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the above-mentioned method embodiments, for example, including: after the page is triggered through the APP client, receiving verification information sent by the page, and sending the verification information to the server, so that the server verifies the verification information to generate a verification result corresponding to the page; if the verification result is passed, receiving the verification result sent by the server and the legal end capability of the service platform corresponding to the page; if the page requests to call the end capability of the APP client, the URL of the page is obtained, whether the page has the authority for calling the end capability requested to be called is judged according to the URL and the legal end capability, and if the page has the authority, the page is allowed to call the end capability requested to be called.
Another embodiment of the present invention provides a non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the methods provided by the above method embodiments, for example, including: after the page is triggered through the APP client, receiving verification information sent by the page, and sending the verification information to the server, so that the server verifies the verification information to generate a verification result corresponding to the page; if the verification result is passed, receiving the verification result sent by the server and the legal end capability of the service platform corresponding to the page; if the page requests to call the end capability of the APP client, the URL of the page is obtained, whether the page has the authority for calling the end capability requested to be called is judged according to the URL and the legal end capability, and if the page has the authority, the page is allowed to call the end capability requested to be called.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. It is understood that the above-described technical solutions may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method of the above-described embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A method of invoking peer capabilities, comprising:
after triggering a page through an APP client, receiving verification information sent by the page, and sending the verification information to a server, so that the server verifies the verification information to generate a verification result corresponding to the page;
if the verification result is passed, receiving the verification result sent by the server and the legal end capability of the service platform corresponding to the page;
if the page requests to call the end capability of the APP client, the URL of the page is obtained, whether the page has the authority for calling the end capability requested to be called is judged according to the URL and the legal end capability, and if the judgment result shows that the page has the authority, the page is allowed to call the end capability requested to be called.
2. The method for calling terminal capability according to claim 1, wherein the step between obtaining the URL of the page and determining whether the page has the right to call the terminal capability requested to be called according to the URL and the legal terminal capability further comprises:
and locally caching the verification result and the legal end capability.
3. The method for calling side capability according to claim 2, wherein the specific step of locally caching the verification result comprises:
and storing the check result into a local cache, and setting an error count corresponding to the page to be 0.
4. The method for invoking peer capability according to claim 3, wherein the step of determining whether the page has the right to invoke the peer capability requesting the invocation comprises:
judging whether the domain name in the URL of the page is an internal domain name or not;
if the domain name in the URL of the page is not the internal domain name, judging whether the terminal capability requested to be called is the sensitive terminal capability according to the legal terminal capability;
if the terminal capability requested to be called is the sensitive terminal capability, inquiring a local cache;
and if the local cache is inquired to obtain the verification result corresponding to the page which passes in the local cache, and the terminal capability requested to be called belongs to the legal terminal capability, determining the judgment result as having the authority.
5. The method for invoking a peer capability according to claim 4, wherein after determining whether the peer capability requested to be invoked is a sensitive peer capability according to the legal peer capability, further comprising:
and if the terminal capability requested to be called is not the sensitive terminal capability, analyzing the page, and determining a judgment result according to an analysis result.
6. The method for invoking the end capability according to claim 3, wherein after generating the verification result corresponding to the page, further comprising:
if the check result is not passed, receiving the check result sent by the server side, and caching the check result;
correspondingly, the specific step of locally caching the verification result includes:
storing the check result into a local cache, and adding 1 to the error count corresponding to the page;
the receiving the verification information sent by the page and the sending the verification information to the server further comprise:
querying a local cache;
and if the local cache is inquired to obtain that the check result corresponding to the page which does not pass exists in the local cache and the error count corresponding to the page does not reach the preset maximum number, sending the check information to a server.
7. The method for invoking a peer capability according to any one of claims 2 to 5, wherein after triggering the page by the APP client, further comprising:
when the page is triggered through the APP client, the page is operated in the webpage container, and if the webpage container monitors that preset cache clearing conditions are met, the local cache is emptied.
8. An apparatus for invoking peer capabilities, comprising:
the information sending module is used for receiving the verification information sent by the page after the page is triggered by the APP client, and sending the verification information to the server, so that the server verifies the verification information and generates a verification result corresponding to the page;
the result receiving module is used for receiving the verification result sent by the server and the legal end capability of the service platform corresponding to the page if the verification result is passed;
and the permission verification module is used for acquiring the URL of the page if the page requests to call the end capability of the APP client, judging whether the page has the permission for calling the end capability requested to be called or not according to the URL and the legal end capability, and allowing the page to call the end capability requested to be called if the judgment result shows that the page has the permission.
9. An electronic device, comprising:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein:
the memory stores program instructions executable by the processor, the processor invoking the program instructions to perform the method of any of claims 1 to 7.
10. A non-transitory computer-readable storage medium storing computer instructions that cause a computer to perform the method of any one of claims 1 to 7.
CN201811228436.0A 2018-10-22 2018-10-22 Method and device for calling terminal capability, electronic equipment and storage medium Active CN111083093B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811228436.0A CN111083093B (en) 2018-10-22 2018-10-22 Method and device for calling terminal capability, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811228436.0A CN111083093B (en) 2018-10-22 2018-10-22 Method and device for calling terminal capability, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN111083093A true CN111083093A (en) 2020-04-28
CN111083093B CN111083093B (en) 2022-06-03

Family

ID=70309698

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811228436.0A Active CN111083093B (en) 2018-10-22 2018-10-22 Method and device for calling terminal capability, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN111083093B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112637116A (en) * 2020-10-30 2021-04-09 彩讯科技股份有限公司 Page-based terminal capability calling method, device, terminal and storage medium
CN114003412A (en) * 2021-12-27 2022-02-01 支付宝(杭州)信息技术有限公司 Method and device for communicating small program and host program
CN114205099A (en) * 2020-08-31 2022-03-18 华为技术有限公司 Webpage authentication method, electronic equipment and system
CN114448648A (en) * 2022-04-07 2022-05-06 天聚地合(苏州)科技股份有限公司 Sensitive credential management method and system based on RPA

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103973642A (en) * 2013-01-30 2014-08-06 中国电信股份有限公司 Method and device for realizing JS API security access control
US8843847B1 (en) * 2012-07-29 2014-09-23 Joingo, Llc System and method for native application control of HTML5 content
CN104572278A (en) * 2014-12-22 2015-04-29 百度在线网络技术(北京)有限公司 Method, device and equipment for light application to call local end capability
CN107656762A (en) * 2017-10-13 2018-02-02 上海酷屏信息技术有限公司 A kind of method and system that third party's function is realized in APP
CN107888656A (en) * 2017-10-09 2018-04-06 北京京东尚科信息技术有限公司 Service the call method and calling device of end interface

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8843847B1 (en) * 2012-07-29 2014-09-23 Joingo, Llc System and method for native application control of HTML5 content
CN103973642A (en) * 2013-01-30 2014-08-06 中国电信股份有限公司 Method and device for realizing JS API security access control
CN104572278A (en) * 2014-12-22 2015-04-29 百度在线网络技术(北京)有限公司 Method, device and equipment for light application to call local end capability
CN107888656A (en) * 2017-10-09 2018-04-06 北京京东尚科信息技术有限公司 Service the call method and calling device of end interface
CN107656762A (en) * 2017-10-13 2018-02-02 上海酷屏信息技术有限公司 A kind of method and system that third party's function is realized in APP

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114205099A (en) * 2020-08-31 2022-03-18 华为技术有限公司 Webpage authentication method, electronic equipment and system
CN114205099B (en) * 2020-08-31 2023-11-10 华为技术有限公司 Webpage authentication method, electronic equipment and system
CN112637116A (en) * 2020-10-30 2021-04-09 彩讯科技股份有限公司 Page-based terminal capability calling method, device, terminal and storage medium
CN114003412A (en) * 2021-12-27 2022-02-01 支付宝(杭州)信息技术有限公司 Method and device for communicating small program and host program
CN114448648A (en) * 2022-04-07 2022-05-06 天聚地合(苏州)科技股份有限公司 Sensitive credential management method and system based on RPA
CN114448648B (en) * 2022-04-07 2022-08-23 天聚地合(苏州)科技股份有限公司 Sensitive credential management method and system based on RPA

Also Published As

Publication number Publication date
CN111083093B (en) 2022-06-03

Similar Documents

Publication Publication Date Title
KR102514325B1 (en) Model training system and method, storage medium
CN111083093B (en) Method and device for calling terminal capability, electronic equipment and storage medium
CN108810006B (en) Resource access method, device, equipment and storage medium
CN112333198B (en) Secure cross-domain login method, system and server
US10810055B1 (en) Request simulation for ensuring compliance
US9641535B2 (en) Apparatus and data processing systems for accessing an object
CN108289098B (en) Authority management method and device of distributed file system, server and medium
CN107015996A (en) A kind of resource access method, apparatus and system
CN113646761A (en) Providing application security, authentication and feature analysis to applications
JP2017503288A (en) Automatic SDK acceptance
KR20140056005A (en) Data transit control between distributed systems in terms of security
US11770385B2 (en) Systems and methods for malicious client detection through property analysis
CN112947945B (en) Multi-type application release method and device, computer equipment and storage medium
CN111614624A (en) Risk detection method, device, system and storage medium
CN111737687A (en) Access control method, system, electronic device and medium for webpage application system
CN110968400B (en) Application program execution method and device, computer equipment and storage medium
CN107645474B (en) Method and device for logging in open platform
CN112560006B (en) Single sign-on method and system under multi-application system
CN111970253B (en) PEP configuration method and device, electronic equipment and storage medium
US12015502B2 (en) Artificial intelligence integration of third-party software into large-scale digital platforms
CN109992298B (en) Examination and approval platform expansion method and device, examination and approval platform and readable storage medium
CN115242433B (en) Data processing method, system, electronic device and computer readable storage medium
CN113761503B (en) Interface call processing method and device
CN114386047A (en) Application vulnerability detection method and device, electronic equipment and storage medium
CN107566410A (en) A kind of data save message request treating method and apparatus from damage

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant