CN112131588A - Application access method and device, electronic equipment and storage medium - Google Patents
Application access method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112131588A CN112131588A CN202011025733.2A CN202011025733A CN112131588A CN 112131588 A CN112131588 A CN 112131588A CN 202011025733 A CN202011025733 A CN 202011025733A CN 112131588 A CN112131588 A CN 112131588A
- Authority
- CN
- China
- Prior art keywords
- client
- application
- access
- target application
- page data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000008569 process Effects 0.000 claims description 8
- 230000008859 change Effects 0.000 claims description 4
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 6
- 230000003993 interaction Effects 0.000 description 6
- 238000004091 panning Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 101001094649 Homo sapiens Popeye domain-containing protein 3 Proteins 0.000 description 1
- 101000608234 Homo sapiens Pyrin domain-containing protein 5 Proteins 0.000 description 1
- 101000578693 Homo sapiens Target of rapamycin complex subunit LST8 Proteins 0.000 description 1
- 102100027802 Target of rapamycin complex subunit LST8 Human genes 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses an application access method, an application access device, electronic equipment and a storage medium. The method comprises the following steps: receiving an access request for accessing an application, which is sent by a client; authenticating the client based on the access request, and receiving access authority information of the client if the authentication is successful; determining an application list of which the client has access rights based on the access rights information; and receiving the triggering operation of the client on the target application in the application list, and sending the page data of the target application to the client. To achieve the effect of secure access to the application.
Description
Technical Field
The embodiment of the invention relates to an information security technology, in particular to an application access method, an application access device, electronic equipment and a storage medium.
Background
With the development of internet technology, websites are provided with more and more values. When receiving an access request of a client for accessing an application, various servers or websites may be attacked by hackers or malicious clients, so that the servers or websites are blacked out or cannot be used, and a great economic loss is caused.
In the prior art, a client accesses an application in a server, when the server receives an access request, the access request enters into an application program, and if the client uses a large number of malicious requests to attack the server, the server is down.
Disclosure of Invention
The embodiment of the invention provides an application access method, an application access device, electronic equipment and a storage medium, and aims to achieve the effect of safely accessing applications.
In a first aspect, an embodiment of the present invention provides an application access method, where the method includes:
receiving an access request for accessing an application, which is sent by a client;
authenticating the client based on the access request, and receiving access authority information of the client if the authentication is successful;
determining an application list of which the client has access rights based on the access rights information;
and receiving the triggering operation of the client on the target application in the application list, and sending the page data of the target application to the client.
In a second aspect, an embodiment of the present invention further provides an application access apparatus, where the apparatus includes:
the access request receiving module is used for receiving an access request for accessing the application, which is sent by the client;
the access authority information acquisition module is used for authenticating the client based on the access request, and receiving the access authority information of the client if the authentication is successful;
the application list determining module is used for determining an application list of which the client has the access authority based on the access authority information;
and the page data sending module is used for receiving the triggering operation of the client on the target application in the application list and sending the page data of the target application to the client.
In a third aspect, an embodiment of the present invention further provides an electronic device, where the electronic device includes:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the application access method according to any of the embodiments of the present invention.
In a fourth aspect, embodiments of the present invention further provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the application access method described in any of the embodiments of the present invention.
According to the technical scheme of the embodiment of the invention, the access request of the access application sent by the client is received, the client is authenticated based on the access request, if the authentication is successful, the access authority information of the client is received, the application list with the access authority of the client is determined based on the access authority information, the triggering operation of the client on the target application in the application list is received, and the page data of the target application is sent to the client, so that the application accessed by the client is successfully authenticated, the client has the access authority, and the safety of application access is ensured.
Drawings
FIG. 1 is a flowchart of an application access method according to a first embodiment of the present invention;
fig. 2 is a schematic diagram illustrating an implementation manner of an Nginx reverse proxy server in the first embodiment of the present invention;
fig. 3 is a schematic diagram of an nginnx reverse proxy server implementing load balancing configuration in the first embodiment of the present invention;
FIG. 4 is a flowchart of an application access method according to a third embodiment of the present invention;
fig. 5 is a schematic structural diagram of an application access device in the fourth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device in a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of an application access method according to an embodiment of the present invention, where the embodiment is applicable to a case of accessing an application securely, the method may be executed by an application access apparatus, the application access apparatus may be implemented by software and/or hardware, and the application access apparatus may be configured on an electronic computing device, and specifically includes the following steps:
and S110, receiving an access request for accessing the application sent by the client.
Illustratively, the access request may be a request by a client to access any application.
The client may be any device capable of sending an access request, and may be any one of a mobile phone, a tablet, or a computer, for example.
It should be noted that the execution subject of the embodiment of the present invention is a proxy server.
It should be noted that the embodiment of the present invention is implemented based on Nginx. Nginx is a high-performance, lightweight HTTP server, reverse proxy server, and email (IMAP/POP3) proxy server, published under the BSD-like protocol. Its advantages are less memory occupied and high concurrency.
And S120, authenticating the client based on the access request, and receiving the access authority information of the client if the authentication is successful.
Illustratively, the access right information of the client may be application information of which the client has an access right. For example, if the client has the right to access application a, application B, and application C, the information that the client can access application a, application B, and application C is received, for example, a list of applications that the client can access is received.
Optionally, when the client sends the access request, the access request includes: the IP address, user name and password of the client.
It should be noted that the proxy server herein may authenticate the client based on the access request, and specifically, may authenticate the client according to a user name and a password of the client. If the authentication is successful, the proxy server can immediately send the authentication result to the client so that the client can send the access right information to the proxy server.
It should be noted that, besides being implemented by using one device, the implementation manner may also be implemented by using multiple devices to cooperate, and as an example, the implementation manner may be:
after receiving the access request, the proxy server guides the access request to an authentication module in the access control engine, the authentication module performs multi-dimensional user interactive authentication operation, specifically, a user name and a password are input by the user, the authentication module compares the user name and the password input by the user with the user name and the password in the received access request, and if the comparison is successful, the authentication is successful.
And after the authentication is successful, the access control engine immediately sends the authentication result to the proxy server, and the proxy server sends the authentication result to the client. At this time, the access control engine simultaneously sends the access authority information of the client to the proxy server through internal linkage.
In the two implementation modes, the user can select the information according to the requirement, and the method is not limited.
It should be noted that, when the authentication of the client is unsuccessful based on the access request, the access request is intercepted, and the client is not allowed to access the application to be accessed. This ensures the security of application access.
S130, determining an application list with access authority of the client based on the access authority information.
Illustratively, according to the received access authority information, determining an application list of which the client has the access authority, and sending the application list to the client.
Here for a list of applications that have the client wants to access and that have access to the rights. For example, if the client wants to access the application a, the application B, the application C, and the application D, but the application a, the application B, and the application D have the access right, it is determined that the application a, the application B, and the application D are included in the application list of which the client has the access right, and the application C is not included.
Therefore, the application with the access right is returned to the client, the application without the access right is prevented from being accessed, and the safety of application access is ensured.
S140, receiving a trigger operation of the client on the target application in the application list, and sending the page data of the target application to the client.
Illustratively, the target application may be an application that the user is currently accessing. For example, when the client receives the application list and determines that it wants to access application a currently, application a is the target application.
After receiving the application list, if the user determines that the user currently accesses the application a, the client operates the application a in the application list in the client, for example, the user may click an area of the application a in the application list or click a selection control of the application a in the application list, the client responds to a trigger operation of the user and sends the trigger operation to the proxy server, and the proxy server receives the trigger operation and sends page data of the application a to the client.
It should be noted that, the user may access multiple applications, and the proxy server sends page data of a target application to the client based on a received trigger operation on the target application in the application list. For example, after the user has accessed the application a, or when the user accesses the application a and also accesses the application B (at this time, the application B is a target application), at this time, the user may click on an area of the application B in the application list or click on a selection control of the application B in the application list, and the like, the client responds to a trigger operation of the user and sends the trigger operation to the proxy server, and the proxy server receives the trigger operation and then sends the page data of the application B to the client. To enable interaction between the proxy server and the client.
It should be noted that, because the technical solution of the embodiment of the present invention is implemented based on Nginx, the technical solution of the embodiment of the present invention has good network security in terms of network deployment. The service behind the firewall is provided for Internet users to access by the Nginx-based reverse proxy, the users do not know that the proxy server is accessed by the users, and the real service is deployed in an intranet, so that the network security is effectively improved.
The technical scheme of the embodiment of the invention also has very high system performance in the aspect of system performance, because cluster deployment of various strategy load distribution can be carried out on the back-end service by utilizing the load balancing configuration function based on the Nginx reverse proxy, and the system performance can be effectively improved.
The following describes the load balancing configuration function of the nginnx reverse proxy server in detail by using the schematic implementation of the nginnx reverse proxy server illustrated in fig. 2:
the access proxy server is simultaneously connected with the internet and the intranet through two network cards, and then configures port applications of the access proxy server, specifically, different port requests can be forwarded to different service applications, for example, a 10001 port corresponds to a service application 1, a 10002 port corresponds to a service application 2, and a 10003 port corresponds to a service application 3; a client user A requests to access a 10001 port from an access proxy server through the Internet, and the access proxy server forwards the access proxy server to a service application 1; the client user B requests to access the 10002 port from the access proxy server through the Internet, and the access proxy server forwards the access proxy server to the service application 2; and finally, the access proxy server returns the response result (page data) processed by the proxy service application to the user as the response result of the access proxy server.
In another embodiment, if a certain service application X needs cluster deployment, it can be conveniently implemented by using a nginnx access proxy server, and refer to the schematic diagram of the nginnx reverse proxy server implementation load balancing configuration shown in fig. 3: suppose that the service application X needs three servers, named X-1, X-2 and X-3. Configuring different access proxy ports for three server addresses of the service application X on the nginnx access proxy server, for example: the 10001 port corresponds to the service application X-1, the 10002 port corresponds to the X-2, and the 10003 port corresponds to the X-3. This implements the function of load balancing configuration.
In practical application, the nginn access proxy server has 4 typical load balancing configuration modes, which are a polling mode, a weighting mode, an ip _ hash mode and a mode of using a third-party module. Different modes are suitable for different service scenarios, and a specific scenario can be realized according to a specific mode, which belongs to the prior art and is not described in detail herein.
According to the technical scheme of the embodiment of the invention, the access request of the access application sent by the client is received, the client is authenticated based on the access request, if the authentication is successful, the access authority information of the client is received, the application list with the access authority of the client is determined based on the access authority information, the triggering operation of the client on the target application in the application list is received, and the page data of the target application is sent to the client, so that the application accessed by the client is successfully authenticated, the client has the access authority, and the safety of application access is ensured.
Example two
Embodiments of the present invention may be combined with various alternatives of the above embodiments. On the basis of the above embodiment, the embodiment of the present invention further includes the following method:
optionally, in the process of sending the page data of the target application to the client, the method further includes: and when the IP address change of the client is detected, stopping providing the page data of the target application for the client.
For example, when the proxy server detects a client replacing an IP address, for example, the client replacing a login device, the proxy server terminates the interaction with the client, i.e., does not provide the client with page data of the target application, so that the client cannot continue to access the target application.
Optionally, in the process of sending the page data of the target application to the client, the method further includes: and authenticating the client once every preset time, and if the authentication is successful, transmitting the page data of the target application to the client.
For example, the preset time may be a preset time, for example, 5 minutes.
When the proxy server interacts with the client, the client can be authenticated once every 5 minutes, specifically, the client can input a user name and a password once every 5 minutes, and if the authentication is successful, the client continues to interact with the client, so that the safe access of the application is ensured.
Optionally, in the process of sending the page data of the target application to the client, the method further includes: when the fact that the client side does not interact with the target application within a first preset time period is detected, if the fact that the client side interacts with the target application within the first preset time period to a second preset time period is detected, page data of the target application corresponding to the triggering operation of the client side interacting with the target application are sent to the client side.
For example, the first preset time period may be a preset time period, for example, 15 minutes.
The second preset time period may be another time period set in advance, and may be 30 minutes, for example.
When the client accesses the target application a, the user may have something in the temporary, or no trigger operation is performed on the application a at this time, and when the user does not perform any operation on the application a within 15 minutes, if the user performs an operation on the application a again within 15 to 30 minutes, for example, the application a is a treasure-panning, the user does not perform any operation within 15 minutes after opening the treasure-panning, and within 15 to 30 minutes, if the icon of an item is clicked, the proxy server sends page data (information such as an image and details of the item) corresponding to the operation of clicking the icon of the item by the user to the client.
Optionally, in the process of sending the page data of the target application to the client, the method further includes: and when detecting that the client does not interact with the target application within a second preset time period, if detecting that the client interacts with the target application, stopping sending the page data of the target application to the client.
For example, when the client accesses the target application a, the user may be in a temporary situation, or no trigger operation is performed on the application a at this time, and when the user does not perform any operation on the application a within 30 minutes, the proxy server stops sending the page data of the target application to the client, that is, the proxy server stops the client accessing the application a. For example, if the application a is panning, and the user does not perform any operation within 30 minutes of opening the panning, and clicks the icon of an object after 30 minutes, the proxy server does not transmit page data (information such as a picture and details of the object) corresponding to the operation of clicking the icon of the object by the user to the client. I.e. the proxy server forces the client to quit the access to the panning.
The implementation mode of the embodiment of the invention ensures the safe access of the application.
EXAMPLE III
Fig. 4 is a flowchart of an application access method provided in the third embodiment of the present invention, and the third embodiment of the present invention may be combined with various alternatives in the foregoing embodiments. In this embodiment of the present invention, optionally, when the target application is a target application that needs to be authenticated for the second time, the receiving a trigger operation of the client on the target application in the application list, and sending the page data of the target application to the client includes: and receiving the triggering operation of the client on the target application needing secondary authentication in the application list, carrying out secondary authentication on the client, and if the authentication is successful, sending the page data of the target application needing secondary authentication to the client.
As shown in fig. 4, the method of the embodiment of the present invention specifically includes the following steps:
s210, receiving an access request for accessing the application sent by the client.
And S220, authenticating the client based on the access request, and receiving the access authority information of the client if the authentication is successful.
And S230, determining an application list with the access right of the client based on the access right information.
S240, receiving a trigger operation of the client to the target application needing secondary authentication in the application list, carrying out secondary authentication on the client, and if the authentication is successful, sending the page data of the target application needing secondary authentication to the client.
For example, the target application requiring the secondary authentication may be an application with higher security performance or more sensitive application.
After the client receives the application list returned by the proxy server, if the user wants to access the application C which is a sensitive application with higher safety performance and needs secondary authentication of the user, the user needs to input the user name and the password of the user again after the user clicks the application C, and when the user and the password input by the user are received by the proxy server and are consistent with those in the access request, the secondary authentication is successful, and the proxy server feeds the page data of the application C back to the client.
This ensures the security of applications requiring secondary authentication.
According to the technical scheme of the embodiment of the invention, when a user needs to access the target application needing secondary authentication, the secondary authentication is carried out on the client by receiving the trigger operation of the client on the target application needing secondary authentication in the application list, and if the authentication is successful, the page data of the target application needing secondary authentication is sent to the client, so that the safety of the application needing secondary authentication is ensured.
Example four
Fig. 5 is a schematic structural diagram of an application access device according to a fourth embodiment of the present invention, and as shown in fig. 5, the application access device includes: an access request receiving module 31, an access right information obtaining module 32, an application list determining module 33 and a page data transmitting module 34.
The access request receiving module 31 is configured to receive an access request for accessing an application, where the access request is sent by a client;
an access authority information obtaining module 32, configured to authenticate the client based on the access request, and if the authentication is successful, receive access authority information of the client;
an application list determining module 33, configured to determine, based on the access right information, an application list that the client has an access right;
a page data sending module 34, configured to receive a trigger operation of the client on a target application in the application list, and send page data of the target application to the client.
On the basis of the technical scheme of the embodiment, the device further comprises:
and the information change module is used for stopping providing the page data of the target application for the client when the change of the IP address of the client is detected.
On the basis of the technical scheme of the embodiment, the device further comprises:
and the continuous authentication module is used for authenticating the client once every preset time, and if the authentication is successful, the page data of the target application is sent to the client.
On the basis of the technical scheme of the embodiment, the device further comprises:
the first interaction module is used for sending the page data of the target application corresponding to the trigger operation of the interaction between the client and the target application to the client when the client is detected not to interact with the target application within a first preset time period and if the trigger operation of the interaction between the client and the target application is detected within a second preset time period from the first preset time period.
On the basis of the technical scheme of the embodiment, the device further comprises:
and the second interaction module is used for stopping sending the page data of the target application to the client when detecting that the client does not interact with the target application within the second preset time period and if detecting that the client interacts with the target application in a triggering operation.
Optionally, when the target application is a target application that needs to be authenticated for the second time, the page data sending module 34 is specifically configured to:
and receiving the triggering operation of the client on the target application needing secondary authentication in the application list, carrying out secondary authentication on the client, and if the authentication is successful, sending the page data of the target application needing secondary authentication to the client.
The application access device provided by the embodiment of the invention can execute the application access method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE five
Fig. 6 is a schematic structural diagram of an electronic apparatus according to a fifth embodiment of the present invention, as shown in fig. 6, the electronic apparatus includes a processor 70, a memory 71, an input device 72, and an output device 73; the number of the processors 70 in the electronic device may be one or more, and one processor 70 is taken as an example in fig. 6; the processor 70, the memory 71, the input device 72 and the output device 73 in the electronic apparatus may be connected by a bus or other means, and the bus connection is exemplified in fig. 6.
The memory 71 is a computer-readable storage medium, and can be used for storing software programs, computer-executable programs, and modules, such as program instructions/modules corresponding to the application access method in the embodiment of the present invention (for example, the access request receiving module 31, the access right information obtaining module 32, the application list determining module 33, and the page data transmitting module 34). The processor 70 executes various functional applications and data processing of the electronic device by executing software programs, instructions and modules stored in the memory 71, that is, implements the application access method described above.
The memory 71 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 71 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 71 may further include memory located remotely from the processor 70, which may be connected to the electronic device through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 72 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function controls of the electronic apparatus. The output device 73 may include a display device such as a display screen.
EXAMPLE six
An embodiment of the present invention also provides a storage medium containing computer-executable instructions, which when executed by a computer processor, perform an application access method.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the method operations described above, and may also perform related operations in the application access method provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes instructions for enabling a computer electronic device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the application access apparatus, the included units and modules are merely divided according to functional logic, but are not limited to the above division as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. An application access method, comprising:
receiving an access request for accessing an application, which is sent by a client;
authenticating the client based on the access request, and receiving access authority information of the client if the authentication is successful;
determining an application list of which the client has access rights based on the access rights information;
and receiving the triggering operation of the client on the target application in the application list, and sending the page data of the target application to the client.
2. The method of claim 1, wherein the access request includes an IP address, a username, and a password of the client.
3. The method according to claim 2, wherein in the process of sending the page data of the target application to the client, the method further comprises:
and when the change of the IP address of the client is detected, stopping providing the page data of the target application for the client.
4. The method according to claim 1, wherein in the process of sending the page data of the target application to the client, the method further comprises:
and authenticating the client once every preset time, and if the authentication is successful, sending the page data of the target application to the client.
5. The method according to claim 1, wherein in the process of sending the page data of the target application to the client, the method further comprises:
when the client is detected not to interact with the target application within a first preset time period, and if the client is detected to perform interactive triggering operation with the target application within the first preset time period to a second preset time period, page data of the target application corresponding to the interactive triggering operation of the client and the target application is sent to the client.
6. The method according to claim 5, wherein in the process of sending the page data of the target application to the client, the method further comprises:
and when detecting that the client does not interact with the target application within the second preset time period, if detecting that the client interacts with the target application, stopping sending the page data of the target application to the client.
7. The method of claim 1, wherein when the target application is a target application requiring secondary authentication,
the receiving a trigger operation of the client on a target application in the application list and sending page data of the target application to the client includes:
and receiving the triggering operation of the client on the target application needing secondary authentication in the application list, carrying out secondary authentication on the client, and if the authentication is successful, sending the page data of the target application needing secondary authentication to the client.
8. An application access apparatus, comprising:
the access request receiving module is used for receiving an access request for accessing the application, which is sent by the client;
the access authority information acquisition module is used for authenticating the client based on the access request, and receiving the access authority information of the client if the authentication is successful;
the application list determining module is used for determining an application list of which the client has the access authority based on the access authority information;
and the page data sending module is used for receiving the triggering operation of the client on the target application in the application list and sending the page data of the target application to the client.
9. An electronic device, characterized in that the electronic device comprises:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement an application access method as claimed in any one of claims 1 to 7.
10. A storage medium containing computer-executable instructions for performing the application access method of any one of claims 1-7 when executed by a computer processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011025733.2A CN112131588A (en) | 2020-09-25 | 2020-09-25 | Application access method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011025733.2A CN112131588A (en) | 2020-09-25 | 2020-09-25 | Application access method and device, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112131588A true CN112131588A (en) | 2020-12-25 |
Family
ID=73840246
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011025733.2A Pending CN112131588A (en) | 2020-09-25 | 2020-09-25 | Application access method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112131588A (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764742A (en) * | 2009-12-30 | 2010-06-30 | 福建星网锐捷网络有限公司 | Network resource visit control system and method |
| CN103927474A (en) * | 2014-04-01 | 2014-07-16 | 可牛网络技术(北京)有限公司 | Method and device for monitoring application programs |
| CN104683320A (en) * | 2013-12-03 | 2015-06-03 | 中兴通讯股份有限公司 | Home network multimedia content sharing access control method and device |
| CN106487774A (en) * | 2015-09-01 | 2017-03-08 | 阿里巴巴集团控股有限公司 | A kind of cloud host services authority control method, device and system |
| CN108964885A (en) * | 2017-05-27 | 2018-12-07 | 华为技术有限公司 | Method for authenticating, device, system and storage medium |
| US20190057386A1 (en) * | 2017-08-15 | 2019-02-21 | Mani Fazeli | Application server for automated data transfers and associated methods |
| CN110232292A (en) * | 2019-05-06 | 2019-09-13 | 平安科技(深圳)有限公司 | Data access authority authentication method, server and storage medium |
| CN110287682A (en) * | 2019-07-01 | 2019-09-27 | 北京芯盾时代科技有限公司 | A kind of login method, apparatus and system |
| CN110636057A (en) * | 2019-09-10 | 2019-12-31 | 腾讯科技(深圳)有限公司 | Application access method and device and computer readable storage medium |
| CN110781468A (en) * | 2019-10-24 | 2020-02-11 | 腾讯科技(深圳)有限公司 | Identity authentication processing method and device, electronic equipment and storage medium |
| CN111131202A (en) * | 2019-12-12 | 2020-05-08 | 厦门市美亚柏科信息股份有限公司 | Identity authentication method and system based on multiple information authentication |
-
2020
- 2020-09-25 CN CN202011025733.2A patent/CN112131588A/en active Pending
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101764742A (en) * | 2009-12-30 | 2010-06-30 | 福建星网锐捷网络有限公司 | Network resource visit control system and method |
| CN104683320A (en) * | 2013-12-03 | 2015-06-03 | 中兴通讯股份有限公司 | Home network multimedia content sharing access control method and device |
| CN103927474A (en) * | 2014-04-01 | 2014-07-16 | 可牛网络技术(北京)有限公司 | Method and device for monitoring application programs |
| CN106487774A (en) * | 2015-09-01 | 2017-03-08 | 阿里巴巴集团控股有限公司 | A kind of cloud host services authority control method, device and system |
| CN108964885A (en) * | 2017-05-27 | 2018-12-07 | 华为技术有限公司 | Method for authenticating, device, system and storage medium |
| US20190057386A1 (en) * | 2017-08-15 | 2019-02-21 | Mani Fazeli | Application server for automated data transfers and associated methods |
| CN110232292A (en) * | 2019-05-06 | 2019-09-13 | 平安科技(深圳)有限公司 | Data access authority authentication method, server and storage medium |
| CN110287682A (en) * | 2019-07-01 | 2019-09-27 | 北京芯盾时代科技有限公司 | A kind of login method, apparatus and system |
| CN110636057A (en) * | 2019-09-10 | 2019-12-31 | 腾讯科技(深圳)有限公司 | Application access method and device and computer readable storage medium |
| CN110781468A (en) * | 2019-10-24 | 2020-02-11 | 腾讯科技(深圳)有限公司 | Identity authentication processing method and device, electronic equipment and storage medium |
| CN111131202A (en) * | 2019-12-12 | 2020-05-08 | 厦门市美亚柏科信息股份有限公司 | Identity authentication method and system based on multiple information authentication |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3445015B1 (en) | Methods and devices for accessing protected applications | |
| US8079076B2 (en) | Detecting stolen authentication cookie attacks | |
| US11212281B2 (en) | Attacker detection via fingerprinting cookie mechanism | |
| US9350704B2 (en) | Provisioning network access through a firewall | |
| US9843590B1 (en) | Method and apparatus for causing a delay in processing requests for internet resources received from client devices | |
| US20120174225A1 (en) | Systems and Methods for Malware Detection and Scanning | |
| US20080320580A1 (en) | Systems, methods, and media for firewall control via remote system information | |
| US20110145910A1 (en) | Port tapping for secure access | |
| WO2022227311A1 (en) | Access processing method for performing remote control on terminal, and device and storage medium | |
| US8543807B2 (en) | Method and apparatus for protecting application layer in computer network system | |
| US20160065551A1 (en) | Single login authentication for users with multiple ipv4/ipv6 addresses | |
| JP2009003559A (en) | Computer system for single sign-on server, and program | |
| CN114189393A (en) | Data processing method, device, equipment and storage medium | |
| CN114938288A (en) | Data access method, device, equipment and storage medium | |
| CN112804222B (en) | Data transmission method, device, equipment and storage medium based on cloud deployment | |
| US10924505B2 (en) | Passcode based access-control with randomized limits | |
| EP3618396B1 (en) | Protection method and system for http flood attack | |
| CN112131588A (en) | Application access method and device, electronic equipment and storage medium | |
| US11736528B2 (en) | Low latency cloud-assisted network security with local cache | |
| WO2015055013A1 (en) | Login system based on server, login server, and verification method thereof | |
| CN108418803B (en) | Method and device for defending DNS (Domain name System) rebinding attack | |
| Buriachok et al. | Using 2.4 GHz Wireless Botnets to Implement Denial-of-Service Attacks | |
| US10447731B2 (en) | Email address farming mitigation | |
| Бурячок et al. | Using 2.4 GHz wireless botnets to implement denial-of-service attacks | |
| CN114039773B (en) | Connection establishment method, device, equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |