CN112073504A - Request forwarding method, device, equipment and storage medium - Google Patents

Request forwarding method, device, equipment and storage medium Download PDF

Info

Publication number
CN112073504A
CN112073504A CN202010919129.8A CN202010919129A CN112073504A CN 112073504 A CN112073504 A CN 112073504A CN 202010919129 A CN202010919129 A CN 202010919129A CN 112073504 A CN112073504 A CN 112073504A
Authority
CN
China
Prior art keywords
request
forwarding
internal
service calling
calling
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010919129.8A
Other languages
Chinese (zh)
Other versions
CN112073504B (en
Inventor
符吉满
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Property and Casualty Insurance Company of China Ltd
Original Assignee
Ping An Property and Casualty Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Property and Casualty Insurance Company of China Ltd filed Critical Ping An Property and Casualty Insurance Company of China Ltd
Priority to CN202010919129.8A priority Critical patent/CN112073504B/en
Publication of CN112073504A publication Critical patent/CN112073504A/en
Application granted granted Critical
Publication of CN112073504B publication Critical patent/CN112073504B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention relates to the technical field of network communication, and discloses a request forwarding method, a device, equipment and a storage medium, wherein the method obtains request parameters contained in a service call request by receiving the service call request; judging the request type of the service calling request according to the request parameters; when the request type is an internal call external request, acquiring request account information corresponding to the service calling request; and adding the request account information into the request parameters to obtain a new service calling request, and forwarding the new service calling request. In addition, the invention adds the request account information to the internal and external requests, can ensure that the request receiver carries out security verification according to the request account information contained in the requests when receiving the service call request, and ensures the security and stability of the system where the request receiver is positioned.

Description

Request forwarding method, device, equipment and storage medium
Technical Field
The present invention relates to the field of network communication technologies, and in particular, to a request forwarding method, apparatus, device, and storage medium.
Background
Currently, many applications or application systems integrate third party functionality services. In practice, the third party function service provider will provide its service interface to the application program or application system for calling. In order to facilitate the unified management of the received service invocation request, the conventional method is to set a gateway in an application program or an application system, and perform unified scheduling on the received or sent user request through the gateway, but the conventional scheduling method does not process and forward the received invocation request from a security level, so that the system security of a request receiving party cannot be effectively guaranteed.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a request forwarding method, a request forwarding device, request forwarding equipment and a storage medium, and aims to solve the technical problem that the system security of a request receiving party cannot be effectively guaranteed because the received call request is not subjected to targeted processing and forwarding from a security level in the conventional scheduling mode.
In order to achieve the above object, the present invention provides a request forwarding method, including the following steps:
receiving a service calling request, and acquiring request parameters contained in the service calling request;
judging the request type of the service calling request according to the request parameter;
when the request type is an internal call external request, acquiring request account information corresponding to the service calling request;
and adding the request account information into the request parameters to obtain a new service calling request, and forwarding the new service calling request.
Preferably, after the step of determining the request type to which the service invocation request belongs according to the request parameter, the method further includes:
when the request type is an external call internal request, request verification is carried out according to the request parameters;
when the verification is passed, acquiring a pre-configured request forwarding rule;
and matching the request parameters according to the request forwarding rule, and forwarding the service calling request when the matching is successful.
Preferably, the step of determining the request type to which the service invocation request belongs according to the request parameter includes:
reading request URL information and address information of an initiator of the service calling request from the request parameters;
detecting whether the IP address information of the initiator exists in the address information, and if so, judging whether the initiator belongs to an internal initiator according to the IP address information;
judging whether the calling object corresponding to the initiator belongs to an internal object or not according to the request URL information;
when the initiator belongs to an internal initiator and the calling object does not belong to an internal object, judging that the request type of the service calling request is an internal call external request;
and when the initiator does not belong to the internal initiator and the calling object belongs to the internal object, judging that the request type of the service calling request belongs to an external call internal request.
Preferably, when the request type is an callout request, the step of performing request verification according to the request parameter includes:
when the request type is an external call internal request, extracting request account information and request URL information contained in the request parameters;
determining a calling object of the service calling request according to the request URL information;
acquiring a request account identifier from the request account information, and searching a corresponding calling object list in a preset authority library according to the request account identifier;
carrying out accurate matching on the calling object according to the calling object list;
and when the matching is successful, judging that the verification passes, and when the matching is failed, judging that the verification does not pass.
Preferably, when the request type is an callout request, the step of extracting the request account information and the request URL included in the request parameter includes:
when the request type is an external call internal request, detecting whether the request parameter contains IP address information;
performing IP verification on the service calling request according to the IP address information;
and when the IP verification passes, extracting the request account information and the request URL information contained in the request parameters.
Preferably, the step of matching the request parameter according to the request forwarding rule, and forwarding the service invocation request when the matching is successful includes:
acquiring a rule field contained in the request forwarding rule, and reading a reference field attribute corresponding to the rule field from the request forwarding rule;
reading the current field attribute of the corresponding field from the request parameter according to the rule field, and matching the reference field attribute with the current field attribute;
and when the matching is successful, forwarding the service calling request.
Preferably, the step of adding the request account information to the request parameter to obtain a new service invocation request and forwarding the new service invocation request includes:
extracting a request account identification from the request account information;
determining a parameter adding position of the request account identifier according to a current request method contained in the request parameters;
and adding the request account identification to the request parameter based on the parameter adding position to obtain a new service calling request, and forwarding the new service calling request.
In addition, to achieve the above object, the present invention further provides a request forwarding apparatus, including:
the request receiving module is used for receiving a service calling request and acquiring request parameters contained in the service calling request;
the type determining module is used for judging the request type of the service calling request according to the request parameter;
the information acquisition module is used for acquiring request account information corresponding to the service calling request when the request type is an internal call external request;
and the request forwarding module is used for adding the request account information to the request parameter to obtain a new service calling request and forwarding the new service calling request.
In addition, to achieve the above object, the present invention further provides a request forwarding device, including: a memory, a processor and a request forwarding program stored on the memory and executable on the processor, the request forwarding program being configured to implement the steps of the request forwarding method as described above.
Furthermore, to achieve the above object, the present invention further provides a storage medium having a request forwarding program stored thereon, wherein the request forwarding program, when executed by a processor, implements the steps of the request forwarding method as described above.
The method comprises the steps of obtaining request parameters contained in a service calling request by receiving the service calling request; judging the request type of the service calling request according to the request parameters; when the request type is an internal call external request, acquiring request account information corresponding to the service calling request; and adding the request account information into the request parameters to obtain a new service calling request, and forwarding the new service calling request. In addition, the invention adds the account information to the internal and external requests, can ensure that the request receiver carries out security verification according to the account information contained in the requests when receiving the service call request, and ensures the security and stability of the system where the request receiver is positioned.
Drawings
Fig. 1 is a schematic structural diagram of a request forwarding device of a hardware operating environment according to an embodiment of the present invention;
fig. 2 is a flowchart illustrating a first embodiment of a request forwarding method according to the present invention;
fig. 3 is a flowchart illustrating a request forwarding method according to a second embodiment of the present invention;
fig. 4 is a flowchart illustrating a request forwarding method according to a third embodiment of the present invention;
fig. 5 is a block diagram of a first embodiment of a request forwarding apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a request forwarding device in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the request forwarding apparatus may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory, or may be a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the architecture shown in fig. 1 does not constitute a limitation of the request forwarding device and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, the memory 1005, which is a storage medium, may include therein an operating system, a data storage module, a network communication module, a user interface module, and a request forwarding program.
In the request forwarding apparatus shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the request forwarding device of the present invention may be disposed in the request forwarding device, and the request forwarding device invokes the request forwarding program stored in the memory 1005 through the processor 1001 and executes the request forwarding method provided by the embodiment of the present invention.
An embodiment of the present invention provides a request forwarding method, and referring to fig. 2, fig. 2 is a flowchart illustrating a first embodiment of the request forwarding method of the present invention.
In this embodiment, the request forwarding method includes the following steps:
step S10: receiving a service calling request, and acquiring request parameters contained in the service calling request;
it should be noted that the main body of the method of this embodiment may be a Gateway device, so-called Gateway (Gateway), also called internetwork connector, protocol converter, where the Gateway implements network interconnection above the network layer, and is a complex network interconnection device. The gateway device in this embodiment may be applied to a network architecture formed by an external service system (external system) and a mobile internet service cluster (internal system), and the gateway device may be a network module having functions of request forwarding, application program interface API call control, timeout control, and authority management, which is hereinafter referred to as an internal and external gateway.
It should be understood that, in this embodiment, the service invocation request received by the internal and external gateways may be a service invocation request (i.e., an external call internal request) for invoking an object in the internal system sent by the external system, or may also be an access or invocation request (i.e., an internal call external request) initiated by the internal system for data/resources or interfaces provided by the external system.
In this embodiment, the request parameter may include a request URL, a request header, a request path, a parameter carried by a request method, or field data. When the internal and external gateways receive the service call request, the request can be analyzed and then the request parameters are obtained.
Step S20: judging the request type of the service calling request according to the request parameter;
it should be noted that, because the security requirements of the call-in external request and the call-out internal request are different, the security verification operations performed by the internal and external gateways are different. In order to accurately and reasonably divide the service invocation request and perform security check on the service invocation request in a targeted manner, in this embodiment, the request types may be divided into an outbound request and an inbound request, and then different request forwarding policies are executed for different types of requests.
It should be understood that the request parameter typically carries request URL information, which can be used by the internal and external gateways to determine whether the access object or the call object corresponding to the received request is an internal object or an external object. The determination of whether the request is from the system internal or external system can be determined by the information of the request initiator, such as IP address information, Mac address information of the terminal device where the request initiator is located, or other information that can be used to determine the identity of the request initiator.
In a specific implementation, the internal and external gateways may determine the request type to which the service invocation request belongs according to the request parameters.
In order to accurately and effectively distinguish the request class of the received service invocation request, as an implementation manner of the step S20, the internal and external gateways in this embodiment may read request URL information and address information of the originator of the service invocation request from the request parameters; then detecting whether the IP address information of the initiator exists in the address information, and if so, judging whether the initiator belongs to an internal initiator according to the IP address information; judging whether the calling object corresponding to the initiator belongs to an internal object or not according to the request URL information; when the initiator belongs to an internal initiator and the calling object does not belong to an internal object, judging that the request type of the service calling request is an internal call external request; and when the initiator does not belong to the internal initiator and the calling object belongs to the internal object, judging that the request type of the service calling request belongs to an external call internal request.
Of course, if the IP address information of the initiator does not exist in the address information, the internal and external gateways may also read the request account information corresponding to the initiator that initiated the service invocation request from the request parameter, and then determine whether the initiator belongs to the internal initiator according to the request account information. For example, the determination of the internal initiator may be made based on the account ID in the requested account information.
Step S30: when the request type is an internal call external request, acquiring request account information corresponding to the service calling request;
it should be noted that, when the internal and external gateways determine that the request type to which the service invocation request belongs is the internal call external request according to the request parameters, it indicates that the service invocation request is a request sent to the external system by the internal system in which the internal and external gateways are located. For such requests, the requests are sent from the inside of the system, so that the security is relatively high, and the security of the request response result can be ensured only when the external system feeds back the corresponding request response result.
In order to ensure the security of the request response result, the internal and external gateways in this embodiment may mark the internal and external requests sent out, and then perform security verification according to the mark carried therein when receiving the request response result, thereby ensuring the security of the internal system.
In a specific implementation, the internal and external gateways may obtain request account information corresponding to the service invocation request when determining that the request type is an internal call external request, and then mark the service invocation request according to the request account information.
It should be noted that the request account information may be account information of a current login account of the service invocation request initiator, such as an account number, an account ID, and other identification information capable of characterizing account uniqueness.
Step S40: and adding the request account information into the request parameters to obtain a new service calling request, and forwarding the new service calling request.
In a specific implementation, in order to ensure the security of the internal system and facilitate the authentication of the external system on the received service invocation request, in this embodiment, after the internal and external gateways acquire the request account information, the request account information may be added to the request parameter to obtain a new service invocation request, and then the new service invocation request is forwarded.
Further, considering that different parameter adding manners corresponding to different request methods are different, for example, the request method is an HTTP request in a GET manner, and the parameter adding manner may be to write a parameter field to be added into a request header; for the HTTP request with the POST method, the parameter adding method may be writing the parameter field to be added into the request body.
Therefore, the manner adopted by the internal and external gateways in the embodiment in adding the request account information to the request parameter may be: extracting a request account identification from the request account information; then, determining a parameter adding position (namely a request header or a request body) of the request account identifier according to a current request method contained in the request parameters; and adding the request account identifier to the request parameter based on the parameter adding position to obtain a new service calling request, and forwarding the new service calling request.
The embodiment obtains the request parameters contained in the service calling request by receiving the service calling request; judging the request type of the service calling request according to the request parameters; when the request type is an internal call external request, acquiring request account information corresponding to the service calling request; and adding the request account information into the request parameters to obtain a new service calling request, and forwarding the new service calling request. In addition, the account information is added to the internal and external call requests, so that the security verification can be performed according to the account information contained in the requests when the request receiver receives the service call request, and the security and the stability of the system where the request receiver is located are guaranteed.
Referring to fig. 3, fig. 3 is a flowchart illustrating a request forwarding method according to a second embodiment of the present invention.
Based on the first embodiment, in this embodiment, after the step S20, the method further includes:
step S30': when the request type is an external call internal request, request verification is carried out according to the request parameters;
it should be noted that, when the internal and external gateways determine that the request type to which the service invocation request belongs is an external call internal request according to the request parameters, it indicates that the service invocation request is a request sent from an external system to an internal system in which the internal and external gateways are located. For such requests, since security cannot be guaranteed due to being issued by an external system, security check, i.e., request check, needs to be performed on such requests.
In a specific implementation, when the internal and external gateways judge that the request type of the service invocation request is an external call internal request, request verification can be performed according to request account information and request URL information contained in the request parameters.
Specifically, when the request type is an external call internal request, the internal and external gateways may extract request account information and request URL information included in the request parameter; then determining a calling object of the service calling request according to the request URL information; then, acquiring a request account identifier from the request account information, and searching a corresponding calling object list in a preset authority library according to the request account identifier; then, carrying out accurate matching on the calling object according to the calling object list; and when the matching is successful, judging that the verification passes, and when the matching is failed, judging that the verification does not pass.
It should be noted that the determination method of the call object may be to determine the object to be accessed by the service call request according to a domain name field and a path field included in a URL address carried by the request URL information, that is, to determine the data/information/network resource to be accessed. The list of the call objects is a corresponding relationship between identification information (e.g. name, path) of the call object and the account identification of the request account having the access right of the call object. The precise matching, namely precise matching retrieval, refers to a retrieval mode in which a retrieval word is completely the same as a certain field in a database, and the embodiment can ensure the accuracy of a verification result by adopting the precise matching retrieval.
Further, for the external call internal request, in order to ensure the security of the internal system, in this embodiment, when the internal and external gateways detect that the request type is the external call internal request, it is preferentially detected whether the request parameter includes IP address information; if the service calling request exists, performing IP verification on the service calling request according to the IP address information; and then when the IP verification passes, extracting the request account information and the request URL information contained in the request parameters, and then performing the request verification according to the information.
Step S40': when the verification is passed, acquiring a pre-configured request forwarding rule;
it should be noted that, for each request to be forwarded, the internal and external gateways read a request forwarding rule configured in advance for the initiator of the request from a database or a configuration center preset in the internal system, and then perform one-to-one matching on request parameters corresponding to the currently received request with respect to rule fields defined in the rule, such as a request method, a request path, a request header and the like, and if both matching are successful, forward the request, otherwise report an error.
It should be understood that, for the outbound request, the outbound requests sent by different external systems may have respective system characteristics, and these system characteristics make the request not necessarily conform to the request analysis requirement of the internal system, so to ensure that the internal system can smoothly analyze such request, the inbound and outbound gateways need to normalize the received service invocation request according to the pre-configured request forwarding rule and then forward the normalized service invocation request. In practical application, corresponding request forwarding rules can be configured for different external systems respectively.
In a specific implementation, when the request passes the verification, the internal and external gateways may first determine the external system to which the initiator of the request belongs according to the request account information included in the request parameter, and then obtain the corresponding request forwarding rule.
Step S50': and matching the request parameters according to the request forwarding rule, and forwarding the service calling request when the matching is successful.
It should be noted that the request forwarding rule of this embodiment specifies requirements for time, Cookie, request header, request method, and request path. And when the internal and external gateways acquire the request parameters of the service calling request, the request parameters are matched according to the request forwarding rule, and when the matching is successful, the service calling request is forwarded.
In this embodiment, when the request type is an external call internal request, request verification is performed according to a request parameter; when the verification is passed, a pre-configured request forwarding rule is obtained, then the request parameters are matched according to the request forwarding rule, and when the matching is successful, the service calling request is forwarded, so that the safety of the internal system cannot be influenced by each received external calling internal request, and the smooth response of the internal system to the request can be ensured.
Referring to fig. 4, fig. 4 is a flowchart illustrating a request forwarding method according to a third embodiment of the present invention.
Based on the above embodiments, in this embodiment, the step S50' may include:
step S501': acquiring a rule field contained in the request forwarding rule, and reading a reference field attribute corresponding to the rule field from the request forwarding rule;
it is understood that the rule field is a predefined reference field that needs to specify the request parameters, such as a time field, a Cookie field, a request header field, a request method field, and a request path field, and accordingly, the reference field attribute, i.e., the condition or requirement that the field needs to satisfy. For example, the type of time field may be: TIMESTAMP and TIME, wherein the reference field attribute corresponding to TIMESTAMP may be that the field format must be YYYYMMDD HHMMSS (year, month, day, hour, minute, second), and the reference field attribute corresponding to TIME may be that the field format must be HH: MM: SS (hour: minute: second), etc. Namely, the rule field determines which of the request parameters need to be normalized, and the reference field attribute gives the specific form of these fields after normalization.
Step S502': reading the current field attribute of the corresponding field from the request parameter according to the rule field, and matching the reference field attribute with the current field attribute;
in a specific implementation, after acquiring the rule fields included in the request forwarding rule, the internal and external gateways can perform number matching according to the rule fields, read the current field attributes of the corresponding fields from the request parameters, and then perform matching verification on the current field attributes according to the reference field attributes to detect whether places where the reference field attributes and the current field attributes are inconsistent exist.
Step S503': and when the matching is successful, forwarding the service calling request.
In the specific implementation, if the reference field attribute and the current field attribute are both consistent or the current field attribute meets the requirement of the reference field attribute, the matching is determined to be successful, and at this moment, the internal gateway and the external gateway can forward the service call request.
In the embodiment, the rule field included in the request forwarding rule is obtained, and the reference field attribute corresponding to the rule field is read from the request forwarding rule; reading the current field attribute of the corresponding field from the request parameter according to the rule field, and matching the reference field attribute with the current field attribute; and when the matching is successful, the service calling request is forwarded, so that the forwarded request can meet the request processing requirement and the safety requirement of an external system.
In addition, an embodiment of the present invention further provides a storage medium, where a request forwarding program is stored on the storage medium, and the request forwarding program, when executed by a processor, implements the steps of the request forwarding method described above.
Referring to fig. 5, fig. 5 is a block diagram illustrating a first embodiment of a request forwarding apparatus according to the present invention.
As shown in fig. 5, a request forwarding apparatus according to an embodiment of the present invention includes:
a request receiving module 501, configured to receive a service invocation request and obtain a request parameter included in the service invocation request;
a type determining module 502, configured to determine, according to the request parameter, a request type to which the service invocation request belongs;
an information obtaining module 503, configured to obtain request account information corresponding to the service invocation request when the request type is an internal call external request;
a request forwarding module 504, configured to add the request account information to the request parameter to obtain a new service invocation request, and forward the new service invocation request.
The embodiment obtains the request parameters contained in the service calling request by receiving the service calling request; judging the request type of the service calling request according to the request parameters; when the request type is an internal call external request, acquiring request account information corresponding to the service calling request; and adding the request account information into the request parameters to obtain a new service calling request, and forwarding the new service calling request. In addition, the account information is added to the internal and external call requests, so that the security verification can be performed according to the account information contained in the requests when the request receiver receives the service call request, and the security and the stability of the system where the request receiver is located are guaranteed.
Based on the first embodiment of the request forwarding device of the present invention, a second embodiment of the request forwarding device of the present invention is provided.
In this embodiment, the request forwarding module 504 is further configured to perform request verification according to the request parameter when the request type is an external call internal request; when the verification is passed, acquiring a pre-configured request forwarding rule; and matching the request parameters according to the request forwarding rule, and forwarding the service calling request when the matching is successful.
As an embodiment, the type determining module 502 is further configured to read request URL information and address information of an initiator of the service invocation request from the request parameter; detecting whether the IP address information of the initiator exists in the address information, and if so, judging whether the initiator belongs to an internal initiator according to the IP address information; judging whether the calling object corresponding to the initiator belongs to an internal object or not according to the request URL information; when the initiator belongs to an internal initiator and the calling object does not belong to an internal object, judging that the request type of the service calling request is an internal call external request; and when the initiator does not belong to the internal initiator and the calling object belongs to the internal object, judging that the request type of the service calling request belongs to an external call internal request.
As an implementation manner, the request forwarding module 504 is further configured to, when the request type is an callout request, extract request account information and request URL information included in the request parameter; determining a calling object of the service calling request according to the request URL information; acquiring a request account identifier from the request account information, and searching a corresponding calling object list in a preset authority library according to the request account identifier; carrying out accurate matching on the calling object according to the calling object list; and when the matching is successful, judging that the verification passes, and when the matching is failed, judging that the verification does not pass.
As an implementation manner, the request forwarding module 504 is further configured to detect whether the request parameter includes IP address information when the request type is an callout internal request; performing IP verification on the service calling request according to the IP address information; and when the IP verification passes, extracting the request account information and the request URL information contained in the request parameters.
As an implementation manner, the request forwarding module 504 is further configured to obtain a rule field included in the request forwarding rule, and read a reference field attribute corresponding to the rule field from the request forwarding rule; reading the current field attribute of the corresponding field from the request parameter according to the rule field, and matching the reference field attribute with the current field attribute; and when the matching is successful, forwarding the service calling request.
In one embodiment, the request forwarding module 504 is further configured to extract a request account identifier from the request account information; determining a parameter adding position of the request account identifier according to a current request method contained in the request parameters; and adding the request account identification to the request parameter based on the parameter adding position to obtain a new service calling request, and forwarding the new service calling request.
Other embodiments or specific implementation manners of the request forwarding device of the present invention may refer to the above method embodiments, and are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., a rom/ram, a magnetic disk, an optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (10)

1. A request forwarding method is characterized in that the request forwarding method comprises the following steps:
receiving a service calling request, and acquiring request parameters contained in the service calling request;
judging the request type of the service calling request according to the request parameter;
when the request type is an internal call external request, acquiring request account information corresponding to the service calling request;
and adding the request account information into the request parameters to obtain a new service calling request, and forwarding the new service calling request.
2. The request forwarding method according to claim 1, wherein after the step of determining the request type to which the service invocation request belongs according to the request parameter, the method further comprises:
when the request type is an external call internal request, request verification is carried out according to the request parameters;
when the verification is passed, acquiring a pre-configured request forwarding rule;
and matching the request parameters according to the request forwarding rule, and forwarding the service calling request when the matching is successful.
3. The request forwarding method according to claim 2, wherein the step of determining the request type to which the service invocation request belongs according to the request parameter comprises:
reading request URL information and address information of an initiator of the service calling request from the request parameters;
detecting whether the IP address information of the initiator exists in the address information, and if so, judging whether the initiator belongs to an internal initiator according to the IP address information;
judging whether the calling object corresponding to the initiator belongs to an internal object or not according to the request URL information;
when the initiator belongs to an internal initiator and the calling object does not belong to an internal object, judging that the request type of the service calling request is an internal call external request;
and when the initiator does not belong to the internal initiator and the calling object belongs to the internal object, judging that the request type of the service calling request belongs to an external call internal request.
4. The request forwarding method according to claim 2, wherein the step of performing request verification according to the request parameter when the request type is an outbound request comprises:
when the request type is an external call internal request, extracting request account information and request URL information contained in the request parameters;
determining a calling object of the service calling request according to the request URL information;
acquiring a request account identifier from the request account information, and searching a corresponding calling object list in a preset authority library according to the request account identifier;
carrying out accurate matching on the calling object according to the calling object list;
and when the matching is successful, judging that the verification passes, and when the matching is failed, judging that the verification does not pass.
5. The request forwarding method according to claim 4, wherein the step of extracting the request account information and the request URL included in the request parameter when the request type is an callout request includes:
when the request type is an external call internal request, detecting whether the request parameter contains IP address information;
performing IP verification on the service calling request according to the IP address information;
and when the IP verification passes, extracting the request account information and the request URL information contained in the request parameters.
6. The request forwarding method according to claim 2, wherein the step of matching the request parameters according to the request forwarding rule and forwarding the service invocation request when the matching is successful comprises:
acquiring a rule field contained in the request forwarding rule, and reading a reference field attribute corresponding to the rule field from the request forwarding rule;
reading the current field attribute of the corresponding field from the request parameter according to the rule field, and matching the reference field attribute with the current field attribute;
and when the matching is successful, forwarding the service calling request.
7. The request forwarding method of claim 1, wherein the step of adding the request account information to the request parameters to obtain a new service invocation request and forwarding the new service invocation request comprises:
extracting a request account identification from the request account information;
determining a parameter adding position of the request account identifier according to a current request method contained in the request parameters;
and adding the request account identification to the request parameter based on the parameter adding position to obtain a new service calling request, and forwarding the new service calling request.
8. A request forwarding apparatus, characterized in that the request forwarding apparatus comprises:
the request receiving module is used for receiving a service calling request and acquiring request parameters contained in the service calling request;
the type determining module is used for judging the request type of the service calling request according to the request parameter;
the information acquisition module is used for acquiring request account information corresponding to the service calling request when the request type is an internal call external request;
and the request forwarding module is used for adding the request account information to the request parameter to obtain a new service calling request and forwarding the new service calling request.
9. A request forwarding device, the device comprising: a memory, a processor and a request forwarding program stored on the memory and executable on the processor, the request forwarding program being configured to implement the steps of the request forwarding method according to any of claims 1 to 7.
10. A storage medium having stored thereon a request forwarding program which, when executed by a processor, implements the steps of the request forwarding method according to any one of claims 1 to 7.
CN202010919129.8A 2020-09-03 2020-09-03 Request forwarding method, device, equipment and storage medium Active CN112073504B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010919129.8A CN112073504B (en) 2020-09-03 2020-09-03 Request forwarding method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010919129.8A CN112073504B (en) 2020-09-03 2020-09-03 Request forwarding method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112073504A true CN112073504A (en) 2020-12-11
CN112073504B CN112073504B (en) 2023-07-25

Family

ID=73665469

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010919129.8A Active CN112073504B (en) 2020-09-03 2020-09-03 Request forwarding method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112073504B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110266517A (en) * 2019-05-21 2019-09-20 深圳壹账通智能科技有限公司 External service call method, device and terminal device based on gateway
WO2019192129A1 (en) * 2018-04-04 2019-10-10 平安科技(深圳)有限公司 Customer data security access method and device based on mobile terminal
CN111031008A (en) * 2019-11-25 2020-04-17 集奥聚合(北京)人工智能科技有限公司 Method for gateway to uniformly intercept user request and judge whether to release

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2019192129A1 (en) * 2018-04-04 2019-10-10 平安科技(深圳)有限公司 Customer data security access method and device based on mobile terminal
CN110266517A (en) * 2019-05-21 2019-09-20 深圳壹账通智能科技有限公司 External service call method, device and terminal device based on gateway
CN111031008A (en) * 2019-11-25 2020-04-17 集奥聚合(北京)人工智能科技有限公司 Method for gateway to uniformly intercept user request and judge whether to release

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
周舟;: "一种基于触发器技术的SQL Server数据库实时备份方案", 广西科学院学报, no. 03 *

Also Published As

Publication number Publication date
CN112073504B (en) 2023-07-25

Similar Documents

Publication Publication Date Title
US8064583B1 (en) Multiple data store authentication
US8091117B2 (en) System and method for interfacing with heterogeneous network data gathering tools
CN109635019B (en) Request processing method, device, equipment and storage medium
US20130086184A1 (en) Enforcement of conditional policy attachments
CN111444500A (en) Authentication method, device, equipment and readable storage medium
US9059987B1 (en) Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network
CN107197462B (en) Wireless network type detection method and device and electronic equipment
CN109547426B (en) Service response method and server
CN110888838A (en) Object storage based request processing method, device, equipment and storage medium
CN111106983B (en) Method and device for detecting network connectivity
CN111737334A (en) Data reporting method, device, equipment and storage medium
CN108737398B (en) Processing method and device of trust system, computer equipment and storage medium
CN107592299B (en) Proxy internet access identification method, computer device and computer readable storage medium
CN111355800B (en) Service processing method, device, equipment and storage medium
CN111314326B (en) Method, device, equipment and medium for confirming HTTP vulnerability scanning host
CN109992298B (en) Examination and approval platform expansion method and device, examination and approval platform and readable storage medium
CN112073504A (en) Request forwarding method, device, equipment and storage medium
CN111756916A (en) Application processing method and device, electronic equipment and computer storage medium
WO2020215905A1 (en) Data delivery method, apparatus, and device, and computer-readable storage medium
CN113709136A (en) Access request verification method and device
CN114491328A (en) Website access method, equipment, storage medium and device
CN112000313A (en) Request response method, device, equipment and storage medium
CN114039873B (en) Audit method and operation and maintenance security audit system aiming at client type
CN112417328B (en) Webpage monitoring method and device
CN112261051B (en) User registration method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant