CN112560102A - Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium - Google Patents

Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium Download PDF

Info

Publication number
CN112560102A
CN112560102A CN202011568489.4A CN202011568489A CN112560102A CN 112560102 A CN112560102 A CN 112560102A CN 202011568489 A CN202011568489 A CN 202011568489A CN 112560102 A CN112560102 A CN 112560102A
Authority
CN
China
Prior art keywords
client
identity
user information
access request
resource
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011568489.4A
Other languages
Chinese (zh)
Inventor
赵铭
林圳杰
彭浩
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southern Power Grid Digital Grid Research Institute Co Ltd
Shenzhen Digital Power Grid Research Institute of China Southern Power Grid Co Ltd
Original Assignee
Shenzhen Digital Power Grid Research Institute of China Southern Power Grid Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Digital Power Grid Research Institute of China Southern Power Grid Co Ltd filed Critical Shenzhen Digital Power Grid Research Institute of China Southern Power Grid Co Ltd
Priority to CN202011568489.4A priority Critical patent/CN112560102A/en
Publication of CN112560102A publication Critical patent/CN112560102A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Abstract

The application discloses a resource sharing method, a resource accessing method, a resource sharing device, a resource accessing device and a computer readable storage medium, and relates to the technical field of computers. The method comprises the steps of obtaining an access request of a client, extracting an identity of the client carried in the access request, carrying out decryption processing on the identity to obtain first user information of the client, comparing the first user information with second user information sent by the client, and if the first user information is consistent with the second user information, carrying out resource sharing with the client according to the access request.

Description

Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a resource sharing method, a resource accessing method, a resource sharing device, and a computer-readable storage medium.
Background
With the emergence of problems such as network information falsification, the validity of network information becomes a focus of attention. When a user accesses resources of a server through a client, the resources are accessed through a uniform interface, but the manner of accessing the server through the interface often has potential safety hazards, such as risks of masquerading attack, tampering attack, replay attack and data information leakage.
Disclosure of Invention
The present application is directed to solving at least one of the problems in the prior art. Therefore, the resource sharing method is provided, and the identity authentication can be performed on the client when the client performs resource access to the interface of the server, so that the information security of the server is ensured, and the data security problem is avoided.
The application also provides a resource access method with the resource sharing method.
The resource sharing method according to the embodiment of the first aspect of the application comprises the following steps: acquiring an access request of a client; extracting the identity of the client carried in the access request; decrypting the identity identification to obtain first user information of the client; comparing the first user information with second user information uploaded by the client; and if the first user information is consistent with the second user information, performing resource sharing with the client according to the access request.
The resource sharing method according to the embodiment of the application has at least the following beneficial effects: the method comprises the steps of obtaining an access request of a client, extracting an identity of the client carried in the access request, carrying out decryption processing on the identity to obtain first user information of the client, comparing the first user information with second user information sent by the client, and if the first user information is consistent with the second user information, carrying out resource sharing with the client according to the access request.
According to some embodiments of the application, further comprising: judging whether the access request carries the identity of the client or not; and if the access request does not contain the identity of the client, not sharing resources with the client.
According to some embodiments of the application, further comprising: acquiring an aging identifier of the identity identifier; judging whether the identity mark is overdue or not according to the aging mark; and if the identity identifier is overdue, not sharing the resources with the client.
According to some embodiments of the application, further comprising: and if the identity mark is not expired, acquiring the first user information in the identity mark.
The resource access method according to the second aspect of the application comprises the following steps: acquiring login information of a user; obtaining pre-stored first user information according to the login information; encrypting the first user information to generate an identity; generating an access request for requesting to access the server resource according to the identity; and sending the access request to a server for resource access.
The resource access method according to the embodiment of the application has at least the following beneficial effects: the method comprises the steps of obtaining login information of a user, obtaining pre-stored first user information according to the user information, encrypting the first user information to generate an identity, generating an access request for requesting access to server resources according to the identity, sending the access request to a server for resource access, and authenticating the identity of a client when the client accesses resources of an interface of the server, so that the information safety of the server is ensured, and the problem of data safety is avoided.
According to some embodiments of the application, the identity comprises an age identity, the method further comprising: and storing the identity mark with the aging mark.
According to some embodiments of the application, further comprising: and checking the legality of the login information.
A server according to an embodiment of the third aspect of the present application, comprising:
the first acquisition module is used for acquiring an access request of a client;
the extracting module is used for extracting the identity of the client carried in the access request;
the decryption module is used for decrypting the identity identification to obtain first user information in the identity identification;
and the comparison module is used for comparing the first user information with second user information uploaded by the client, and if the first user information is consistent with the second user information, resource sharing is carried out with the client according to the access request.
The server according to the application has at least the following advantages: the access request of the client is obtained through the first obtaining module, the identity of the client carried in the access request is extracted through the extracting module, the identity is decrypted through the decrypting module to obtain first user information of the client, the first user information and second user information sent by the client are compared through the comparing module, if the first user information and the second user information are consistent, resource sharing is conducted on the client according to the access request, and when the client is in contact with an interface of the server to conduct resource access, identity authentication is conducted on the client, so that information safety of the server is guaranteed, and the problem of data safety is avoided.
A client according to an embodiment of the fourth aspect of the present application, comprising:
the second acquisition module is used for acquiring login information of a user;
the third acquisition module is used for acquiring prestored first user information according to the login information;
the encryption module is used for encrypting the first user information to generate an identity;
the generating module is used for generating an access request for requesting to access the server resource according to the identity;
and the sending module is used for sending the access request to a server for resource access.
The client side has at least the following advantages: the login information of the user is acquired through the second acquisition module, the third acquisition module acquires prestored first user information according to the user information, the encryption module encrypts the first user information to generate an identity label, the generation module generates an access request for requesting to access server resources according to the identity label, the sending module sends the access request to the server for resource access, and when the client is in resource access with an interface of the server, the client can be authenticated, so that the information safety of the server is ensured, and the problem of data safety is avoided.
An electronic device according to an embodiment of the fifth aspect of the present application includes: at least one processor, and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions for execution by the at least one processor to cause the at least one processor, when executing the instructions, to implement the resource sharing method of the first aspect and the resource access method of the second aspect.
According to the electronic equipment of this application, have at least following beneficial effect: by executing the resource sharing method of the first aspect and the resource access method of the second aspect, the identity authentication can be performed on the client when the client performs resource access to the interface of the server, so that the information security of the server is ensured, and the data security problem is avoided.
A computer-readable storage medium according to an embodiment of the sixth aspect of the present application stores computer-executable instructions for causing a computer to perform the resource sharing method according to the first aspect and the resource access method according to the second aspect.
The computer-readable storage medium according to the present application has at least the following advantageous effects: by executing the resource sharing method of the first aspect and the resource access method of the second aspect, the identity authentication can be performed on the client when the client performs resource access to the interface of the server, so that the information security of the server is ensured, and the data security problem is avoided.
Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.
Drawings
FIG. 1 is a flow chart illustrating a resource sharing method according to an embodiment of the present application;
FIG. 2 is a diagram illustrating an exemplary embodiment of a resource sharing method according to the present application;
FIG. 3 is a flowchart illustrating a resource access method according to an embodiment of the present application;
FIG. 4 is another schematic flow chart illustrating a resource access method according to an embodiment of the present application;
FIG. 5 is a diagram illustrating an exemplary application of the resource sharing method and the resource accessing method according to the present invention;
FIG. 6 is a block diagram of a server according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a module of the client in the embodiment of the present application.
Reference numerals:
the device comprises a first obtaining module 110, an extracting module 120, a decrypting module 130, a comparing module 140, a second obtaining module 210, a third obtaining module 220, an encrypting module 230, a generating module 240 and a generating module 250.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
It should be noted that the logical order is shown in the flowcharts, but in some cases, the steps shown or described may be performed in an order different from the flowcharts. If the first and second are described for the purpose of distinguishing technical features, they are not to be understood as indicating or implying relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
It is noted that, as used in the examples, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. Furthermore, unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art. The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used herein, the term "and/or" includes any combination of one or more of the associated listed items.
With the emergence of problems such as network information falsification, the validity of network information becomes a focus of attention. When a user accesses resources of a server through a client, the resources are accessed through a uniform interface, but the manner of accessing the server through the interface often has potential safety hazards, such as risks of masquerading attack, tampering attack, replay attack and data information leakage.
Based on this, embodiments of the present application provide a resource sharing method, a resource accessing method, a resource sharing device, a resource accessing device, and a computer-readable storage medium, which can perform identity authentication on a client when the client performs resource access to an interface of a server, thereby ensuring information security of the server and avoiding a data security problem.
It should be noted that, in the embodiments of the present application, a corresponding verification process is added at a service interface of a server based on a JWT (JSON Web token) mechanism, where the JWT mechanism is an open standard based on JSON and is executed for passing statements between network application environments. The Token is designed to be compact and secure, particularly for single sign-on (SSO) scenarios for distributed sites. The assertion of JWT is typically used to pass authenticated user identity information between the identity provider and the service provider to facilitate acquisition of resources from the resource server, and may add some additional assertion information necessary for other business logic, and the Token may be used directly for authentication, or may be encrypted.
In a first aspect, an embodiment of the present application provides a resource sharing method applied to a server.
In some embodiments, referring to fig. 1, a flowchart of a resource sharing method in an embodiment of the present application is shown. The method specifically comprises the following steps:
s110, obtaining an access request of a client;
s120, extracting the identity of the client carried in the access request;
s130, decrypting the identity to obtain first user information of the client;
s140, comparing the first user information with second user information sent by the client;
and S150, if the first user information is consistent with the second user information, sharing resources with the client according to the access request.
In step S100, the server intercepts, through the service gateway, to obtain an access request sent by the client, where the access request refers to an HTTP (HyperText Transfer Protocol) request generated by the client in a form of a URL (Uniform Resource Locator), and the access request is used to request Resource capabilities to be accessed by the client, and the client sends the HTTP request to the server through a service interface interfacing with the server, and the server performs interception and obtaining on the HTTP request by the service gateway of the server.
In step S120, the server extracts according to the acquired access request to obtain the identity of the client. The identity refers to parameter information carried in header information in an access request, namely an HTTP request, and the parameter information indicates information of a specific user performing an operation on a client; the extraction mentioned in the embodiment of the application refers to that after the server intercepts the access request of the client through the service gateway, the server extracts the head parameter of the access request through the service gateway, and extracts the identity. In practical applications, the TOKEN is configured in the Authorization parameter of the standard header parameter of the HTTP request, and the server can obtain the TOKEN from the parameter.
In some embodiments, as shown in fig. 2, step S120 further includes the following steps:
s121, judging whether the access request has an identity of the client;
s122, if the access request has the identity of the client, extracting the identity of the client carried in the access request;
and S160, if the access request does not contain the identity of the client, the resource sharing is not carried out with the client.
In step S121, the server identifies whether the header information in the access request carries an identity of the client, so as to determine whether the access request belongs to a legal request for authenticating the client; in step S122, if the server confirms that the access request has the identity of the client, extracting the identity of the client from the access request; in step S160, if the server determines that the access request does not include the id of the client, the server does not extract the id of the client from the access request, which indicates that the header information in the access request, i.e. the HTTP request, does not include the parameter information of the client, and the server determines that the access request is an access request of an unknown client, belongs to an illegal request, and denies resource sharing with the client. By the embodiment of the application, the resource access of an illegal client to the server can be prevented, so that the information security of the server is protected.
In some embodiments, as shown in fig. 2, the method in the embodiment of the present application specifically includes the following steps:
s123, acquiring an aging identifier of the identity identifier;
and S124, judging whether the identity mark is overdue according to the aging mark.
In step S123 and step S124, the server may obtain an aging identifier of the identity identifier of the client, and determine whether the identity identifier of the client is expired according to the aging identifier. The aging identification means that when the client generates the identity identification, corresponding expiration time is preset, that is, when the expiration time is exceeded, the identity identification is invalidated, that is, the access identification of the client is an invalid request, and the aging identification can be set according to negotiation between the server and the client. In practical application, it is also possible not to add an aging identifier to the identity identifier, i.e. to say that the access request is never expired. According to the embodiment of the application, the effective time limit is added for the access request, the access request is screened to a certain degree, and the problem of information safety of the server is prevented.
If the server determines that the identity of the client is not expired according to the obtained aging identifier, it indicates that the access request is a valid request, and then step S130 is executed. If the server determines that the identity identifier of the client is expired according to the obtained aging identifier, it indicates that the access request is an invalid request, and then step S160 is executed.
In step S130, the server decrypts the obtained identity, so as to obtain the first user information of the client. The first user information is user information, such as a user name, a user ID, a user role, an organization ID, etc., which is pre-stored by the user in a database at the client, and is information indicating a specific user on the client. It should be noted that, when the client generates the identity, the client encrypts the first user information to generate the identity after acquiring the first user information corresponding to the user. The Encryption and decryption method mentioned in the embodiment of the present application is to encrypt or decrypt based on a commonly used Encryption and decryption Algorithm, such as a symmetric Encryption and decryption Algorithm AES (Advanced Encryption Standard), a DES (Data Encryption Standard), an RC2 (traditional symmetric block Encryption Algorithm) Algorithm, an asymmetric Encryption and decryption Algorithm DSA (Digital Signature Algorithm) Algorithm and an rsa (rsa Algorithm) Algorithm, or a Hash Algorithm MD4 (information Digest Algorithm) Algorithm, an MD5(Message Digest Algorithm MD5, Message Digest Algorithm) Algorithm, and an SHA (Secure Hash Algorithm) series Algorithm, and the embodiment of the present application does not specifically limit the Encryption and decryption method. In practical application, the client and the server need to negotiate in advance and select a corresponding encryption algorithm, for example, a DES algorithm is selected, the DES algorithm needs to preset a corresponding encryption key, and the first user information is encrypted through the DES algorithm and the encryption key; meanwhile, when the server decrypts the identity, the identity needs to be decrypted through a DES algorithm and the same encryption key, so that correct first user information is obtained.
In practical application, a client generates an identity Token based on JWT specification, user information of a user is placed in a database clients in JWT specification, an interface of the database clients is connected through an open source tool of the JWT specification, the client can directly call the interface to obtain the user information in the database clients only by setting an encryption key used for generating the identity Token, and the user information is encrypted to generate the identity Token; the server decrypts the ID through JWT specification to obtain the corresponding first user information.
In step S140, when the second user information is the identity information transmitted through the interface when the client sends the access request through the service interface, the information category included in the second user information is similar to or different from the first user information, for example, the information category includes a user name, a user ID, a user role, an organization ID, and the like, and the information category has different parameter values depending on the user. The server compares the first user information with the second user information to determine whether the information contents contained in the first user information and the second user information are consistent or not, so as to determine whether the first user information and the second user information belong to the access request of the legal client.
In step S150, if the information content included in the first user information and the second user information compared by the server is consistent, it indicates that the client belongs to the identity identifier carried in the access request removed by the service gateway, and performs resource sharing with the client according to the access request from which the identity identifier is removed.
In some embodiments, if the information content included in the first user information and the second user information compared by the server is different, it is indicated that the access request belongs to an illegal request, and the server rejects the access request and rejects resource sharing with the client.
In some embodiments, the service gateway of the server may preset a corresponding identity in the routing configuration table, and may determine that different identities perform different verification manners by presetting a corresponding identity in the routing configuration table, for example, configuring an identity to be ignored in the routing configuration table, that is, when an access request carries the identity, the server does not need to verify the access request, and may directly perform resource sharing with the client through the access request.
According to the method and the device, the access request of the client is obtained, the identity of the client carried in the access request is extracted, the identity is decrypted to obtain the first user information of the client, the first user information and the second user information sent by the client are compared, if the first user information is consistent with the second user information, resource sharing is carried out between the client and the access request, and identity authentication can be carried out on the client when the client accesses resources of an interface of a server, so that the information safety of the server is guaranteed, and the problem of data safety is avoided.
In a second aspect, an embodiment of the present application provides a resource access method applied to a client.
In some embodiments, referring to fig. 3, a flowchart of a resource access method in an embodiment of the present application is shown. The method specifically comprises the following steps:
s210, obtaining login information of a user;
s220, obtaining pre-stored first user information according to the login information;
s230, encrypting the first user information to generate an identity;
s240, generating an access request for requesting to access the server resource according to the identity;
and S250, sending the access request to a server for resource access.
In step S210, when the user logs in the login interface of the client, the corresponding login information can be generated, where the login information is an account and a password used when the user logs in, and the user information is sent to the client for receiving.
In some embodiments, referring to fig. 4, the resource access method in the embodiment of the present application specifically includes the following steps:
s211, the validity of the login information is checked.
In step S211, the client checks the validity of the login information of the user to determine whether the user is a legal user login, and if the user is illegal login information, the user is prohibited from logging in the client to generate an identity, i.e., Token; and if the user belongs to the legal login information, allowing the user to log in the client to generate the identity identifier, namely Token.
In step S220, after the client acquires the login information of the user, first user information corresponding to the login information is acquired from the database according to the login information, where the first user information is user information that is pre-stored in the database at the client by the user, such as a user name, a user ID, a user role, an organization ID, and the like, and the user information is information indicating a specific user at the client. In practical application, the first user information of the user is placed in a database clients in the JWT specification, and an interface of the database clients is analyzed through an open source tool which realizes the JWT specification, so that the first user information placed in the database clients is obtained.
In step S230, after acquiring the first user information of the user, the client may encrypt the first user information by negotiating with the server about the selected encryption/decryption algorithm and the preset encryption key, so as to generate the identity identifier carried by the access request. It should be noted that the client and the server need to negotiate in advance and select a corresponding encryption algorithm, for example, select a DES algorithm, the DES algorithm needs to preset a corresponding encryption key, and the first user information is encrypted through the DES algorithm and the encryption key. In practical application, the client-side realizes the JWT standard to interface with the interface of the database clients, and only needs to set the encryption key used when generating the identity TOKEN, the client-side can directly call the interface to obtain the user information in the database clients, and encrypt the user information to generate the identity TOKEN.
In some embodiments, the resource access method in the embodiment of the present application further includes: and storing the identity with the aging identification. After the client generates the identity, the identity may be stored in a database, for example, Redis, and the identity is added with a corresponding aging identifier. The aging identification means that when the client generates the identity identification, corresponding expiration time is preset, that is, when the expiration time is exceeded, the identity identification is invalidated, that is, the access identification of the client is an invalid request, and the aging identification can be set according to negotiation between the server and the client. In practical application, it is also possible not to add an aging identifier to the identity identifier, i.e. to say that the access request is never expired. According to the embodiment of the application, the effective time limit is added to the identity, the validity of the identity in a certain time is ensured, and the same identity is prevented from being used for multiple times.
In steps S240 and S250, after the client generates the identity, an access request for requesting access to a server resource is generated according to the identity, where the access request refers to an HTTP request generated by the client in a URL form, the access request indicates a resource capability requested by the client to the server, and the client sends the HTTP request to the server through a service interface in docking with the server, and the HTTP request is intercepted and acquired by a service gateway of the server. In practical applications, the TOKEN is configured in the Authorization parameter of the standard header parameter of the HTTP request, and the server can obtain the TOKEN from the parameter. After the client sends the access request to the server, the server checks the access request through the service gateway, that is, the resource sharing method mentioned in the embodiment of the first aspect is executed, so as to determine the validity of the access request, and the client can access the resource to the server according to the valid access request.
In the embodiment of the application, the login information of the user is acquired, the prestored first user information is acquired according to the user information, the first user information is encrypted to generate the identity identifier, the access request for requesting to access the server resource is generated according to the identity identifier, the access request is sent to the server for resource access, and the identity authentication can be performed on the client when the client performs resource access on an interface of the server, so that the information safety of the server is ensured, and the problem of data safety is avoided.
In an application example that may be implemented, referring to fig. 5, after a user logs in a client through login information, that is, an account password, the validity of the login information of the user is checked, whether the login information is valid is determined, a subsequent client obtains first user information that is pre-stored in a database according to the login information, and encrypts the first user information through a corresponding encryption algorithm and an encryption key to obtain an identity; configuring an aging identifier for the identity identifier, and storing the aging identifier into Redis; after the client acquires the identity, an access request is generated according to the identity, namely the identity is configured in the head parameters of the request, and the access request configured with the identity is sent to the server. After the server intercepts the access request through the service gateway, the server extracts the carried identity of the client from the access request, and if the identity cannot be extracted from the access request, the server refuses to share resources with the client, namely refuses to access the resources by the client; if the identity is extracted from the access request, judging whether the identity is overdue or not through the aging identifier of the identity, and if the identity is overdue, refusing to share resources with the client, namely refusing the client to access the resources; and if the identity identifier is not overdue, decrypting the identity identifier to obtain first user information of the client, namely analyzing Token to obtain user basic information. After the server obtains the first user information, whether second user information sent by the client through the request interface is consistent with the first user information is compared, if the second user information is inconsistent with the first user information, resource sharing with the client is refused, namely, the client is refused to access resources; and if the second user information is consistent with the first user information, resource sharing is carried out with the client, namely, the client is accepted to carry out resource access.
In a third aspect, an embodiment of the present application provides a server for executing the resource sharing method mentioned in the first aspect.
In some embodiments, referring to fig. 6, a block diagram of a server in an embodiment of the present application is shown. The method specifically comprises the following steps: a first obtaining module 110, an extracting module 120, a decrypting module 130 and a comparing module 140.
The first obtaining module 110 is configured to obtain an access request of a client;
the extracting module 120 is configured to extract the identity of the client carried in the access request;
the decryption module 130 is configured to decrypt the identity identifier to obtain first user information in the identity identifier;
the comparison module 140 is configured to compare the first user information with the second user information uploaded by the client, and if the first user information is consistent with the second user information, perform resource sharing with the client according to the access request.
It should be noted that, in the server mentioned in the embodiment of the present application, detailed descriptions and introductions about the functions of each functional module have been discussed in detail in the embodiment of the first aspect, and thus are not described again.
According to the embodiment of the application, the first obtaining module 110 obtains an access request of a client, the extracting module 120 extracts an identity of the client carried in the access request, the decrypting module 130 decrypts the identity to obtain first user information of the client, the comparing module 140 compares the first user information with second user information sent by the client, if the first user information is consistent with the second user information, resource sharing is performed with the client according to the access request, and when the client accesses resources to an interface of a server, identity authentication is performed on the client, so that information security of the server is ensured, and a data security problem is avoided.
In a fourth aspect, an embodiment of the present application provides a client for executing the resource access method mentioned in the second aspect.
In some embodiments, referring to fig. 7, a schematic block diagram of a client in an embodiment of the present application is shown. The method specifically comprises the following steps: a second acquisition module 210, a third acquisition module 220, an encryption module 230, a generation module 240, and a generation module 250.
The second obtaining module 210 is configured to obtain login information of a user;
the third obtaining module 220 is configured to obtain pre-stored first user information according to the login information;
the encryption module 230 is configured to encrypt the first user information to generate an identity;
the generating module 240 is configured to generate an access request for requesting to access a server resource according to the identity;
the generating module 250 is configured to send the access request to the server for resource access.
It should be noted that, in the client mentioned in the embodiment of the present application, detailed descriptions and introductions about the functions of each functional module have been discussed in detail in the embodiment of the second aspect, and thus are not described again.
In the embodiment of the application, login information of a user is acquired through the second acquisition module 210, the third acquisition module 220 acquires prestored first user information according to the user information, the encryption module 230 encrypts the first user information to generate an identity, the generation module 240 generates an access request for requesting access to a server resource according to the identity, the generation module 250 sends the access request to the server for resource access, and when a client performs resource access to an interface of the server, the client performs identity authentication, so that information security of the server is ensured, and a data security problem is avoided.
In a fifth aspect, an embodiment of the present application further provides an electronic device, including: at least one processor, and a memory communicatively coupled to the at least one processor;
wherein the processor is configured to execute the resource sharing method in the first aspect embodiment or the resource access method in the second aspect embodiment by calling a computer program stored in the memory.
The memory, as a non-transitory computer readable storage medium, may be used to store a non-transitory software program and a non-transitory computer executable program, such as the resource sharing method in the first aspect embodiment or the resource access method in the second aspect embodiment of the present application. The processor implements the resource sharing method in the first aspect embodiment or the resource access method in the second aspect embodiment described above by executing a non-transitory software program and instructions stored in the memory.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data for performing the resource sharing method in the embodiment of the first aspect or the resource access method in the embodiment of the second aspect. Further, the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the processor, and these remote memories may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Non-transitory software programs and instructions required to implement the resource sharing method in the first aspect embodiment or the resource access method in the second aspect embodiment described above are stored in a memory and, when executed by one or more processors, perform the resource sharing method in the first aspect embodiment or the resource access method in the second aspect embodiment described above.
In a fourth aspect, embodiments of the present application further provide a computer-readable storage medium storing computer-executable instructions for: performing the resource sharing method in the first aspect embodiment or the resource accessing method in the second aspect embodiment;
in some embodiments, the computer-readable storage medium stores computer-executable instructions, which are executed by one or more control processors, for example, by one of the electronic devices of the fifth aspect, and may cause the one or more processors to execute the resource sharing method of the first aspect or the resource access method of the second aspect.
The above described embodiments of the device are merely illustrative, wherein the units illustrated as separate components may or may not be physically separate, i.e. may be located in one place, or may also be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
One of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data, as is well known to those of ordinary skill in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by a computer. In addition, communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media as known to those skilled in the art.
In the description herein, references to the description of the terms "some embodiments," "examples," "specific examples," or "some examples," etc., mean that a particular feature or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example.

Claims (10)

1. A resource sharing method is characterized by comprising the following steps:
acquiring an access request of a client;
extracting the identity of the client carried in the access request;
decrypting the identity identification to obtain first user information of the client;
comparing the first user information with second user information uploaded by the client;
and if the first user information is consistent with the second user information, performing resource sharing with the client according to the access request.
2. The resource sharing method according to claim 1, further comprising:
judging whether the access request carries the identity of the client or not;
and if the access request does not contain the identity of the client, not sharing resources with the client.
3. The resource sharing method according to claim 2, further comprising:
acquiring an aging identifier of the identity identifier;
judging whether the identity mark is overdue or not according to the aging mark;
and if the identity identifier is overdue, not sharing the resources with the client.
4. A method for resource access, comprising:
acquiring login information of a user;
obtaining pre-stored first user information according to the login information;
encrypting the first user information to generate an identity;
generating an access request for requesting to access the server resource according to the identity;
and sending the access request to a server for resource access.
5. The method of claim 4, wherein the identity comprises an age identity, the method further comprising:
and storing the identity mark with the aging mark.
6. The method of claim 5, further comprising:
and checking the legality of the login information.
7. A server, comprising:
the first acquisition module is used for acquiring an access request of a client;
the extracting module is used for extracting the identity of the client carried in the access request;
the decryption module is used for decrypting the identity identification to obtain first user information in the identity identification;
and the comparison module is used for comparing the first user information with second user information uploaded by the client, and if the first user information is consistent with the second user information, resource sharing is carried out with the client according to the access request.
8. A client, comprising:
the second acquisition module is used for acquiring login information of a user;
the third acquisition module is used for acquiring prestored first user information according to the login information;
the encryption module is used for encrypting the first user information to generate an identity;
the generating module is used for generating an access request for requesting to access the server resource according to the identity;
and the sending module is used for sending the access request to a server for resource access.
9. An electronic device, comprising:
at least one processor, and,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions for execution by the at least one processor to cause the at least one processor to perform the instructions as
The resource sharing method of any one of claims 1 to 3,
or the like, or, alternatively,
a method of accessing resources as claimed in any one of claims 4 or 6.
10. Computer-readable storage media having stored thereon computer-executable instructions for causing a computer to perform such as
The resource sharing method of any one of claims 1 to 4,
or the like, or, alternatively,
a method of accessing resources as claimed in any one of claims 4 or 6.
CN202011568489.4A 2020-12-25 2020-12-25 Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium Pending CN112560102A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011568489.4A CN112560102A (en) 2020-12-25 2020-12-25 Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011568489.4A CN112560102A (en) 2020-12-25 2020-12-25 Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN112560102A true CN112560102A (en) 2021-03-26

Family

ID=75033155

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011568489.4A Pending CN112560102A (en) 2020-12-25 2020-12-25 Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN112560102A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113691555A (en) * 2021-09-01 2021-11-23 中国人民解放军31007部队 Information resource sharing method facing business activity
CN114024964A (en) * 2021-10-28 2022-02-08 苏州浪潮智能科技有限公司 Resource access method, device, equipment and computer readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102158468A (en) * 2011-01-26 2011-08-17 清华大学 Method for sharing and acquiring data in social network service (SNS)
EP2375688A1 (en) * 2010-03-29 2011-10-12 Vodafone Group PLC Managing automatic log in to Internet target resources
US9076006B1 (en) * 2012-11-30 2015-07-07 Microstrategy Incorporated Sharing electronic resources
CN111475823A (en) * 2020-03-19 2020-07-31 平安国际智慧城市科技股份有限公司 Data sharing method, equipment, server and readable storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2375688A1 (en) * 2010-03-29 2011-10-12 Vodafone Group PLC Managing automatic log in to Internet target resources
CN102158468A (en) * 2011-01-26 2011-08-17 清华大学 Method for sharing and acquiring data in social network service (SNS)
US9076006B1 (en) * 2012-11-30 2015-07-07 Microstrategy Incorporated Sharing electronic resources
CN111475823A (en) * 2020-03-19 2020-07-31 平安国际智慧城市科技股份有限公司 Data sharing method, equipment, server and readable storage medium

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113691555A (en) * 2021-09-01 2021-11-23 中国人民解放军31007部队 Information resource sharing method facing business activity
CN114024964A (en) * 2021-10-28 2022-02-08 苏州浪潮智能科技有限公司 Resource access method, device, equipment and computer readable storage medium
CN114024964B (en) * 2021-10-28 2023-06-23 苏州浪潮智能科技有限公司 Resource access method, device, equipment and computer readable storage medium

Similar Documents

Publication Publication Date Title
CN106209749B (en) Single sign-on method and device, and related equipment and application processing method and device
JP5658745B2 (en) HTTP-based authentication
CN109672675B (en) OAuth 2.0-based WEB authentication method of password service middleware
US9053318B2 (en) Anti-cloning system and method
CN109413076B (en) Domain name resolution method and device
US9268922B2 (en) Registration of devices in a digital rights management environment
US20030208681A1 (en) Enforcing file authorization access
CN108259406B (en) Method and system for verifying SSL certificate
US8566581B2 (en) Secure inter-process communications
CN112688773A (en) Token generation and verification method and device
CN113672897B (en) Data communication method, device, electronic equipment and storage medium
CN111800378A (en) Login authentication method, device, system and storage medium
CN112560102A (en) Resource sharing method, resource accessing method, resource sharing equipment and computer readable storage medium
CN113918967A (en) Data transmission method, system, computer equipment and medium based on security check
CN114553480B (en) Cross-domain single sign-on method and device, electronic equipment and readable storage medium
CN110138558B (en) Transmission method and device of session key and computer-readable storage medium
CN110807210B (en) Information processing method, platform, system and computer storage medium
CN108989302B (en) OPC proxy connection system and connection method based on secret key
US20200364317A1 (en) Method and system for identifying a user terminal in order to receive streaming protected multimedia content
CN110035035B (en) Secondary authentication method and system for single sign-on
US10313349B2 (en) Service request modification
CN105871788B (en) Password generation method and device for login server
CN116170164A (en) Method, device, electronic equipment and storage medium for requesting scheduling
KR20170111809A (en) Bidirectional authentication method using security token based on symmetric key
KR101962349B1 (en) Consolidated Authentication Method based on Certificate

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination