CN112800413A - Authority information pushing method, device, equipment and storage medium - Google Patents

Authority information pushing method, device, equipment and storage medium Download PDF

Info

Publication number
CN112800413A
CN112800413A CN202110220589.6A CN202110220589A CN112800413A CN 112800413 A CN112800413 A CN 112800413A CN 202110220589 A CN202110220589 A CN 202110220589A CN 112800413 A CN112800413 A CN 112800413A
Authority
CN
China
Prior art keywords
information
target
abac
authorization center
receiving interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110220589.6A
Other languages
Chinese (zh)
Other versions
CN112800413B (en
Inventor
吴良华
谭翔
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Para Software Co ltd
Original Assignee
Shanghai Para Software Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Para Software Co ltd filed Critical Shanghai Para Software Co ltd
Priority to CN202110220589.6A priority Critical patent/CN112800413B/en
Publication of CN112800413A publication Critical patent/CN112800413A/en
Application granted granted Critical
Publication of CN112800413B publication Critical patent/CN112800413B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method, a device, equipment and a storage medium for pushing authority information. The method comprises the following steps: the ABAC authorization center receives abnormal information sent by a terminal and generates target release information according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface so as to enable the protected resource to be changed according to the target authority information.

Description

Authority information pushing method, device, equipment and storage medium
Technical Field
The embodiment of the invention relates to the technical field of computers, in particular to a method, a device, equipment and a storage medium for pushing authority information.
Background
The ABAC (Attribute Base Access Control) is different from a common way of associating a user with a right in some way, and performs authorization judgment by dynamically calculating one or a group of attributes to judge whether a certain condition is met (simple logic can be written).
Attributes are generally divided into four categories: user attributes (e.g., user age, user address), environment attributes (e.g., current time), operation attributes (add, delete, change, search), object attributes (e.g., an article, also called resource attributes).
The mode of the ABAC authority center mainly takes the protected resource to actively request the dynamic authority information, so that if the terminal is abnormal and is not operated after service access, the protected resource cannot be timely notified after ABAC dynamic decision, and the service security risk that the terminal risk is increased and the access authority of the protected resource is not changed exists.
Disclosure of Invention
The embodiment of the invention provides a method, a device, equipment and a storage medium for pushing authority information, which are used for realizing that an ABAC authority center actively informs protected resources under the condition of terminal abnormity.
In a first aspect, an embodiment of the present invention provides a method for pushing permission information, including:
the ABAC authorization center receives abnormal information sent by a terminal and generates target release information according to the abnormal information;
the ABAC authorization center determines a target receiving interface according to the target release information;
and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
Further, the ABAC authorization center determines a target receiving interface according to the target publishing information, including:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
Further, the ABAC authorization center determines a target receiving interface according to the target publishing information, including:
after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
if the information publishing interface is subscribed, judging whether information is published;
and if the target release information is detected, determining a target receiving interface according to the target release information.
Further, the method also comprises the following steps:
and if the information publishing interface is not subscribed, subscribing the information publishing interface.
Further, if the information publishing interface has subscribed, determining whether there is information publishing, further comprising:
if the release information is not detected, judging whether the receiving interface is subscribed or not;
if the receiving interface is not subscribed, returning to execute and judging whether the information publishing interface is subscribed or not.
In a second aspect, an embodiment of the present invention further provides an authority information pushing device, which is disposed in an ABAC authorization center, and includes:
the receiving module is used for receiving the abnormal information sent by the terminal and generating target release information according to the abnormal information;
the determining module is used for determining a target receiving interface according to the target issuing information;
and the sending module is used for sending the target authority information carried by the target release information to the protected resource through the target receiving interface so as to enable the protected resource to be changed according to the target authority information.
Further, the determining module is specifically configured to:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
Further, the determining module is specifically configured to:
after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
if the information publishing interface is subscribed, judging whether information is published;
and if the target release information is detected, determining a target receiving interface according to the target release information.
In a third aspect, an embodiment of the present invention further provides a computer device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor, when executing the program, implements the rights information pushing method according to any one of the embodiments of the present invention.
In a fourth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the rights information pushing method according to any of the embodiments of the present invention.
The embodiment of the invention receives abnormal information sent by a terminal through an ABAC authorization center, and generates target release information according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information, and the ABAC authorization center actively informs the protected resource under the condition that the terminal is abnormal.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flowchart of a method for pushing permission information according to a first embodiment of the present invention;
fig. 1a is a schematic flow chart of a method for pushing permission information according to a first embodiment of the present invention;
fig. 2 is a schematic structural diagram of a rights information pushing apparatus according to a second embodiment of the present invention;
fig. 3 is a schematic structural diagram of a computer device in a third embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present invention, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Example one
Fig. 1 is a flowchart of a method for pushing permission information according to an embodiment of the present invention, where the present embodiment is applicable to a situation of permission information pushing, and the method may be executed by a permission information pushing device according to an embodiment of the present invention, where the device may be implemented in a software and/or hardware manner, as shown in fig. 1, the method specifically includes the following steps:
and S110, the ABAC authorization center receives the abnormal information sent by the terminal and generates target release information according to the abnormal information.
The abnormal information may be sent in a form of a message, and may also be sent in other forms, which is not limited in this embodiment of the present invention.
Wherein the target release information includes: information type and target rights information.
S120, the ABAC authorization center determines a target receiving interface according to the target release information.
The determining mode of the target receiving interface can be that the information type is determined according to the target release information, and then the target receiving interface is determined according to the information type; the determining method of the target receiving interface may also be to directly determine the target receiving interface according to the target publishing information, which is not limited in this embodiment of the present invention.
S130, the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
The protected resource may be an application, an operating system, or a network device, which is not limited in this embodiment of the present invention.
The protected resource may be changed according to the target permission information in a manner that: after the protected resource receives the target authority information, original authority information is obtained, if the original authority information is different from the target authority information, the original authority information is replaced by the target authority information, if the original authority information is the same as the target authority information, no change is carried out, the original authority information is exploded and is not changed, and the mode that the protected resource is changed according to the target authority information can also be that: the protected resource directly completes the change of the authority information according to the target authority information, which is not limited in the embodiment of the invention.
Optionally, the determining, by the ABAC authorization center, a target receiving interface according to the target publishing information includes:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
Optionally, the determining, by the ABAC authorization center, a target receiving interface according to the target publishing information includes:
after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
if the information publishing interface is subscribed, judging whether information is published;
and if the target release information is detected, determining a target receiving interface according to the target release information.
Optionally, the method further includes:
and if the information publishing interface is not subscribed, subscribing the information publishing interface.
Optionally, if the information publishing interface has subscribed, determining whether there is information publishing, further including:
if the release information is not detected, judging whether the receiving interface is subscribed or not;
if the receiving interface is not subscribed, returning to execute and judging whether the information publishing interface is subscribed or not.
In a specific example, the embodiment of the present invention provides an interface agent mode, which is initiated by an ABAC authorization center, and through subscribing an interface agent, a corresponding resource receives a notification of subscription information, so as to obtain a change of rights information, and avoid service sensitive information leakage and service rights safety problems caused by that a protected resource cannot acquire a change of rights information in time due to an abnormality of a network environment and a terminal.
As shown in fig. 1a, the method comprises the following steps: (1) checking the information of the ABAC authorization center, (2) automatically subscribing an information publishing interface, (3) accepting the subscription of a receiving interface, (4) subscribing the receiving interface for the protected resource, (5) publishing the information by the ABAC authorization center, (6) verifying and matching the receiving interface, (7) pushing the authorization information, and (8) finishing the authorization information change of the protected resource.
According to the technical scheme of the embodiment, abnormal information sent by a terminal is received through an ABAC authorization center, and target release information is generated according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information, and the ABAC authorization center actively informs the protected resource under the condition that the terminal is abnormal.
Example two
Fig. 2 is a schematic structural diagram of an authority information pushing apparatus according to a second embodiment of the present invention. The present embodiment may be applicable to the case of pushing permission information, where the apparatus may be implemented in a software and/or hardware manner, and the apparatus may be integrated in any device providing a permission information pushing function, as shown in fig. 2, where the permission information pushing apparatus specifically includes: a receiving module 210, a determining module 220, and a sending module 230.
The receiving module 210 is configured to receive abnormal information sent by a terminal, and generate target release information according to the abnormal information;
a determining module 220, configured to determine a target receiving interface according to the target publishing information;
a sending module 230, configured to send the target permission information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target permission information.
Optionally, the determining module is specifically configured to:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
Optionally, the determining module is specifically configured to:
after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
if the information publishing interface is subscribed, judging whether information is published;
and if the target release information is detected, determining a target receiving interface according to the target release information.
The product can execute the method provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
According to the technical scheme of the embodiment, abnormal information sent by a terminal is received through an ABAC authorization center, and target release information is generated according to the abnormal information; the ABAC authorization center determines a target receiving interface according to the target release information; and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information, and the ABAC authorization center actively informs the protected resource under the condition that the terminal is abnormal.
EXAMPLE III
Fig. 3 is a schematic structural diagram of a computer device in a third embodiment of the present invention. FIG. 3 illustrates a block diagram of an exemplary computer device 12 suitable for use in implementing embodiments of the present invention. The computer device 12 shown in FIG. 3 is only an example and should not impose any limitation on the scope of use or functionality of embodiments of the present invention.
As shown in FIG. 3, computer device 12 is in the form of a general purpose computing device. The components of computer device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
Bus 18 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. By way of example, such architectures include, but are not limited to, an Industry Standard Architecture (ISA) bus, a Micro Channel Architecture (MCA) bus, an enhanced ISA bus, a Video Electronics Standards Association (VESA) local bus, and a Peripheral Component Interconnect (PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system Memory 28 may include computer system readable media in the form of volatile Memory, such as Random Access Memory (RAM) 30 and/or cache Memory 32. Computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 3, and commonly referred to as a "hard drive"). Although not shown in FIG. 3, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (a Compact disk-Read Only Memory (CD-ROM)), Digital Video disk (DVD-ROM), or other optical media may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
Computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with computer device 12, and/or with any devices (e.g., network card, modem, etc.) that enable computer device 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. In the computer device 12 of the present embodiment, the display 24 is not provided as a separate body but is embedded in the mirror surface, and when the display surface of the display 24 is not displayed, the display surface of the display 24 and the mirror surface are visually integrated. Moreover, computer device 12 may also communicate with one or more networks (e.g., a Local Area Network (LAN), Wide Area Network (WAN)) and/or a public Network (e.g., the Internet) via Network adapter 20. As shown, network adapter 20 communicates with the other modules of computer device 12 via bus 18. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with computer device 12, including but not limited to: microcode, device drivers, Redundant processing units, external disk drive Arrays, disk array (RAID) systems, tape drives, and data backup storage systems, to name a few.
The processing unit 16 executes various functional applications and data processing by running programs stored in the system memory 28, for example, implementing the rights information pushing method provided by the embodiment of the present invention:
the ABAC authorization center receives abnormal information sent by a terminal and generates target release information according to the abnormal information;
the ABAC authorization center determines a target receiving interface according to the target release information;
and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
Example four
A fourth embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method for pushing authority information, provided in all embodiments of the present invention:
the ABAC authorization center receives abnormal information sent by a terminal and generates target release information according to the abnormal information;
the ABAC authorization center determines a target receiving interface according to the target release information;
and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
In some embodiments, the clients, servers may communicate using any currently known or future developed network Protocol, such as HTTP (Hyper Text Transfer Protocol), and may interconnect with any form or medium of digital data communication (e.g., a communications network). Examples of communication networks include a local area network ("LAN"), a wide area network ("WAN"), the Internet (e.g., the Internet), and peer-to-peer networks (e.g., ad hoc peer-to-peer networks), as well as any currently known or future developed network.
The computer readable medium may be embodied in the electronic device; or may exist separately without being assembled into the electronic device.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present disclosure may be implemented by software or hardware. Where the name of an element does not in some cases constitute a limitation on the element itself.
The functions described herein above may be performed, at least in part, by one or more hardware logic components. For example, without limitation, exemplary types of hardware logic components that may be used include: field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), systems on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), and the like.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. A method for pushing authority information is characterized by comprising the following steps:
the ABAC authorization center receives abnormal information sent by a terminal and generates target release information according to the abnormal information;
the ABAC authorization center determines a target receiving interface according to the target release information;
and the ABAC authorization center sends the target authority information carried by the target release information to the protected resource through the target receiving interface, so that the protected resource is changed according to the target authority information.
2. The method of claim 1, wherein the ABAC authority determines a target receiving interface based on the target publication information, comprising:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
3. The method of claim 1, wherein the ABAC authority determines a target receiving interface based on the target publication information, comprising:
after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
if the information publishing interface is subscribed, judging whether information is published;
and if the target release information is detected, determining a target receiving interface according to the target release information.
4. The method of claim 3, further comprising:
and if the information publishing interface is not subscribed, subscribing the information publishing interface.
5. The method of claim 3, wherein if the information publishing interface has subscribed, determining whether there is information publishing followed by further comprising:
if the release information is not detected, judging whether the receiving interface is subscribed or not;
if the receiving interface is not subscribed, returning to execute and judging whether the information publishing interface is subscribed or not.
6. An authority information pushing device, which is arranged in an ABAC authorization center, the authority information pushing device comprises:
the receiving module is used for receiving the abnormal information sent by the terminal and generating target release information according to the abnormal information;
the determining module is used for determining a target receiving interface according to the target issuing information;
and the sending module is used for sending the target authority information carried by the target release information to the protected resource through the target receiving interface so as to enable the protected resource to be changed according to the target authority information.
7. The apparatus of claim 6, wherein the determining module is specifically configured to:
the ABAC authorization center acquires the information type carried by the target release information;
and the ABAC authorization center determines a target receiving interface according to the information type.
8. The apparatus of claim 6, wherein the determining module is specifically configured to:
after the self-checking of the ABAC authorization center is finished, judging whether the information publishing interface is subscribed or not;
if the information publishing interface is subscribed, judging whether information is published;
and if the target release information is detected, determining a target receiving interface according to the target release information.
9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1-5 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-5.
CN202110220589.6A 2021-02-26 2021-02-26 Authority information pushing method, device, equipment and storage medium Active CN112800413B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110220589.6A CN112800413B (en) 2021-02-26 2021-02-26 Authority information pushing method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110220589.6A CN112800413B (en) 2021-02-26 2021-02-26 Authority information pushing method, device, equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112800413A true CN112800413A (en) 2021-05-14
CN112800413B CN112800413B (en) 2024-03-15

Family

ID=75816060

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110220589.6A Active CN112800413B (en) 2021-02-26 2021-02-26 Authority information pushing method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112800413B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150082377A1 (en) * 2013-09-17 2015-03-19 International Business Machines Corporation Generation of attribute based access control policy from existing authorization system
CN106170772A (en) * 2014-10-21 2016-11-30 铁网网络安全股份有限公司 Network safety system
CN106789996A (en) * 2016-12-12 2017-05-31 墨宝股份有限公司 A kind of smart power grid user access mandate control method
CN108537011A (en) * 2018-03-16 2018-09-14 维沃移动通信有限公司 A kind of application permission processing method, terminal and server
CN108829781A (en) * 2018-05-31 2018-11-16 中国平安人寿保险股份有限公司 Client information inquiry method, device, computer equipment and storage medium
KR102024142B1 (en) * 2018-06-21 2019-09-23 주식회사 넷앤드 A access control system for detecting and controlling abnormal users by users’ pattern of server access
CN110647418A (en) * 2019-09-12 2020-01-03 努比亚技术有限公司 Exception handling method, server and mobile terminal
CN111064718A (en) * 2019-12-09 2020-04-24 国网河北省电力有限公司信息通信分公司 Dynamic authorization method and system based on user context and policy
CN111079104A (en) * 2019-11-21 2020-04-28 腾讯科技(深圳)有限公司 Authority control method, device, equipment and storage medium
CN111798580A (en) * 2019-04-08 2020-10-20 珠海格力电器股份有限公司 Authority configuration method, device, system, server, terminal and storage medium
CN111832879A (en) * 2020-04-15 2020-10-27 中国人民解放军军事科学院战争研究院 Information resource sharing and authorization method of open enterprise-level information system
CN111935131A (en) * 2020-08-06 2020-11-13 中国工程物理研究院计算机应用研究所 SaaS resource access control method based on resource authority tree
CN111967046A (en) * 2020-08-17 2020-11-20 中国人民解放军战略支援部队信息工程大学 Self-adaptive access control method for big data resources
US20200396222A1 (en) * 2019-06-12 2020-12-17 International Business Machines Corporation Policy-based triggering of revision of access control information

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150082377A1 (en) * 2013-09-17 2015-03-19 International Business Machines Corporation Generation of attribute based access control policy from existing authorization system
CN106170772A (en) * 2014-10-21 2016-11-30 铁网网络安全股份有限公司 Network safety system
CN106789996A (en) * 2016-12-12 2017-05-31 墨宝股份有限公司 A kind of smart power grid user access mandate control method
CN108537011A (en) * 2018-03-16 2018-09-14 维沃移动通信有限公司 A kind of application permission processing method, terminal and server
CN108829781A (en) * 2018-05-31 2018-11-16 中国平安人寿保险股份有限公司 Client information inquiry method, device, computer equipment and storage medium
KR102024142B1 (en) * 2018-06-21 2019-09-23 주식회사 넷앤드 A access control system for detecting and controlling abnormal users by users’ pattern of server access
CN111798580A (en) * 2019-04-08 2020-10-20 珠海格力电器股份有限公司 Authority configuration method, device, system, server, terminal and storage medium
US20200396222A1 (en) * 2019-06-12 2020-12-17 International Business Machines Corporation Policy-based triggering of revision of access control information
CN110647418A (en) * 2019-09-12 2020-01-03 努比亚技术有限公司 Exception handling method, server and mobile terminal
CN111079104A (en) * 2019-11-21 2020-04-28 腾讯科技(深圳)有限公司 Authority control method, device, equipment and storage medium
CN111064718A (en) * 2019-12-09 2020-04-24 国网河北省电力有限公司信息通信分公司 Dynamic authorization method and system based on user context and policy
CN111832879A (en) * 2020-04-15 2020-10-27 中国人民解放军军事科学院战争研究院 Information resource sharing and authorization method of open enterprise-level information system
CN111935131A (en) * 2020-08-06 2020-11-13 中国工程物理研究院计算机应用研究所 SaaS resource access control method based on resource authority tree
CN111967046A (en) * 2020-08-17 2020-11-20 中国人民解放军战略支援部队信息工程大学 Self-adaptive access control method for big data resources

Non-Patent Citations (7)

* Cited by examiner, † Cited by third party
Title
MINE BLOG: "浅聊权限模型", Retrieved from the Internet <URL:https://blog.wongwongsu.com/p/permission-model/> *
YUCHEN_HAARP: "ABAC - 基于属性的访问控制 - 复杂场景下访问控制解决之道", Retrieved from the Internet <URL:https://blog.csdn.net/XiaoBeiTu/article/details/100773968> *
吴良华: "多传感器图像融合算法研究", 《中国优秀硕士学位论文全文数据库》, pages 138 - 755 *
张毅等: "基于用户属性的终端安全防护系统研究与实现", 《科学技术与工程》, vol. 9, no. 18, pages 5570 - 5575 *
杨壮观: "基于安全接入的移动IT应急处置系统设计与实现", 《中国优秀硕士学位论文全文数据库》, pages 042 - 2812 *
杨阳: "危机事件下基于本体的自适应访问控制模型研究", 《中国优秀硕士学位论文全文数据库》, pages 140 - 850 *
苏铓等: "基于代理重加密的物联网云节点授权可信更新机制", 《计算机研究与发展》, vol. 55, no. 07, pages 1479 - 1487 *

Also Published As

Publication number Publication date
CN112800413B (en) 2024-03-15

Similar Documents

Publication Publication Date Title
US10693972B2 (en) Secure cross-domain session storage
US11113126B2 (en) Verifying transfer of detected sensitive data
CN110287146B (en) Method, device and computer storage medium for downloading application
US11570169B2 (en) Multi-factor authentication via multiple devices
WO2024001038A1 (en) Method for detecting private data leak
CN111586177B (en) Cluster session loss prevention method and system
CN110955640A (en) Cross-system data file processing method, device, server and storage medium
CN110620806B (en) Information generation method and device
CN115470432A (en) Page rendering method and device, electronic equipment and computer readable medium
CN113656193A (en) Application communication method, system, electronic equipment and storage medium
US10289864B2 (en) Security tool to prevent sensitive data leakage
CN111510499A (en) Communication method, device, equipment and storage medium
US11768902B2 (en) System and method for providing content to a user
CN112800413B (en) Authority information pushing method, device, equipment and storage medium
CN113807056B (en) Document name sequence error correction method, device and equipment
CN111460020B (en) Method, device, electronic equipment and medium for resolving message
CN109462604B (en) Data transmission method, device, equipment and storage medium
CN112364268A (en) Resource acquisition method and device, electronic equipment and storage medium
US20120246188A1 (en) Automatic contact list aliasing in a collaboration system
CN116503005A (en) Method, device, system and storage medium for dynamically modifying flow
CN114205156A (en) Message detection method and device for tangent plane technology, electronic equipment and medium
US9256847B2 (en) Detection, identification and integration of office squatters
US8935343B2 (en) Instant messaging network resource validation
EP4191499A1 (en) System and method for providing content to a user
CN113221009A (en) Invitation code generation method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant