CN111598575A

CN111598575A - Business process control method and device, electronic equipment and readable storage medium

Info

Publication number: CN111598575A
Application number: CN202010428039.9A
Authority: CN
Inventors: 谢伟; 王凯; 朱道彬
Original assignee: Industrial and Commercial Bank of China Ltd ICBC
Current assignee: Industrial and Commercial Bank of China Ltd ICBC
Priority date: 2020-05-19
Filing date: 2020-05-19
Publication date: 2020-08-28
Anticipated expiration: 2040-05-19
Also published as: CN111598575B

Abstract

The present disclosure provides a method for controlling a service process, including: acquiring a request for requesting to process an atomic service in a service flow, wherein the service flow comprises N atomic services with dependency relationship, and N is an integer greater than 1; acquiring a target process control rule corresponding to the request from a configuration center, wherein K process control rules are configured in the configuration center, and K is an integer greater than 1; and performing security check control on the request according to the target process control rule. The disclosure also provides a business process control device, an electronic device and a computer readable storage medium.

Description

Business process control method and device, electronic equipment and readable storage medium

Technical Field

The present disclosure relates to the field of internet technologies, and in particular, to a business process control method, a business process control apparatus, an electronic device, and a computer-readable storage medium.

Background

As business functions become more abundant, business processes become more complex. Taking internet financial transactions as an example, transaction scenes and payment modes are becoming more and more abundant, transaction flows are becoming more and more complex, and developers generally write specific legal security check codes in a service implementation method of each transaction link in order to ensure the security of the transaction flows.

However, when related technologies are adopted for legality security verification, security verification codes needing to be maintained are increasingly complex and heavy, and the work of manually carding and modifying a large number of codes is difficult to guarantee transaction security and adapt to agile development and continuous delivery.

Disclosure of Invention

In view of the above, the present disclosure provides a business process control method, a business process control apparatus, an electronic device, and a computer-readable storage medium.

One aspect of the present disclosure provides a method for controlling a service flow, including: acquiring a request for requesting to process an atomic service in a service flow, wherein the service flow comprises N atomic services with dependency relationship, and N is an integer greater than 1; acquiring a target process control rule corresponding to the request from a configuration center, wherein K process control rules are configured in the configuration center, and K is an integer greater than 1; and performing security check control on the request according to the target process control rule.

According to an embodiment of the present disclosure, the target process control rule includes a target service identification policy and a target process control policy.

According to an embodiment of the present disclosure, the performing security check control on the request according to the target process control rule includes: determining an atomic service type corresponding to the request according to the target service identification strategy; determining whether the request is legal or not according to the atomic service type corresponding to the request and the corresponding preorder link and the target process control strategy; and executing business logic corresponding to the request under the condition that the request is determined to be legal.

According to an embodiment of the present disclosure, determining, according to the atomic service type corresponding to the request and the corresponding preamble link, whether the request is legal according to the target process control policy includes: searching M service processing links matched with the preorder link from the target process control strategy, wherein M is an integer greater than or equal to 1; judging whether a target link exists in the M service processing links; wherein the target link includes an atomic service type corresponding to the request; when a target link exists in the M service processing links, determining that the request is legal; and when the target link does not exist in the M business processing links, determining that the request is illegal.

According to an embodiment of the present disclosure, the determining whether a target link exists in the M service processing links includes: for each service processing link, extending the repeatable sequence in the service processing link to obtain M extended service processing links; when any one of the extended M service processing links contains an atomic service type corresponding to the request, determining that a target link exists in the M service processing links; and when none of the extended M service processing links contains the atomic service type corresponding to the request, determining that no target link exists in the M service processing links.

According to an embodiment of the present disclosure, the method further includes: identifying a repeatable sequence in the preamble link after executing business logic corresponding to the request; carrying out duplicate removal processing on the repeatable sequence in the preamble link; and adding the atomic service type corresponding to the request to the preorder link after the deduplication processing to generate a new preorder link.

According to an embodiment of the present disclosure, the method further includes: after executing the business logic corresponding to the request, judging whether the business logic is successfully executed; and in case of successful execution, identifying a repeatable sequence in said preamble link.

According to an embodiment of the present disclosure, the obtaining the target process control rule corresponding to the request from the configuration center includes: analyzing the request and determining a target resource address corresponding to the request; and acquiring the target process control rule from the configuration center according to the target resource address corresponding to the request, wherein each process control rule configured in the configuration center has a corresponding resource address.

According to an embodiment of the present disclosure, the obtaining the target flow control rule from the configuration center according to the target resource address corresponding to the request includes: acquiring a target service identification strategy corresponding to the target resource address from the configuration center according to the target resource address corresponding to the request; determining an identification field for identifying the service type according to the target service identification strategy; and determining the atomic service type corresponding to the request according to the identification field for identifying the service type.

Another aspect of the present disclosure provides a business process control apparatus, including: a first obtaining module, configured to obtain a request for requesting to process an atomic service in a service flow, where the service flow includes N atomic services having a dependency relationship, where N is an integer greater than 1; a second obtaining module, configured to obtain a target process control rule corresponding to the request from a configuration center, where the configuration center is configured with K process control rules, where K is an integer greater than 1; and the control module is used for carrying out safety check control on the request according to the target process control rule.

Another aspect of the present disclosure provides an electronic device including: one or more processors; a memory for storing one or more instructions, wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method as described above.

Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.

Another aspect of the disclosure provides a computer program comprising computer executable instructions for implementing the method as described above when executed.

According to the embodiment of the disclosure, because the technical means of acquiring the request for requesting to process the atomic service in the service process, then acquiring the target process control rule corresponding to the request from the configuration center and performing the security check control on the request according to the target process control rule is adopted, the process control logic can be abstracted into a set of universal rule check logic by uniformly adjusting and dynamically configuring the process control rule through the configuration center, and the decoupling of the service function logic and the process control logic is realized independent of the code for realizing the service function, and the specific legal security check code does not need to be written in the service implementation method of each service link. Therefore, the technical problems that the security check codes needing to be maintained are more and more complex and heavy, and the work of manually carding and modifying the codes is difficult to ensure the business security and adapt to agile development and continuous delivery in the related technology are at least partially overcome, and the technical effect of ensuring the business security and adapting to agile development and continuous delivery is further achieved.

Drawings

The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of embodiments of the present disclosure with reference to the accompanying drawings, in which:

fig. 1 schematically illustrates an exemplary system architecture to which the business process control method and apparatus may be applied, according to an embodiment of the present disclosure;

FIG. 2 schematically illustrates a flow chart of a business process control method according to an embodiment of the disclosure;

FIG. 3 schematically shows a schematic diagram of a business process according to an embodiment of the disclosure;

FIG. 4 schematically illustrates a flow diagram for obtaining a target flow control rule corresponding to a request from a configuration center according to an embodiment of the disclosure;

FIG. 5 schematically illustrates a flow diagram for security check control of a request according to a target flow control rule, according to an embodiment of the disclosure;

FIG. 6 is a flow diagram that schematically illustrates a process for determining whether a request is legitimate according to a target flow control policy, in accordance with an atomic service type corresponding to the request and a corresponding prologue link, in accordance with an embodiment of the present disclosure;

FIG. 7 schematically illustrates a diagram of a plurality of flow control strategies that are preconfigured according to an embodiment of the present disclosure;

fig. 8 schematically shows a flowchart for determining whether a target link exists in M traffic processing links according to an embodiment of the present disclosure;

FIG. 9 schematically illustrates a flow diagram of a business process control method according to another embodiment of the present disclosure;

FIG. 10 schematically illustrates a flow chart of a business process control method according to another embodiment of the present disclosure;

FIG. 11 schematically illustrates a block diagram of a business process control apparatus according to an embodiment of the disclosure; and

FIG. 12 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method, in accordance with an embodiment of the present disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.

Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).

The embodiment of the disclosure provides a method and a device for controlling a business process. The business process control method comprises the following steps: acquiring a request for requesting to process an atomic service in a service flow, wherein the service flow comprises N atomic services with dependency relationship, and N is an integer greater than 1; acquiring a target process control rule corresponding to the request from a configuration center, wherein K process control rules are configured in the configuration center, and K is an integer greater than 1; and performing security check control on the request according to the target process control rule.

Fig. 1 schematically illustrates an exemplary system architecture 100 to which the business process control methods and apparatus may be applied, according to an embodiment of the disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.

As shown in fig. 1, the system architecture 100 according to this embodiment may include a terminal device 101, a network 102, and a server 103. Network 102 is the medium used to provide communication links between terminal devices 101 and server 103. Network 102 may include various connection types, such as wired and/or wireless communication links, and so forth.

The user can use the terminal apparatus 101 to interact with the server 103 through the network 102, send a request for requesting processing of an atomic service in a business process to the server 103, and receive a message or the like. Various messaging client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, and/or social platform software, etc. (by way of example only) may be installed on terminal device 101.

The terminal device 101 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.

The server 103 may be a server that provides various services, such as a background management server (for example only) that provides support for websites browsed by users using the terminal devices 101. The background management server may analyze and perform other processing on the received data such as the user request, and feed back a processing result (e.g., a webpage, information, or data obtained or generated according to the user request) to the terminal device. The server 103 may include a configuration center for uniformly adjusting and dynamically configuring the flow control rules.

It should be noted that the business process control method provided by the embodiment of the present disclosure may be generally executed by the server 103. Accordingly, the business process control device provided by the embodiment of the present disclosure may be generally disposed in the server 103. The service flow control method provided by the embodiment of the present disclosure may also be executed by a server or a server cluster that is different from the server 103 and is capable of communicating with the terminal device 101 and/or the server 103. Correspondingly, the service flow control device provided by the embodiment of the present disclosure may also be disposed in a server or a server cluster that is different from the server 103 and can communicate with the terminal device 101 and/or the server 103.

It should be understood that the number of terminal devices, networks, and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

Fig. 2 schematically shows a flow chart of a business process control method according to an embodiment of the present disclosure.

As shown in fig. 2, the method includes operations S201 to S203.

In operation S201, a request for requesting to process an atomic service in a service flow is obtained, where the service flow includes N atomic services having a dependency relationship, where N is an integer greater than 1.

According to an embodiment of the present disclosure, the request for requesting processing of the atomic service in the business process may be a request transmitted in an execution order of the business process. According to the embodiment of the present disclosure, the number N of atomic services included in different service flows may be the same or different.

FIG. 3 schematically shows a schematic diagram of a business process according to an embodiment of the disclosure.

As shown in FIG. 3, the business process includes atomic businesses 1-4, where N is equal to 4. The atomic services 1-4 have dependency relationships, in other words, the atomic services 1-4 have execution sequences. For example, after the successful atomic service 1 is executed, the atomic service 2 can be executed according to the execution order of the service flows. The request for requesting processing of an atomic service in a service flow may be for requesting processing of one of the atomic services, for example, requesting processing of atomic service 3, but at this time, atomic service 1 and atomic service 2 need to have been successfully executed. According to an embodiment of the present disclosure, there is a dependency between requests for different atomic services.

Taking a business process as an example of a transaction process, most of the current internet financial transactions are realized as a business link formed by connecting a plurality of http requests in series. There are often dependencies between requests concatenated on a link.

For example, in a payment transaction: the process segment of pre-checking- > sending a short message for requesting the verification code- > sending the verification code- > paying must firstly confirm that the short message is verified successfully before the 'paying' request is processed, and then the payment request can be continuously completed.

In operation S202, a target process control rule corresponding to the request is obtained from a configuration center, where K process control rules are configured in the configuration center, and K is an integer greater than 1.

According to the embodiment of the disclosure, a developer may preset a plurality of flow control rules in a configuration center. A plurality of process control rules can be embodied in a rule definition file of a configuration center, so that asset accumulation of service verification logic is realized; a real-time and refined management and control mode is provided for the online and production emergency of the new business process, and the flexible online of the production emergency and the new business process is facilitated; the method provides convenience for realizing per-transaction scene monitoring and data analysis. In addition, the configuration center configures the flow control rules, so that the visual asset accumulation can be performed on the check rules of various service scenes, and the new service expansion or the adjustment of the old service is facilitated.

According to the embodiment of the disclosure, in order to achieve the purpose of decoupling the flow control rule and the service function through the configuration center, the AOP (abbreviation of Aspect organized programming, meaning to facet-Oriented programming) mechanism of a Spring framework (a software development framework for solving the complexity problem of software development) can be utilized, and the implementation is realized through the self-defined annotation and the facet technology. In general, a business function corresponds to a resource address (i.e., an http address), and in order to perform flow control before or after executing logic of the business function, an annotation may be declared before a mapping method of the http address that needs to perform flow control, and a custom program logic is added to implement flow control.

For example, a custom name annotation is defined and declared before the http address mapping method that needs to be used for flow control. And defining a tangent plane implementation class, defining a tangent point on a method for declaring the annotation with a self-defined name, and writing a tangent plane method for the tangent point to increase self-defined program logic before and after the implementation logic of the mapping method of the http address, wherein the tangent plane method can be a method which can be realized by Spring tangent plane programming.

According to the embodiment of the disclosure, the annotation for performing flow control on the resource address can be declared in advance before the mapping method of different resource addresses. When the target process control rule corresponding to the request is obtained from the configuration center, the corresponding process control rule can be searched according to the http address corresponding to the request.

In operation S203, security check control is performed on the request according to the target flow control rule.

According to the embodiment of the present disclosure, for example, a request for requesting to process an atomic service in a business process may be subjected to validity check according to a target process control rule.

According to embodiments of the present disclosure, the configuration center may be a database, a distributed cache, a distributed file system, or other storage medium.

The method shown in fig. 2 is further described with reference to fig. 4-10 in conjunction with specific embodiments.

FIG. 4 schematically shows a flow diagram for obtaining a target flow control rule corresponding to a request from a configuration center according to an embodiment of the disclosure.

As shown in fig. 4, acquiring the target flow control rule corresponding to the request from the configuration center includes operations S401 to S402.

In operation S401, the request is parsed, and a target resource address corresponding to the request is determined.

In operation S402, a target process control rule is obtained from a configuration center according to a target resource address corresponding to the request, where each process control rule configured in the configuration center has a corresponding resource address.

According to the embodiment of the disclosure, taking the "payment" request as an example, the target resource address corresponding to the "payment" request is: resource address 1. The target flow control rule may be obtained from the configuration center according to the resource address 1.

According to the embodiment of the present disclosure, for example, before the mapping method of the resource address 1, a custom annotation on the resource address 1 is declared in advance. When a user initiates a 'payment' request, the user firstly enters the section logic of the user-defined note about the resource address 1, and in the section logic, a target process control rule corresponding to a key value is obtained according to the key field key value in the user-defined note.

According to an embodiment of the present disclosure, the target process control rule includes a target service identification policy, and acquiring the target process control rule from the configuration center according to the target resource address corresponding to the request includes: and acquiring a target service identification strategy corresponding to the target resource address from the configuration center according to the target resource address corresponding to the request, determining an identification field for identifying the service type according to the target service identification strategy, and determining the atomic service type corresponding to the request according to the identification field for identifying the service type.

According to embodiments of the present disclosure, a service identification policy may be used to identify what type of atomic service a request is.

According to an embodiment of the present disclosure, for a service identification policy, what type of atomic service this request represents can be identified by the upload field in the request, the field in the session data.

For example, an attribute key is added to a custom annotation of a certain resource address, and the attribute key is used to associate the http request resource address mapping method defined by the custom annotation and the corresponding policy configuration. When a user initiates an http request, the program logic first executes the section logic corresponding to the mapping method. In the section logic, by annotating the attribute key value, the corresponding service identification policy configuration (the policy configuration in the memory is obtained from the configuration center and kept updated) can be obtained from the memory, and the atomic service of the http request is identified by the field names and the field values defined in the service identification policy.

For example, when a user initiates a "payment" request, the user first enters a tangent plane logic of a custom note, and in the tangent plane logic, the service identification policy configuration corresponding to the method can be acquired according to a key field key value in the custom note.

According to the embodiment of the disclosure, the key field key in the custom annotation is used for associating a segment of service identification policy with the custom annotation corresponding to the key value, that is, which http request resource address mapping method or http request resource address mapping methods can identify the atomic service by using the segment of service identification policy.

The traffic identification policy may define which fields (fields in the session data or upload fields) these http requests should use for traffic identification.

A plurality of identification rules may be further defined in the traffic identification policy, and each identification rule may include an atomic traffic name corresponding to each branch requested by the http and a field for identifying a value of a field of what atomic traffic this branch is.

According to the embodiment of the disclosure, for example, when an application receives an http request, and the http request resource address mapping method declares the annotation including key ═ X1, the application may obtain, in the tangent plane logic, a service identification policy corresponding to "X1" from a memory, then obtain, from an upload field in session data carried in the request, a field defined in an identification rule, and identify what atomic service the http request is according to the field defined in the identification rule.

According to an embodiment of the present disclosure, the target flow control rule may include a target flow control policy in addition to the target traffic identification policy. The target process control policy may be used to determine whether an atomic service is legitimate, and the legitimacy may be enforced.

According to the embodiment of the present disclosure, whether the atomic service corresponding to the request is legal or not and whether the atomic service can be continuously executed or not may be obtained, an atomic service identification sequence (abbreviated as "preamble link") stored in the session data may be obtained, and a matching determination may be performed on the atomic service identification sequence by using a flow control policy, and if the atomic service can be continuously processed, the atomic service is processed.

FIG. 5 schematically illustrates a flow diagram for security check control of a request according to a target flow control rule, according to an embodiment of the disclosure.

As shown in fig. 5, performing security check control on the request according to the target flow control rule includes operations S501 to S503.

In operation S501, an atomic service type corresponding to the request is determined according to the target service identification policy.

In operation S502, according to the atomic service type corresponding to the request and the corresponding preamble link, it is determined whether the request is legal according to the target process control policy.

According to an embodiment of the present disclosure, a preamble link corresponding to a request may be stored in session data carried by the request. And executing a strategy matching algorithm according to a target process control strategy through a preamble link stored in the session data and the atomic service type of the current atomic service, and judging whether the current request is legal or not. If the operation is legal, the operation is released, and the operation logic is continuously executed.

In operation S503, in case that it is determined that the request is legal, a business logic corresponding to the request is executed.

According to the embodiment of the disclosure, in the case that the request is determined to be illegal, the error code in the session data can be processed, and feedback information that the request is illegal is output.

According to the embodiment of the disclosure, if the request is determined to be illegal, the error codes and the error information in the session data can be uniformly processed, the illegal feedback information is returned, and the service logic is not executed.

The following describes a "policy matching algorithm".

Fig. 6 schematically illustrates a flow chart for determining whether a request is legal according to a target flow control policy according to an atomic service type corresponding to the request and a corresponding preamble link according to an embodiment of the present disclosure.

As shown in fig. 6, determining whether the request is legal according to the atomic service type corresponding to the request and the corresponding preamble link and the target flow control policy includes operations S601 to S602.

In operation S601, M service processing links matching the preamble link are searched from the target process control policy, where M is an integer greater than or equal to 1.

According to the embodiment of the disclosure, the target process control strategy comprises a plurality of service processing links configured in advance.

In operation S602, it is determined whether a target link exists in the M service processing links; wherein the target link contains an atomic traffic type corresponding to the request.

According to the embodiment of the disclosure, in the case that it is determined that a target link containing an atomic service type corresponding to a request exists in the M service processing links, it is determined that the request is legal.

According to the embodiment of the disclosure, in the case that it is determined that there is no target link containing the atomic service type corresponding to the request among the M service processing links, it is determined that the request is illegal.

According to the embodiment of the present disclosure, taking the short message payment process as an example, the process control policy of the short message payment process stored by the configuration center may be represented as:

smsPayFlow ═ atomic traffic 1- > [ [ atomic traffic 2] - > atomic traffic 3] - > atomic traffic 4.

Before, "the name of a legal request link (flow for short) is defined, and transaction statistics based on transaction scenarios (links) can be performed subsequently according to the name.

Legal request link definitions are followed by "- >" separating each atomic service.

Atomic services labeled within "[ ]" are atomic services that can be repeatedly executed.

The explanation of the flow control strategy of the short message payment flow is as follows:

the short message payment process is named as 'smsPayFlow'.

The atomic service 1 may represent a pre-check atomic service, the atomic service 2 may represent a short message sending atomic service, the atomic service 3 may represent a short message check atomic service, and the atomic service 4 may represent a short message payment atomic service.

The meaning of the legal link of the process control strategy of the short message payment process is as follows: the page where the pre-verification is located can be repeatedly opened for many times; the sending short message can be repeatedly sent for many times, but the premise is that the sending short message can be sent after the completion of pre-verification; after the short message is verified, the user can return to the page for sending the short message to click the sending button again, and the short message is verified again; before payment, the three steps of pre-checking, sending short messages and verifying the short messages must be finished in sequence, otherwise, the payment operation is not allowed to be executed.

According to the embodiment of the disclosure, the pre-verification, the short message sending, the short message verification and the short message payment are abstracted into A, D1, D2 and C atomic services, and the flow rule can be expressed as a middle link "A- > [ [ D1] - > D2] - > C" in FIG. 7.

FIG. 7 schematically illustrates a diagram of a plurality of flow control strategies that are preconfigured according to an embodiment of the present disclosure.

As shown in fig. 7, the preconfigured flow control strategy includes the following:

TestFlow1＝A-＞[B]-＞C；

TestFlow2＝A-＞[[D1]-＞D2]-＞C；

TestFlow3＝A-＞[[E1-＞E2-＞E3]-＞D2]-＞C。

according to embodiments of the present disclosure, a "policy matching algorithm" may include the following operations.

Before the service logic is executed, a preamble link is obtained from the session data, a Flow (such as one of TestFlow1, TestFlow2 and TestFlow 3) matched with the preamble link is found in the pre-configured Flow control strategy, and whether a Flow with a subsequent service node type consistent with an atomic service type corresponding to the current request exists in the flows is identified. If the flow is consistent, judging that the request is legal; otherwise, the request is judged to be illegal.

According to the embodiment of the disclosure, the atomic service type corresponding to the current request can be added to the storage pre-order link, stored in the temporary variable of the memory, and compared with the flow control strategy configured in the memory in advance from left to right according to the execution sequence of the service flow.

According to the embodiment of the disclosure, the flow control policy matched with the preamble link may be a policy including all atomic service types in the preamble link, or may be a policy including all atomic service types in the preamble link and having the same execution sequence of the atomic services.

Fig. 8 schematically shows a flowchart for determining whether a target link exists in M traffic processing links according to an embodiment of the present disclosure.

As shown in fig. 8, determining whether a target link exists in the M traffic processing links includes operations S801 to S803.

In operation S801, for each service processing link, a repeatable sequence in the service processing link is extended, so as to obtain M extended service processing links.

In operation S802, when any one of the extended M service processing links includes an atomic service type corresponding to the request, it is determined that a target link exists in the M service processing links.

In operation S803, when none of the extended M service processing links includes an atomic service type corresponding to the request, it is determined that a target link does not exist in the M service processing links.

According to embodiments of the present disclosure, for example, a preamble sequence (i.e., a preamble link): a- > B, preamble matching yields: a- > [ B ] - > C, having only one repeatable sequence: [B] then the extended sequence: a- > B- > C. If the current service: b, following addition to the request sequence: a- > B is matched with the extended sequence, so that the sequence is judged to be legal.

According to an embodiment of the present disclosure, as another example, the preamble sequence: a- > D1- > D2, the preamble match results in: a- > [ [ D1] - > D2] - > C, with two repeatable sequences: [D1] and [ D1- > D2], respectively extended sequences: a- > D1- > D1- > D2- > C and A- > D1- > D2- > D1-D2- > C. If the current service: d1, appended to the request sequence: a- > D1- > D2- > D1 matches the second extension and is therefore judged to be legitimate.

According to an embodiment of the present disclosure, for another example, the preamble sequence: a- > E1- > E2- > E3- > D2, the preambles match: a- > [ [ E1- > E2- > E3] - > D2] - > C, with two repeatable sequences: [ E1- > E2- > E3] and [ E1- > E2- > E3- > D2], sequences obtained by extending the repetitive sequences respectively: a- > E1- > E2- > E3- > E1- > E2- > E3- > D2- > C and A- > E1- > E2- > E3- > D2- > E1- > E2- > E3- > D2- > C. If the current service: e1, appended to the request sequence: a- > E1- > E2- > E3- > D2- > E1 matches the first extension and is therefore judged to be legitimate.

In order to improve the verification efficiency, the extended sequence may be initialized into the memory when the policy configuration of the configuration center is dynamically obtained.

According to the embodiment of the disclosure, in order to avoid that a preamble link is too long due to repeated operation of a certain/group atomic service in a session, which affects the reading and writing efficiency of session data, a sequence simplification algorithm can be executed to simplify and record the preamble link.

The sequence simplification algorithm is described below.

Fig. 9 schematically shows a flow chart of a business process control method according to another embodiment of the present disclosure.

The service flow control method provided in this embodiment may be executed on the basis of any one of fig. 2 to 8, as shown in fig. 9, the method may further include operations S901 to S903.

In operation S901, after a service logic corresponding to a request is executed, a repeatable sequence in a preamble link is identified.

According to the embodiment of the disclosure, after the business logic corresponding to the request is executed, whether the business logic is executed successfully or not can be judged; in the event of successful execution, a repeatable sequence in the preamble link is identified.

In operation S902, a deduplication process is performed for a repeatable sequence in a preamble link.

In operation S903, an atomic service type corresponding to the request is added to the deduplicated preamble link, and a new preamble link is generated.

According to embodiments of the present disclosure, a "repeatable atomic business group", i.e., a "repeatable sequence", can be identified by [ ] bracketing in the flow of the currently matching flow control strategy. Then, the repeatable sequence which can be deleted in the preamble link is removed.

According to the embodiment of the disclosure, the deletable repeatable sequence in the preamble link can also be deleted directly, and then the atomic service type corresponding to the current request is added to the processed preamble link.

For example: the current atomic service type: b, preamble link: a- > B, repeatable sequence: [B] and after simplification: a- > B.

For another example: the current atomic service type: d1, preamble link: a- > D1- > D2, repeatable sequence: [D1] and [ D1- > D2], the preamble link is matched from right to left [ D1- > D2], after simplification: a- > D1.

Another example is: the current atomic service type: e1, the preamble is A- > E1- > E2- > E3- > D2, the repeatable sequence: [ E1- > E2- > E3] and [ E1- > E2- > E3- > D2], the prologue links are matched from right to left [ E1- > E2- > E3- > D2], after simplification: a- > E1.

According to the embodiment of the present disclosure, the target process control rule may further include a result judgment policy in addition to the target service identification policy and the target process control policy, where the result judgment policy is used to judge whether an atomic service is successfully executed.

After the service logic processing is completed, the result judgment policy may be used to judge whether the atomic service is successfully executed, and if the atomic service is successfully executed, the identifier of the atomic service may be additionally recorded in the "preamble link". The new "preamble link" will be used to determine whether the next atomic service is legitimate.

According to an embodiment of the present disclosure, whether this atomic service execution is successful may be identified by a return field of the request, a field in the session data. If the execution is successful, the type of the current atomic service needs to be appended to the "preamble link" tail in the session data for validity checking of the next request.

Taking the short message check atomic service as an example, after the execution of the request service logic is finished, a check field is stored in the session data, and the success or failure of the check can be determined according to the check field.

Before the service logic is executed, the request is identified as a short message check atomic service by a service identification strategy, after the service logic is executed, the section logic acquires a result judgment strategy corresponding to the short message check atomic service from a memory, and according to the result judgment strategy, the section logic acquires a check field from session data, and if the field indicates that the atomic service is successfully executed, the short message check atomic service needs to be added to the tail part of a 'preamble link' of the session data.

Fig. 10 schematically shows a flow chart of a business process control method according to another embodiment of the present disclosure.

As shown in fig. 10, the method may further include operations S1001 to S1011.

In operation S1001, an atomic service corresponding to the current request is determined according to the service identification policy, the upload field, and the session data.

In operation S1002, a preamble link stored in session data is acquired.

In operation S1003, validity check is performed on the preamble link according to the flow control policy.

In operation S1004, it is judged whether it is legal.

In operation S1005, if it is legal, the business logic is executed,

in operation S1006, if not, the error field is assigned with a unified assignment.

In operation S1007, it is determined whether the request execution is successful according to the result determination policy.

In operation S1008, it is determined whether the execution is successful.

In operation S1009, if the execution is successful, the currently requested atomic service type is added to the preamble link in the session data. If not, returning to operation S1006, and assigning a value to the error field uniformly.

In operation S1010, sequence simplification is performed.

In operation S1011, a transaction monitoring log is recorded.

By the embodiment of the disclosure, the decoupling of the transaction logic and the flow control logic is realized. The process control rules are uniformly adjusted and dynamically configured through the configuration center, and all the control rules are embodied in the rule definition file, so that the asset accumulation of the service verification logic is realized. A real-time and refined control mode is provided for the online and production emergency of a new business process. The method provides convenience for realizing per-transaction scene monitoring and data analysis.

By the embodiment of the disclosure, the overall process can be realized by self-defined annotation and tangent plane, and also can be realized by an interceptor realized by a filter or other technical means, and the matching logic of the process control strategy can be realized by a regular expression and a state machine module.

FIG. 11 schematically shows a block diagram of a traffic flow control apparatus according to an embodiment of the present disclosure.

As shown in fig. 11, the business process control apparatus 1100 includes: a first acquisition module 1110, a second acquisition module 1120, and a control module 1130.

The first obtaining module 1110 is configured to obtain a request for requesting to process an atomic service in a service flow, where the service flow includes N atomic services having a dependency relationship, where N is an integer greater than 1.

The second obtaining module 1120 is configured to obtain a target process control rule corresponding to the request from a configuration center, where K pieces of process control rules are configured in the configuration center, where K is an integer greater than 1.

The control module 1130 is configured to perform security check control on the request according to the target process control rule.

According to an embodiment of the present disclosure, the target flow control rule includes a target traffic identification policy and a target flow control policy.

The control module includes: a first determining unit, configured to determine, according to the target service identification policy, an atomic service type corresponding to the request; a second determining unit, configured to determine whether the request is legal according to the atomic service type corresponding to the request and the corresponding preamble link and according to the target process control policy; and the execution unit is used for executing the business logic corresponding to the request under the condition that the request is determined to be legal.

The control module 1130 is further configured to process an error code in the session data if the request is determined to be illegal; and outputting feedback information with an illegal request.

According to an embodiment of the present disclosure, determining, according to the atomic service type corresponding to the request and the corresponding preamble link and according to the target process control policy, whether the request is legal includes: searching M service processing links matched with the preorder link from the target process control strategy, wherein M is an integer greater than or equal to 1; judging whether a target link exists in the M service processing links; wherein the target link contains an atomic service type corresponding to the request; when a target link exists in the M service processing links, determining that the request is legal; and when the target link does not exist in the M service processing links, determining that the request is illegal.

According to the embodiment of the present disclosure, the service flow control apparatus 1100 further includes: the device comprises an extension module, a first determination module, a second determination module and a third determination module.

And the extension module is used for extending the repeatable sequence in the service processing links aiming at each service processing link to obtain M extended service processing links.

The first determining module is used for determining whether the extended service processing link contains an atomic service type corresponding to the request.

The second determining module is used for determining that a target link exists in the M service processing links when any one of the extended M service processing links contains an atomic service type corresponding to the request.

The third determining module is configured to determine that a target link does not exist in the M service processing links when none of the extended M service processing links includes an atomic service type corresponding to the request.

According to the embodiment of the present disclosure, the service flow control apparatus 1100 further includes: the device comprises an identification module, a duplicate removal module and an addition module.

The identification module is configured to identify a repeatable sequence in the preamble link after execution of the business logic corresponding to the request.

The deduplication module is used for performing deduplication processing on repeatable sequences in the preamble link.

And the adding module is used for adding the atomic service type corresponding to the request to the preorder link after the deduplication processing to generate a new preorder link.

According to the embodiment of the present disclosure, the business process control apparatus 1100 further includes a determination module.

The judging module is used for judging whether the business logic is successfully executed after the business logic corresponding to the request is executed.

The identifying module is configured to identify a repeatable sequence in the preamble link if the execution is successful.

According to the embodiment of the disclosure, obtaining the target process control rule corresponding to the request from the configuration center includes: analyzing the request, and determining a target resource address corresponding to the request; and acquiring a target process control rule from the configuration center according to the target resource address corresponding to the request, wherein each process control rule configured in the configuration center has a corresponding resource address.

According to an embodiment of the present disclosure, the target process control rule includes a target service identification policy, and acquiring the target process control rule from the configuration center according to the target resource address corresponding to the request includes: acquiring a target service identification strategy corresponding to the target resource address from the configuration center according to the target resource address corresponding to the request; determining an identification field for identifying the service type according to the target service identification strategy; and determining an atomic service type corresponding to the request according to the identification field for identifying the service type.

According to the embodiment of the present disclosure, the service flow control apparatus 1100 further includes: and the declaration module is used for declaring comments for performing flow control on the resource addresses in advance before the mapping device of different resource addresses.

Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.

For example, any plurality of the first obtaining module 1110, the second obtaining module 1120, and the control module 1130 may be combined and implemented in one module/unit/sub-unit, or any one of the modules/units/sub-units may be split into a plurality of modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to an embodiment of the present disclosure, at least one of the first obtaining module 1110, the second obtaining module 1120, and the control module 1130 may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or may be implemented by any one of three implementations of software, hardware, and firmware, or any suitable combination of any of the three. Alternatively, at least one of the first acquiring module 1110, the second acquiring module 1120 and the control module 1130 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.

It should be noted that, the service flow control device part in the embodiment of the present disclosure corresponds to the service flow control method part in the embodiment of the present disclosure, the service flow control device may implement the service flow control method, and the description of the service flow control device part specifically refers to the service flow control method part, which is not described herein again.

An embodiment of the present disclosure also provides an electronic device, including: one or more processors; memory to store one or more instructions, wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement a method as described above.

Embodiments of the present disclosure also provide a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to implement the method as described above.

FIG. 12 schematically illustrates a block diagram of a computer system suitable for implementing the above-described method, in accordance with an embodiment of the present disclosure. The computer system illustrated in FIG. 12 is only one example and should not impose any limitations on the scope of use or functionality of embodiments of the disclosure.

As shown in fig. 12, a computer system 1200 according to an embodiment of the present disclosure includes a processor 1201, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)1202 or a program loaded from a storage section 1208 into a Random Access Memory (RAM) 1203. The processor 1201 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 1201 may also include on-board memory for caching purposes. The processor 1201 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the present disclosure.

In the RAM 1203, various programs and data necessary for the operation of the system 1200 are stored. The processor 1201, the ROM1202, and the RAM 1203 are connected to each other by a bus 1204. The processor 1201 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM1202 and/or the RAM 1203. Note that the programs may also be stored in one or more memories other than the ROM1202 and the RAM 1203. The processor 1201 may also perform various operations of method flows according to embodiments of the present disclosure by executing programs stored in the one or more memories.

System 1200 may also include an input/output (I/O) interface 1205, according to an embodiment of the disclosure, input/output (I/O) interface 1205 also connected to bus 1204. The system 1200 may also include one or more of the following components connected to the I/O interface 1205: an input section 1206 including a keyboard, a mouse, and the like; an output portion 1207 including a display device such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 1208 including a hard disk and the like; and a communication section 1209 including a network interface card such as a LAN card, a modem, or the like. The communication section 1209 performs communication processing via a network such as the internet. A driver 1210 is also connected to the I/O interface 1205 as needed. A removable medium 1211, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is mounted on the drive 1210 as necessary, so that a computer program read out therefrom is mounted into the storage section 1208 as necessary.

According to embodiments of the present disclosure, method flows according to embodiments of the present disclosure may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 1209, and/or installed from the removable medium 1211. The computer program, when executed by the processor 1201, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.

The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.

According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

For example, according to embodiments of the present disclosure, a computer-readable storage medium may include the ROM1202 and/or the RAM 1203 and/or one or more memories other than the ROM1202 and the RAM 1203 described above.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.

The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the present disclosure, and such alternatives and modifications are intended to be within the scope of the present disclosure.

Claims

1. A business process control method comprises the following steps:

acquiring a request for requesting to process an atomic service in a service flow, wherein the service flow comprises N atomic services with dependency relationship, and N is an integer greater than 1;

acquiring a target process control rule corresponding to the request from a configuration center, wherein K process control rules are configured in the configuration center, and K is an integer greater than 1; and

and carrying out safety check control on the request according to the target process control rule.

2. The method of claim 1, wherein the target flow control rule comprises a target traffic identification policy and a target flow control policy;

the performing security check control on the request according to the target process control rule includes:

determining an atomic service type corresponding to the request according to the target service identification strategy;

determining whether the request is legal or not according to the atomic service type corresponding to the request and the corresponding preorder link and according to the target process control strategy; and

and executing business logic corresponding to the request under the condition that the request is determined to be legal.

3. The method of claim 2, wherein the determining whether the request is legal according to the target flow control policy according to the atomic service type corresponding to the request and the corresponding preamble link comprises:

searching M service processing links matched with the preorder link from the target process control strategy, wherein M is an integer greater than or equal to 1;

judging whether a target link exists in the M service processing links; wherein the target link contains an atomic service type corresponding to the request;

when the target link exists in the M service processing links, determining that the request is legal; and

and when the target link does not exist in the M business processing links, determining that the request is illegal.

4. The method of claim 3, wherein said determining whether a target link exists among the M traffic processing links comprises:

for each service processing link, extending the repeatable sequence in the service processing link to obtain M extended service processing links;

when any one service processing link in the extended M service processing links contains an atomic service type corresponding to the request, determining that the target link exists in the M service processing links;

and when none of the extended M service processing links contains the atomic service type corresponding to the request, determining that the target link does not exist in the M service processing links.

5. The method of claim 2, further comprising:

identifying a repeatable sequence in the preamble link after executing business logic corresponding to the request;

carrying out duplicate removal processing on the repeatable sequence in the preamble link; and

and adding the atomic service type corresponding to the request to the preorder link after the deduplication processing to generate a new preorder link.

6. The method of claim 5, wherein said identifying a repeatable sequence in the preamble link after executing business logic corresponding to the request comprises:

after executing the business logic corresponding to the request, judging whether the business logic is executed successfully; and

in the event of successful execution, a repeatable sequence in the preamble link is identified.

7. The method of claim 1, wherein the obtaining the target flow control rule corresponding to the request from the configuration center comprises:

analyzing the request, and determining a target resource address corresponding to the request; and

and acquiring the target process control rule from the configuration center according to a target resource address corresponding to the request, wherein each process control rule configured in the configuration center has a corresponding resource address.

8. The method of claim 7, wherein the target flow control rule comprises a target traffic identification policy, and wherein obtaining the target flow control rule from the configuration center according to the target resource address corresponding to the request comprises:

acquiring a target service identification strategy corresponding to the target resource address from the configuration center according to the target resource address corresponding to the request;

determining an identification field for identifying the service type according to the target service identification strategy; and

and determining the atomic service type corresponding to the request according to the identification field for identifying the service type.

9. A business process control apparatus, comprising:

the system comprises a first acquisition module, a first processing module and a second acquisition module, wherein the first acquisition module is used for acquiring a request for requesting to process an atomic service in a service process, the service process comprises N atomic services with dependency relationship, and N is an integer greater than 1;

a second obtaining module, configured to obtain a target process control rule corresponding to the request from a configuration center, where K pieces of process control rules are configured in the configuration center, where K is an integer greater than 1; and

and the control module is used for carrying out safety check control on the request according to the target process control rule.

10. An electronic device, comprising:

one or more processors;

a memory to store one or more instructions that,

wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-8.

11. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 8.