CN111539006A - Authority management and control method and device - Google Patents
Authority management and control method and device Download PDFInfo
- Publication number
- CN111539006A CN111539006A CN202010337036.4A CN202010337036A CN111539006A CN 111539006 A CN111539006 A CN 111539006A CN 202010337036 A CN202010337036 A CN 202010337036A CN 111539006 A CN111539006 A CN 111539006A
- Authority
- CN
- China
- Prior art keywords
- access request
- request
- access
- target resource
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012795 verification Methods 0.000 claims description 22
- 230000003068 static effect Effects 0.000 claims description 11
- 238000012545 processing Methods 0.000 abstract description 17
- 238000007726 management method Methods 0.000 description 23
- 238000010586 diagram Methods 0.000 description 5
- 238000013475 authorization Methods 0.000 description 4
- 230000007547 defect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a permission management and control method and device. The authority control method comprises the following steps: receiving an access request and determining the type of the access request; feeding back a target resource based on the access request under the condition that the access request is an unrestricted access request; and determining the feasibility of the access request in the case that the access request is a limited access request, and feeding back a target resource based on the access request in the case that the access request is feasible. The authority control method and the authority control device can effectively improve the processing efficiency of the access request and the speed of resource feedback, improve the safety of related systems, and effectively avoid the problems of unauthorized access, unauthorized access and the like.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and an apparatus for managing and controlling permissions, a computing device, and a computer-readable storage medium.
Background
Information security is one of important contents of construction and daily operation and maintenance of an operator business system, and how to prevent illegal access to obtain user data is an important control aspect of information security.
A Customer relationship management system (CRM) is a kind of web site, and all access resources, including pictures, services, and the like, are accessed through Uniform Resource Identifiers (URIs), but the Customer relationship management system often has the problems of unauthorized access and unauthorized access, and a great potential hazard is caused to a safety belt of the system.
Unauthorized access means that the user can directly access the system page without logging in. The unauthorized access means that careless mistakes are made during the checking authorization process, so that an attacker can bypass the authorization check by some modes under the condition of obtaining a low-authorization user account, access or operate a high-authorization function which is originally not authorized to access, or tamper the data to access unauthorized data. The unauthorized access includes both vertical unauthorized access and horizontal unauthorized access. The method is characterized in that the vertical unauthorized access also becomes authority promotion and is a vulnerability caused by a design defect of URL-based access control, and because the Web application program does not perform authority control or only performs authority control on a menu, a malicious user can access or control data or pages owned by other roles as long as guessing the URLs of other management pages, so that the purpose of authority promotion is achieved. The horizontal unauthorized access is a vulnerability caused by a design defect of 'data-based access control', and is caused by the fact that a server side does not judge the belongings of data when receiving request data for operation.
At present, when the security vulnerabilities occur, a customer relationship management system can only discover interception together, and cannot fundamentally manage and control, which becomes a problem to be solved urgently.
Disclosure of Invention
In view of this, embodiments of the present disclosure provide a method and an apparatus for managing and controlling permissions, a computing device, and a computer-readable storage medium, so as to solve technical defects in the prior art.
The application discloses a permission management and control method, which comprises the following steps:
receiving an access request and determining the type of the access request;
feeding back a target resource based on the access request under the condition that the access request is an unrestricted access request;
and determining the feasibility of the access request in the case that the access request is a limited access request, and feeding back a target resource based on the access request in the case that the access request is feasible.
Further, before the receiving the access request, the method further includes:
receiving identity information of a user, and storing the identity information of the user into a micro service gateway;
the determining the feasibility of the access request comprises:
determining feasibility of the access request based on the identity information of the user.
Further, the determining the feasibility of the access request based on the identity information of the user comprises:
generating a permission verification request based on the access request;
sending the access request and the permission verification request to a sub-server, wherein the sub-server obtains the identity information of the user through the micro service gateway based on the permission verification request;
the sub-server determines feasibility of the access request based on identity information of the user.
Further, the method further comprises:
and intercepting the access request and feeding back access failure information in the condition that the access request is not feasible.
Further, the feeding back a target resource based on the access request under the condition that the access request is an unrestricted access request includes:
and under the condition that the access request is not limited, sending a static target resource calling request to a reverse proxy server based on the access request, and calling the static target resource through the reverse proxy server.
Further, the feeding back a target resource based on the access request if the access request is feasible includes:
and sending a dynamic target resource calling request to a micro service gateway based on the access request under the condition that the access request is feasible, and calling the dynamic target resource through the micro service gateway.
The application also discloses authority management and control device includes:
a request receiving module configured to receive an access request and determine a type of the access request;
a first feedback module configured to feed back a target resource based on the access request in case that the access request is an unrestricted access request;
the second feedback module is configured to determine the feasibility of the access request in the case that the access request is a limited access request, and feed back a target resource based on the access request in the case that the access request is feasible.
The application also discloses a computing device, which comprises a memory, a processor and computer instructions stored on the memory and capable of running on the processor, wherein the processor executes the instructions to realize the steps of the authority control method.
The application also discloses a computer readable storage medium, which stores computer instructions, and is characterized in that the instructions are executed by a processor to realize the steps of the authority control method.
According to the method and the device for managing and controlling the authority, the access request is received, the type of the access request is determined, different processing modes can be adopted for different types of access requests, personalized processing of the access request is facilitated, target resources are directly fed back for unlimited access requests, processing efficiency of the access request without secret involvement can be effectively improved, feasibility of the access request is judged for limited access requests, the target resources are fed back under the condition that the access request is feasible, safety of a system can be effectively improved, and secret leakage and the like are prevented. The authority control method and the authority control device can effectively improve the processing efficiency of the access request and the speed of resource feedback, improve the safety of related systems, and effectively avoid the problems of unauthorized access, unauthorized access and the like.
Drawings
Fig. 1 is a schematic flowchart of a method for managing and controlling permissions according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a rights management system according to an embodiment of the present disclosure;
fig. 3 is a flowchart illustrating a method for managing and controlling permissions according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a rights management device according to an embodiment of the present disclosure;
fig. 5 is a block diagram of a computing device according to an embodiment of the present disclosure.
Detailed Description
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many different forms and should not be construed as limited to the embodiments set forth herein, as those skilled in the art will be able to make and use the present disclosure without departing from the spirit and scope of the present disclosure.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It will be understood that, although the terms first, second, etc. may be used herein in one or more embodiments to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first can also be referred to as a second and, similarly, a second can also be referred to as a first without departing from the scope of one or more embodiments of the present description. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In this specification, a method and an apparatus for managing and controlling permissions, a computing device, and a computer-readable storage medium are provided, and details are described in the following embodiments one by one.
As shown in fig. 1, the present embodiment discloses a method for managing and controlling permissions, which includes steps S110 to S130.
S110, receiving an access request and determining the type of the access request.
Specifically, the access request may be a request initiated by a user to the server through the client to access a resource, invoke a service, and the like. For most system software, the content accessible to users at different levels is usually different, and the content accessible to users at lower levels or the available services are fewer, and the content accessible to users and the available services increase with the increase of the user level.
The access request comprises an access unlimited request and an access limited request, wherein the access unlimited request refers to a request for accessing a non-confidential resource or using a non-confidential service, and the access limited request refers to a request for accessing a confidential resource or using a confidential service. The non-confidential resource or the non-confidential service is a resource or a called service which can be accessed by all users, and the confidential resource or the confidential service is a resource or a called service which can be accessed by some users.
The method for managing and controlling the authority helps to provide different types of feedback according to different types of requests by determining the type of the access request, and improves the system security.
And S120, feeding back target resources based on the access request under the condition that the access request is an unlimited access request.
Specifically, in the case that the access request is an unrestricted access request, a static target resource calling request may be sent to the reverse proxy server based on the access request, and the static target resource may be called by the reverse proxy server.
Preferably, the reverse proxy server is an Nginx reverse proxy server.
According to the method for managing and controlling the authority, under the condition that the access request is not limited, the target resource is directly fed back to the client based on the access request, so that the resource feedback efficiency can be improved, the service calling efficiency can be improved, and the user experience can be improved.
S130, determining the feasibility of the access request under the condition that the access request is a limited access request, and feeding back target resources based on the access request under the condition that the access request is feasible.
Specifically, in the case where the access request is a restricted access request, a permission verification request may be generated based on the access request; sending the access request and the permission verification request to a sub-server, wherein the sub-server obtains the identity information of the user through the micro service gateway based on the permission verification request; the sub-server determines feasibility of the access request based on identity information of the user.
The identity information can include an account number, a job number, a password, a grade, authority and the like of the user, can be obtained through login operation or identity authentication operation of the user, is stored in a redis storage medium through the micro service gateway, and can be called from the redis storage medium through the micro service gateway when the identity information needs to be called.
In the case that the access request is available, a dynamic target resource calling request can be sent to the micro service gateway based on the access request, and the dynamic target resource can be called through the micro service gateway.
And intercepting the access request and feeding back access failure information in the condition that the access request is not feasible. The access request is intercepted, that is, the user does not have the access right and refuses to perform the access request, and the access failure information can be any prompt capable of expressing the meaning of being inaccessible, which is not limited in the application.
The method for managing and controlling the authority can effectively avoid the conditions of unauthorized access and unauthorized access by judging the feasibility of the access request, and improve the access security.
The method for managing and controlling the authority provided by the embodiment can adopt different processing modes for different types of access requests by receiving the access requests and determining the types of the access requests, and is beneficial to realizing personalized processing of the access requests, wherein for unlimited access requests, target resources are directly fed back, the processing efficiency for the access requests which are not involved in secret can be effectively improved, the feasibility of the limited access requests needs to be judged, and the target resources are fed back under the condition that the access requests are feasible, so that the safety of a system can be effectively improved, and the occurrence of conditions such as secret leakage can be prevented.
As shown in fig. 2, the present embodiment discloses a rights management system, which includes a client and a server, where the server includes a first server, a second server, a micro service gateway, and a micro service.
Specifically, the client may be a terminal such as a computer or a mobile phone, which is not limited in this application.
In this embodiment, the first server may be regarded as a window with a service side facing a client, and the first server may receive an access request sent by the client, generate an authority verification request and a service invocation request based on the access request, send the authority verification request and the service invocation request to the second server and the micro service gateway, respectively, and also receive a verification result sent by the second server and/or a target resource sent by the micro service gateway, and send the target resource to the client.
In this embodiment, the second server may receive the permission verification request sent by the first server, acquire the identity information of the user through the microservice gateway based on the permission verification request, verify the identity information of the user, and feed back the verification result to the first server.
The micro service gateway is an interface used for receiving all external requests and forwarding the requests to the micro service at the back end. In this embodiment, when a user performs operations such as login or identity authentication using an account, a password, and the like, the identity information of the user may be directly sent to the micro service gateway, the micro service gateway may receive a service invocation request (a static resource invocation request or a dynamic resource invocation request) sent by the first server, invoke resources in the micro service based on the service invocation request and feed back the resources to the first server, and may also send the identity information of the user to the second server, which facilitates performing permission verification.
A microservice is a software architecture composed of numerous small services. In this embodiment, the micro service gateway may perform service call and resource call.
The services under the micro-service architecture are respectively deployed, and the architecture is characterized in that the front end and the back end are separated, the micro-service deployment is dispersed, and service registration and discovery are carried out through a gateway. The services published to the outside are all services of the restul style. Restul features include: (1) each URI represents 1 resource; (2) the client uses GET, POST, PUT and DELETE4 verbs representing operation modes to operate the server resources: GET is used for obtaining resources, POST is used for newly building resources (or updating resources), PUT is used for updating resources, and DELETE is used for deleting resources; (3) operating the resource through a representation of the operating resource; (4) the representation form of the resource is XML or HTML; (5) the interaction between the client and the server is stateless between requests, and each request from the client to the server must contain the information necessary to understand the request.
The privilege management and control system described in this embodiment is implemented under the framework of microservice, all calls are implemented by URIs, all requests are intercepted and distributed by a first server, and a privilege is verified by a second server, so that fundamental management and control on network security can be implemented.
As shown in fig. 3, the present embodiment discloses a rights management method, which is applied to the rights management system described in the above embodiments, and includes steps S310 to S370.
S310, the first server receives the identity information of the user and stores the identity information of the user into the micro-service gateway.
S320, the first server receives the access request sent by the client.
Specifically, in the case that the access request is an unrestricted access request, continue to execute step S330; if the access request is a restricted access request, the process proceeds to step S340.
S330, the first server sends a static target resource calling request to the reverse proxy server and calls the static target resource to feed back to the client.
S340, the first server generates an authority verification request based on the access request, and sends the access request and the authority verification request to the second server, and the second server obtains the identity information of the user through the micro service gateway based on the authority verification request.
And S350, the second server judges whether the access request is feasible or not based on the identity information of the user, if so, the step S360 is executed, and if not, the step S370 is executed.
S360, the first server sends a dynamic target resource calling request to the micro service gateway and calls the dynamic target resource to feed back to the client.
And S370, the first server intercepts the access request and feeds back access failure information to the client.
It should be noted that the technical solution of the present embodiment is the same as the technical solution of the above-mentioned method and system for managing rights, and details that are not described in detail in the technical solution of the present embodiment can be referred to the descriptions of the technical solutions of the method and system for managing rights.
The method for managing and controlling the authority provided by the embodiment can adopt different processing modes for different types of access requests by receiving the access requests and determining the types of the access requests, and is beneficial to realizing personalized processing of the access requests, wherein for unlimited access requests, target resources are directly fed back, the processing efficiency for the access requests which are not involved in secret can be effectively improved, the feasibility of the limited access requests needs to be judged, and the target resources are fed back under the condition that the access requests are feasible, so that the safety of a system can be effectively improved, and the occurrence of conditions such as secret leakage can be prevented.
The method and the device for managing and controlling the authority can effectively improve the processing efficiency of the access request and the speed of resource feedback, improve the safety of a related system, and effectively avoid the problems of unauthorized access, unauthorized access and the like.
As shown in fig. 4, the present embodiment provides a rights management apparatus, including:
a request receiving module 410 configured to receive an access request and determine a type of the access request;
a first feedback module 420 configured to feed back a target resource based on the access request in case the access request is an unrestricted access request;
a second feedback module 430 configured to determine feasibility of the access request if the access request is a restricted access request, and to feed back a target resource based on the access request if the access request is feasible.
Optionally, the right management apparatus further includes:
the identity receiving module is configured to receive identity information of a user and store the identity information of the user into the micro service gateway;
optionally, the second feedback module 430 is further configured to:
determining feasibility of the access request based on the identity information of the user.
Optionally, the second feedback module 430 is further configured to:
generating a permission verification request based on the access request;
sending the access request and the permission verification request to a sub-server, wherein the sub-server obtains the identity information of the user through the micro service gateway based on the permission verification request;
the sub-server determines feasibility of the access request based on identity information of the user.
Optionally, the right management apparatus further includes:
and the access intercepting module is configured to intercept the access request and feed back access failure information in the case that the access request is not feasible.
Optionally, the first feedback module 420 is further configured to:
and under the condition that the access request is not limited, sending a static target resource calling request to a reverse proxy server based on the access request, and calling the static target resource through the reverse proxy server.
Optionally, the second feedback module 430 is further configured to:
and sending a dynamic target resource calling request to a micro service gateway based on the access request under the condition that the access request is feasible, and calling the dynamic target resource through the micro service gateway.
The permission management and control device provided by this embodiment, by receiving the access request and determining the type of the access request, may adopt different processing manners for different types of access requests, and is helpful for implementing personalized processing of the access request, wherein for an unrestricted access request, a target resource is directly fed back, so that processing efficiency for an access request without secret involvement may be effectively improved, feasibility of the restricted access request needs to be determined, and the target resource is fed back in the case that the access request is feasible, so that security of the system may be effectively improved, and occurrence of conditions such as secret leakage may be prevented. The authority management and control device provided by the embodiment can effectively improve the processing efficiency of the access request and the speed of resource feedback, improve the safety of a related system, and effectively avoid the problems of unauthorized access, unauthorized access and the like.
As shown in fig. 5, fig. 5 is a block diagram illustrating a computing device 500 provided according to an embodiment of the present disclosure. The components of the computing device 500 include, but are not limited to, a memory 510 and a processor 520. Processor 520 is coupled to memory 510 via bus 530, and database 550 is used to store data.
Computing device 500 also includes access device 550, access device 550 enabling computing device 500 to communicate via one or more networks 560. Examples of such networks include the Public Switched Telephone Network (PSTN), a Local Area Network (LAN), a Wide Area Network (WAN), a Personal Area Network (PAN), or a combination of communication networks such as the internet. Access device 550 may include one or more of any type of network interface (e.g., a Network Interface Card (NIC)) whether wired or wireless, such as an IEEE802.11 Wireless Local Area Network (WLAN) wireless interface, a worldwide interoperability for microwave access (Wi-MAX) interface, an ethernet interface, a Universal Serial Bus (USB) interface, a cellular network interface, a bluetooth interface, a Near Field Communication (NFC) interface, and so forth.
In one embodiment of the present description, the above-described components of computing device 500, as well as other components not shown in FIG. 5, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device architecture shown in FIG. 5 is for purposes of example only and is not limiting as to the scope of the present description. Those skilled in the art may add or replace other components as desired.
Computing device 500 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smartphone), wearable computing device (e.g., smartwatch, smartglasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 500 may also be a mobile or stationary server.
Wherein processor 520 is configured to execute the following computer-executable instructions:
receiving an access request and determining the type of the access request;
feeding back a target resource based on the access request under the condition that the access request is an unrestricted access request;
and determining the feasibility of the access request in the case that the access request is a limited access request, and feeding back a target resource based on the access request in the case that the access request is feasible.
The above is an illustrative scheme of a computing device of the present embodiment. It should be noted that the technical solution of the computing device and the technical solution of the above-mentioned rights management method belong to the same concept, and details that are not described in detail in the technical solution of the computing device can be referred to the description of the technical solution of the rights management method.
An embodiment of the present specification also provides a computer readable storage medium storing computer instructions that, when executed by a processor, are operable to:
receiving an access request and determining the type of the access request;
feeding back a target resource based on the access request under the condition that the access request is an unrestricted access request;
and determining the feasibility of the access request in the case that the access request is a limited access request, and feeding back a target resource based on the access request in the case that the access request is feasible.
The above is an illustrative scheme of a computer-readable storage medium of the present embodiment. It should be noted that the technical solution of the storage medium belongs to the same concept as the technical solution of the above-mentioned rights management method, and details that are not described in detail in the technical solution of the storage medium can be referred to the description of the technical solution of the rights management method.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The computer instructions comprise computer program code which may be in the form of source code, object code, an executable file or some intermediate form, or the like. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts or combinations, but those skilled in the art should understand that the present disclosure is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present disclosure. Further, those skilled in the art should also appreciate that the embodiments described in this specification are preferred embodiments and that acts and modules referred to are not necessarily required for this description.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
The preferred embodiments of the present specification disclosed above are intended only to aid in the description of the specification. Alternative embodiments are not exhaustive and do not limit the invention to the precise embodiments described. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the specification and its practical application, to thereby enable others skilled in the art to best understand the specification and its practical application. The specification is limited only by the claims and their full scope and equivalents.
Claims (9)
1. A method for managing and controlling authority, comprising:
receiving an access request and determining the type of the access request;
feeding back a target resource based on the access request under the condition that the access request is an unrestricted access request;
and determining the feasibility of the access request in the case that the access request is a limited access request, and feeding back a target resource based on the access request in the case that the access request is feasible.
2. The method of claim 1, prior to said receiving an access request, further comprising:
receiving identity information of a user, and storing the identity information of the user into a micro service gateway;
the determining the feasibility of the access request comprises:
determining feasibility of the access request based on the identity information of the user.
3. The method of claim 2, wherein the determining the feasibility of the access request based on the identity information of the user comprises:
generating a permission verification request based on the access request;
sending the access request and the permission verification request to a sub-server, wherein the sub-server obtains the identity information of the user through the micro service gateway based on the permission verification request;
the sub-server determines feasibility of the access request based on identity information of the user.
4. The method of claim 1, further comprising:
and intercepting the access request and feeding back access failure information in the condition that the access request is not feasible.
5. The method of claim 1, wherein feeding back a target resource based on the access request in case that the access request is an unrestricted access request comprises:
and under the condition that the access request is not limited, sending a static target resource calling request to a reverse proxy server based on the access request, and calling the static target resource through the reverse proxy server.
6. The method of claim 1, wherein feeding back a target resource based on the access request if the access request is available comprises:
and sending a dynamic target resource calling request to a micro service gateway based on the access request under the condition that the access request is feasible, and calling the dynamic target resource through the micro service gateway.
7. A rights management apparatus, comprising:
a request receiving module configured to receive an access request and determine a type of the access request;
a first feedback module configured to feed back a target resource based on the access request in case that the access request is an unrestricted access request;
the second feedback module is configured to determine the feasibility of the access request in the case that the access request is a limited access request, and feed back a target resource based on the access request in the case that the access request is feasible.
8. A computing device comprising a memory, a processor, and computer instructions stored on the memory and executable on the processor, wherein the processor implements the steps of the method of any one of claims 1-6 when executing the instructions.
9. A computer-readable storage medium storing computer instructions, which when executed by a processor, perform the steps of the method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010337036.4A CN111539006A (en) | 2020-04-26 | 2020-04-26 | Authority management and control method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010337036.4A CN111539006A (en) | 2020-04-26 | 2020-04-26 | Authority management and control method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111539006A true CN111539006A (en) | 2020-08-14 |
Family
ID=71978822
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010337036.4A Pending CN111539006A (en) | 2020-04-26 | 2020-04-26 | Authority management and control method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111539006A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491807A (en) * | 2020-11-05 | 2021-03-12 | 杭州孝道科技有限公司 | Horizontal override vulnerability detection method based on interactive application detection technology |
| CN112596812A (en) * | 2020-12-22 | 2021-04-02 | 深圳集智数字科技有限公司 | Method, device and equipment for responding operation request and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080263652A1 (en) * | 2007-04-20 | 2008-10-23 | Microsoft Corporation | Request-specific authentication for accessing web service resources |
| CN102447677A (en) * | 2010-09-30 | 2012-05-09 | 北大方正集团有限公司 | Resource access control method, system and equipment |
| CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
| CN110263557A (en) * | 2019-05-31 | 2019-09-20 | 花豹科技有限公司 | Data access control method, storage equipment and computer readable storage medium |
| CN110300124A (en) * | 2019-02-02 | 2019-10-01 | 奇安信科技集团股份有限公司 | Access control method, system, electronic device and readable medium |
| CN110784433A (en) * | 2018-07-31 | 2020-02-11 | 阿里巴巴集团控股有限公司 | User access processing method, device and equipment |
-
2020
- 2020-04-26 CN CN202010337036.4A patent/CN111539006A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080263652A1 (en) * | 2007-04-20 | 2008-10-23 | Microsoft Corporation | Request-specific authentication for accessing web service resources |
| CN102447677A (en) * | 2010-09-30 | 2012-05-09 | 北大方正集团有限公司 | Resource access control method, system and equipment |
| CN108268780A (en) * | 2016-12-30 | 2018-07-10 | 航天信息股份有限公司 | A kind of method and device for being used to control system access |
| CN110784433A (en) * | 2018-07-31 | 2020-02-11 | 阿里巴巴集团控股有限公司 | User access processing method, device and equipment |
| CN110300124A (en) * | 2019-02-02 | 2019-10-01 | 奇安信科技集团股份有限公司 | Access control method, system, electronic device and readable medium |
| CN110263557A (en) * | 2019-05-31 | 2019-09-20 | 花豹科技有限公司 | Data access control method, storage equipment and computer readable storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 邹翔等: "基于双向防御的跨安全域访问控制方法研究", 《信息网络安全》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112491807A (en) * | 2020-11-05 | 2021-03-12 | 杭州孝道科技有限公司 | Horizontal override vulnerability detection method based on interactive application detection technology |
| CN112596812A (en) * | 2020-12-22 | 2021-04-02 | 深圳集智数字科技有限公司 | Method, device and equipment for responding operation request and storage medium |
| CN112596812B (en) * | 2020-12-22 | 2024-05-31 | 深圳集智数字科技有限公司 | Response method, device, equipment and storage medium of operation request |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10574698B1 (en) | Configuration and deployment of decoy content over a network | |
| US9954664B2 (en) | Micro VPN tunneling for mobile platforms | |
| US20180241645A1 (en) | Providing Mobile Device Management Functionalities | |
| US9455886B2 (en) | Providing mobile device management functionalities | |
| US8910264B2 (en) | Providing mobile device management functionalities | |
| WO2016188256A1 (en) | Application access authentication method, system, apparatus and terminal | |
| US20220207164A1 (en) | Method for accessing application and apparatus, electronic device, and storage medium | |
| US10277606B2 (en) | Anonymous application wrapping | |
| US8813179B1 (en) | Providing mobile device management functionalities | |
| US20210182440A1 (en) | System for preventing access to sensitive information and related techniques | |
| US11544415B2 (en) | Context-aware obfuscation and unobfuscation of sensitive content | |
| CN111539006A (en) | Authority management and control method and device | |
| US11557016B2 (en) | Tracking image senders on client devices | |
| CN112073366B (en) | Data processing method for railway financial system and data center | |
| CN115296866B (en) | Access method and device for edge node | |
| CN115834114A (en) | Method for logging in bastion machine, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200814 |