CN112994894B - Gateway-based single-thread request processing method and information verification AGENT - Google Patents
Gateway-based single-thread request processing method and information verification AGENT Download PDFInfo
- Publication number
- CN112994894B CN112994894B CN202110218027.8A CN202110218027A CN112994894B CN 112994894 B CN112994894 B CN 112994894B CN 202110218027 A CN202110218027 A CN 202110218027A CN 112994894 B CN112994894 B CN 112994894B
- Authority
- CN
- China
- Prior art keywords
- client
- information
- service
- gateway
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012795 verification Methods 0.000 title claims abstract description 110
- 238000003672 processing method Methods 0.000 title claims description 32
- 238000000034 method Methods 0.000 claims abstract description 58
- 238000012545 processing Methods 0.000 claims abstract description 58
- 230000008569 process Effects 0.000 claims abstract description 26
- 238000004590 computer program Methods 0.000 claims description 17
- 230000002159 abnormal effect Effects 0.000 claims description 9
- 230000001360 synchronised effect Effects 0.000 abstract description 14
- 239000002699 waste material Substances 0.000 abstract description 6
- 239000003795 chemical substances by application Substances 0.000 description 26
- 238000010586 diagram Methods 0.000 description 17
- 230000005856 abnormality Effects 0.000 description 9
- 230000008859 change Effects 0.000 description 7
- 230000006870 function Effects 0.000 description 7
- 230000007547 defect Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000012423 maintenance Methods 0.000 description 5
- 230000003287 optical effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- RWSOTUBLDIXVET-UHFFFAOYSA-N Dihydrogen sulfide Chemical compound S RWSOTUBLDIXVET-UHFFFAOYSA-N 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000001413 cellular effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000002354 daily effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003203 everyday effect Effects 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/133—Protocols for remote procedure calls [RPC]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The method for processing the single-thread request based on the gateway and the client information verification AGENT are suitable for the financial field, and the method is applied to the client information verification AGENT mounted on the gateway for connecting the client device and the service processing server, and comprises the following steps: obtaining a service call request sent by a client device, wherein the service call request comprises: certificate information, customer identity information and service to be invoked; verifying according to local client data, the certificate information, the client identity information and the service to be invoked; and feeding the verification result back to the client device or the service processing server, so that resource waste in the synchronous waiting process and larger time consumption in the remote interface calling process are avoided when the gateway verifies the client information.
Description
Technical Field
The application relates to the technical field of Internet, in particular to a gateway-based single-thread request processing method and client information verification AGENT.
Background
With the rapid development of technologies such as the internet and 5G, more and more customers select to transact various services online, so that the load of each application system is increased continuously, especially in the financial field, many services transacted online in the past are gradually transferred to online to transact, and because the online services generally adopt serial synchronous logics such as inputting customer information, verifying customer information and transacting services finally when transacting, the model is suitable for an artificial operation environment with scattered offline service pressure and lower parallelism. In the distributed environment, since the client information verification (such as a special certificate issued to a client by a verification worker) needs to be performed before the business operation, the service call authority verification (whether the client has the authority to call the service in the line) and other verification operations, a large number of threads in the gateway are in a state of waiting for the client information verification service to return a result, but the resources occupied by the threads are not released. On the one hand, the pressure borne by the system is continuously increased in a service peak scene, but the resource utilization rate of the server is still lower, if the gateway is not prepared in advance, the gateway is easy to hang when facing sudden large traffic, so that the stability problem is caused, and the customer experience is seriously reduced. On the other hand, the client information verification service is called for information verification every time the client accesses, and the method is acceptable for scenes with small traffic, but for enterprises with ultra-large business magnitudes called for seven billion times per day, such as large banks, the operation of executing the client information authority to verify the non-financial businesses consumes a large cost of the gateway, and resource waste is caused. The following disadvantages are mainly present:
1. when the service pressure is high, as more threads in the system are in a synchronous waiting state, the resource utilization rate of the system is low, so that resource waste is caused, the overall performance capacity of the system is poor, and the quantity of services which can be borne by the same server is relatively small.
2. The gateway needs to perform client information verification and service call authority verification for each call, and both the verification needs to call corresponding external verification service, which results in increased time consumption of client request.
3. Because the gateway receives a plurality of requests every day, each request needs to call an external verification information platform to verify, and the requests are forwarded to the service of specific processing business after the verification is finished, the network IO pressure of the gateway is very high.
Disclosure of Invention
Aiming at the problems in the prior art, the application provides a gateway-based single-thread request processing method, a client information verification AGENT, electronic equipment and a computer readable storage medium, which can at least partially solve the problems in the prior art and avoid the resource waste in the synchronous waiting process and the larger time consumption in the remote interface calling process when the gateway verifies the client information.
In order to achieve the above purpose, the present application adopts the following technical scheme:
in a first aspect, a gateway-based single-threaded request processing method is provided, and is applied to a client information verification agent mounted on a gateway connecting a client device and a service processing server, where the method includes:
obtaining a service call request sent by a client device, wherein the service call request comprises: certificate information, customer identity information and service to be invoked;
verifying according to local client data, the certificate information, the client identity information and the service to be invoked;
and feeding the verification result back to the client device or the service processing server.
Further, said verifying said credential information and said customer identity information from local customer data comprises:
verifying the credential information based on local customer data;
and if the certificate passes verification, verifying whether the client has permission to call the service to be called according to the client identity information.
Further, the feeding the verification result back to the client device or the service processing server includes:
if the certificate verification fails or the authority verification fails, feeding back a message of the certificate error or the authority verification failure to the client device;
and if the authority verification is successful, forwarding the service call request to the service processing server to process the service.
Further, the gateway-based single-threaded request processing method further comprises the following steps:
and acquiring a service processing result fed back by the service processing server and feeding back the service processing result to the client device.
Further, the gateway-based single-threaded request processing method further comprises the following steps:
acquiring client update data sent by a client information management platform;
and synchronously updating local client data according to the client updating data.
Further, the client information management platform includes: client certificate management system and API service management system.
Further, the gateway-based single-threaded request processing method further comprises the following steps:
and analyzing the service call request to obtain the certificate information and the client identity information.
In a second aspect, there is provided a client information authentication agent mounted on a gateway for connecting a client device and a service processing server, including:
the service call module is used for obtaining a service call request sent by the client device, wherein the service call request comprises the following steps: certificate information, customer identity information and service to be invoked;
the verification module is used for verifying according to the local client data, the certificate information, the client identity information and the service to be invoked;
and the feedback module is used for feeding the verification result back to the client equipment or the service processing server.
In a third aspect, an electronic device is provided, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the gateway-based single-threaded request processing method described above when the program is executed.
In a fourth aspect, a computer readable storage medium is provided, on which a computer program is stored which, when executed by a processor, implements the steps of the gateway-based single-threaded request processing method described above.
The method for processing the single-thread request based on the gateway and the client information verification AGENT are suitable for the financial field, and the method is applied to the client information verification AGENT mounted on the gateway for connecting the client device and the service processing server, and comprises the following steps: obtaining a service call request sent by a client device, wherein the service call request comprises: certificate information, customer identity information and service to be invoked; verifying according to local client data, the certificate information, the client identity information and the service to be invoked; and feeding the verification result back to the client device or the service processing server, so that resource waste in the synchronous waiting process and larger time consumption in the remote interface calling process are avoided when the gateway verifies the client information.
The foregoing and other objects, features and advantages of the application will be apparent from the following more particular description of preferred embodiments, as illustrated in the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art. In the drawings:
FIG. 1 is a schematic diagram of an application architecture of a gateway-based single-threaded request processing method in an embodiment of the present application;
FIG. 2 is a flow chart of a gateway-based single-threaded request processing method in accordance with an embodiment of the present application;
FIG. 3 is a second flow chart of a gateway-based single-threaded request processing method in an embodiment of the present application;
FIG. 4 is a flowchart III of a gateway-based single-threaded request processing method in an embodiment of the present application;
FIG. 5 is a flow chart diagram of a gateway-based single-threaded request processing method in an embodiment of the present application;
FIG. 6 is a flowchart of a gateway-based single-threaded request processing method in an embodiment of the present application;
FIG. 7 illustrates a single threaded request processing method and system implementation flow in an embodiment of the application;
FIG. 8 is a block diagram showing the structure of a request snooping device in an embodiment of the present application;
fig. 9 is a block diagram showing the construction of a client information authentication apparatus in the embodiment of the present application;
FIG. 10 is a block diagram showing the configuration of a client certificate management apparatus in an embodiment of the present application;
fig. 11 is a block diagram showing the structure of an API service management apparatus in an embodiment of the present application;
FIG. 12 is a block diagram showing the configuration of an abnormality processing apparatus in the embodiment of the present application;
FIG. 13 is a block diagram of a client information verification agent installed on a gateway for connecting a client device and a service processing server in an embodiment of the present application;
fig. 14 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order that those skilled in the art will better understand the present application, a technical solution in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present application without making any inventive effort, shall fall within the scope of the present application.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
It is noted that the terms "comprises" and "comprising," and any variations thereof, in the description and claims of the present application and in the foregoing figures, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that, without conflict, the embodiments of the present application and features of the embodiments may be combined with each other. The application will be described in detail below with reference to the drawings in connection with embodiments.
In the distributed service invocation scenario, the service gateway initiates a thread to process the external request each time it receives the request. The steps of processing the request mainly include client certificate verification, client call service authority verification and the like, the verification needs to call interfaces provided by corresponding client information management systems respectively, client information is sent to the past and waiting for verification results to return, and after the verification results are confirmed to be correct, a background server interface is called to start to process real business logic. In the process of verifying client information, the time consumption of actually executing information verification is very short, most of time is consumed in the process of establishing connection between a gateway and a verification information platform and waiting for a result to return, but resources occupied by a gateway thread are not released at the moment, so that a thread pool is occupied when a gateway system is in a pressure peak, most of threads are not working, and the waiting stage is realized. At this point, if a new request comes in, the gateway has no remaining resources to process the new request, resulting in a lower system performance capacity. More threads occupy resources but do not work, wasting system resources. Meanwhile, the gateway needs to call the relevant interface of the verification platform every time the request comes in, so that a large amount of bandwidth of the gateway is occupied, and the operation cost of the gateway is increased.
In order to at least partially solve the technical problems in the prior art, the embodiment of the application provides a gateway-based single-thread request processing method, which avoids resource waste in a synchronous waiting process and larger time consumption in a remote interface calling process when the gateway verifies client information.
Referring to fig. 1, a client interacts with a gateway S1 through client devices B1 to BN, and sends a service call request to the gateway, the gateway S1 is connected between a plurality of client devices B1 to BN and service processing servers M1 to MN, and obtains the service call request sent by the client devices, where the service call request includes: certificate information, customer identity information and service to be invoked; verifying according to local client data, the certificate information, the client identity information and the service to be invoked; and feeding the verification result back to the client device or the service processing server to realize the processing based on the single-thread client request, thereby solving the defects of high IO pressure of the gateway, long time consumption of the client request and low utilization rate of system resources caused by suspending a processing thread when the gateway performs client information verification and service call permission verification during processing the client request.
Specifically, by mounting a client information verification agent on the gateway, the agent is responsible for communicating with the relevant client information management platform, and when client data in the client information management platform is updated, the updated data is synchronized to the gateway agent, so that each item of verification information of the gateway agent is ensured to be consistent with each item of information in each client information management platform. After receiving the request of the client, the gateway can call the local agent to verify the client information and call the authority information, and after verification, the gateway can forward the related request to a specific back-end service to carry out service processing, so that the cost that one connection needs to be established every time when the traditional client information verification is carried out is avoided. And the local agent is called to perform information verification, and compared with the interface of the remote call client information management platform, the method can avoid most of connection between the gateway and an external system, greatly reduce the time consumption of client information verification, reduce the network IO of the gateway, and greatly reduce the service pressure of the information verification platform.
FIG. 2 is a flow chart of a gateway-based single-threaded request processing method in accordance with an embodiment of the present application; as shown in fig. 2, the gateway-based single-threaded request processing method may include the following:
step S100: obtaining a service call request sent by a client device, wherein the service call request comprises: certificate information, customer identity information and service to be invoked;
the client device may include a smart phone, a tablet electronic device, a network set-top box, a portable computer, a desktop computer, a Personal Digital Assistant (PDA), a vehicle-mounted device, a smart wearable device, and the like, among others. Wherein, intelligent wearing equipment can include intelligent glasses, intelligent wrist-watch, intelligent bracelet etc.. The gateway and client device may communicate using any suitable network protocol, including one that has not been developed on the filing date of the present application. The network protocols may include, for example, TCP/IP protocol, UDP/IP protocol, HTTP protocol, HTTPS protocol, etc. Of course, the network protocol may also include, for example, RPC protocol (Remote Procedure Call Protocol ), REST protocol (Representational State Transfer, representational state transfer protocol), etc. used above the above-described protocol.
The certificate information is certificate information issued to different clients by maintenance organizations, and the client identity information can comprise: name, identification card number, password, etc.
Step S200: verifying according to local client data, the certificate information, the client identity information and the service to be invoked;
specifically, the client data is stored locally in the gateway, and the client data local to the gateway is directly read without calling the client data during verification.
Step S300: and feeding the verification result back to the client device or the service processing server.
Specifically, if the verification is not passed, a message that the verification is not passed is fed back to the client device, and if the verification is passed, information required for service call such as a message or a request that the verification is passed is sent to the service processing server.
By adopting the technical scheme, the remote client verification access is converted into local access by mounting the client information verification agent on the gateway, and the direct interaction between the gateway and different client information verification systems can be greatly reduced under the large-scale service access processing scene. The method solves the defect that the thread is suspended when the traditional gateway processes client information verification, and meanwhile, the method is far lower in time consumption than the defect that the remote interface call use rate between different systems is not high.
In an alternative embodiment, referring to fig. 3, the gateway-based single-threaded request processing method may further include:
step S400: acquiring client update data sent by a client information management platform;
specifically, the client information management platform includes: client certificate management systems, API service management systems, etc.
Step S500: and synchronously updating local client data according to the client updating data.
Specifically, after the client certificate and the client service call authority in the client information management platform are changed, the change information is immediately synchronized to the gateway node, so that the client data in the gateway node is synchronously updated.
In an alternative embodiment, referring to fig. 4, the gateway-based single-threaded request processing method may further include:
step S600: and analyzing the service call request to obtain the certificate information and the client identity information.
It should be noted that, the service call request sent by the client device may be encrypted data or specially packaged, so that the request needs to be parsed first to obtain the certificate information and the client identity information loaded therein.
In an alternative embodiment, referring to fig. 5, this step S200 may include the following:
step S210: verifying the credential information based on local customer data;
if the certificate passes the verification, executing step S220; otherwise, step S330 is performed.
Step S220: if the certificate passes verification, verifying whether the client has permission to call the service to be called according to the client identity information;
if the authority verification is successful, executing step S310; otherwise, step S320 is performed.
Step S300 may include the following:
step S310: and if the authority verification is successful, forwarding the service call request to the service processing server to process the service.
Step S320: if the authority verification fails, feeding back a message of the authority verification failure to the client device;
step S330: and if the certificate verification is not passed, feeding back a message of the certificate error to the client equipment.
In an alternative embodiment, referring to fig. 6, the method further comprises:
step S700: and acquiring a service processing result fed back by the service processing server and feeding back the service processing result to the client device.
By adopting the technical scheme, the utilization rate of system resources is improved, the system pressure of the gateway and the customer service verification platform is reduced, and the capacity of the system for bearing service pressure is enhanced.
For a better understanding of the present application, reference is made to fig. 7 to 13, which illustrate in detail the specific implementation of the present application:
the gateway-based single-threaded request processing method comprises the following steps of; the gateway node receives a customer service call request; analyzing certificate information and customer service identity information carried by the request; calling a gateway agent to check a client certificate; if the verification fails, returning a certificate error to not carry out service calling authority verification, and if the certificate verification is successful, calling a gateway agent to carry out authority verification on the service called by the client; if the service calling authority check fails, returning a service calling authority check failure, and if the service checking authority is successful, forwarding the request to a specific back-end service for service processing; the client certificate information and the client service call authority information recorded by the gateway agent are respectively provided by a client certificate management system and an API service management system. However, after the client certificate and the client service call authority in the two systems are changed, the change information is immediately synchronized to the gateway node. The method solves the defects that the gateway IO pressure is high, the client request is long in time consumption and the system resource utilization rate is low because the processing thread is suspended when the gateway performs client information verification and service call authority verification during processing the client request.
Referring to fig. 7, the method mainly comprises the following steps:
request monitoring device 1: for receiving and parsing customer requests
The client information authentication apparatus 2: and calling the related background service according to the correctness of the certificate attached in the verification client request and whether the client has authority.
Service execution device 3: specific business logic for executing the customer request.
The certificate information management apparatus 4 is used for client certificate management, and when a client certificate is changed, it is necessary to synchronize change information with the client information verification apparatus 2.
API service management device 5: for managing the call right of the client and the service directly, when the call right of the client and the service is changed, the change information needs to be synchronized to the client information verification device 2.
The result collection device 6: for collecting results returned by other services.
Abnormality processing device 7: when the client certificate check fails, the client service call authority check fails, and the background service business logic executes error reporting, the exception handling device is entered to perform exception handling, and the exception handling result is sent to the result returning device 8.
The result returning means 8: and returning the processing result of the system to the client.
Referring to fig. 8, the request listening device 1 includes a request receiving unit 11, a request parsing unit 12:
the request receiving unit 11: for listening to and receiving requests from clients and transmitting the requests to the request resolution unit 12
Request parsing unit 12: for parsing the request content transmitted from the request receiving unit 11 and transmitting the parsed content to the client information authentication apparatus 2.
As shown in fig. 9, the client information authentication apparatus 2 includes a client certificate authentication unit 21, a service call authority authentication unit 22, a client certificate information reception unit 23, a service call information reception unit 24, wherein:
the client certificate verification unit 21: for verifying, based on the content of the certificate sent by the request interception device 1, whether the certificate matches with a certificate issued to the client by the organization.
The service call authority receiving unit 22: for verifying whether the client has the right to invoke the relevant background service.
The client certificate information receiving unit 23: for receiving the client certificate change information synchronized by the client certificate management apparatus 4.
Service call information receiving unit 24: for receiving the service call relation change information synchronized by the API service management apparatus 5.
As shown in fig. 10, the certificate information management apparatus 4 includes a certificate maintenance unit 41 and a certificate information synchronization unit 42. Wherein:
certificate maintenance unit 41: certificate information issued by organizations to different clients is maintained.
Information synchronization unit 42: the certificate information is synchronized into the client information verification apparatus 2.
As shown in fig. 11, the API service management apparatus 5 includes a service call relationship maintenance unit 51 and a service call information synchronization unit 52. Wherein:
service call relation maintenance unit 51: a list of services that different customers can invoke is maintained.
Service call information synchronization unit 52: the service call relationship list data is synchronized into the client information verification apparatus 2.
As shown in fig. 12, the abnormality processing device 7 includes an abnormality information capturing unit 71, an abnormality information analyzing unit 72, and an abnormality information assembling unit 73. Wherein:
the abnormality information capturing unit 71: and is responsible for capturing abnormal information thrown by the system when the verification of the client information fails or the execution of the service fails, and transmitting the abnormal information to the abnormal information analyzing unit 72.
Abnormality information analysis section 72: is responsible for receiving the anomaly information captured by the anomaly information capture unit 71, resolving the anomaly information, and converting the anomaly information into error reporting codes and error reporting contents which can be understood by clients.
The abnormality information assembling unit 73: the various abnormal results obtained by the conversion of the abnormal information analysis unit 72 are packaged in a unified message format, and are sent to a result returning device.
In summary, the gateway-based single-threaded request processing method provided by the embodiment of the application has the following advantages:
1. a client information verification agent is mounted on the gateway, and only a local method is required to be called each time client information verification is carried out, remote interface call of exaggeration application is not required, and time consumption of the client information verification operation can be greatly reduced.
2. Because the client information verification is verified in the agent local to the gateway, the gateway only needs to establish connection with the client information management system to synchronize information when the information in the client information management system changes, and compared with the traditional method that the connection is established with the client information management system every time of information verification. Billions of scenes are called on the daily basis, and the client information is not changed frequently, so that the connection number consumed by the gateway during client information verification can be greatly reduced, and the performance capacity of the gateway is improved.
3. The traditional customer information management system can be accessed seven billion times per day for information verification of different customers, and the pressure of the customer information management system is greatly reduced by only interacting with the gateway when customer information is changed.
Based on the same inventive concept, the embodiment of the present application further provides a client information verification agent installed on a gateway for connecting a client device and a service processing server, which can be used to implement the method described in the above embodiment, as described in the following embodiment. Because the principle of solving the problem by the client information verification agent mounted on the gateway for connecting the client device and the service processing server is similar to that of the method described above, the implementation of the client information verification agent mounted on the gateway for connecting the client device and the service processing server can be referred to the implementation of the method described above, and the repetition is omitted. As used below, the term "unit" or "module" may be a combination of software and/or hardware that implements the intended function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
FIG. 13 is a block diagram of a client information verification agent installed on a gateway for connecting a client device and a service processing server in an embodiment of the present application; as shown in fig. 13, the client information verification agent mounted on the gateway for connecting the client device and the service processing server specifically includes: a request acquisition module 100, a verification module 200 and a feedback module 300.
The request acquisition module 100 acquires a service call request sent by a client device, where the service call request includes: certificate information, customer identity information and service to be invoked;
the verification module 200 performs verification according to the local client data, the certificate information, the client identity information and the service to be invoked;
the feedback module 300 feeds back the verification result to the client device or the service processing server.
By adopting the technical scheme, the remote client verification access is converted into local access by mounting the client information verification agent on the gateway, and the direct interaction between the gateway and different client information verification systems can be greatly reduced under the large-scale service access processing scene. The method solves the defect that the thread is suspended when the traditional gateway processes client information verification, and meanwhile, the method is far lower in time consumption than the defect that the remote interface call use rate between different systems is not high.
The apparatus, module or unit set forth in the above embodiments may be implemented in particular by a computer chip or entity, or by a product having a certain function. A typical implementation device is an electronic device, which may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
In a typical example the electronic device comprises in particular a memory, a processor and a computer program stored on the memory and executable on the processor, said processor implementing the steps of the gateway-based single-threaded request processing method described above when said program is executed.
Referring now to fig. 14, a schematic diagram of an electronic device 600 suitable for use in implementing embodiments of the present application is shown.
As shown in fig. 14, the electronic apparatus 600 includes a Central Processing Unit (CPU) 601, which can perform various appropriate works and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM)) 603. In the RAM603, various programs and data required for the operation of the system 600 are also stored. The CPU601, ROM602, and RAM603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, mouse, etc.; an output portion 607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on drive 610 as needed, so that a computer program read therefrom is mounted as needed as storage section 608.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the gateway-based single-threaded request processing method described above.
In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
For convenience of description, the above devices are described as being functionally divided into various units, respectively. Of course, the functions of each element may be implemented in the same piece or pieces of software and/or hardware when implementing the present application.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises the element.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and variations of the present application will be apparent to those skilled in the art. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the application are to be included in the scope of the claims of the present application.
Claims (6)
1. A gateway-based single-threaded request processing method, which is applied to a client information verification agent mounted on a gateway connecting a client device and a service processing server, the method comprising:
the gateway obtains a service call request sent by the client device, wherein the service call request comprises: certificate information, customer identity information and service to be called, the gateway calls a local customer information verification agent to verify customer information and call authority information according to the service call request;
the local client information verification agent verifies the certificate information according to local client data;
if the certificate passes verification, verifying whether the client has permission to call the service to be called according to the client identity information;
if the authority verification is successful, forwarding the service call request to the service processing server to process the service;
acquiring a service processing result fed back by the service processing server and feeding back the service processing result to the client device;
if the certificate verification fails, the client service call authority verification fails, and the background service business logic executes error reporting, the abnormal information thrown out by the system is captured, the abnormal information is analyzed, the abnormal information is converted into error reporting codes and error reporting contents which can be understood by a client, the error reporting codes and error reporting contents are packaged in a unified format, and an abnormal processing result is fed back to the client device.
2. The gateway-based single-threaded request processing method of claim 1, further comprising:
acquiring client update data sent by a client information management platform;
and synchronously updating local client data according to the client updating data.
3. The gateway-based single-threaded request processing method of claim 2, wherein the client information management platform comprises: client certificate management system and API service management system.
4. The gateway-based single-threaded request processing method of claim 1, further comprising:
and analyzing the service call request to obtain the certificate information and the client identity information.
5. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the gateway-based single-threaded request processing method of any one of claims 1 to 4 when the program is executed by the processor.
6. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the steps of the gateway-based single-threaded request processing method of any of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110218027.8A CN112994894B (en) | 2021-02-26 | 2021-02-26 | Gateway-based single-thread request processing method and information verification AGENT |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110218027.8A CN112994894B (en) | 2021-02-26 | 2021-02-26 | Gateway-based single-thread request processing method and information verification AGENT |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112994894A CN112994894A (en) | 2021-06-18 |
| CN112994894B true CN112994894B (en) | 2023-12-08 |
Family
ID=76351114
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110218027.8A Active CN112994894B (en) | 2021-02-26 | 2021-02-26 | Gateway-based single-thread request processing method and information verification AGENT |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112994894B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420836A (en) * | 2012-01-12 | 2012-04-18 | 中国电子科技集团公司第十五研究所 | Sign-on method and sign-on management system for service information system |
| CN107426169A (en) * | 2017-05-24 | 2017-12-01 | 阿里巴巴集团控股有限公司 | A kind of method for processing business and device based on authority |
| CN109525394A (en) * | 2017-09-18 | 2019-03-26 | 万事达卡国际股份有限公司 | System and method for authenticating internet message |
| CN109787988A (en) * | 2019-01-30 | 2019-05-21 | 杭州恩牛网络技术有限公司 | A kind of identity reinforces certification and method for authenticating and device |
| EP3632080A1 (en) * | 2017-10-30 | 2020-04-08 | Alibaba Group Holding Limited | Method for selecting digital certificates according to their issuance policy |
| CN111212075A (en) * | 2020-01-02 | 2020-05-29 | 腾讯云计算(北京)有限责任公司 | Service request processing method and device, electronic equipment and computer storage medium |
| CN112035260A (en) * | 2020-09-03 | 2020-12-04 | 平安壹钱包电子商务有限公司 | Service request processing method and device, computer equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11057758B2 (en) * | 2019-05-26 | 2021-07-06 | T-Mobile Usa, Inc. | Location verification and enforcement for content access devices |
-
2021
- 2021-02-26 CN CN202110218027.8A patent/CN112994894B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102420836A (en) * | 2012-01-12 | 2012-04-18 | 中国电子科技集团公司第十五研究所 | Sign-on method and sign-on management system for service information system |
| CN107426169A (en) * | 2017-05-24 | 2017-12-01 | 阿里巴巴集团控股有限公司 | A kind of method for processing business and device based on authority |
| CN109525394A (en) * | 2017-09-18 | 2019-03-26 | 万事达卡国际股份有限公司 | System and method for authenticating internet message |
| EP3632080A1 (en) * | 2017-10-30 | 2020-04-08 | Alibaba Group Holding Limited | Method for selecting digital certificates according to their issuance policy |
| CN109787988A (en) * | 2019-01-30 | 2019-05-21 | 杭州恩牛网络技术有限公司 | A kind of identity reinforces certification and method for authenticating and device |
| CN111212075A (en) * | 2020-01-02 | 2020-05-29 | 腾讯云计算(北京)有限责任公司 | Service request processing method and device, electronic equipment and computer storage medium |
| CN112035260A (en) * | 2020-09-03 | 2020-12-04 | 平安壹钱包电子商务有限公司 | Service request processing method and device, computer equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112994894A (en) | 2021-06-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106131213B (en) | Service management method and system | |
| CN111930529B (en) | Data synchronization method, device and system based on message queue and microservice | |
| CN109284089B (en) | System and method for realizing e-commerce platform based on micro-service technology | |
| CN111800434A (en) | Multi-channel asset docking platform and working method thereof | |
| CN109783151B (en) | Method and device for rule change | |
| CN112612629A (en) | Method and system for realizing component type data interface | |
| CN110413676A (en) | The access method and its device of database, electronic equipment and medium | |
| CN112039701A (en) | Interface call monitoring method, device, equipment and storage medium | |
| CN112866421B (en) | Intelligent contract operation method and device based on distributed cache and NSQ | |
| CN111200606A (en) | Deep learning model task processing method, system, server and storage medium | |
| CN116055524A (en) | Interaction method, processor and device for Internet platform and Internet of things equipment | |
| CN112202744A (en) | Multi-system data communication method and device | |
| CN114040032A (en) | Protocol conversion method, system, storage medium and electronic equipment | |
| CN112565340B (en) | Service scheduling method, device, computer system and medium for distributed application | |
| US11323368B1 (en) | System and method for web service atomic transaction (WS-AT) affinity routing | |
| CN113037834A (en) | Web page state updating method and device based on distributed instant push | |
| CN112994894B (en) | Gateway-based single-thread request processing method and information verification AGENT | |
| CN113127335A (en) | System testing method and device | |
| CN115632815A (en) | Data updating method and device, electronic equipment and storage medium | |
| CN112929453B (en) | Method and device for sharing session data | |
| CN111866171B (en) | Message processing method, device, electronic equipment and medium | |
| CN114884964A (en) | Service wind control method and system based on Tuxedo architecture | |
| CN110324425B (en) | Hybrid cloud transaction route processing method and device | |
| CN110990280B (en) | Automatic test data generation system and method | |
| CN113778709A (en) | Interface calling method, device, server and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |