CN112637116A - Page-based terminal capability calling method, device, terminal and storage medium - Google Patents
Page-based terminal capability calling method, device, terminal and storage medium Download PDFInfo
- Publication number
- CN112637116A CN112637116A CN202011192290.6A CN202011192290A CN112637116A CN 112637116 A CN112637116 A CN 112637116A CN 202011192290 A CN202011192290 A CN 202011192290A CN 112637116 A CN112637116 A CN 112637116A
- Authority
- CN
- China
- Prior art keywords
- page
- target
- capability
- terminal
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 70
- 238000012795 verification Methods 0.000 claims abstract description 30
- 230000000977 initiatory effect Effects 0.000 claims abstract description 18
- 238000013475 authorization Methods 0.000 claims description 20
- 238000004590 computer program Methods 0.000 claims description 7
- 230000000875 corresponding effect Effects 0.000 description 19
- 230000006870 function Effects 0.000 description 9
- 238000007726 management method Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000001276 controlling effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the invention discloses a page-based terminal capability calling method, a page-based terminal capability calling device, a page-based terminal capability calling terminal and a page-based storage medium. The method comprises the following steps: initiating a terminal capacity request based on the operation of a target page, wherein the terminal capacity request is used for calling the capacity of a target terminal, and the capacity of the target terminal comprises equipment capacity and service capacity which can be called by a target application on a terminal; verifying whether the target page is an internal page of the target application; if not, verifying whether the target terminal capability is the authorized terminal capability; if the terminal capability is authorized, the target terminal capability is called to execute the service function. According to the embodiment of the invention, the target application can perform end capability authority control on the pages of different channels through the verification of the pages and the verification of the opposite end capability, so that the safety grading control of the end capability is realized, and the problems of privacy disclosure and the like caused by the abuse of the end capability are avoided.
Description
Technical Field
The invention relates to the technical field of software, in particular to a page-based terminal capability calling method, a page-based terminal capability calling device, a page-based terminal capability calling terminal and a page-based storage medium.
Background
With the development of software applications, the content carried by APP (Application) is more diversified currently, a hybrid architecture mode has become an APP mainstream architecture mode, when an APP client needs to carry rich content, part of external services are introduced to improve the use viscosity of a user, and the external services are carried in an HTML5(HyperText Markup Language 5) mode mostly, an HTML5 page meets the service requirement in the use process, and there is a demand for calling the web container related capability provided by the APP client, based on this background and use requirement, the web container provides a series of capabilities, such as calling device related information and capability, APP related information and capability, etc., for internal HTML5 service, different external channel HTML5 services, if all the capabilities of the web container are opened, the risk of APP information leakage and capability misuse is brought.
At present, a large number of HTML5 pages are based on the requirement of service functions, and need to rely on the capabilities provided by the APP client when the APP client bears the load, such as pulling up a device album, reading an address book, and the like. The method for calling the end capacity directly calls the end capacity after the early-stage load on the external HTML5 page of the client is consistent with the negotiation with the APP client, the end capacity method has leakage risks, the H5 page for acquiring all the existing web container end capacity list information of the APP client can be directly called, real-time control cannot be achieved, and the risk is huge.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, a terminal, and a storage medium for calling an end capability based on a page, so as to implement management and control on an end capability call and prevent abuse of the end capability.
In a first aspect, an embodiment of the present invention provides a page-based end capability calling method, including:
initiating a terminal capacity request based on the operation of a target page, wherein the terminal capacity request is used for calling the capacity of a target terminal, and the capacity of the target terminal comprises equipment capacity and service capacity which can be called by a target application on a terminal;
verifying whether the target page is an internal page of a target application;
if not, verifying whether the target terminal capability called by the terminal capability request is the authorized terminal capability;
if the authorization end capability exists, the target end capability is called to execute the equipment capability or the service capability.
In a second aspect, an embodiment of the present invention further provides a device for calling a page-based end capability, where the device includes:
the terminal comprises a request initiating module, a service initiating module and a service executing module, wherein the request initiating module is used for initiating a terminal capacity request based on the operation of a target page, the terminal capacity request is used for calling the capacity of a target terminal, and the capacity of the target terminal comprises the equipment capacity and the service capacity which can be called by a target application on the terminal;
the page verification module is used for verifying whether the target page is an internal page of the target application;
the terminal capability verification module is used for verifying whether the target terminal capability called by the terminal capability request is the authorized terminal capability or not if the terminal capability is not the internal page;
and the terminal capability calling module is used for calling the target terminal capability to execute the equipment capability or the service capability if the terminal capability is authorized.
In a third aspect, an embodiment of the present invention further provides a terminal, including a memory and a processor, where the memory stores a computer program that can be executed by the processor, and the processor implements the page-based terminal capability calling method when executing the computer program.
In a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, where a computer program is stored in the storage medium, and the computer program includes program instructions, and when the program instructions are executed, the program instructions implement the foregoing page-based end capability calling method.
According to the technical scheme provided by the embodiment of the invention, based on the operation of a user on a target page, an end capacity request is initiated, whether the target page is an internal page of a target application is verified, if the target page is the internal page of the target application, the end capacity request is directly passed, if the target page is not the internal page of the target application, whether the target end capacity called by the end capacity request is authorized or not is continuously verified, if the target end capacity called by the end capacity request is the authorized end capacity, the end capacity request is passed, and if the target end capacity called by the end capacity request is not the authorized end capacity, the end capacity request is not passed, the method realizes the end capacity authority control on the pages of different channels through the verification of the pages and the verification of the opposite end capacity, so that the.
Drawings
FIG. 1 is a flowchart of a method for calling a page-based peer capability according to a first embodiment of the present invention;
FIG. 2 is a flowchart of a page-based end capability calling method according to a second embodiment of the present invention;
FIG. 3 is a sub-flowchart of a page-based end capability calling method according to a second embodiment of the present invention;
FIG. 4 is a sub-flowchart of a page-based end capability calling method according to a second embodiment of the present invention;
FIG. 5 is a sub-flowchart of a page-based end capability calling method according to a second embodiment of the present invention;
FIG. 6 is a flowchart of a page-based peer capability calling method according to a second embodiment of the present invention;
FIG. 7 is a diagram of a device for calling page-based end capability according to a third embodiment of the present invention;
fig. 8 is a schematic diagram of a terminal in the fourth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
Furthermore, the terms "first," "second," and the like may be used herein to describe various orientations, actions, steps, elements, or the like, but the orientations, actions, steps, or elements are not limited by these terms. These terms are only used to distinguish one direction, action, step or element from another direction, action, step or element. For example, the first speed difference may be referred to as a second speed difference, and similarly, the second speed difference may be referred to as a first speed difference, without departing from the scope of the present invention. Both the first application and the second application are applications, but they are not the same application. The terms "first", "second", etc. are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise. It should be noted that when a portion is referred to as being "secured to" another portion, it can be directly on the other portion or there can be an intervening portion. When a portion is said to be "connected" to another portion, it may be directly connected to the other portion or intervening portions may be present. The terms "vertical," "horizontal," "left," "right," and the like as used herein are for illustrative purposes only and do not denote a unique embodiment.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the steps as a sequential process, many of the steps can be performed in parallel, concurrently or simultaneously. In addition, the order of the steps may be rearranged. A process may be terminated when its operations are completed, but may have additional steps not included in the figure. A process may correspond to a method, a function, a procedure, a subroutine, a subprogram, etc.
Example one
Fig. 1 is a flowchart of a page-based terminal capability calling method according to an embodiment of the present invention, which is applicable to a terminal and a server capable of performing terminal capability management and control, and may be executed by the terminal or the server, or may be completed by the terminal or the server interactively. In this embodiment, a page-based end capability calling method is applied to a terminal as an example, where an APP client capable of providing end capability and an HTML5 page capable of carrying external services are configured in the terminal (hereinafter, all called pages, external pages, and internal pages refer to HTML5 pages). Specifically, as shown in fig. 1, the method includes the following steps:
s110, initiating a terminal capacity request based on the operation of the target page, wherein the terminal capacity request is used for calling the target terminal capacity, and the target terminal capacity comprises the equipment capacity and the service capacity which can be called by the target application on the terminal.
The target page is an HTML5 page which is provided by the terminal based on the target application and used for bearing services, and is borne by a web container provided by the target application, and the target application is an APP client capable of providing end capability on the terminal. The user can carry out interactive operation through the target page, and when the user carries out preset operation based on the target page, the terminal judges that the user needs to call the target terminal capability provided by the target application, and immediately initiates a terminal capability request to the target application.
More specifically, the end capability is the capability provided by the terminal based on the APP client, and is encapsulated into a capability component by the APP client, and the HTML5 page may be called by js code defined by a pre-specification, and may include device capability, and service capability of the APP, such as open page and return data. Illustratively, the target application is a microblog client, the target end capacity comprises at least one of capacities that a microblog can call, such as a microblog sharing function, an address book reading function and an album reading function, the target page is a news page provided by the microblog through a web container, an option of sharing to my microblog is provided on the news page, and when a user clicks the option of sharing to my microblog, the news page is requested to the microblog sender capacity for calling the microblog sharing capacity of the microblog client.
And S120, verifying whether the target page is an internal page of the target application.
The inner page represents an HTML5 page whose domain name is the inner domain name of the target application, the inner page and the target application belong to the same channel, and actually the inner page and the outer page are used for distinguishing whether the service carried by the page is the inner service or the outer service of the target application: when the target page is an internal page of the target application, the target page is used for bearing the internal service of the target application, the end capacity request is safe and can be directly released without verification, and if the target page is not the internal page of the target application, the target page is used for bearing the external service of the target application, and subsequent verification is required according to the end capacity request to ensure the safety. Specifically, whether the verification target page is an internal page is actually whether the domain name of the verification target page is an internal domain name of the target application, if so, the verification target page is an internal page of the target application, and otherwise, the verification target page is not the internal page of the target application.
S130, if the terminal capability request is not the internal page, whether the target terminal capability called by the terminal capability request is the authorized terminal capability is verified.
The authorization side capability pre-authorizes the side capability allowing the external page call for the manager of the target application. If the target page is not the internal page of the target application, whether the target terminal capability is pre-authorized needs to be verified, if the target terminal capability is pre-authorized, the target terminal capability can be called, and if the target terminal capability is not pre-authorized, the target terminal capability cannot be called. In the prior art, in order to improve user stickiness, many applications open the authority of calling end capability of an external page, but opening the authority of calling the full end capability easily causes the abuse of the end capability, and the prior art does not manage and control the end capability. Therefore, in this embodiment, after the target page is verified as the external page, it is further required to verify whether the target capability is the authorized capability, and if not, the end capability request is not passed.
Specifically, an authorized terminal capability list may be stored in the terminal or obtained from the server, all terminal capability information authorized to allow the target application to be called is stored in the authorized terminal capability list, and after the target application in the terminal detects the terminal capability request, the authorized terminal capability list is read to determine whether the target terminal capability required to be called by the terminal capability request is the authorized terminal capability, so as to determine whether the terminal capability request passes through.
And S140, if the terminal capability is authorized, calling the target terminal capability to execute the equipment capability or the service capability.
And when the target end capability is judged to be the authorized end capability, the target application allows the target end capability to be called through the end capability request so as to execute the equipment capability or the service capability to complete corresponding actions.
Illustratively, a user browses news on a certain page, and when the user clicks in the page to share the WeChat friend circle, the page sends a request for the capability of the initiating end of the WeChat application to call the capability of the end of sharing the WeChat friend circle. The WeChat application detects whether the page is an internal page, if the page is the internal page, the page directly passes through, and the user shares the content of the page to a WeChat friend circle; if the page is not the internal page, the WeChat application detects whether the page is authorized to have the end capacity of sharing the WeChat friend circle, namely, detects whether the end capacity of sharing the WeChat friend circle is the authorized end capacity of the page on the WeChat application, and if the end capacity of sharing the WeChat friend circle is the authorized end capacity of the page on the WeChat application, the page content is shared to the WeChat friend circle; if not, fail and the sharing fails.
The embodiment provides a page-based terminal capability calling method, which is characterized in that a terminal capability request is initiated based on the operation of a user on a target page, then whether the target page is an internal page of a target application is verified, if the target page is an internal page of the target application, the terminal capability request is directly passed, if the target page is not an internal page of the target application, whether the target terminal capability called by the terminal capability request is an authorized terminal capability is continuously verified, if the target terminal capability called by the terminal capability request is the authorized terminal capability, the terminal capability request is passed, and if the target terminal capability called by the terminal capability request is not the authorized terminal capability, the terminal capability request is not passed.
Example two
In this embodiment, a more detailed explanation is made on part of the content in the first embodiment based on the first embodiment, for example, a process of obtaining a capability list of an authorized end in advance before verifying whether the capability of the target end is the authorized segment capability, and a process of performing segment capability authorization on the target page, specifically:
as shown in FIG. 2, before step S110, steps S210-250 of configuring the target page are also included:
s210, if the target page is an external page, sending a target page loading request to a page server based on the operation of opening the target page, so that the page server sends a token acquisition request to an application server according to the target page loading request.
When the target page is an external page, related verification is required to obtain an authorized terminal capability list corresponding to the target page. The page loading request is generated when a user triggers the operation of loading the target page on the terminal. The page server is a server for providing the service related to the target page, and the application server is a server for providing the service related to the target application. Specifically, in the terminal, the page loading request is generated and sent by the target page.
After receiving the token acquisition request, the page server sends an access token to the terminal, and as shown in fig. 3, the process specifically includes steps S211 to 212:
s211, the application server determines the corresponding channel service identifier and the channel service key according to the token acquisition request.
The channel service identifier (APPID) and the channel service key exist in pairs and are generated according to a pre-performed authorization operation, the authorization operation is an operation for authorizing the target page, and the channel service identifier and the channel service key are used for determining the channel service based on which the target application authorizes the target page.
S212, the application server determines a corresponding access token according to the channel service identifier and the channel service key, and sends the access token to a page server, so that the page server sends the access token to the target page.
When a user triggers an operation of loading a target page at a terminal (such as clicking a loading option of the target page), the target page sends a target page loading request to a page server, and after receiving the target page loading request, the page server determines a target application corresponding to the terminal capability related to the target page according to the page loading request, and further sends a token acquisition request to a server (application server) of the target application. Specifically, the token acquisition request includes a channel service identifier and a channel service key associated with the target page, the channel service identifier is used for determining a target application to which an end capability required by the target page belongs, and the channel service key is generated in the process of authorizing the target page for the target application and is used for determining that the target page is authorized by the target application. The page server mainly determines a target application according to a page loading request so as to send a token acquisition request to an application server corresponding to the target application, and after receiving the token acquisition request, the application server determines that an access token which accords with a channel service identifier and a channel service key exists, and then sends the access token to the page server, and the page server sends the access token to a target page.
Illustratively, when a user opens a target page at a terminal, the target page needs to use a certain end capability of a phone book, the terminal sends a target page loading request to an application server corresponding to the phone book, the application server determines, according to the target page loading request, the end capability of the phone book that the target page needs to use, then the page server sends a token obtaining request to the application server of the phone book, the token obtaining request includes an APPID and an APP key (channel service key) of the phone book, the application server sends an access token to the page server according to the APPID and the APP key of the phone book, the page server sends the access token to the target page, and in some embodiments, the access token is sent to the target page together with the token expiration time of the token.
S220, the target page acquires the access token sent by the application server according to the token acquisition request.
The access token is used for passing the verification of the application server to acquire the authorized terminal capability list provided by the application server. The access token in this step actually goes through the process in step S212 to reach the target page. Specifically, after receiving the access token sent by the application server through the page server, the target page caches the access token to the local terminal, and when the time reaches the token effective time, the cached access token is invalid.
S230, the target page sends a request for verifying page information to the target application according to the access token.
After receiving the access token, the target page needs to be further verified by the target application, and firstly, a request for verifying page information is initiated to the target application according to the access token, wherein the request for verifying page information comprises a channel service identifier, a page domain name and an end capability list required by the target page, so that the target application can be further verified by the application server. The page domain name is used for identifying a target page, the end capability list required by the target page is used for determining whether end capabilities provided by the target application recorded in the application server are matched (all the end capabilities in the end capability list required by the target page belong to the end capabilities of the target application, the end capability list required by the target page is matched), and the channel service identifier is used for finding information such as the end capabilities provided by the target application in the application server.
S240, the target application sends an authentication request to the application server according to the request for verifying the page information, so that the application server verifies whether the target page is an authorized page of the target application according to the authentication request.
The authentication request comprises a page domain name, an end capability list required by the target page and a channel service identifier. Specifically, in the terminal, after receiving the request for verifying the page information, the target application sends an authentication request to the application server according to the request for verifying the page information.
More specifically, as shown in fig. 4, in step S240 in one embodiment, the specific process of the application server verifying whether the target page is an authorized page of the target application includes steps S241-242:
s241, verifying whether the target page is in a white list corresponding to the channel service identifier and whether the end capability in the end capability list belongs to the channel service identifier according to the page domain name.
After receiving an authentication request sent by a terminal, an application server verifies according to a page domain name and an end capability list in the authentication request, determines a white list corresponding to a target application and all end capabilities capable of being provided according to a channel service identifier, and if the page domain name belongs to the white list corresponding to the channel service identifier and determines that the end capabilities in the end capability list required by the target page all belong to the channel service identifier, the verification is passed.
And S242, if the two are met at the same time, determining that the target page is an authorized page of the target application, and generating an authentication result through authentication.
After the authentication is passed, the application server returns an authentication result to the terminal, so that the terminal configures the target page according to the authentication result, specifically, the authentication result includes page display information, check record information and an authorization end capability list, wherein the page display information is used for controlling display contents of the target page, for example, a certain end capability option in the target page can be used or not used, the check record information is used for recording authentication history of the target page and the target application, and the authorization end capability list is generated in a pre-authorization process and is used for determining all end capabilities of the target page that can be called by the target application.
S250, the target application acquires an authentication result sent by the application server according to the authentication request, and loads the target page according to the authentication result.
After the application server completes authentication based on the authentication request, the application server directly sends an authentication result to the target application, the target application caches the authentication result to the local terminal and provides the authentication result to the target page, so that the target page is loaded according to the authentication result, if the authentication is passed, a subsequent user can directly call the terminal capability in the authorization terminal capability list, and if the authentication is not passed, the target page cannot call the terminal capability of the target application.
If the target page is an external page as described in steps S210-250, the verification process is performed on the target page when the target page is loaded, and if the target page is an internal page, the target page is directly loaded based on the operation of opening the target page. Specifically, different loading modes of the internal page and the external page can be realized through the bottom layer codes of the internal page and the external page.
More specifically, in one embodiment, as shown in FIG. 5, before step S220, the method further includes steps S260-270:
s260, reading a local cache according to the target page loading request, determining verification record information corresponding to the target page, and verifying whether the failure times in the verification record information exceed preset times.
And S270, if the failure times in the check record information exceed the preset times, directly determining that the access token is wrong.
And inquiring checking record information to avoid illegally cracking the authorization system, and when the checking record information shows that the failure times exceed the preset times, if the failure times exceed three times, directly determining that the access token is wrong, so that subsequent verification cannot be performed, and the target page cannot acquire an authentication result and cannot call the end capability of the target application.
In the local cache of the target application, the failure times in the check record information are changed along with the authentication result, when the authentication result is successfully displayed, the failure times are returned to zero, the success callback function is called, and if the authentication result is failed, the failure times are accumulated and the failure callback function is called.
More specifically, in one embodiment, step S130, as shown in FIG. 6, includes steps S131-133:
s131, if the target terminal capability is not the sensitive terminal capability, verifying whether the target terminal capability is the sensitive terminal capability.
S132, if the target terminal capability is not the sensitive terminal capability, capturing current display information of the target page, determining whether the target terminal capability belongs to the conventional terminal capability according to the current display information, and if the target terminal capability is not the sensitive terminal capability, directly calling the target terminal capability.
S133, if the terminal capacity is sensitive, whether the target terminal capacity called by the terminal capacity request is authorized terminal capacity is verified.
The steps S131 to S133 are used for further dividing the authorization grade of the end capability, aiming at the external page, only when the target end capability relates to that the sensitive content is classified as the sensitive end capability, whether the target end capability is the authorized end capability needs to be verified, if not, the terminal directly captures the current display information of the target page, analyzes whether the target end capability is the conventional end capability according to multi-dimensional data such as labels, pictures and the like in the current display information through a preset algorithm, if so, the direct calling is allowed, and if not, the calling is forbidden.
More specifically, in an embodiment, before step S210, a process of authorizing the target page in advance is further included, the authorization process may be completed based on an end capability management platform, and the end capability management platform may communicate with the page server and the application server, and specifically, the authorization process includes steps S201 to S204 (not shown):
s201, uploading registration information through a page server login end capacity management platform to register a target page.
S202, the registration information is checked through the application server, and a check file is provided to the end capacity management platform after the check is passed, wherein the check file comprises a channel service identifier and a channel service key of the target application.
And S203, sending the verification file to a page server through the end capacity management platform.
S204, performing end capability authorization on the target application through the end capability management platform to obtain authorization information, and sending the authorization information to an application server, wherein the authorization information comprises a white list of a domain name of the target application and an authorization end capability list.
The embodiment provides a page-based terminal capability calling method, further provides a process of acquiring an authorized terminal capability list through a page server and an application server on the basis of the previous embodiment, and directly stores the authorized terminal capability list in a terminal, so that the efficiency of terminal capability verification is improved, the non-perception authentication of a user is realized, and in the embodiment, the authorized terminal capability list is acquired again each time a target page is loaded, so that the authorized terminal capability list is ensured to be timely and effective.
EXAMPLE III
Fig. 7 is a schematic structural diagram of a page-based terminal capability calling apparatus 300 according to a third embodiment of the present invention, where the apparatus specifically includes:
a request initiating module 310, configured to initiate an end capability request based on an operation of a target page, where the end capability request is used to invoke a target end capability, and the target end capability includes a device capability and a service capability that can be invoked by a target application on a terminal;
a page verification module 320, configured to verify whether the target page is an internal page of a target application;
the terminal capability verifying module 330 is configured to verify whether the target terminal capability called by the terminal capability request is an authorized terminal capability if the terminal capability is not an internal page;
and the terminal capability calling module 340 is configured to, if the terminal capability is authorized, call the target terminal capability to execute the device capability or the service capability.
Optionally, in an embodiment, the apparatus further includes:
the page loading request module is used for sending a target page loading request to a page server based on the operation of opening the target page if the target page is an external page, so that the page server sends a token acquisition request to a target application server according to the target page loading request;
an access token obtaining module, configured to enable the target page to obtain an access token sent by the application server according to the token obtaining request;
the page information verification request module is used for enabling the target page to initiate a request for verifying page information to the target application according to the access token;
the authentication request module is used for enabling the target application to send an authentication request to the application server according to the request for verifying the page information, so that the application server can verify whether the target page is an authorized page of the target application according to the authentication request;
and the page loading module is used for enabling the target application to acquire the authentication result sent by the application server according to the authentication request and loading the target page according to the authentication result.
Optionally, in an embodiment, the authentication request includes a page domain name, a terminal capability list required by the target page, and a channel service identifier, and the verifying whether the target page is an authorized page of the target application includes:
verifying whether the target page is in a white list corresponding to the channel service identifier and the end capability in the end capability list belongs to the channel service identifier or not according to the page domain name;
and if the two are met simultaneously, determining that the target page is an authorized page of the target application, and generating an authentication result after passing the authentication.
Optionally, in an embodiment, the authentication result includes page display information, check record information, and an authorized terminal capability list.
Optionally, in an embodiment, the apparatus further includes:
the local verification module is used for reading a local cache according to the target page loading request, determining verification record information corresponding to the target page, and verifying whether the failure times in the verification record information exceed preset times;
and the local forbidding module is used for directly determining that the access token is wrong if the failure times in the check record information exceed the preset times.
Optionally, in an embodiment, the apparatus further includes:
the sensitive end capacity determining module is used for verifying whether the target end capacity is the sensitive end capacity or not if the target end capacity is not the internal page;
and the page information determining module is used for capturing the current display information of the target page if the target page is not the sensitive end capability, determining whether the target end capability belongs to the conventional end capability according to the current display information, and directly calling the target end capability if the target end capability belongs to the conventional end capability.
Optionally, in an embodiment, after the page server sends a token obtaining request to an application server according to the target page loading request, the method further includes:
the application server determines a corresponding channel service identification code and a channel service key according to the token acquisition request;
and the application server determines a corresponding access token according to the channel service identifier and the channel service key, and sends the access token to a page server so that the page server sends the access token to the target page.
The embodiment further provides a page-based terminal capability calling device, which initiates a terminal capability request based on the operation of a user on a target page, then verifies whether the target page is an internal page of a target application, if so, directly passes the terminal capability request, if not, continuously verifies whether the target terminal capability called by the terminal capability request is an authorized terminal capability, if so, passes the terminal capability request, and if not, does not pass the terminal capability request.
The page-based terminal capability calling device provided by the embodiment of the invention can execute any one of the page-based terminal capability calling methods provided by the previous embodiments of the invention, and has corresponding functional modules and beneficial effects of the execution method.
Example four
Fig. 8 is a schematic structural diagram of a terminal 400 according to a fourth embodiment of the present invention, as shown in fig. 8, the terminal includes a memory 410 and a processor 420, where the number of the processors 420 in the terminal may be one or more, and one processor 420 is taken as an example in fig. 8; the memory 410 and the processor 420 in the terminal may be connected by a bus or other means, and fig. 8 illustrates the connection by a bus.
The memory 40 is used as a computer readable storage medium for storing software programs, computer executable programs, and modules, such as program instructions/modules corresponding to the page-based end capability calling method in the embodiment of the present invention (for example, the request initiation module 310, the page verification module 320, the end capability verification module 330, and the end capability calling module 340 in the page-based end capability calling device). The processor 420 executes various functional applications and data processing of the terminal, i.e., implements the above-described page-based end capability calling method, by executing software programs, instructions, and modules stored in the memory 410.
Wherein the processor 420 is configured to run the computer executable program stored in the memory 410 to implement the following steps: step 110, initiating a terminal capacity request based on the operation of a target page, wherein the terminal capacity request is used for calling the capacity of a target terminal, and the capacity of the target terminal comprises the equipment capacity and the service capacity which can be called by a target application on a terminal; step 120, verifying whether the target page is an internal page of the target application; step 130, if the target terminal capability is not the internal page, verifying whether the target terminal capability is the authorized terminal capability; and 140, if the terminal capability is authorized, calling the target terminal capability to execute the equipment capability or the service capability.
Of course, the terminal provided in the embodiment of the present invention is not limited to the method operations described above, and may also perform related operations in the page-based terminal capability calling method provided in any embodiment of the present invention.
The memory 410 may mainly include a program storage area and a data storage area, wherein the program storage area may store application programs required for operating devices and functions; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 410 may include high speed random access memory, and may also include non-volatile memory, such as a magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 410 may further include memory located remotely from the processor 420, which may be connected to the terminal over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The device can execute the method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
EXAMPLE five
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, where the computer-executable instructions are executed by a computer processor to perform a page-based end capability calling method, where the page-based end capability calling method includes:
initiating a terminal capacity request based on the operation of a target page, wherein the terminal capacity request is used for calling the capacity of a target terminal, and the capacity of the target terminal comprises equipment capacity and service capacity which can be called by a target application on a terminal;
verifying whether the target page is an internal page of a target application;
if not, verifying whether the target terminal capability is the authorized terminal capability;
if the authorization end capability exists, the target end capability is called to execute the equipment capability or the service capability.
Of course, the storage medium provided by the embodiment of the present invention contains computer-executable instructions, and the computer-executable instructions are not limited to the method operations described above, and may also perform related operations in the page-based end capability calling method provided by any embodiment of the present invention.
From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which can be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a terminal, or a network device) to execute the methods according to the embodiments of the present invention.
It should be noted that, in the embodiment of the page-based terminal capability calling apparatus, each unit and each module included in the embodiment are only divided according to functional logic, but are not limited to the above division, as long as the corresponding function can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A page-based end capability calling method is characterized by comprising the following steps:
initiating a terminal capacity request based on the operation of a target page, wherein the terminal capacity request is used for calling the capacity of a target terminal, and the capacity of the target terminal comprises equipment capacity and service capacity which can be called by a target application on a terminal;
verifying whether the target page is an internal page of a target application;
if not, verifying whether the target terminal capability is the authorized terminal capability;
if the authorization end capability exists, the target end capability is called to execute the equipment capability or the service capability.
2. The method for calling page-based peer capability according to claim 1, wherein before the initiating of the peer capability request by the target page-based operation, the method further comprises:
if the target page is an external page, sending a target page loading request to a page server based on the operation of opening the target page, so that the page server sends a token acquisition request to an application server according to the target page loading request;
the target page acquires an access token sent by the application server according to the token acquisition request;
the target page initiates a request for verifying page information to the target application according to the access token;
the target application sends an authentication request to the application server according to the request for verifying the page information so that the application server verifies whether the target page is an authorized page of the target application according to the authentication request;
and the target application acquires an authentication result sent by the application server according to the authentication request and loads the target page according to the authentication result.
3. The page-based peer capability calling method according to claim 2, wherein the authentication request includes a page domain name, a peer capability list required by the target page, and a channel service identifier, and the verifying whether the target page is an authorized page of the target application includes:
verifying whether the target page is in a white list corresponding to the channel service identifier or not according to the page domain name, and whether the end capability in the end capability list belongs to the channel service identifier or not;
and if the two are met simultaneously, determining that the target page is an authorized page of the target application, and generating an authentication result after passing the authentication.
4. The page-based peer capability calling method according to claim 2, wherein the authentication result comprises page display information, check record information and an authorized peer capability list.
5. The method for calling the page-based end capability according to claim 2, wherein before the obtaining the access token sent by the application server according to the token obtaining request, the method further comprises:
reading a local cache according to the target page loading request, determining check record information corresponding to the target page, and verifying whether failure times in the check record information exceed preset times;
and if the failure times in the check record information exceed the preset times, directly determining that the access token is wrong.
6. The method according to claim 1, wherein said verifying whether the target end capability called by the end capability request is an authorized end capability comprises:
if not, verifying whether the target terminal capability is the sensitive terminal capability;
if the target terminal capability is not the sensitive terminal capability, capturing current display information of the target page, determining whether the target terminal capability belongs to the conventional terminal capability according to the current display information, and if so, directly calling the target terminal capability;
and if the terminal capacity is the sensitive terminal capacity, verifying whether the target terminal capacity called by the terminal capacity request is the authorized terminal capacity.
7. The method for calling the end capability based on the page according to claim 2, wherein after the page server sends the token obtaining request to the application server according to the target page loading request, the method further comprises:
the application server determines a corresponding channel service identifier and a channel service key according to the token acquisition request;
and the application server determines a corresponding access token according to the channel service identifier and the channel service key, and sends the access token to a page server so that the page server sends the access token to the target page.
8. A page-based end capability calling apparatus, comprising:
the terminal comprises a request initiating module, a service initiating module and a service executing module, wherein the request initiating module is used for initiating a terminal capacity request based on the operation of a target page, the terminal capacity request is used for calling the capacity of a target terminal, and the capacity of the target terminal comprises the equipment capacity and the service capacity which can be called by a target application on the terminal;
the page verification module is used for verifying whether the target page is an internal page of the target application;
the terminal capability verification module is used for verifying whether the target terminal capability called by the terminal capability request is the authorized terminal capability or not if the terminal capability is not the internal page;
and the terminal capability calling module is used for calling the target terminal capability to execute the equipment capability or the service capability if the terminal capability is authorized.
9. A terminal, characterized in that it comprises a memory and a processor, said memory having stored thereon a computer program executable on the processor, said processor implementing the page-based end capability calling method according to claims 1-7 when executing said computer program.
10. A computer-readable storage medium, characterized in that the storage medium stores a computer program comprising program instructions that, when executed, implement the page-based end capability calling method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011192290.6A CN112637116A (en) | 2020-10-30 | 2020-10-30 | Page-based terminal capability calling method, device, terminal and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011192290.6A CN112637116A (en) | 2020-10-30 | 2020-10-30 | Page-based terminal capability calling method, device, terminal and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112637116A true CN112637116A (en) | 2021-04-09 |
Family
ID=75303194
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011192290.6A Pending CN112637116A (en) | 2020-10-30 | 2020-10-30 | Page-based terminal capability calling method, device, terminal and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112637116A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113419725A (en) * | 2021-06-07 | 2021-09-21 | 上海数禾信息科技有限公司 | Data processing method and device for H5 page development |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104572278A (en) * | 2014-12-22 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | Method, device and equipment for light application to call local end capability |
| EP3333744A1 (en) * | 2016-12-12 | 2018-06-13 | Sap Se | Authorization code flow for in-browser applications |
| CN111083093A (en) * | 2018-10-22 | 2020-04-28 | 中国移动通信集团浙江有限公司 | Method and device for calling terminal capability |
-
2020
- 2020-10-30 CN CN202011192290.6A patent/CN112637116A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104572278A (en) * | 2014-12-22 | 2015-04-29 | 百度在线网络技术(北京)有限公司 | Method, device and equipment for light application to call local end capability |
| EP3333744A1 (en) * | 2016-12-12 | 2018-06-13 | Sap Se | Authorization code flow for in-browser applications |
| CN111083093A (en) * | 2018-10-22 | 2020-04-28 | 中国移动通信集团浙江有限公司 | Method and device for calling terminal capability |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113419725A (en) * | 2021-06-07 | 2021-09-21 | 上海数禾信息科技有限公司 | Data processing method and device for H5 page development |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20200285978A1 (en) | Model training system and method, and storage medium | |
| US10735472B2 (en) | Container authorization policies for network trust | |
| CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
| CN110363026B (en) | File operation method, device, equipment, system and computer readable storage medium | |
| CN112073400A (en) | Access control method, system and device and computing equipment | |
| CN110121873A (en) | A kind of access token management method, terminal and server | |
| CN104751050A (en) | Client application program management method | |
| US10333925B2 (en) | Seamless provision of authentication credential data to cloud-based assets on demand | |
| CN104732147A (en) | Application program processing method | |
| US20200175177A1 (en) | Auto-injection of security protocols | |
| CN111083093B (en) | Method and device for calling terminal capability, electronic equipment and storage medium | |
| CN104732140A (en) | Program data processing method | |
| CN110278192A (en) | Method, apparatus, computer equipment and the readable storage medium storing program for executing of extranet access Intranet | |
| CN109409552A (en) | Reserve access method, system, computer equipment and storage medium | |
| CN110599311A (en) | Resource processing method and device, electronic equipment and storage medium | |
| CN113779545A (en) | Data cross-process sharing method, terminal equipment and computer readable storage medium | |
| CN107645474B (en) | Method and device for logging in open platform | |
| CN112637116A (en) | Page-based terminal capability calling method, device, terminal and storage medium | |
| CN108009439A (en) | The method, apparatus and system of resource request | |
| CN111324799B (en) | Search request processing method and device | |
| CN111538566A (en) | Mirror image file processing method, device and system, electronic equipment and storage medium | |
| CN116566656A (en) | Resource access method, device, equipment and computer storage medium | |
| CN115733666A (en) | Password management method and device, electronic equipment and readable storage medium | |
| CN115695400A (en) | Method and terminal for interaction between Web page and local application | |
| CN111953637B (en) | Application service method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210409 |