CN112073504B - Request forwarding method, device, equipment and storage medium - Google Patents
Request forwarding method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112073504B CN112073504B CN202010919129.8A CN202010919129A CN112073504B CN 112073504 B CN112073504 B CN 112073504B CN 202010919129 A CN202010919129 A CN 202010919129A CN 112073504 B CN112073504 B CN 112073504B
- Authority
- CN
- China
- Prior art keywords
- request
- forwarding
- service call
- internal
- call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention relates to the technical field of network communication and discloses a request forwarding method, a device, equipment and a storage medium, wherein the method acquires request parameters contained in a service call request by receiving the service call request; judging the request type of the service call request according to the request parameters; when the request type is an internal-regulation external request, acquiring request account information corresponding to the service call request; and adding the request account information into the request parameters to obtain a new service call request, and forwarding the new service call request. In addition, the invention adds the request account information to the internal-regulation external request, thereby ensuring the safety verification according to the request account information contained in the request when the request receiver receives the service call request and ensuring the safety and stability of the system where the request receiver is located.
Description
Technical Field
The present invention relates to the field of network communications technologies, and in particular, to a method, an apparatus, a device, and a storage medium for forwarding a request.
Background
Currently, many applications or application systems integrate third party functional services. In practice, the provider of the third party functional service will provide its service interface to the application program or application system for invocation. In order to facilitate unified management of received service call requests, a gateway is arranged in an application program or an application system in the existing mode, and the received or sent user requests are scheduled in a unified manner through the gateway, but the received call requests are not processed and forwarded from a security layer in the existing scheduling mode, so that the system security of a request receiver cannot be effectively ensured.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The invention mainly aims to provide a request forwarding method, a device, equipment and a storage medium, which aim to solve the technical problem that the system security of a request receiver cannot be effectively ensured because the received call request is not processed and forwarded in a targeted manner from the security level in the existing scheduling mode.
In order to achieve the above object, the present invention provides a request forwarding method, which includes the following steps:
receiving a service call request, and acquiring request parameters contained in the service call request;
judging the request type of the service call request according to the request parameters;
when the request type is an internal-regulation external request, acquiring request account information corresponding to the service call request;
and adding the request account information into the request parameters to obtain a new service call request, and forwarding the new service call request.
Preferably, after the step of determining the request type to which the service call request belongs according to the request parameter, the method further includes:
when the request type is an out-call internal request, carrying out request verification according to the request parameters;
when the verification is passed, acquiring a preconfigured request forwarding rule;
and matching the request parameters according to the request forwarding rule, and forwarding the service call request when the matching is successful.
Preferably, the step of determining, according to the request parameter, a request type to which the service call request belongs includes:
reading request URL information and address information of an initiator of the service call request from the request parameters;
detecting whether IP address information of the initiator exists in the address information, and judging whether the initiator belongs to an internal initiator according to the IP address information if the IP address information exists;
judging whether a calling object corresponding to the initiator belongs to an internal object according to the request URL information;
when the initiator belongs to an internal initiator and the calling object does not belong to an internal object, judging that the request type to which the service calling request belongs is an internal-call external request;
and when the initiator does not belong to an internal initiator and the calling object belongs to an internal object, judging that the request type to which the service calling request belongs is an external call internal request.
Preferably, when the request type is an out-call internal request, the step of performing request verification according to the request parameter includes:
when the request type is a request in external call, extracting request account information and request URL information contained in the request parameters;
determining a calling object of the service calling request according to the request URL information;
acquiring a request account identifier from the request account information, and searching a corresponding calling object list in a preset authority library according to the request account identifier;
carrying out accurate matching on the calling object according to the calling object list;
and when the matching is successful, judging that the verification passes, and when the matching is failed, judging that the verification does not pass.
Preferably, the step of extracting the request account information and the request URL included in the request parameter when the request type is a request in a foreign call includes:
when the request type is an out-call internal request, detecting whether the request parameter contains IP address information or not;
performing IP verification on the service call request according to the IP address information;
and when the IP verification is passed, extracting the request account information and the request URL information contained in the request parameters.
Preferably, the step of matching the request parameters according to the request forwarding rule, and forwarding the service call request when the matching is successful includes:
acquiring rule fields contained in the request forwarding rule, and reading reference field attributes corresponding to the rule fields from the request forwarding rule;
reading the current field attribute of the corresponding field from the request parameter according to the rule field, and matching the reference field attribute with the current field attribute;
and forwarding the service call request when the matching is successful.
Preferably, the step of adding the request account information to the request parameter to obtain a new service call request and forwarding the new service call request includes:
extracting a request account identifier from the request account information;
determining a parameter adding position of the request account identifier according to a current request method contained in the request parameter;
and adding the request account identifier to the request parameter based on the parameter adding position to obtain a new service call request, and forwarding the new service call request.
In addition, in order to achieve the above object, the present invention also proposes a request forwarding device, including:
the request receiving module is used for receiving a service call request and acquiring request parameters contained in the service call request;
the type determining module is used for judging the request type of the service call request according to the request parameters;
the information acquisition module is used for acquiring the request account information corresponding to the service call request when the request type is an internal-adjustment external request;
and the request forwarding module is used for adding the request account information into the request parameters to obtain a new service call request and forwarding the new service call request.
In addition, to achieve the above object, the present invention also proposes a request forwarding device, the device comprising: a memory, a processor, and a request forwarding program stored on the memory and executable on the processor, the request forwarding program configured to implement the steps of the request forwarding method as described above.
In addition, in order to achieve the above object, the present invention also proposes a storage medium having stored thereon a request forwarding program which, when executed by a processor, implements the steps of the request forwarding method as described above.
The method comprises the steps of obtaining request parameters contained in a service call request by receiving the service call request; judging the request type of the service call request according to the request parameters; when the request type is an internal-regulation external request, acquiring request account information corresponding to the service call request; and adding the request account information into the request parameters to obtain a new service call request, and forwarding the new service call request. In addition, the invention adds account information to the internal-regulation external request, thereby ensuring the safety verification according to the account information contained in the request when the request receiver receives the service call request and ensuring the safety and stability of the system where the request receiver is located.
Drawings
FIG. 1 is a schematic diagram of a request forwarding device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart of a first embodiment of a request forwarding method according to the present invention;
FIG. 3 is a flowchart of a second embodiment of the request forwarding method according to the present invention;
FIG. 4 is a flowchart of a request forwarding method according to a third embodiment of the present invention;
fig. 5 is a block diagram of a first embodiment of a request forwarding device according to the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic diagram of a request forwarding device of a hardware running environment according to an embodiment of the present invention.
As shown in fig. 1, the request forwarding device may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM) Memory or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
It will be appreciated by those skilled in the art that the structure shown in fig. 1 does not constitute a limitation of the request forwarding device, and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
As shown in fig. 1, an operating system, a data storage module, a network communication module, a user interface module, and a request forwarding program may be included in the memory 1005 as one type of storage medium.
In the request forwarding device shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the request forwarding device of the present invention may be disposed in the request forwarding device, and the request forwarding device calls a request forwarding program stored in the memory 1005 through the processor 1001 and executes the request forwarding method provided by the embodiment of the present invention.
An embodiment of the present invention provides a request forwarding method, referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of the request forwarding method of the present invention.
In this embodiment, the request forwarding method includes the following steps:
step S10: receiving a service call request, and acquiring request parameters contained in the service call request;
it should be noted that, the implementation body of the method of this embodiment may be a Gateway device, which is called Gateway (Gateway), also called Gateway connector and protocol converter, and the Gateway implements network interconnection above the network layer and is a complex network interconnection device. The gateway device in this embodiment may be applied to a network architecture formed by an external service system (external system) and a mobile internet service cluster (internal system), and the device may be a network module with functions of request forwarding, API call control, timeout control and rights management, hereinafter referred to as an internal and external gateway.
It should be understood that, in this embodiment, the service call request received by the internal and external gateways may be a service call request sent by the external system to call an object in the internal system (i.e. an external call internal request), or may be an access or call request initiated by the internal system to provide data/resources or interfaces to the external system (i.e. an internal call external request).
In this embodiment, the request parameters may include a request URL, a request header, a request path, and parameters or field data carried by a request method. The internal and external gateways, upon receiving a service invocation request, may parse the request and then obtain the request parameters.
Step S20: judging the request type of the service call request according to the request parameters;
it should be noted that, since the security requirements of the internal-call external request and the external-call internal request are different, the request security verification operations performed by the internal gateway and the external gateway are also different. In order to accurately and reasonably divide service call requests, and then pertinently perform security verification, in this embodiment, the request types may be divided into out-call internal requests and in-call external requests, and then different request forwarding policies are executed for different types of requests.
It should be understood that the request parameter typically carries request URL information, which can be used by the internal and external gateways to determine whether the access object or call object corresponding to the received request is an internal object or an external object. Whether the request is from within the system or from an external system can be determined by information about the requesting originator, such as IP address information, mac address information of the terminal device where the requesting originator is located, or other information that can be used to determine the identity of the requesting originator.
In a specific implementation, the internal and external gateways can judge the request type to which the service call request belongs according to the request parameters.
In order to accurately and effectively distinguish the request class of the received service call request, as an implementation manner of the step S20, in this embodiment, the internal and external gateway may read the request URL information from the request parameter and the address information of the initiator of the service call request; then detecting whether IP address information of the initiator exists in the address information, if so, judging whether the initiator belongs to an internal initiator according to the IP address information; judging whether the calling object corresponding to the initiator belongs to an internal object according to the request URL information; when the initiator belongs to an internal initiator and the calling object does not belong to an internal object, judging that the request type to which the service calling request belongs is an internal-call external request; and when the initiator does not belong to an internal initiator and the calling object belongs to an internal object, judging that the request type to which the service calling request belongs is an external call internal request.
Of course, if the IP address information of the initiator does not exist in the address information, the internal and external gateway may also read the request account information corresponding to the initiator initiating the service call request from the request parameter, and then determine whether the initiator belongs to the internal initiator according to the request account information. For example, the determination of the internal initiator may be made based on the account ID in the requested account information.
Step S30: when the request type is an internal-regulation external request, acquiring request account information corresponding to the service call request;
when the internal and external gateways determine that the request type to which the service call request belongs is an internal-call external request according to the request parameters, the internal and external gateways indicate that the service call request is a request sent to an external system by an internal system in which the internal and external gateways are located. For such requests, the security is relatively high because the requests are sent from the inside of the system, so that the security of the request response result can be ensured only by ensuring that the external system feeds back the corresponding request response result.
In order to ensure the security of the request response result, the internal and external gateways in this embodiment may mark the sent internal and external requests, and then, when receiving the request response result, perform security verification according to the mark carried therein, so as to ensure the security of the internal system.
In a specific implementation, when the internal and external gateway determines that the request type is an internal call and external request, the internal and external gateway obtains request account information corresponding to the service call request, and then marks the service call request according to the request account information.
It should be noted that, the requested account information may be account information of the current login account of the service call request initiator, such as account number, account ID, and other identification information capable of characterizing account uniqueness.
Step S40: and adding the request account information into the request parameters to obtain a new service call request, and forwarding the new service call request.
In a specific implementation, in order to ensure the security of the internal system and also facilitate the authentication of the external system to the received service call request, in this embodiment, after the internal and external gateways acquire the request account information, the request account information may be added to the request parameters to acquire a new service call request, and then the new service call request is forwarded.
Further, considering that the parameter adding modes corresponding to different request methods are different, for example, the request method is an HTTP request in GET mode, the parameter adding mode may be writing a parameter field to be added into the request header; for the HTTP request with the POST method, the parameter adding method may be to write the parameter field to be added into the request body.
Therefore, the manner in which the internal and external gateways add the request account information to the request parameters in this embodiment may be: extracting a request account identifier from the request account information; then determining a parameter adding position (namely a request head or a request body) of the request account identifier according to the current request method contained in the request parameter; and adding the request account identifier into the request parameter based on the parameter adding position to obtain a new service call request, and forwarding the new service call request.
In the embodiment, a request parameter contained in a service call request is acquired by receiving the service call request; judging the request type of the service call request according to the request parameters; when the request type is an internal-regulation external request, acquiring request account information corresponding to the service call request; and adding the request account information into the request parameters to obtain a new service call request, and forwarding the new service call request. In addition, the method can ensure that the security check is carried out according to the account information contained in the request when the service call request is received by the request receiver, thereby ensuring the security and stability of the system where the request receiver is located.
Referring to fig. 3, fig. 3 is a flowchart of a second embodiment of the request forwarding method according to the present invention.
Based on the first embodiment, in this embodiment, after step S20, the method further includes:
step S30': when the request type is an out-call internal request, carrying out request verification according to the request parameters;
when the internal and external gateways determine that the request type to which the service call request belongs is an external call internal request according to the request parameters, the external gateway indicates that the service call request is a request sent by the external system to the internal system where the internal and external gateways are located. For such requests, security cannot be guaranteed because they are issued by external systems, and thus a security check, i.e. the request check, is required for such requests.
In a specific implementation, when the internal and external gateways judge that the request type of the service call request is the external call internal request, request verification can be performed according to the request account information and the request URL information contained in the request parameters.
Specifically, when the request type is an out-call and in-request, the internal and external gateway can extract the request account information and the request URL information contained in the request parameters; then determining a calling object of the service calling request according to the request URL information; acquiring a request account identifier from the request account information, and searching a corresponding calling object list in a preset authority library according to the request account identifier; then, carrying out accurate matching on the calling object according to the calling object list; and when the matching is successful, judging that the verification passes, and when the matching is failed, judging that the verification does not pass.
It should be noted that, the determination manner of the call object may be to determine the object to be accessed by the service call request, that is, determine the data/information/network resource to be accessed, according to the domain name field and the path field included in the URL address carried by the request URL information. The call object list records the corresponding relation between the identification information (such as name and path) of the call object and the account identification of the request account with the access authority of the call object. The term "exact match" refers to a search mode in which the search term is identical to a certain field in the database, and the accuracy of the verification result can be ensured by adopting the exact match search in this embodiment.
Further, for the out-call internal request, in order to ensure the security of the internal system, in this embodiment, when detecting that the request type is the out-call internal request, the internal and external gateways will preferentially detect whether the request parameter contains IP address information; if so, carrying out IP verification on the service call request according to the IP address information; and when the IP verification passes, extracting the request account information and the request URL information contained in the request parameters, and carrying out the request verification according to the information.
Step S40': when the verification is passed, acquiring a preconfigured request forwarding rule;
it should be noted that, for each request to be forwarded, the internal and external gateways will read the request forwarding rule pre-configured for the initiator of the request from the database or the configuration center preset by the internal system, and then match the request parameters corresponding to the currently received request one by one with respect to the rule fields defined in the rule, such as the request method, the request path, the request header, etc., if both match successfully, forwarding is performed, otherwise, reporting an error.
It should be understood that, for out-call and in-call requests, out-call and in-call requests issued by different external systems may have respective system characteristics, and these system characteristics make the requests not necessarily conform to the request parsing requirements of the internal system, so in order to ensure that the internal system can successfully parse such requests, the internal and external gateways need to forward the received service call requests after normalizing according to the pre-configured request forwarding rules. In practical application, corresponding request forwarding rules can be respectively configured for different external systems.
In a specific implementation, when the request verification passes, the internal and external gateways can firstly determine an external system to which the request initiator belongs according to the request account information contained in the request parameters, and then acquire the corresponding request forwarding rule.
Step S50': and matching the request parameters according to the request forwarding rule, and forwarding the service call request when the matching is successful.
In this embodiment, the request forwarding rule specifies requirements for time, cookie, request header, request method, and request path. When the internal and external gateways acquire the request parameters of the service call request, the request parameters are matched according to the request forwarding rule, and when the matching is successful, the service call request is forwarded.
In the embodiment, when the request type is an out-call and in-request, request verification is performed according to a request parameter; when the verification is passed, a pre-configured request forwarding rule is obtained, then request parameters are matched according to the request forwarding rule, and when the matching is successful, service calling requests are forwarded, so that the safety of an internal system can not be influenced by each received external-call internal request, and the smooth response of the internal system to the requests can be ensured.
Referring to fig. 4, fig. 4 is a flowchart of a third embodiment of the request forwarding method according to the present invention.
Based on the above embodiments, in this embodiment, the step S50' may include:
step S501': acquiring rule fields contained in the request forwarding rule, and reading reference field attributes corresponding to the rule fields from the request forwarding rule;
it can be understood that the rule field is a predefined reference field that needs to normalize the request parameter, such as a time field, a Cookie field, a request header field, a request method field, and a request path field, and accordingly, the reference field attribute is a condition or requirement that the field needs to satisfy. For example, the type of time field may be: TIMESTAMP and TIME, wherein the reference field attribute corresponding to TIMESTAMP may be YYYYMMDD HHMMSS (year, month, day, and TIME seconds) which is necessary for the field format, and the reference field attribute corresponding to TIME may be HH: MM: SS (minutes: seconds) which is necessary for the field format, and the like. That is, the rule field determines which request parameters need to be normalized, and the reference field attribute gives the specific form in which these fields are normalized.
Step S502': reading the current field attribute of the corresponding field from the request parameter according to the rule field, and matching the reference field attribute with the current field attribute;
in a specific implementation, after the internal and external gateways acquire rule fields contained in the request forwarding rule, the internal and external gateways can seat according to the rule fields, read current field attributes of corresponding fields from request parameters, and then perform matching verification on the current field attributes according to the reference field attributes so as to detect whether a place where the reference field attributes and the current field attributes are inconsistent exists.
Step S503': and forwarding the service call request when the matching is successful.
In a specific implementation, if the reference field attribute and the current field attribute are consistent or the current field attribute meets the requirement of the reference field attribute, the matching is determined to be successful, and at the moment, the internal and external gateways can forward the service call request.
The embodiment reads the reference field attribute corresponding to the rule field from the request forwarding rule by acquiring the rule field contained in the request forwarding rule; reading the current field attribute of the corresponding field from the request parameter according to the rule field, and matching the reference field attribute with the current field attribute; when the matching is successful, the service call request is forwarded, so that the forwarded request can be ensured to meet the request processing requirement and the safety requirement of an external system.
In addition, the embodiment of the invention also provides a storage medium, wherein the storage medium stores a request forwarding program, and the request forwarding program realizes the steps of the request forwarding method when being executed by a processor.
Referring to fig. 5, fig. 5 is a block diagram showing the construction of a first embodiment of the request forwarding device according to the present invention.
As shown in fig. 5, a request forwarding device according to an embodiment of the present invention includes:
a request receiving module 501, configured to receive a service call request, and obtain a request parameter included in the service call request;
a type determining module 502, configured to determine, according to the request parameter, a request type to which the service call request belongs;
an information obtaining module 503, configured to obtain, when the request type is an internal call external request, request account information corresponding to the service call request;
a request forwarding module 504, configured to add the request account information to the request parameter to obtain a new service call request, and forward the new service call request.
In the embodiment, a request parameter contained in a service call request is acquired by receiving the service call request; judging the request type of the service call request according to the request parameters; when the request type is an internal-regulation external request, acquiring request account information corresponding to the service call request; and adding the request account information into the request parameters to obtain a new service call request, and forwarding the new service call request. In addition, the method can ensure that the security check is carried out according to the account information contained in the request when the service call request is received by the request receiver, thereby ensuring the security and stability of the system where the request receiver is located.
Based on the above-described first embodiment of the request forwarding device of the present invention, a second embodiment of the request forwarding device of the present invention is presented.
In this embodiment, the request forwarding module 504 is further configured to perform request verification according to the request parameter when the request type is an out-call internal request; when the verification is passed, acquiring a preconfigured request forwarding rule; and matching the request parameters according to the request forwarding rule, and forwarding the service call request when the matching is successful.
As an embodiment, the type determining module 502 is further configured to read request URL information from the request parameter, and address information of an originator of the service call request; detecting whether IP address information of the initiator exists in the address information, and judging whether the initiator belongs to an internal initiator according to the IP address information if the IP address information exists; judging whether a calling object corresponding to the initiator belongs to an internal object according to the request URL information; when the initiator belongs to an internal initiator and the calling object does not belong to an internal object, judging that the request type to which the service calling request belongs is an internal-call external request; and when the initiator does not belong to an internal initiator and the calling object belongs to an internal object, judging that the request type to which the service calling request belongs is an external call internal request.
As an implementation manner, the request forwarding module 504 is further configured to extract, when the request type is a request in a foreign call, request account information and request URL information included in the request parameter; determining a calling object of the service calling request according to the request URL information; acquiring a request account identifier from the request account information, and searching a corresponding calling object list in a preset authority library according to the request account identifier; carrying out accurate matching on the calling object according to the calling object list; and when the matching is successful, judging that the verification passes, and when the matching is failed, judging that the verification does not pass.
As an implementation manner, the request forwarding module 504 is further configured to detect, when the request type is an out-call internal request, whether the request parameter includes IP address information; performing IP verification on the service call request according to the IP address information; and when the IP verification is passed, extracting the request account information and the request URL information contained in the request parameters.
As an implementation manner, the request forwarding module 504 is further configured to obtain a rule field included in the request forwarding rule, and read a reference field attribute corresponding to the rule field from the request forwarding rule; reading the current field attribute of the corresponding field from the request parameter according to the rule field, and matching the reference field attribute with the current field attribute; and forwarding the service call request when the matching is successful.
As an implementation manner, the request forwarding module 504 is further configured to extract a request account identifier from the request account information; determining a parameter adding position of the request account identifier according to a current request method contained in the request parameter; and adding the request account identifier to the request parameter based on the parameter adding position to obtain a new service call request, and forwarding the new service call request.
Other embodiments or specific implementations of the request forwarding device of the present invention may refer to the above method embodiments, and are not described herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. read-only memory/random-access memory, magnetic disk, optical disk), comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.
Claims (8)
1. A request forwarding method, characterized in that the request forwarding method comprises:
receiving a service call request, and acquiring request parameters contained in the service call request;
judging the request type of the service call request according to the request parameters;
when the request type is an internal-regulation external request, acquiring request account information corresponding to the service call request;
adding the request account information into the request parameters to obtain a new service call request, and forwarding the new service call request;
after the step of judging the request type to which the service call request belongs according to the request parameter, the method further comprises the following steps:
when the request type is an out-call internal request, carrying out request verification according to the request parameters;
when the verification is passed, acquiring a preconfigured request forwarding rule;
matching the request parameters according to the request forwarding rule, and forwarding the service call request when the matching is successful;
and when the request type is the out-call internal request, performing request verification according to the request parameter, wherein the step comprises the following steps:
when the request type is a request in external call, extracting request account information and request URL information contained in the request parameters;
determining a calling object of the service calling request according to the request URL information;
acquiring a request account identifier from the request account information, and searching a corresponding calling object list in a preset authority library according to the request account identifier;
carrying out accurate matching on the calling object according to the calling object list;
and when the matching is successful, judging that the verification passes, and when the matching is failed, judging that the verification does not pass.
2. The request forwarding method according to claim 1, wherein the step of judging the request type to which the service call request belongs according to the request parameter includes:
reading request URL information and address information of an initiator of the service call request from the request parameters;
detecting whether IP address information of the initiator exists in the address information, and judging whether the initiator belongs to an internal initiator according to the IP address information if the IP address information exists;
judging whether a calling object corresponding to the initiator belongs to an internal object according to the request URL information;
when the initiator belongs to an internal initiator and the calling object does not belong to an internal object, judging that the request type to which the service calling request belongs is an internal-call external request;
and when the initiator does not belong to an internal initiator and the calling object belongs to an internal object, judging that the request type to which the service calling request belongs is an external call internal request.
3. The request forwarding method of claim 1 wherein the step of extracting the request account information and the request URL contained in the request parameter when the request type is a request in-call, comprises:
when the request type is an out-call internal request, detecting whether the request parameter contains IP address information or not;
performing IP verification on the service call request according to the IP address information;
and when the IP verification is passed, extracting the request account information and the request URL information contained in the request parameters.
4. The method for forwarding the request according to claim 1, wherein the step of matching the request parameters according to the request forwarding rule and forwarding the service call request when the matching is successful comprises:
acquiring rule fields contained in the request forwarding rule, and reading reference field attributes corresponding to the rule fields from the request forwarding rule;
reading the current field attribute of the corresponding field from the request parameter according to the rule field, and matching the reference field attribute with the current field attribute;
and forwarding the service call request when the matching is successful.
5. The request forwarding method of claim 1 wherein the step of adding the request account information to the request parameters to obtain a new service invocation request and forwarding the new service invocation request comprises:
extracting a request account identifier from the request account information;
determining a parameter adding position of the request account identifier according to a current request method contained in the request parameter;
and adding the request account identifier to the request parameter based on the parameter adding position to obtain a new service call request, and forwarding the new service call request.
6. A request forwarding device, characterized in that the request forwarding device comprises:
the request receiving module is used for receiving a service call request and acquiring request parameters contained in the service call request;
the type determining module is used for judging the request type of the service call request according to the request parameters;
the information acquisition module is used for acquiring the request account information corresponding to the service call request when the request type is an internal-adjustment external request;
the request forwarding module is used for adding the request account information into the request parameters to obtain a new service call request and forwarding the new service call request;
the request forwarding module is further configured to perform request verification according to the request parameter when the request type is an out-call internal request; when the verification is passed, acquiring a preconfigured request forwarding rule; matching the request parameters according to the request forwarding rule, and forwarding the service call request when the matching is successful;
the request forwarding module is further configured to extract request account information and request URL information included in the request parameter when the request type is an out-call internal request; determining a calling object of the service calling request according to the request URL information; acquiring a request account identifier from the request account information, and searching a corresponding calling object list in a preset authority library according to the request account identifier; carrying out accurate matching on the calling object according to the calling object list; and when the matching is successful, judging that the verification passes, and when the matching is failed, judging that the verification does not pass.
7. A request forwarding device, the device comprising: a memory, a processor and a request forwarding program stored on the memory and executable on the processor, the request forwarding program being configured to implement the steps of the request forwarding method according to any of claims 1 to 5.
8. A storage medium having stored thereon a request forwarding program which, when executed by a processor, implements the steps of the request forwarding method according to any of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010919129.8A CN112073504B (en) | 2020-09-03 | 2020-09-03 | Request forwarding method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010919129.8A CN112073504B (en) | 2020-09-03 | 2020-09-03 | Request forwarding method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112073504A CN112073504A (en) | 2020-12-11 |
| CN112073504B true CN112073504B (en) | 2023-07-25 |
Family
ID=73665469
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010919129.8A Active CN112073504B (en) | 2020-09-03 | 2020-09-03 | Request forwarding method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112073504B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110266517A (en) * | 2019-05-21 | 2019-09-20 | 深圳壹账通智能科技有限公司 | External service call method, device and terminal device based on gateway |
| WO2019192129A1 (en) * | 2018-04-04 | 2019-10-10 | 平安科技(深圳)有限公司 | Customer data security access method and device based on mobile terminal |
| CN111031008A (en) * | 2019-11-25 | 2020-04-17 | 集奥聚合(北京)人工智能科技有限公司 | Method for gateway to uniformly intercept user request and judge whether to release |
-
2020
- 2020-09-03 CN CN202010919129.8A patent/CN112073504B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019192129A1 (en) * | 2018-04-04 | 2019-10-10 | 平安科技(深圳)有限公司 | Customer data security access method and device based on mobile terminal |
| CN110266517A (en) * | 2019-05-21 | 2019-09-20 | 深圳壹账通智能科技有限公司 | External service call method, device and terminal device based on gateway |
| CN111031008A (en) * | 2019-11-25 | 2020-04-17 | 集奥聚合(北京)人工智能科技有限公司 | Method for gateway to uniformly intercept user request and judge whether to release |
Non-Patent Citations (1)
| Title |
|---|
| 一种基于触发器技术的SQL Server数据库实时备份方案;周舟;;广西科学院学报(第03期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112073504A (en) | 2020-12-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9578027B1 (en) | Multiple data store authentication | |
| US8064583B1 (en) | Multiple data store authentication | |
| US20180288045A1 (en) | Correlating mobile device and app usage with cloud service usage to provide security | |
| CN110069941A (en) | A kind of interface access authentication method, apparatus and computer-readable medium | |
| US7308498B1 (en) | System and method for automating a request for access to a restricted computer accessible resource | |
| US20200236105A1 (en) | Rich communication services security authentication system | |
| CN112953745B (en) | Service calling method, system, computer device and storage medium | |
| US9973513B2 (en) | Method and apparatus for communication number update | |
| WO2021027600A1 (en) | Single log-in method, apparatus and device, and computer-readable storage medium | |
| US9059987B1 (en) | Methods and systems of using single sign-on for identification for a web server not integrated with an enterprise network | |
| CN108737398B (en) | Processing method and device of trust system, computer equipment and storage medium | |
| US20110173277A1 (en) | Method of authenticating a user of a service on a mobile terminal | |
| CN109688096B (en) | IP address identification method, device, equipment and computer readable storage medium | |
| CN113194099B (en) | Data proxy method and proxy server | |
| CN107592299B (en) | Proxy internet access identification method, computer device and computer readable storage medium | |
| CN112073504B (en) | Request forwarding method, device, equipment and storage medium | |
| CN111355800B (en) | Service processing method, device, equipment and storage medium | |
| CN113709136B (en) | Access request verification method and device | |
| CN114070624A (en) | Message monitoring method and device, electronic equipment and medium | |
| CN112905918A (en) | Data service convergence engine and management method thereof | |
| CN108768987B (en) | Data interaction method, device and system | |
| US10924512B2 (en) | Secure email gateway with device compliance checking for push notifications | |
| CN117313161B (en) | Data desensitization method, component, equipment and storage medium | |
| CN116346472B (en) | Method, device, storage medium and computer program product for restoring call link | |
| US11909909B2 (en) | Method for determining an originating telephone number |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |