CN113111339A - Access control method, device, equipment and medium for application service - Google Patents

Abstract

The embodiment of the invention discloses an access control method, device, equipment and medium of application service. The access control method of the application service comprises the following steps: responding to an application request of a first user, acquiring a demand application set included in the application request, and transferring a demand application set flow to a first platform for application authorization; acquiring an authorized application set fed back by a first platform aiming at a demand application set, and confirming a first subscription service range of each authorized application in the authorized application set; responding to a service subscription request of a first user for a target authorization application based on a first subscription service range, and acquiring a subscription service set included in the service subscription request; and the subscription service set is transferred to the second platform for service authorization, and an authorization service set fed back by the second platform aiming at the subscription service set is obtained, so that the target authorization application is accessed to the corresponding application service. The technical scheme of the embodiment of the invention improves the transaction processing efficiency.

Description

Access control method, device, equipment and medium for application service

Technical Field

The present invention relates to computer technologies, and in particular, to a method, an apparatus, a device, and a medium for controlling access to an application service.

Background

With the continuous development of communication technology and internet technology, China has entered the "internet +" era, and under such a background, China uses service drive and technical support as a main line, and provides an informatization solution path for optimizing government affair service supply in the aspects of an "internet + government affair service" business support system, a basic platform system, a key guarantee technology, an evaluation and assessment system and the like, so that electronic government affairs are greatly developed.

However, from the current national e-government work, the development of e-government is still in the preliminary stage at the present stage, and when the services of all levels of departments are applied to the capability of accessing the digital government, some problems still exist: the method comprises the steps of lacking unified access guide and entrance, mainly taking offline as a main part for registration access work and having a single form, and in addition, the problems of government affair service capability authority supervision loss and the like exist.

Disclosure of Invention

Embodiments of the present invention provide an access control method, apparatus, device, and medium for an application service, which can complete all processes of application and service subscription on line, and improve transaction processing efficiency.

In a first aspect, an embodiment of the present invention provides an access control method for an application service, where the method includes:

responding to an application request of a first user, acquiring a demand application set included in the application request, and transferring a demand application set flow to a first platform for application authorization;

obtaining an authorized application set fed back by the first platform aiming at the demand application set, and confirming a first subscription service range of each authorized application in the authorized application set;

responding to a service subscription request of a first user for a target authorization application based on the first subscription service range, and acquiring a subscription service set included in the service subscription request;

and the subscription service set flow is transferred to a second platform for service authorization, and an authorization service set fed back by the second platform aiming at the subscription service set is obtained, so that the target authorization application accesses the corresponding application service.

In a second aspect, an embodiment of the present invention further provides an access control system for an application service, where the system includes:

the first platform is used for authorizing an application request initiated based on the selected demand application in the application service interface and generating an authorized application set;

the second platform is used for authorizing a service subscription request initiated by the subscription service selected in the service subscription interface by the target authorization application based on the authorization application set to generate an authorization service set;

the first user terminal is used for providing the application service interface and the service subscription interface, respectively initiating the application request and the service subscription request based on the application service interface and the service subscription interface, and respectively accessing the corresponding application service based on the authorization of the first platform and the second platform.

In a third aspect, an embodiment of the present invention further provides an access control apparatus for application services, where the apparatus includes:

the system comprises a demand application set acquisition module, a first platform and a second platform, wherein the demand application set acquisition module is used for responding to an application request of a first user, acquiring a demand application set included in the application request and transferring the demand application set to the first platform for application authorization;

an authorized application set obtaining module, configured to obtain an authorized application set fed back by the first platform for the required application set, and confirm a first subscription service range of each authorized application in the authorized application set;

a subscription service set obtaining module, configured to, based on the first subscription service range, respond to a service subscription request of a first user for a target authorized application, and obtain a subscription service set included in the service subscription request;

and the authorization service set acquisition module is used for transferring the subscription service set flow to a second platform for service authorization, and acquiring an authorization service set fed back by the second platform aiming at the subscription service set so as to enable the target authorization application to access the corresponding application service.

In a fourth aspect, an embodiment of the present invention further provides an electronic device, including:

one or more processors;

a memory for storing one or more programs;

when the one or more programs are executed by the one or more processors, the one or more processors implement the method for controlling access to an application service provided in any embodiment of the present invention.

In a fifth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements an access control method for an application service provided in any embodiment of the present invention.

The technical scheme of the embodiment of the invention is that a demand application set included in an application request is obtained in response to the application request of a first user, the demand application set is circulated to a first platform for application authorization, then an authorization application set fed back by the first platform aiming at the demand application set is obtained, a first subscription service range of each authorization application in the authorization application set is confirmed, and then a subscription service set included in a service subscription request is obtained in response to the service subscription request aiming at a target authorization application by the first user based on the first subscription service range, finally the subscription service set is circulated to a second platform for service authorization, and an authorization service set fed back by the second platform aiming at the subscription service set is obtained, so that the target authorization application is accessed to the corresponding application service, all processes of application and service subscription can be completed on line, and the access process of a fussy off-line application service is realized on line, the access efficiency of the application service is improved.

Drawings

Fig. 1a is a flowchart of an access control method for application services according to a first embodiment of the present invention;

FIG. 1b is a schematic diagram of a user usage path in a management system according to an embodiment of the present invention;

fig. 2a is a flowchart of an access control method for application services according to a second embodiment of the present invention;

FIG. 2b is a schematic diagram of invitation code creation and registration application in the second embodiment of the present invention;

FIG. 2c is a flowchart of user enrollment, disablement, and deletion in a second embodiment of the present invention;

fig. 3a is a flowchart of an access control method for application services according to a third embodiment of the present invention;

fig. 3b is a schematic diagram of application and service subscription in the third embodiment of the present invention;

fig. 4 is a schematic structural diagram of an access control system for application services according to a fourth embodiment of the present invention;

fig. 5 is a schematic structural diagram of an access control apparatus for application services according to a fifth embodiment of the present invention;

fig. 6 is a schematic structural diagram of an apparatus according to a sixth embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.

Example one

Fig. 1a is a flowchart of an access control method for an application service in an embodiment of the present invention, where the technical solution of this embodiment is suitable for a case of providing unified service subscription and service authority control, and the method may be executed by an access control device for an application service, and the access control device may be implemented by software and/or hardware, and may be integrated in various general-purpose computer devices, and specifically includes the following steps:

step 110, responding to the application request of the first user, obtaining a demand application set included in the application request, and transferring the demand application set flow to the first platform for application authorization.

The application request is a request initiated by a user to the management system to create an application in the management system, the application request may include one or more demand applications to form a demand application set, and the application created in the system may provide or apply for an access service to the management system. The first platform is an authorization auditing platform provided by the management system and facing system operators, the system operators can perform authorization auditing on the first platform according to application requests of users, and the operators can be divided according to multiple dimensions such as organization, people, roles and posts.

In this embodiment, when receiving an application request initiated by a first user, a management system first parses the application request to obtain a demand application set included in the application request, where the demand application set may include one or more demand applications, and then transfers the demand application set to a first platform for application authorization, and specifically, the first platform may be an operator-oriented transaction processing platform, and an operator may perform authorization operation on each demand application on the first platform, so as to determine whether to authorize each demand application. The first user refers to a user who has logged in.

Optionally, the performing, by the first platform, application authorization for the required application set further includes: acquiring user information of a first user according to an application authorization request generated by transferring a required application set flow to a first platform, wherein the user information specifically comprises user information of multiple dimensions such as organization, people, roles and positions; calling a corresponding application authorization template according to the user information, and confirming whether the submitted required application set meets the authorization range of the application in the application authorization template according to the application authorization template, namely confirming the application access authority of the first user; if the application access authority is met, generating application authorization suggestion information under the limitation of the application access authority and according to a required application set, presenting the application authorization suggestion information on an interface of the first platform, and if the application access authority is not met, generating warning information without authority access and feeding the warning information back to the management system; performing first identification on the application authorization request, and limiting the application authorization request of the management system when the identification times exceed a threshold value; after the application access permission is satisfied, after the system operator of the first platform initiates an authorized access confirmation instruction, an authorized application set is generated, and the process proceeds to step 120.

And step 120, obtaining an authorized application set fed back by the first platform for the required application set, and confirming a first subscription service range of each authorized application in the authorized application set.

The first subscription service scope is used to indicate a set of services that an authorized demand application can apply for access, and the services can be understood as capabilities that the management platform can provide, such as: the ability to process data, the ability to provide data, etc.

In this embodiment, after an operator authorizes at least one demand application in a demand application set in a first platform, the management system obtains an authorized application set fed back by the first platform for the demand application set, where the authorized application set refers to a set of demand applications that the operator initiates an authorization instruction to approve, and further, the management system confirms a first subscription service range of the at least one authorized application in the authorized application set, and specifically, the first subscription service range refers to a service that the current authorized application can access and apply for. And in the first platform, the first subscription service range cannot be authorized by the requirement application which is not approved, and the first subscription service range is authorized by the requirement application which is approved. In the embodiment, the authorization of data or operation of application dimensions is provided, application authority supervision is planned in a standard mode, the access efficiency of application services is improved, and meanwhile online supervision is guaranteed.

Optionally, after determining the first subscription service scope of each authorized application in the authorized application set, the method further includes:

and authorizing each authorized application in the authorized application set within an application management range, wherein the authorization within the application management range is the authorization within the application management range by taking a user as a dimension.

In this optional embodiment, after the first subscription service range of each authorized application in the authorized application set is confirmed, authorization of the application management range is performed on each authorized application in the authorized application set, more specifically, authorization of the application management range is performed by using a user as a dimension, for example, when a user logs in an account in the management system, the application management range may be performed by using the user as the dimension, for example, when the user a logs in, the application a may access the application 1 and the application 2 in the management system, and when the user B logs in, the application B may only access the application 1 in the management system.

Optionally, the determining the first subscription service range of each authorized application in the authorized application set specifically includes the following implementation manners: the management system acquires user information of the first user according to the authorized application set, calls a service access authority template, confirms the service access authority of the first user for the first time according to the service access authority template, and generates a first subscription service range. The service access authority template is set according to the mapping relation between the user information of multiple dimensions such as organization, people, roles and positions of the first user and the service accessible to the first user.

Step 130, based on the first subscription service range, in response to a service subscription request of the first user for the target authorized application, obtaining a subscription service set included in the service subscription request.

In this embodiment, after the management system determines a first subscription service range corresponding to at least one application applied by the first user, the first user may initiate a service subscription request to the management system for one or more authorized applications, and after the management system receives the service subscription request initiated by the first user for a target authorized application, the service subscription request is firstly analyzed to obtain a subscription service set included in the service subscription request, where the subscription service set includes at least one service that the target authorized application needs to access. It should be noted that the services in the subscription service set all belong to the first subscription service range authorized by the target authorized application, because the management system only presents the services in the first subscription service range to the user corresponding to the target authorized application, for example, the first subscription service range of application a includes services a and B of application 1 in the management system and service c of application 2, and the first subscription service range of application B includes service a of application 1 in the management system and service c of application 2.

Optionally, the obtaining of the subscription service set included in the service subscription request further includes the following implementation manners: extracting a corresponding range service list according to the first subscription service range, matching related subscription services one by one according to the service subscription request and the user information of the first user, and then generating the subscription service set.

Step 140, the subscription service set stream is transferred to the second platform for service authorization, and an authorization service set fed back by the second platform for the subscription service set is obtained, so that the target authorization application accesses the corresponding application service.

The second platform is an authorization platform provided by the management system and facing system operators, the system operators can authorize service subscription requests of users on the second platform, and the operators can be divided according to multiple dimensions such as organization, people, roles and posts.

Optionally, the second platform performs service authorization for the subscription service set, and may further include the following implementation manners: acquiring user information of a current first user according to a service authorization request generated by the subscription service set flowing to a second platform, acquiring a corresponding service authorization template based on the user information, and firstly confirming whether a submitted subscription service set meets an authorization range of services in the service authorization template according to the service authorization template, namely confirming the service access authority of the first user again; if the service access authority is met, generating service authorization suggestion information under the limitation of the service access authority and according to a subscription service set, presenting the service authorization suggestion information on an interface of a second platform, and if the service access authority is not met, generating warning information without authority access and feeding the warning information back to a management system; performing first identification on the service authorization request, and limiting the application authorization request of the management system when the identification times exceed a threshold value; and after the service access authority is met and after a system operator of the second platform initiates an authorized access confirmation instruction, generating an authorized service set so that the target authorized application can access the corresponding application service.

In this embodiment, after obtaining the subscription service set included in the service subscription request, in order to enable an operator to perform service subscription authorization, the subscription service set is transferred to the second platform for performing service authorization, specifically, the second platform may be an operator-oriented transaction processing platform, the operator may perform approval on the subscription service on the second platform, so as to determine whether to approve the subscription of the target authorized application to the service, when the operator performs subscription approval on at least one service to be subscribed in the subscription service set on the second platform, the management system performs service authorization on the target authorized application by using the authorization service set fed back by the second platform, that is, the management system authorizes the service in the authorization service set to the target authorized application, and at this time, the target authorized application may use at least one authorization service in the management system or provide an authorized service to the management system, in the embodiment, authorization of data or operation of application service dimensionality is provided, application service authority supervision is planned in a standard mode, and supervision of user registration, application and application service access processes on a multi-dimensional online mode of a specific organization, a post, a role, personnel and the like is achieved.

Optionally, after obtaining the authorized service set fed back by the second platform for the subscription service set, the method further includes:

and triggering a debugging interface of at least one authorization service of the target authorization application in response to a service debugging request initiated by the first user, and debugging the authorization service.

In this embodiment, after receiving a service debugging request initiated by a first user, the management system triggers at least one debugging interface of the authorization service corresponding to the target authorization application to debug the authorization service, and a debugger issues a test report according to the input parameters and the output result.

In this embodiment, a specific usage path of a user in a management system is shown in fig. 1b, a first user initiates an application for parking in the management system, and then an operator or a primary account of the management system performs approval, after the approval, the user creates an application in the management system, and then the management system performs authorization of an application management range and a service subscription range on the created application, and finally performs online joint debugging after the service subscription is finished, specifically, a debugging interface of at least one authorization service corresponding to a target authorization application is triggered to perform debugging of the authorization service.

In addition, in the embodiment, both the application and the service subscription process support the service subscription range and the service authorization supervision in the organization, personnel, role or post dimension, and can realize the multidimensional service authority supervision.

The technical scheme of the embodiment of the invention is that a demand application set included in an application request is obtained in response to the application request of a first user, the demand application set is circulated to a first platform for application authorization, then an authorization application set fed back by the first platform aiming at the demand application set is obtained, a first subscription service range of each authorization application in the authorization application set is confirmed, and then a subscription service set included in a service subscription request is obtained in response to the service subscription request of the first user aiming at a target authorization application based on the first subscription service range, finally the subscription service set is circulated to a second platform for service authorization, and an authorization service set fed back by the second platform aiming at the subscription service set is obtained, so that the target authorization application accesses the corresponding application service, all processes of application and service subscription can be completed on line, and the access efficiency of the application service is improved, and the supervision of user registration, application and application service access flow on a multi-dimensional online network of a specific organization, a post, a role, personnel and the like is realized.

Example two

Fig. 2a is a flowchart of an access control method for an application service in a second embodiment of the present invention, which is further detailed based on the above embodiment, and provides specific steps before responding to an application request of a first user, acquiring a demand application set included in the application request, and transferring the demand application set to a first platform for application authorization. The following describes, with reference to fig. 2a, an access control method for application services according to a second embodiment of the present invention, including the following steps:

step 210, creating an invitation code corresponding to at least one user included in the invitation registration list according to the invitation registration list, wherein the invitation registration list includes user information corresponding to the first user and the second user.

The invitation registration list is a list of users provided by the administrative unit to the management system, and comprises at least one user which is invited by the administrative unit to register and log in the management system. Specifically, the invitation registration list may include user information corresponding to the first user and the second user, that is, the invitation registration list may include users who have logged in and users who have not logged in.

In this embodiment, as shown in fig. 2b, the operation performed by the management system after obtaining the invitation registration list may create an invitation code corresponding to at least one user included in the invitation registration list, where, for example, the invitation registration list may include information such as an enterprise name, a user name, and a user phone number, and the user phone number may be used as a unique identifier of each user to create the invitation code.

And step 220, when the user corresponding to the invitation code does not hold the invitation code, sending the created invitation code to the second user according to the user information.

In this embodiment, after creating the invitation code corresponding to each user in the invitation registration list, it is further determined whether the user corresponding to the invitation code already holds the invitation code or finishes using the invitation code, if the two conditions are met, the currently created invitation code is no longer sent to the user, and if the current user does not hold the invitation code and is not registered, the currently created invitation code can be sent to the corresponding user according to the user information in the invitation registration list.

For example, whether the current user already holds or uses the invitation code may be determined according to the phone number of the user, specifically, whether the phone number has acquired the invitation code is determined by using the phone number as the unique identifier of the user, if so, the current operator may be prompted, the user already holds a valid invitation code, the user already uses the invitation code, or the user is registered, and otherwise, the created invitation code is sent to the corresponding user to invite the user to perform account registration.

Optionally, after the user receives the invitation code, the fourth platform authenticates the registration or login of the personal information of the current user, for example, the fourth platform is a unified identity authentication platform, the specific authentication process includes determining an information perfection level for the filled personal information of the user, completing a level verification operation when the information perfection level is below a level L2, and not performing subsequent registration or login operation, and continuing to perform the account registration or login operation of the user when the information perfection level reaches a level L2 or above. The information perfection level is a level for representing the perfection degree of the personal information of the user, and the higher the information perfection level is, the higher the perfection degree of the personal information filled by the user is, for example, the perfection level of the L1 level is the highest, and the perfection level of the L5 level is the lowest. The authentication process also comprises the steps of initiating a registration or login authentication request based on the personal information of the user, judging whether the perfection level of the personal information of the user meets the requirement of the L2 level or not according to a feedback parameter of invitation receiving initiated by the second user, if not, feeding back to the second user to continue executing account registration or login operation of the user, calling a related region identity authentication database to verify the personal information of the second user until the level requirement is met, feeding back an identity authentication result to the second user end to complete the authentication process, and forming an authentication record. With a related regional authentication database such as the Guangdong province resident authentication database.

Illustratively, the user personal information comprises three types of information, namely basic information, academic information and work experience, wherein each type of information comprises 3 items of specific information, the user personal information comprises 9 items of specific information, when the specific information filled by the user is greater than or equal to 7 items, the information perfection level is determined to reach the level L2, account registration or login operation can be continuously executed, otherwise, the information perfection level is considered to be below the level L2, and account registration or login operation cannot be executed.

Step 230, responding to the account registration request initiated by the second user, determining whether the account registration request is initiated for the invitation code, if so, executing step 241, and if not, executing step 242.

In this embodiment, when receiving an account registration request initiated by a second user, the management system first determines whether the current account registration request is an account registration request initiated for a sent invitation code, specifically, a user initiating the account registration request for the invitation code is invited by a supervisor unit to register, and may not perform manual approval, and for other users initiating account registration requests by themselves, further approval is required.

And 241, creating and logging in an account corresponding to the account registration request.

In this embodiment, when the current account registration request is initiated by the user for the invitation code, the account included in the account registration request is directly created and logged in, without further checking the identity of the user, and skipping the approval supervision process, thereby improving the access efficiency of the online application service.

It should be noted that, after the second user initiates an account registration request for the invitation code, the execution operation is as shown in fig. 2b, and after filling the invitation code, the foreground interface where the second user is located verifies the invitation code filled by the user, for example, first verifies whether the invitation code filled by the user exists or not, if not, does not initiate an account registration request to the management system, if so, further determines whether the invitation code is the self invitation code, i.e., determines whether the invitation code matches with the information of the currently logged-in user, exemplarily determines whether the phone number corresponding to the invitation code matches with the phone number of the current user, if not, terminates the account registration, otherwise, further determines whether the invitation code is expired or not, exemplarily, determines whether the invitation code is expired or not according to the generation time of the invitation code carried by the invitation code and the validity of the invitation code, if so, and terminating the account application, otherwise, prompting the user to complete and submit the basic information, and allowing the management system to pass the approval and log in the account after the second user submits the basic information.

Step 242, creating an account corresponding to the account registration request, acquiring user basic information included in the account registration request, and transferring the user basic information to a third platform to perform registration authorization of the account registration request; and obtaining an authorization result fed back by the third platform aiming at the basic information of the user, and confirming that the second user is the first user according to the authorization result.

The third platform is a registration authorization platform provided by the management system and facing to system operators, and the system operators can perform registration authorization on the third platform according to account registration requests of users.

Optionally, the third platform performs registration authorization of the account registration request for the user basic information, and may further include the following implementation manners: acquiring basic information of a current second user according to an account registration request, acquiring a corresponding registration authorization template based on the basic information of the user, and firstly confirming whether the submitted basic information of the user meets an authorization range registered in the registration authorization template according to the registration authorization template, namely confirming the registration authority of the second user again; if the registration authority is met, generating registration authorization suggestion information under the limitation of the registration authority and according to the basic information of the user, presenting the registration authorization suggestion information on an interface of a third platform, and if the registration authority is not met, generating warning information without authority access and feeding the warning information back to the management system; identifying the account registration request for the first time, and limiting the account registration request of the management system when the identification times exceed a threshold value; and after the registration authority is met and after a system operator of the third platform initiates an authorized registration confirmation instruction, generating user information of the first user to confirm that the second user is the first user.

In this embodiment, when the current account registration request is not initiated for the invitation code, and when an account corresponding to the account registration request is created, it is necessary to obtain user basic information included in the account registration request, for example, information such as a collective or collective social institution code to which the user belongs, and further, the user basic information is transferred to a third platform for user registration authorization, specifically, the third platform is a platform for the operator to perform authorization for the account to be registered, the operator may perform authorization for the account to be registered in the third platform, and the final management system performs account registration according to a user information auditing result fed back by the third platform for the user basic information, specifically, if the account to be registered is authorized, the account registration is directly performed, otherwise, the user is prompted to continue to perform registration, for example, the user is prompted to perfect the user information, and the like. In the embodiment, data and operation authorization under user dimensionality is provided, and authority supervision of the user is planned according to the standard.

It should be noted that the management system may be used to examine and verify the basic information of the user by using dimensions such as different personnel, posts, or roles, and is not limited to the operation and maintenance personnel provided in this embodiment.

Optionally, the method further includes responding to an account deletion request initiated by a user, and determining whether an account to be deleted is a primary account; the primary account number is an account number which is registered firstly in the system collectively, and the account number registered after the primary account number is a sub-account number;

when the account number to be deleted is the primary account number, judging whether the system comprises at least one sub-account number in a group to which the primary account number belongs;

if so, initiating a prompt of switching the current primary account number into the sub-account number, otherwise, deleting the primary account number.

In this optional embodiment, after the registered account number completes the corresponding task, the user may initiate a request for deleting the account number, and after the management system receives the account number deletion request initiated by the user, the specific execution operation is as shown in fig. 2c, and first, it is determined whether the account number to be deleted is a primary account number in a group in which the account number is located, where the primary account number is a first registered account number in the group, and subsequently registered account numbers are all sub-account numbers, and the primary account number may manage the sub-account numbers, for example, the primary account number may be approved when the sub-account numbers are registered. When the current account to be deleted is judged to be the primary account, whether other sub-accounts except the primary account are included in the management system is further judged, if not, the current account to be deleted can be directly deleted, otherwise, the user needs to be prompted to switch the current primary account into the sub-accounts and then delete the account.

Optionally, when the management system receives the account number disabling instruction, it may be determined whether the account number to be disabled currently is the primary account number, if so, the primary account number disabling operation is executed, and otherwise, the sub-account number disabling operation is executed.

Optionally, when the user initiates the account registration request, the operator of the management system may perform the work of checking the basic information of the user in the third platform, or the user corresponding to the primary account may perform the work of checking the basic information of the user.

Step 250, responding to the application request of the first user, acquiring a demand application set included in the application request, and transferring the demand application set flow to the first platform for application authorization.

And step 260, obtaining an authorized application set fed back by the first platform aiming at the required application set, and confirming a first subscription service range of each authorized application in the authorized application set.

Step 270, based on the first subscription service range, in response to the service subscription request of the first user for the target authorized application, obtaining a subscription service set included in the service subscription request.

Step 280, the subscription service set flow is transferred to the second platform for service authorization, and an authorization service set fed back by the second platform for the subscription service set is obtained, so that the target authorization application accesses the corresponding application service.

The technical scheme of the embodiment of the invention comprises the steps of firstly creating an invitation code corresponding to at least one user contained in an invitation registration list according to the invitation registration list, when the user corresponding to the invitation code does not hold the invitation code, sending the created invitation code to a second user according to user information, responding to an account registration request initiated by the second user, judging whether the account registration request is the account registration request initiated by the invitation code, if so, creating and logging in an account corresponding to the account registration request, if not, creating the account corresponding to the account registration request, acquiring user basic information contained in the account registration request, transferring the user basic information to a third platform for registration authorization of the account registration request, acquiring an authorization result fed back by the third platform aiming at the user basic information, confirming that the second user is the first user according to the authorization result, further responding to an application request of the first user, acquiring a demand application set included in an application request, circulating the demand application set to a first platform for application authorization, acquiring an authorized application set fed back by the first platform aiming at the demand application set, confirming a first subscription service range of each authorized application in the authorized application set, responding to a service subscription request of a first user aiming at a target authorized application based on the first subscription service range, acquiring a subscription service set included in the service subscription request, circulating the subscription service set to a second platform for service authorization, acquiring an authorized service set fed back by the second platform aiming at the subscription service set, so that the target authorized application is accessed into a corresponding application service, the whole flow of application and service subscription can be completed on line, the application service access efficiency is improved, and multi-dimensional online user registration, application authorization, role and personnel and the like on a specific organization, post, role and personnel are realized, Application and supervision of application service access procedures.

EXAMPLE III

Fig. 3a is a flowchart of an access control method for an application service in a third embodiment of the present invention, which is further detailed based on the above embodiment, and provides specific steps for requiring an application stream to be transferred to a first platform for application authorization and specific steps for transferring a subscription service stream to a second platform for service authorization. The following describes, with reference to fig. 3a, an access control method for an application service according to a third embodiment of the present invention, including the following steps:

step 310, responding to the application request of the first user, and acquiring a demand application set included in the application request.

And 320, acquiring at least one application identifier corresponding to the required application set, and splitting the required application set into at least one application work order according to the application identifier.

In this embodiment, after the demand application set included in the application request initiated by the first user is obtained, the demand application set may be split into a plurality of application work orders by using the demand application as a unit, specifically, as shown in fig. 3b, the demand application set may include a plurality of demand applications, each demand application corresponds to a unique application identifier, an application identifier corresponding to each demand application may be obtained, and then the demand application set is split into a plurality of application work orders according to the application identifiers, each application work order corresponds to one demand application, for example, from the application work order 1 to the application work order N.

And 330, associating the application work order with a corresponding authorized user in the first platform according to the application type corresponding to the demand application set so as to complete the authorization processing of the application work order.

In this embodiment, after the demand application set is split into at least one application work order, the application type corresponding to the demand application set may be further determined, and then the application work order is associated with the corresponding authorized user in the first platform according to the application type corresponding to the demand application set, so that the authorized user in the first platform authorizes the demand application corresponding to each application work order, where the demand applications of different types may correspond to different authorized users in the first platform.

And 340, obtaining an authorization result fed back by the authorized user aiming at the application work order, forming an authorized application set, and confirming a first subscription service range of each authorized application in the authorized application set.

In this embodiment, after an authorized user in the first platform performs an authorization operation on a required application in a required application set, an authorization result is fed back to the management system, after the management system obtains an authorization result fed back by the authorized user for an application work order, an authorized application set is formed according to an authorization result and a required application corresponding to each application work order, specifically, the required applications corresponding to the application work orders authorized by the authorized user form a set, that is, the authorized application set, and further confirm a first subscription service range corresponding to each authorized application in the authorized application set, and the management system only shows services in the first subscription service range to the authorized applications.

Step 350, based on the first subscription service range, responding to a service subscription request of the first user for the target authorized application, and acquiring a subscription service set included in the service subscription request.

And 360, acquiring at least one corresponding service identifier in the subscription service set, and splitting the subscription service set into at least one service work order according to the service identifier.

In this embodiment, after obtaining the subscription service set included in the service subscription request initiated by the first user, the required application set may be split into a plurality of service work orders by using the subscription service as a unit, specifically, the subscription service set may include a plurality of services, each service corresponds to a unique service identifier, and a service identifier corresponding to each service may be obtained, so that the subscription service set is split into a plurality of service work orders according to the service identifier, and each service work order corresponds to one service.

And 370, associating the service work order with a corresponding authorized user in the second platform according to the service type corresponding to the subscription service set so as to complete the authorization processing of the service work order.

In this embodiment, after the subscription service set is split into at least one service work order, the service type corresponding to the subscription service set may be further determined, and the service work order is associated with the corresponding authorized user in the second platform according to the service type corresponding to the subscription service set, so that the authorized user in the second platform authorizes the subscription service corresponding to each service work order, where the subscription services of different types may correspond to different authorized users in the second platform.

And 380, obtaining an authorization result fed back by the authorization user aiming at the service work order to form an authorization service set so that the target authorization application accesses the corresponding application service.

In this embodiment, after an authorized user in the second platform performs an authorization operation on services in the subscription service set, an authorization result is fed back to the management system, and after the management system obtains an authorization result fed back by the authorized user for a service work order, an authorization service set is formed according to an authorization result and a service corresponding to each service work order.

The technical scheme of the embodiment of the invention is that a demand application set included in an application request is obtained in response to the application request of a first user, the demand application set is circulated to a first platform for application authorization, then an authorization application set fed back by the first platform aiming at the demand application set is obtained, a first subscription service range of each authorization application in the authorization application set is confirmed, and then a subscription service set included in a service subscription request is obtained in response to the service subscription request of the first user aiming at a target authorization application based on the first subscription service range, finally the subscription service set is circulated to a second platform for service authorization, and an authorization service set fed back by the second platform aiming at the subscription service set is obtained, so that the target authorization application accesses the corresponding application service, all processes of application and service subscription can be completed on line, and the access efficiency of the application service is improved, and the supervision of user registration, application and application service access flow on a multi-dimensional online network of a specific organization, a post, a role, personnel and the like is realized.

Example four

Fig. 4 is a schematic structural diagram of an access control system of an application service according to a fourth embodiment of the present invention, where the access control system of the application service includes: a first platform 410, a second platform 420, and a first client 430.

A first platform 410, configured to authorize an application request initiated based on a demand application selected in an application service interface, and generate an authorized application set;

a second platform 420, configured to authorize a service subscription request initiated by a subscription service selected in a service subscription interface for a target authorized application based on the authorized application set, and generate an authorized service set;

the first user 430 is configured to provide an application service interface and a service subscription interface, and respectively initiate an application request and a service subscription request based on the application service interface and the service subscription interface, so as to access a corresponding application service based on the authorization of the first platform 410 and the authorization of the second platform 420.

In this embodiment, the first platform 410 is an authorization platform provided by the management system and facing to system operators, and the system operators can perform authorization and audit on the first platform 410 for the application request of the user, wherein the system operators can be divided according to multiple dimensions such as organization, people, roles, and posts. Specifically, the first platform 410 is a platform for authorizing an application request initiated based on a demand application selected in the application service interface and feeding back an authorized application set to the management system, and the demand application authorized by the first platform 410 in the application request may further perform service subscription.

The second platform 420 refers to an authorization platform provided by the management system and facing to system operators, and the system operators can authorize the service subscription request of the user on the second platform 420, wherein the system operators can be divided according to multiple dimensions such as organization, people, roles, and posts. Specifically, the second platform 420 is configured to authorize subscription services selected in the service subscription interface for the target authorized application based on the authorized application set, and finally obtain a set formed by all authorized services, that is, an authorized service set.

The first user 430 may provide an application service interface and a service subscription interface, and a user may perform a relevant operation of determining a required application on the application service interface (for example, select an application requiring authorization or input an application name requiring authorization), so as to initiate an application request to the management system, so that the management system transfers a required application set included in the application request to the first platform 410 for authorization; the user may perform an operation of selecting a subscription service on the service subscription interface, so as to initiate a service subscription request to the management system, so that the management system transfers the subscription service set stream included in the service subscription request to the second platform 420 for authorization, so as to implement authorization of application access to the service. It should be noted that the service subscription interface provided by the first user terminal 430 only includes services within the first subscription service range corresponding to the target authorized application.

Optionally, the access control system for application service further includes:

the third platform 440 is configured to receive the account registration request according to the invitation code, acquire user basic information included in the account registration request, and perform registration authorization for the user basic information;

the second user end 450 is configured to receive the invitation code, receive basic information of the user according to the invitation code, and initiate an account registration request;

and a fourth platform 460, configured to receive a confirmation invitation request initiated by the second client 450 based on the invitation code, and complete identity verification according to the confirmation invitation request.

In this embodiment, the third platform 440 refers to a registration authorization platform provided by the management system and facing to system operators, and the system operators can perform registration authorization on the third platform 440 for account registration requests of users. Specifically, the third platform 440 receives the account registration request according to the invitation code, acquires and displays the user information included in the account registration request, and finally performs registration authorization on the account registration request according to an authorization operation of an operator for the user information.

The second user end 450 is configured to receive the invitation code sent by the management system, display the user basic information to-be-filled item that needs to be filled by the user, and initiate an account registration request according to the user basic information filled by the user.

The fourth platform 460 first receives the invitation confirmation request initiated by the second user 450 based on the invitation code, and completes the identity verification according to the invitation confirmation request, for example, the fourth platform 460 performs the authentication of registration or login for the personal information of the current user, and the specific authentication process includes determining the information perfection level for the filled personal information of the user, when the information perfection level is below the level L2, completing the level verification operation, and no longer performing the subsequent registration or login operation, and when the information perfection level reaches the level L2 or above, continuing to perform the account registration or login operation of the user.

The technical solution of this embodiment is to respond to an application request of a login user, obtain a to-be-processed application set included in the application request, circulate the to-be-processed application set to a first platform for application authorization audit, obtain an authorized application set fed back by the first platform for the to-be-processed application set, authorize each authorized application in the authorized application set in a service subscription range, further authorize each authorized application in the authorized application set in an application management range, then respond to a service subscription request of the login user for a target authorized application, obtain a to-be-subscribed service set included in the service subscription request, belong to the service subscription range authorized by the target authorized application, circulate the to-be-subscribed service set to a second platform for service authorization audit, and use the authorized service set fed back by the second platform to authorize the target authorized application for service authorization, and finally, responding to a service debugging request initiated by a user, triggering a debugging interface of at least one authorization service of the target authorization application to debug the authorization service, and completing all processes of application and service subscription on line so as to improve the transaction processing efficiency.

EXAMPLE five

Fig. 5 is a schematic structural diagram of an access control device for application services according to a fifth embodiment of the present invention, where the access control device for application services includes: a requirement application set acquisition module 510, an authorization application set acquisition module 520, a subscription service set acquisition module 530, and an authorization service set acquisition module 540.

A demand application set obtaining module 510, configured to respond to an application request of a first user, obtain a demand application set included in the application request, and transfer the demand application set to a first platform for application authorization;

an authorized application set obtaining module 520, configured to obtain an authorized application set fed back by the first platform for the required application set, and confirm a first subscription service range of each authorized application in the authorized application set;

a subscription service set obtaining module 530, configured to, based on the first subscription service range, respond to a service subscription request of the first user for the target authorized application, and obtain a subscription service set included in the service subscription request;

an authorized service set obtaining module 540, configured to transfer the subscription service set stream to a second platform for service authorization, and obtain an authorized service set fed back by the second platform for the subscription service set, so that the target authorized application accesses a corresponding application service.

The technical solution of this embodiment is to respond to an application request of a login user, obtain a to-be-processed application set included in the application request, circulate the to-be-processed application set to a first platform for application authorization audit, obtain an authorized application set fed back by the first platform for the to-be-processed application set, authorize each authorized application in the authorized application set in a service subscription range, further authorize each authorized application in the authorized application set in an application management range, then respond to a service subscription request of the login user for a target authorized application, obtain a to-be-subscribed service set included in the service subscription request, belong to the service subscription range authorized by the target authorized application, circulate the to-be-subscribed service set to a second platform for service authorization audit, and use the authorized service set fed back by the second platform to authorize the target authorized application for service authorization, and finally, responding to a service debugging request initiated by a user, triggering a debugging interface of at least one authorization service of the target authorization application to debug the authorization service, and completing all processes of application and service subscription on line so as to improve the transaction processing efficiency.

Optionally, the access control apparatus for application service further includes:

the registration request type judging module is used for responding to an account registration request initiated by a second user and judging whether the account registration request is an account registration request initiated aiming at an invitation code before responding to an application request of a first user, acquiring a demand application set included in the application request and transferring the demand application set to a first platform for application authorization;

the account creating module is used for creating and logging in an account corresponding to the account registration request when the account registration request is initiated aiming at the invitation code;

the system comprises a registration information circulation module, a third platform and a registration authorization module, wherein the registration information circulation module is used for creating an account corresponding to an account registration request when the account registration request is not the account registration request initiated aiming at an invitation code, acquiring user basic information included in the account registration request, and circulating the user basic information to the third platform to perform the registration authorization of the account registration request;

and the first user confirmation module is used for acquiring an authorization result fed back by the third platform for the user basic information and confirming that the second user is the first user according to the authorization result.

Optionally, the access control apparatus for application service further includes:

the account registration request creating module is used for responding to an account registration request initiated by a second user, and before judging whether the account registration request is initiated aiming at the account registration request initiated by an invitation code, creating the invitation code corresponding to at least one user contained in the invitation registration list according to the invitation registration list, wherein the invitation registration list comprises user information corresponding to the first user and the second user;

and the invitation code sending module is used for sending the created invitation code to the second user according to the user information when the user corresponding to the invitation code does not hold the invitation code.

Optionally, the requirement application set obtaining module 510 includes:

the demand application set splitting unit is used for acquiring at least one application identifier corresponding to the demand application set and splitting the demand application set into at least one application work order according to the application identifier;

the first authorized user association unit is used for associating the application work order with a corresponding authorized user in a first platform according to the application type corresponding to the demand application set so as to complete the authorization processing of the application work order;

accordingly, the authorized application set obtaining module 520 includes:

and the authorized application set acquisition unit is used for acquiring an authorized result fed back by the authorized user aiming at the application work order to form the authorized application set.

Optionally, the authorization service set obtaining module 540 includes:

the subscription service set splitting unit is used for acquiring at least one corresponding service identifier in the subscription service set and splitting the subscription service set into at least one service work order according to the service identifier;

the second authorized user association unit is used for associating the service work order with a corresponding authorized user in a second platform according to the service type corresponding to the subscription service set so as to complete the authorization processing of the service work order;

and the authorization service set acquisition unit is used for acquiring an authorization result fed back by the authorization user aiming at the service work order to form the authorization service set.

The access control device of the application service provided by the embodiment of the invention can execute the access control method of the application service provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.

EXAMPLE six

Fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention, as shown in fig. 6, the electronic device includes a processor 60 and a memory 61; the number of processors 60 in the device may be one or more, and one processor 60 is taken as an example in fig. 6; the processor 60 and the memory 61 in the device may be connected by a bus or other means, as exemplified by the bus connection in fig. 6.

The memory 61 is used as a computer readable storage medium for storing software programs, computer executable programs, and modules, such as program instructions/modules corresponding to an access control method of an application service in the embodiment of the present invention (for example, a required application set obtaining module 510, an authorized application set obtaining module 520, a subscription service set obtaining module 530, and an authorized service set obtaining module 540 in an access control apparatus of an application service, the processor 60 executes various functional applications and data processing of a device by running the software programs, instructions, and modules stored in the memory 61, so as to implement the access control method of the application service.

The method comprises the following steps:

responding to an application request of a first user, acquiring a demand application set included in the application request, and transferring a demand application set flow to a first platform for application authorization;

obtaining an authorized application set fed back by the first platform aiming at the demand application set, and confirming a first subscription service range of each authorized application in the authorized application set;

responding to a service subscription request of a first user for a target authorization application based on the first subscription service range, and acquiring a subscription service set included in the service subscription request;

and the subscription service set flow is transferred to a second platform for service authorization, and an authorization service set fed back by the second platform aiming at the subscription service set is obtained, so that the target authorization application accesses the corresponding application service.

The memory 61 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to the use of the terminal, and the like. Further, the memory 61 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid state storage device. In some examples, the memory 61 may further include memory located remotely from the processor 60, which may be connected to the device over a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

EXAMPLE seven

An embodiment of the present invention further provides a computer-readable storage medium having a computer program stored thereon, where the computer program is used for executing an access control method for an application service when executed by a computer processor, and the method includes:

responding to an application request of a first user, acquiring a demand application set included in the application request, and transferring a demand application set flow to a first platform for application authorization;

obtaining an authorized application set fed back by the first platform aiming at the demand application set, and confirming a first subscription service range of each authorized application in the authorized application set;

responding to a service subscription request of a first user for a target authorization application based on the first subscription service range, and acquiring a subscription service set included in the service subscription request;

and the subscription service set flow is transferred to a second platform for service authorization, and an authorization service set fed back by the second platform aiming at the subscription service set is obtained, so that the target authorization application accesses the corresponding application service.

Of course, the storage medium provided by the embodiment of the present invention and containing the computer-executable instructions is not limited to the method operations described above, and may also perform related operations in the access control method for application services provided by any embodiment of the present invention.

From the above description of the embodiments, it is obvious for those skilled in the art that the present invention can be implemented by software and necessary general hardware, and certainly, can also be implemented by hardware, but the former is a better embodiment in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, an application server, or a network device) to execute the methods according to the embodiments of the present invention.

It should be noted that, in the above embodiment of the access control device for application services, the included units and modules are only divided according to functional logic, but are not limited to the above division, as long as the corresponding functions can be implemented; in addition, specific names of the functional units are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present invention.

It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (10)

1. An access control method for an application service, comprising:

responding to an application request of a first user, acquiring a demand application set included in the application request, and transferring a demand application set flow to a first platform for application authorization;

obtaining an authorized application set fed back by the first platform aiming at the demand application set, and confirming a first subscription service range of each authorized application in the authorized application set;

responding to a service subscription request of a first user for a target authorization application based on the first subscription service range, and acquiring a subscription service set included in the service subscription request;

and the subscription service set flow is transferred to a second platform for service authorization, and an authorization service set fed back by the second platform aiming at the subscription service set is obtained, so that the target authorization application accesses the corresponding application service.

2. The method of claim 1, wherein before responding to the application request of the first user, obtaining a demand application set included in the application request, and transferring the demand application set stream to the first platform for application authorization, the method further comprises:

responding to an account registration request initiated by a second user, and judging whether the account registration request is initiated aiming at an invitation code;

if so, establishing and logging in an account corresponding to the account registration request;

if not, an account corresponding to the account registration request is created, user basic information included in the account registration request is obtained, and the user basic information is transferred to a third platform to carry out registration authorization of the account registration request;

and obtaining an authorization result fed back by the third platform for the user basic information, and confirming that the second user is the first user according to the authorization result.

3. The method of claim 2, wherein before determining whether the account registration request is initiated for an invitation code in response to an account registration request initiated by a second user, further comprising:

according to an invitation registration list, creating an invitation code corresponding to at least one user contained in the invitation registration list, wherein the invitation registration list comprises user information corresponding to a first user and a second user;

and when the user corresponding to the invitation code does not hold the invitation code, sending the created invitation code to the second user according to the user information.

4. The method of claim 1, wherein transferring the demand application assembly flow to the first platform for application authorization comprises:

acquiring at least one application identifier corresponding to the required application set, and splitting the required application set into at least one application work order according to the application identifier;

associating the application work order with a corresponding authorized user in a first platform according to the application type corresponding to the demand application set so as to complete the authorization processing of the application work order;

correspondingly, obtaining the authorized application set fed back by the first platform for the required application set includes:

and obtaining an authorization result fed back by the authorized user aiming at the application work order to form the authorized application set.

5. The method of claim 1, wherein transferring the subscription service set flow to a second platform for service authorization comprises:

acquiring at least one corresponding service identifier in the subscription service set, and splitting the subscription service set into at least one service work order according to the service identifier;

associating the service work order with a corresponding authorized user in a second platform according to the service type corresponding to the subscription service set so as to complete the authorization processing of the service work order;

correspondingly, obtaining the authorized service set fed back by the second platform for the subscribed service set includes:

and obtaining an authorization result fed back by the authorization user aiming at the service work order to form the authorization service set.

6. An application service access control system, comprising:

the first platform is used for authorizing an application request initiated based on the selected demand application in the application service interface and generating an authorized application set;

the second platform is used for authorizing a service subscription request initiated by the subscription service selected in the service subscription interface by the target authorization application based on the authorization application set to generate an authorization service set;

the first user terminal is used for providing the application service interface and the service subscription interface, respectively initiating the application request and the service subscription request based on the application service interface and the service subscription interface, and respectively accessing the corresponding application service based on the authorization of the first platform and the second platform.

7. The system of claim 6, further comprising:

the third platform is used for receiving the account registration request according to the invitation code, acquiring the user basic information contained in the account registration request, and performing registration authorization aiming at the user basic information;

the second user end is used for receiving the invitation code, receiving the basic information of the user according to the invitation code and initiating the account registration request;

and the fourth platform is used for receiving a confirmation invitation request initiated by the second user terminal based on the invitation code and completing identity verification according to the confirmation invitation request.

8. An access control apparatus for an application service, comprising:

the system comprises a demand application set acquisition module, a first platform and a second platform, wherein the demand application set acquisition module is used for responding to an application request of a first user, acquiring a demand application set included in the application request and transferring the demand application set to the first platform for application authorization;

an authorized application set obtaining module, configured to obtain an authorized application set fed back by the first platform for the required application set, and confirm a first subscription service range of each authorized application in the authorized application set;

a subscription service set obtaining module, configured to, based on the first subscription service range, respond to a service subscription request of a first user for a target authorized application, and obtain a subscription service set included in the service subscription request;

and the authorization service set acquisition module is used for transferring the subscription service set flow to a second platform for service authorization, and acquiring an authorization service set fed back by the second platform aiming at the subscription service set so as to enable the target authorization application to access the corresponding application service.

9. An electronic device, characterized in that the device comprises:

one or more processors;

a memory for storing one or more programs;

when executed by the one or more processors, cause the one or more processors to implement the method of access control for application services of any of claims 1-5.

10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out a method for access control to an application service according to any one of claims 1 to 5.

Images