CN113111339B - Access control method, device, equipment and medium for application service - Google Patents
Access control method, device, equipment and medium for application service Download PDFInfo
- Publication number
- CN113111339B CN113111339B CN202110521856.3A CN202110521856A CN113111339B CN 113111339 B CN113111339 B CN 113111339B CN 202110521856 A CN202110521856 A CN 202110521856A CN 113111339 B CN113111339 B CN 113111339B
- Authority
- CN
- China
- Prior art keywords
- application
- service
- authorization
- user
- platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 238000013475 authorization Methods 0.000 claims abstract description 232
- 238000012545 processing Methods 0.000 claims abstract description 14
- 238000012790 confirmation Methods 0.000 claims description 10
- 230000004044 response Effects 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 7
- 230000000977 initiatory effect Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 3
- 238000007726 management method Methods 0.000 description 72
- 230000008569 process Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 9
- 230000008520 organization Effects 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000006872 improvement Effects 0.000 description 3
- 230000001960 triggered effect Effects 0.000 description 3
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000013439 planning Methods 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
Abstract
The embodiment of the invention discloses an access control method, device, equipment and medium of application service. The access control method of the application service comprises the following steps: responding to an application request of a first user, acquiring a demand application set contained in the application request, and transferring the demand application set to a first platform for application authorization; acquiring an authorized application set fed back by a first platform aiming at a demand application set, and confirming a first subscription service range of each authorized application in the authorized application set; based on a first subscription service range, responding to a service subscription request of a first user for a target authorized application, and acquiring a subscription service set included in the service subscription request; and transferring the subscription service set to a second platform for service authorization, and acquiring an authorization service set fed back by the second platform aiming at the subscription service set so as to enable the target authorization application to access the corresponding application service. The technical scheme of the embodiment of the invention improves the transaction processing efficiency.
Description
Technical Field
Embodiments of the present invention relate to computer technologies, and in particular, to an access control method, apparatus, device, and medium for an application service.
Background
With the continuous development of communication technology and internet technology, china has entered the 'internet +' age, under the background, china takes service drive and technical support as main lines, and proposes an informatization solving path for optimizing government service supply around the aspects of an 'internet + government service' service supporting system, a basic platform system, a key guarantee technology, an evaluation and assessment system and the like, so that electronic government has greatly developed.
However, from the current national e-government affairs, the development of the e-government affairs at the current stage is still in the preliminary stage, and when the business application of all levels of departments is accessed to the digital government platform capability, some problems still exist: the method comprises the steps of lacking unified access guidance and entrance, mainly taking offline registration access work as a main part and having single form, and in addition, the method also has the problems of lack of government service capability authority supervision and the like.
Disclosure of Invention
The embodiment of the invention provides an access control method, device, equipment and medium for application service, which can complete all processes of application and service subscription on line and improve transaction processing efficiency.
In a first aspect, an embodiment of the present invention provides an access control method for an application service, where the method includes:
Responding to an application request of a first user, acquiring a demand application set contained in the application request, and transferring the demand application set to a first platform for application authorization;
acquiring an authorized application set fed back by the first platform aiming at the required application set, and confirming a first subscription service range of each authorized application in the authorized application set;
based on the first subscription service range, responding to a service subscription request of a first user aiming at a target authorized application, and acquiring a subscription service set included in the service subscription request;
and transferring the subscription service set to a second platform for service authorization, and acquiring an authorization service set fed back by the second platform aiming at the subscription service set so as to enable the target authorization application to access the corresponding application service.
In a second aspect, an embodiment of the present invention further provides an access control system for an application service, where the system includes:
the first platform is used for authorizing an application request initiated based on a demand application selected in the application service interface to generate an authorized application set;
a second platform for authorizing a service subscription request initiated for a subscription service selected in a service subscription interface by a target authorization application based on the authorization application set, generating an authorization service set;
The first user end is used for providing the application service interface and the service subscription interface, and respectively initiating the application request and the service subscription request based on the application service interface and the service subscription interface so as to access corresponding application services based on the authorization of the first platform and the second platform respectively.
In a third aspect, an embodiment of the present invention further provides an access control device for an application service, where the device includes:
the demand application set acquisition module is used for responding to an application request of a first user, acquiring a demand application set contained in the application request, and transferring the demand application set to the first platform for application authorization;
the authorization application set acquisition module is used for acquiring an authorization application set fed back by the first platform aiming at the demand application set and confirming a first subscription service range of each authorization application in the authorization application set;
the subscription service set acquisition module is used for responding to a service subscription request of the first user for the target authorized application based on the first subscription service range to acquire a subscription service set included in the service subscription request;
and the authorization service set acquisition module is used for streaming the subscription service set to a second platform for service authorization, and acquiring the authorization service set fed back by the second platform aiming at the subscription service set so as to enable the target authorization application to access the corresponding application service.
In a fourth aspect, an embodiment of the present invention further provides an electronic device, including:
one or more processors;
a memory for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method for controlling access to an application service provided by any embodiment of the present invention.
In a fifth aspect, an embodiment of the present invention further provides a computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the access control method for an application service provided by any embodiment of the present invention.
According to the technical scheme, the application request of the first user is responded, the demand application set included in the application request is obtained, the demand application set is transferred to the first platform for application authorization, then the authorization application set fed back by the first platform for the demand application set is obtained, the first subscription service scope of each authorization application in the authorization application set is confirmed, further the subscription service set included in the service subscription request is obtained according to the service subscription request of the first user for the target authorization application based on the first subscription service scope, finally the subscription service set is transferred to the second platform for service authorization, the authorization service set fed back by the second platform for the subscription service set is obtained, so that the target authorization application can access the corresponding application service, all processes of application and service subscription can be completed on line, the access process of complicated off-line application service is uploaded, and the access efficiency of application service is improved.
Drawings
Fig. 1a is a flowchart of an access control method for an application service according to a first embodiment of the present invention;
FIG. 1b is a schematic diagram of a user usage path in a management system according to a first embodiment of the present invention;
fig. 2a is a flowchart of an access control method for an application service in a second embodiment of the present invention;
FIG. 2b is a schematic diagram of an invitation code creation and registration application in a second embodiment of the present invention;
FIG. 2c is a flow chart of user stay, disable and delete in a second embodiment of the invention;
fig. 3a is a flowchart of an access control method for an application service in a third embodiment of the present invention;
FIG. 3b is a schematic diagram of an application and service subscription in a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an access control system for an application service in a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an access control device for application services in a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of an apparatus according to a sixth embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Example 1
Fig. 1a is a flowchart of an access control method for an application service in a first embodiment of the present invention, where the technical solution of this embodiment is applicable to a case of providing unified service subscription and service authority control, the method may be executed by an access control device for an application service, and the device may be implemented by software and/or hardware and may be integrated in various general purpose computer devices, and specifically includes the following steps:
step 110, in response to an application request of a first user, a required application set included in the application request is obtained, and the required application set is transferred to a first platform for application authorization.
The application request is initiated by a user to the management system, a request of creating an application in the management system, one or more demand applications can be contained in the application request to form a demand application set, and the application created in the system can provide or apply access service to the management system. The first platform is an authorization auditing platform for system operators, which is provided by the management system, and the system operators can conduct authorization auditing on the first platform for application requests of users, wherein the operators can be divided according to a plurality of dimensions such as organizations, people, roles and posts.
In this embodiment, when receiving an application request initiated by a first user, the management system first analyzes the application request to obtain a required application set included in the application request, where the required application set may include one or more required applications, and further flows the required application set to a first platform to perform application authorization, specifically, the first platform may be an operator-oriented transaction platform, and an operator may perform authorization operation of each required application on the first platform, so as to determine whether to authorize each required application. Wherein the first user refers to a user who has logged in.
Optionally, the application authorization performed by the first platform for the requirement application set further includes the following implementation manners: acquiring user information of a first user according to an application authorization request generated by transferring a required application set to a first platform, wherein the user information comprises user information of a plurality of dimensions such as organization, people, roles and posts; invoking a corresponding application authorization template according to the user information, and confirming whether the submitted required application set meets the application authorization range in the application authorization template according to the application authorization template, namely confirming the application access authority of the first user; if the application access rights are met, generating application authorization suggestion information to be presented on an interface of the first platform under the limitation of the application access rights and according to a demand application set, and if the application access rights are not met, generating warning information without access rights and feeding the warning information back to a management system; carrying out first identification on the application authorization request, and limiting the application authorization request of the management system after the identification times exceed a threshold value; after the application access rights are satisfied, after the system operator of the first platform initiates the authorized access confirmation instruction, an authorized application set is generated, and step 120 is entered.
Step 120, acquiring an authorized application set fed back by the first platform aiming at the requirement application set, and confirming a first subscription service range of each authorized application in the authorized application set.
The first subscription service scope is used to represent a set of services that the authorized requirement application can apply for access, and a service can be understood as a capability that can be provided by the management platform, for example: data processing capability, data providing capability, etc.
In this embodiment, after an operator authorizes at least one demand application in a demand application set on a first platform, a management system obtains an authorized application set fed back by the first platform for the demand application set, where the authorized application set refers to a set of demand applications that the operator initiates an authorization instruction and approves, and further, the management system confirms a first subscription service range of at least one authorized application in the authorized application set, and specifically, the first subscription service range refers to a service that can be accessed and applied by a current authorized application. The first subscription service range can not be authorized by the requirement application which is not approved in the first platform, and the first subscription service range can be authorized by the requirement application which is approved. In this embodiment, authorization of data or operations of an application dimension is provided, and standard planning of application authority supervision ensures online supervision while improving application service access efficiency.
Optionally, after determining the first subscription service scope of each authorized application in the authorized application set, the method further includes:
and authorizing each authorized application in the authorized application set to perform application management range authorization, wherein the application management range authorization is to perform application management range authorization by taking a user as a dimension.
In this optional embodiment, after the first subscription service range of each authorized application in the authorized application set is confirmed, the application management range is authorized for each authorized application in the authorized application set, more specifically, the authorization of the application management range is that the user is used as a dimension to perform authorization of the application management range, for example, when a user performs account login in the management system, the application authorization management range can be performed with the user as a dimension, for example, when the user a logs in, the application a can access to the application 1 and the application 2 in the management system, and when the user B logs in, the application B can only access to the application 1 in the management system.
Optionally, the confirming the first subscription service range of each authorized application in the authorized application set specifically includes the following implementation manners: the management system acquires user information of the first user according to the authorized application set, invokes a service access authority template, confirms the service access authority of the first user for the first time according to the service access authority template, and generates a first subscription service range. The service access authority templates are respectively set according to mapping relations between user information of a plurality of dimensions such as organization, people, roles and posts of the first user and the first user accessible service.
Step 130, based on the first subscription service scope, responding to a service subscription request of the first user for the target authorized application, and acquiring a subscription service set included in the service subscription request.
In this embodiment, after the management system determines a first subscription service range corresponding to at least one application applied by the first user, the first user may initiate a service subscription request to the management system for one or more authorized applications, after the management system receives the service subscription request initiated by the first user for the target authorized application, the service subscription request is first parsed to obtain a subscription service set included in the service subscription request, where the subscription service set includes at least one service that needs to be accessed by the target authorized application. It should be noted that, the services in the subscription service set all belong to the first subscription service range authorized by the target authorized application, because the management system only shows the services in the first subscription service range to the user corresponding to the target authorized application, the first subscription service range of the application a includes the services a and B of the application 1 in the management system and the service c of the application 2, and the first subscription service range of the application B includes the service a of the application 1 and the service c of the application 2 in the management system.
Optionally, the obtaining the subscription service set included in the service subscription request further includes the following implementation manner: and extracting a corresponding range service list according to the first subscription service range, matching related subscription services one by one according to the service subscription request and the user information of the first user, and generating the subscription service set.
And 140, transferring the subscription service set to a second platform for service authorization, and acquiring an authorization service set fed back by the second platform aiming at the subscription service set so as to enable the target authorization application to access the corresponding application service.
The second platform is an authorization platform provided by the management system and facing to system operators, and the system operators can authorize service subscription requests of users on the second platform, wherein the operators can divide the service subscription requests according to a plurality of dimensions such as organizations, people, roles and posts.
Optionally, the second platform performs service authorization for the subscription service set, and may further include the following implementation manners: acquiring user information of a current first user according to a service authorization request generated by transferring a subscription service set to a second platform, acquiring a corresponding service authorization template based on the user information, and firstly confirming whether the submitted subscription service set meets the service authorization range in the service authorization template or not according to the service authorization template, namely confirming the service access authority of the first user again; if the service access authority is met, generating service authorization suggestion information under the limit of the service access authority and according to a subscription service set, and displaying the service authorization suggestion information on an interface of a second platform, and if the service access authority is not met, generating warning information without authority access and feeding the warning information back to a management system; carrying out first identification on the service authorization request, and limiting the application authorization request of the management system after the identification times exceed a threshold value; after the service access authority is met, after a system operator of the second platform initiates an authorized access confirmation instruction, an authorized service set is generated so that the target authorized application accesses the corresponding application service.
In this embodiment, after acquiring the subscription service set included in the service subscription request, in order to enable the operator to perform service subscription authorization, the subscription service set is transferred to the second platform to perform service authorization, specifically, the second platform may be a transaction processing platform facing the operator, and the operator may perform approval of the subscription service on the second platform, so as to determine whether to approve the target authorized application to subscribe to the service, when the operator performs subscription audit on at least one service to be subscribed in the subscription service set on the second platform, the management system performs service authorization on the target authorized application by using the authorization service set fed back by the second platform, that is, the management system grants the service in the authorization service set to the target authorized application, at this moment, the target authorized application may use at least one authorized service in the management system or provide authorized service to the management system.
Optionally, after acquiring the authorized service set fed back by the second platform for the subscription service set, the method further includes:
and responding to a service debugging request initiated by the first user, triggering a debugging interface of at least one authorization service of the target authorization application, and debugging the authorization service.
In this embodiment, after receiving a service debug request initiated by a first user, the management system triggers a debug interface of at least one authorization service corresponding to a target authorization application to debug the authorization service, and a debugger issues a test report according to an input parameter and an output result.
In this embodiment, as shown in fig. 1b, a specific user uses a path in a management system, first, a first user initiates an application for entering the management system, then an operator or a primary account number of the management system performs approval, after the approval passes, the user creates an application in the management system, then the management system performs authorization of an application management range and a service subscription range on the created application, and finally, after the service subscription is finished, online joint debugging is further performed, specifically, a debugging interface of at least one authorization service corresponding to a target authorization application is triggered to debug the authorization service.
In addition, in the embodiment, the application and the service subscription flow support the supervision of the service subscription range and the service authorization in the dimensions of organizations, personnel, roles or posts, and the multi-dimensional supervision of the service authority can be realized.
According to the technical scheme, the application request of the first user is responded, the demand application set included in the application request is obtained, the demand application set is transferred to the first platform for application authorization, then the authorization application set fed back by the first platform for the demand application set is obtained, the first subscription service range of each authorization application in the authorization application set is confirmed, further the subscription service set included in the service subscription request is obtained according to the service subscription request of the first user for the target authorization application based on the first subscription service range, finally the subscription service set is transferred to the second platform for service authorization, the authorization service set fed back by the second platform for the subscription service set is obtained, so that the target authorization application can access the corresponding application service, all processes of application and service subscription can be completed on line, the application service access efficiency is improved, and multi-dimensional online user registration, application and application service access process supervision of specific organizations, posts, roles, personnel and the like are realized.
Example two
Fig. 2a is a flowchart of an access control method for an application service in a second embodiment of the present invention, where the embodiment is further refined on the basis of the foregoing embodiment, and specific steps before responding to an application request of a first user, acquiring a required application set included in the application request, and transferring the required application set to a first platform for application authorization are provided. The following describes an access control method for an application service according to a second embodiment of the present invention with reference to fig. 2a, which includes the following steps:
step 210, creating an invitation code corresponding to at least one user included in the invitation registration list according to the invitation registration list, wherein the invitation registration list includes user information corresponding to the first user and the second user.
The invitation registration list is a user list provided by the supervisor unit to the management system, and comprises at least one user of the supervisor unit for invitation registration and login to the management system. Specifically, the invitation registration list may include user information corresponding to the first user and the second user, that is, the invitation registration list may include logged-in and unregistered users.
In this embodiment, the operation performed by the management system after obtaining the invitation registration list is shown in fig. 2b, and an invitation code corresponding to at least one user included in the invitation registration list may be created, and in an exemplary embodiment, the invitation registration list may include information such as an enterprise name, a user name, and a user phone number, and the user phone number may be used as a unique identifier of each user to create the invitation code.
And 220, when the user corresponding to the invitation code does not hold the invitation code, sending the created invitation code to a second user according to the user information.
In this embodiment, after creating the invitation code corresponding to each user in the invitation registration list, it is further determined whether the user corresponding to the invitation code already holds the invitation code or has completed registration using the invitation code, if the two conditions are satisfied, the currently created invitation code is no longer sent to the user, and if the current user does not hold the invitation code and does not register, the currently created invitation code may be sent to the corresponding user according to the user information in the invitation registration list.
For example, whether the current user already holds or uses the invitation code can be determined according to the telephone number of the user, specifically, whether the telephone number is used as the unique identifier of the user, and whether the telephone number has acquired the invitation code can be determined, if yes, the current operator can be prompted, the user already holds the valid invitation code, the user already uses the invitation code, or the user is registered, or the like, otherwise, the created invitation code is sent to the corresponding user to invite the user to perform account registration.
Optionally, after the user receives the invitation code, the fourth platform performs registration or login authentication on the personal information of the current user, for example, the fourth platform is a unified identity authentication platform, and the specific authentication process includes determining an information perfection level for the filled personal information of the user, when the information perfection level is below level L2, completing level verification operation, and not performing subsequent registration or login operation, and when the information perfection level reaches level L2 or above, continuing to perform account registration or login operation of the user. The information perfection level is a level for representing the perfection degree of personal information of a user, and the higher the information perfection level is, the higher the perfection degree of the personal information filled by the user is, for example, the highest level of perfection of the L1 level and the lowest level of perfection of the L5 level are. The authentication process further comprises the steps of initiating a registration or login authentication request based on personal information of the user, judging whether the user personal information perfection level meets the L2 level requirement according to the invitation receiving feedback parameter initiated by the second user, if not, feeding back the user personal information perfection level to the second user to continue to execute account registration or login operation of the user until the user personal information is met, calling a related regional identity authentication database to verify the personal information of the second user, feeding back an identity authentication result to the second user side to complete the authentication process, and forming an authentication record. Wherein the associated regional authentication database is such as the cantonese resident authentication database.
The personal information of the user comprises basic information, learning information and working experience information, wherein each class comprises 3 specific information, the personal information of the user comprises 9 specific information, when the specific information filled by the user is more than or equal to 7 items, the information perfection level is determined to reach the L2 level, the account registration or login operation can be continuously executed, and otherwise, the information perfection level is considered to be below the L2 level, and the account registration or login operation cannot be executed.
Step 230, in response to the account registration request initiated by the second user, determining whether the account registration request is an account registration request initiated by the invitation code, if so, executing step 241, and if not, executing step 242.
In this embodiment, when receiving the account registration request initiated by the second user, the management system first determines whether the current account registration request is an account registration request initiated by the sent invitation code, specifically, the user initiating the account registration request by the invitation code is a supervisor unit invitation to register, and may not perform manual approval, and further approval is required for other users initiating the account registration request by themselves.
Step 241, creating and logging in an account corresponding to the account registration request.
In this embodiment, when the current account registration request is initiated by the user aiming at the invitation code, the account included in the account registration request is directly created and logged in, without further checking the user identity, the checking and approval supervision flow is skipped, and the access efficiency of the online application service is improved.
It is noted that, after the second user initiates the account registration request execution with respect to the invitation code, the execution operation is shown in fig. 2b, after the invitation code is filled, the foreground interface where the second user is located verifies the invitation code filled by the user, for example, first verifies whether the invitation code filled by the user exists, if not, the account registration request is not initiated to the management system, if so, whether the invitation code is the principal invitation code is further judged, that is, whether the invitation code is matched with the information of the current login user is judged, exemplary, whether the phone number corresponding to the invitation code is matched with the phone number of the current user is judged, if not, the account registration is terminated, otherwise, whether the invitation code is expired is further judged, exemplary, whether the invitation code is expired is judged by the invitation code generation time carried by the invitation code and the validity of the invitation code, if so, the application is terminated, otherwise, the user basic information is prompted and submitted, and after the second user is submitted to complete the approval and login is performed.
Step 242, creating an account corresponding to the account registration request, acquiring user basic information included in the account registration request, and transferring the user basic information to a third platform for registration authorization of the account registration request; and acquiring an authorization result fed back by the third platform aiming at the user basic information, and confirming that the second user is the first user according to the authorization result.
The third platform is a registration authorization platform provided by the management system and facing to system operators, and the system operators can perform registration authorization on the third platform for account registration requests of users.
Optionally, the third platform performs registration authorization of the account registration request for the user basic information, and may further include the following implementation manner: according to the account registration request, acquiring basic information of a current second user, acquiring a corresponding registration authorization template based on the user basic information, and firstly confirming whether the submitted user basic information meets the authorization range registered in the registration authorization template or not according to the registration authorization template, namely confirming the registration authority of the second user again; if the registration authority is met, generating registration authority suggestion information under the limitation of the registration authority and according to the user basic information, and displaying the registration authority suggestion information on an interface of a third platform, and if the registration authority is not met, generating warning information without authority access and feeding back the warning information to a management system; carrying out first identification on the account registration request, and limiting the account registration request of the management system when the identification times exceed a threshold value; after the registration authority is met, after a system operator of the third platform initiates an authorized registration confirmation instruction, user information of the first user is generated to confirm that the second user is the first user.
In this embodiment, when the current account registration request is not initiated for the invitation code, when an account corresponding to the account registration request is created, user basic information included in the account registration request, for example, information such as a collective and collective social organization code to which the user belongs, is required to be obtained, and then the user basic information is transferred to a third platform to perform user registration authorization, specifically, the third platform is a platform on which an operator performs authorization of an account to be registered, the operator may perform authorization work of the account to be registered in the third platform, and finally, the management system performs account login according to a user information auditing result fed back by the third platform for the user basic information, specifically, if the account to be registered is authorized, the account login is directly performed, otherwise, the user is prompted to continue registration, for example, the user is prompted to perfect user information. In this embodiment, data and operation authorization under the user dimension are provided, and authority supervision of the user is planned by the standard.
It should be noted that, the auditing of the user basic information by the management system may be the approval of dimensions such as different personnel, posts or roles, and is not limited to the operation and maintenance personnel provided in the embodiment.
Optionally, the method further includes determining whether the account to be deleted is a primary account in response to an account deletion request initiated by the user; the primary account number is an account number which is registered in the system for the first time, and the account number which is registered after the primary account number is a sub-account number;
when the account to be deleted is the primary account, judging whether the system comprises at least one sub-account in the group to which the primary account belongs;
if yes, prompting of switching the current main account number into the sub account number is initiated, and if not, deleting the main account number.
In this optional embodiment, after the registered accounts complete the corresponding tasks, the user may initiate a request for deleting an account, and after receiving the account deletion request initiated by the user, the management system specifically performs an operation as shown in fig. 2c, first determines whether the account to be deleted is a primary account in the group where the account is located, where the primary account is the first registered account in the group, the subsequently registered accounts are all sub-accounts, and the primary account may manage the sub-accounts, for example, the primary account may be approved when the sub-accounts are registered. When the current account to be deleted is judged to be the main account, whether other sub-accounts except the main account are further judged to be included in the management system, if not, the current account to be deleted can be directly deleted, otherwise, the user needs to be prompted to switch the current main account into the sub-account and then delete the account.
Optionally, when the management system receives the account disabling instruction, it may be determined whether the account to be disabled currently is a primary account, if so, the primary account disabling operation is performed, and if not, the sub-account disabling operation is performed.
Optionally, when the user initiates the account registration request, the operator of the management system may perform the verification work of the user basic information in the third platform, or may perform the verification work of the user basic information corresponding to the user by the primary account.
Step 250, responding to an application request of a first user, acquiring a required application set included in the application request, and transferring the required application set to a first platform for application authorization.
Step 260, acquiring an authorized application set fed back by the first platform aiming at the requirement application set, and confirming a first subscription service range of each authorized application in the authorized application set.
Step 270, based on the first subscription service scope, responding to the service subscription request of the first user for the target authorized application, and acquiring a subscription service set included in the service subscription request.
And 280, transferring the subscription service set to a second platform for service authorization, and acquiring an authorization service set fed back by the second platform aiming at the subscription service set so as to enable the target authorization application to access the corresponding application service.
According to the technical scheme of the embodiment of the invention, at least one user corresponding invitation code contained in an invitation registration list is created according to the invitation registration list, when a user corresponding to the invitation code does not hold the invitation code, the created invitation code is sent to a second user according to user information, an account registration request initiated by the second user is responded, whether the account registration request is an account registration request initiated by the invitation code or not is judged, if yes, an account corresponding to the account registration request is created and logged in, if no account corresponding to the account registration request is created, user basic information contained in the account registration request is acquired, the user basic information is circulated to a third platform to carry out registration authorization of the registration request, authorization results fed back by the third platform for the user basic information are acquired, the second user is confirmed as a first user according to the authorization results, and then the application request of the first user is responded, a demand application set contained in the application request is acquired, the demand application set is transferred to the first platform to carry out application authorization, the first application set fed back by the first platform is acquired, and a first service range of each authorized application set is subscribed for the first platform is confirmed, if the first service range corresponding to the account registration request is not created, the account registration request corresponding to the account registration request is acquired, the first platform is subscribed service request is accessed, the service request is subscribed to be subscribed to a specific service request is completely, the first platform is subscribed service request is subscribed to be subscribed, and the service request is realized, the service is subscribed service is completely is subscribed to be subscribed to the first platform, and the service request is authorized to the first platform is all service application is requested to be, role and personnel, etc., and application and supervision of application service access flows.
Example III
Fig. 3a is a flowchart of an access control method for an application service in a third embodiment of the present invention, where the embodiment is further refined on the basis of the foregoing embodiment, and provides a specific step of requesting an application set flow to a first platform for application authorization and a specific step of transferring a subscription service set flow to a second platform for service authorization. An access control method for an application service according to a third embodiment of the present invention is described below with reference to fig. 3a, and includes the following steps:
step 310, responding to an application request of a first user, and acquiring a required application set included in the application request.
Step 320, obtaining at least one application identifier corresponding to the required application set, and splitting the required application set into at least one application work order according to the application identifier.
In this embodiment, after the required application set included in the application request initiated by the first user is obtained, the required application set may be split into a plurality of application work orders by taking the required application as a unit, specifically as shown in fig. 3b, the required application set may include a plurality of required applications, each required application corresponds to a unique application identifier, and the application identifier corresponding to each required application may be obtained, so that the required application set is split into a plurality of application work orders according to the application identifier, and each application work order corresponds to one required application, for example, from application work order 1 to application work order N.
And 330, associating the application worksheet with the corresponding authorized user in the first platform according to the application type corresponding to the required application set so as to complete the authorization processing of the application worksheet.
In this embodiment, after splitting the required application set into at least one application ticket, the application type corresponding to the required application set may be further determined, and then the application ticket is associated with a corresponding authorized user in the first platform according to the application type corresponding to the required application set, so that the authorized user in the first platform authorizes the required application corresponding to each application ticket, where different types of required applications may correspond to different authorized users in the first platform.
Step 340, obtaining the authorization result fed back by the authorized user for the application work order, forming an authorized application set, and confirming the first subscription service range of each authorized application in the authorized application set.
In this embodiment, after an authorized user in the first platform performs an authorization operation on a required application in a required application set, an authorization result is fed back to the management system, after the management system obtains the authorization result fed back by the authorized user for the application work orders, an authorized application set is formed according to the authorization result and the required application corresponding to each application work order, specifically, the required application corresponding to the application work order that the authorized user authorizes is formed into a set, namely, the authorized application set, and further, a first subscription service range corresponding to each authorized application in the authorized application set is confirmed, and the management system only displays services in the first subscription service range to the authorized application.
Step 350, based on the first subscription service scope, responding to a service subscription request of the first user for the target authorized application, and acquiring a subscription service set included in the service subscription request.
Step 360, obtaining at least one service identifier corresponding to the subscription service set, and splitting the subscription service set into at least one service work order according to the service identifier.
In this embodiment, after the subscription service set included in the service subscription request initiated by the first user is obtained, the demand application set may be split into a plurality of service worksheets by taking the subscription service as a unit, specifically, the subscription service set may include a plurality of services, each service corresponds to a unique service identifier, the service identifier corresponding to each service may be obtained, and then the subscription service set may be split into a plurality of service worksheets according to the service identifier, where each service worksheet corresponds to one service.
And 370, associating the service worksheet with the corresponding authorized user in the second platform according to the service type corresponding to the subscription service set so as to complete the authorization processing of the service worksheet.
In this embodiment, after splitting the subscription service set into at least one service work order, the service type corresponding to the subscription service set may be further determined, and then, according to the service type corresponding to the subscription service set, the service work order is associated with a corresponding authorized user in the second platform, so that the authorized user in the second platform authorizes the subscription service corresponding to each service work order, where different types of subscription services may correspond to different authorized users in the second platform.
Step 380, obtaining an authorization result fed back by the authorized user aiming at the service work order, and forming an authorization service set so as to enable the target authorization application to access the corresponding application service.
In this embodiment, after the authorized user in the second platform performs the authorization operation on the services in the subscription service set, the authorization result is fed back to the management system, and after the management system obtains the authorization result fed back by the authorized user for the service worksheets, the authorization service set is formed according to the authorization result and the services corresponding to each service worksheet, specifically, the services corresponding to the service worksheets authorized by the authorized user are formed into a set, that is, the authorization service set, so that the target authorized application accesses the corresponding application service.
According to the technical scheme, the application request of the first user is responded, the demand application set included in the application request is obtained, the demand application set is transferred to the first platform for application authorization, then the authorization application set fed back by the first platform for the demand application set is obtained, the first subscription service range of each authorization application in the authorization application set is confirmed, further the subscription service set included in the service subscription request is obtained according to the service subscription request of the first user for the target authorization application based on the first subscription service range, finally the subscription service set is transferred to the second platform for service authorization, the authorization service set fed back by the second platform for the subscription service set is obtained, so that the target authorization application can access the corresponding application service, all processes of application and service subscription can be completed on line, the application service access efficiency is improved, and multi-dimensional online user registration, application and application service access process supervision of specific organizations, posts, roles, personnel and the like are realized.
Example IV
Fig. 4 is a schematic structural diagram of an access control system for an application service according to a fourth embodiment of the present invention, where the access control system for an application service includes: a first platform 410, a second platform 420, and a first client 430.
A first platform 410, configured to authorize an application request initiated based on a demand application selected in an application service interface, and generate an authorized application set;
a second platform 420, configured to authorize a service subscription request initiated for a subscription service selected in a service subscription interface by a target authorization application based on the authorization application set, and generate an authorization service set;
the first user side 430 is configured to provide an application service interface and a service subscription interface, and initiate an application request and a service subscription request based on the application service interface and the service subscription interface, respectively, so as to access corresponding application services based on the authorization of the first platform 410 and the second platform 420, respectively.
In this embodiment, the first platform 410 is an authorization platform provided by the management system and facing to a system operator, and the system operator can perform authorization checking on the first platform 410 for an application request of a user, where the operator can divide the first platform into a plurality of dimensions such as organization, person, role, post, and the like. Specifically, the first platform 410 is configured to authorize an application request initiated based on a demand application selected in the application service interface, and feed back a platform of an authorized application set to the management system, where the demand application authorized by the first platform 410 in the application request may further perform service subscription.
The second platform 420 is an authorization platform provided by the management system and facing to a system operator, and the system operator can authorize a service subscription request of a user on the second platform 420, wherein the operator can divide the service subscription request into a plurality of dimensions such as organization, people, roles, posts and the like. Specifically, the second platform 420 is configured to authorize subscription services selected in the service subscription interface for the target authorization application based on the authorization application set, and finally obtain a set formed by all authorization services, that is, an authorization service set.
The first user terminal 430 may provide an application service interface and a service subscription interface, where a user may perform related operations for determining a required application (for example, selecting an application requiring authorization or inputting an application name requiring authorization) on the application service interface, so as to initiate an application request to the management system, so that the management system flows a required application set included in the application request to the first platform 410 for authorization; the user may perform an operation of selecting a subscription service on the service subscription interface, so as to initiate a service subscription request to the management system, so that the management system flows a subscription service set included in the service subscription request to the second platform 420 for authorization, so as to implement authorization of the application to access the service. It should be noted that, the service subscription interface provided by the first user terminal 430 only includes services within the first subscription service range corresponding to the target authorized application.
Optionally, the access control system of the application service further includes:
the third platform 440 is configured to receive an account registration request according to the invitation code, obtain user basic information included in the account registration request, and perform registration authorization with respect to the user basic information;
the second user terminal 450 is configured to receive the invitation code, receive the user basic information according to the invitation code, and initiate an account registration request;
a fourth platform 460, configured to receive a confirmation invite request initiated by the second user terminal 450 based on the invite code, and complete identity verification according to the confirmation invite request.
In this embodiment, the third platform 440 refers to a registration authorization platform provided by the management system and facing to a system operator, and the system operator can perform registration authorization on the third platform 440 for the account registration request of the user. Specifically, the third platform 440 receives the account registration request according to the invitation code, obtains and displays the user information included in the account registration request, and finally performs registration authorization on the account registration request according to the authorization operation of the operator on the user information.
The second user terminal 450 is configured to receive the invitation code sent by the management system, display a user basic information to be filled item that needs to be filled by the user, and initiate an account registration request with respect to the user basic information filled by the user.
The fourth platform 460 first receives the confirmation invite request initiated by the second user terminal 450 based on the invite code, and completes the identity verification according to the confirmation invite request, and the specific authentication process includes, for the personal information of the current user, determining an information improvement level, when the information improvement level is below level L2, completing the level verification operation, and not performing the subsequent registration or login operation any more, and when the information improvement level reaches level L2 or above, continuing to perform the account registration or login operation of the user.
According to the technical scheme, in response to an application request of a login user, a to-be-subscribed application set included in the application request is obtained, the to-be-subscribed application set is transferred to a first platform for application authorization checking, the first platform feeds back an authorized application set for the to-be-processed application set, authorization of a service subscription range is carried out on each authorized application in the authorized application set, authorization of an application management range is further carried out on each authorized application in the authorized application set, then in response to a service subscription request of the login user for a target authorized application, a to-be-subscribed service set included in the service subscription request is obtained, the to-be-subscribed service set belongs to the service subscription range authorized by the target authorized application, the to-be-subscribed service set is transferred to a second platform for service authorization checking, service authorization is carried out on the target authorized application by using an authorized service set fed back by the second platform, finally, a debugging interface of at least one authorized service initiated by a user is triggered, and authorization service is debugged, so that application and service subscription can be completed on line, and transaction efficiency is improved.
Example five
Fig. 5 is a schematic structural diagram of an access control device for application service according to a fifth embodiment of the present invention, where the access control device for application service includes: a demand application set acquisition module 510, an authorization application set acquisition module 520, a subscription service set acquisition module 530, and an authorization service set acquisition module 540.
The required application set obtaining module 510 is configured to respond to an application request of a first user, obtain a required application set included in the application request, and transfer the required application set to the first platform for application authorization;
an authorized application set obtaining module 520, configured to obtain an authorized application set fed back by the first platform for the required application set, and confirm a first subscription service range of each authorized application in the authorized application set;
a subscription service set obtaining module 530, configured to obtain, based on the first subscription service range, a subscription service set included in a service subscription request in response to the service subscription request of the first user for the target authorized application;
and the authorization service set acquisition module 540 is configured to transfer the subscription service set to a second platform for service authorization, and acquire an authorization service set fed back by the second platform for the subscription service set, so that the target authorization application accesses the corresponding application service.
According to the technical scheme, in response to an application request of a login user, a to-be-subscribed application set included in the application request is obtained, the to-be-subscribed application set is transferred to a first platform for application authorization checking, the first platform feeds back an authorized application set for the to-be-processed application set, authorization of a service subscription range is carried out on each authorized application in the authorized application set, authorization of an application management range is further carried out on each authorized application in the authorized application set, then in response to a service subscription request of the login user for a target authorized application, a to-be-subscribed service set included in the service subscription request is obtained, the to-be-subscribed service set belongs to the service subscription range authorized by the target authorized application, the to-be-subscribed service set is transferred to a second platform for service authorization checking, service authorization is carried out on the target authorized application by using an authorized service set fed back by the second platform, finally, a debugging interface of at least one authorized service initiated by a user is triggered, and authorization service is debugged, so that application and service subscription can be completed on line, and transaction efficiency is improved.
Optionally, the access control device for application service further includes:
the registration request type judging module is used for responding to an application request of a first user, acquiring a demand application set contained in the application request, and judging whether the account registration request is an account registration request initiated by an invitation code or not in response to an account registration request initiated by a second user before the demand application set is transferred to the first platform for application authorization;
the account creation module is used for creating and logging in an account corresponding to the account registration request when the account registration request is an account registration request initiated for the invitation code;
the registration information circulation module is used for creating an account corresponding to the account registration request when the account registration request is not an account registration request initiated by an invitation code, acquiring user basic information included in the account registration request, and circulating the user basic information to a third platform to perform registration authorization of the account registration request;
the first user confirmation module is used for acquiring an authorization result fed back by the third platform aiming at the user basic information and confirming that the second user is the first user according to the authorization result.
Optionally, the access control device for application service further includes:
the system comprises an invitation code creation module, a first user registration module and a second user registration module, wherein the invitation code creation module is used for creating an invitation code corresponding to at least one user contained in an invitation registration list according to the invitation registration list before responding to an account registration request initiated by a second user and judging whether the account registration request is an account registration request initiated by the invitation code, and the invitation registration list comprises user information corresponding to the first user and the second user;
and the invitation code sending module is used for sending the created invitation code to the second user according to the user information when the user corresponding to the invitation code does not hold the invitation code.
Optionally, the demand application set acquisition module 510 includes:
a required application set splitting unit, configured to obtain at least one application identifier corresponding to the required application set, and split the required application set into at least one application work order according to the application identifier;
the first authorized user association unit is used for associating the application worksheet with the corresponding authorized user in the first platform according to the application type corresponding to the required application set so as to complete the authorization processing of the application worksheet;
Accordingly, the authorized application set acquisition module 520 includes:
and the authorized application set acquisition unit is used for acquiring an authorized result fed back by the authorized user aiming at the application worksheet to form the authorized application set.
Optionally, the authorization service set acquisition module 540 includes:
a subscription service set splitting unit, configured to obtain at least one service identifier corresponding to the subscription service set, and split the subscription service set into at least one service work order according to the service identifier;
the second authorized user association unit is used for associating the service worksheet with the corresponding authorized user in the second platform according to the service type corresponding to the subscription service set so as to complete the authorized processing of the service worksheet;
and the authorization service set acquisition unit is used for acquiring an authorization result fed back by the authorized user aiming at the service work order to form the authorization service set.
The access control device for the application service provided by the embodiment of the invention can execute the access control method for the application service provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example six
Fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention, as shown in fig. 6, the electronic device includes a processor 60 and a memory 61; the number of processors 60 in the device may be one or more, one processor 60 being taken as an example in fig. 6; the processor 60 and the memory 61 in the device may be connected by a bus or otherwise, in fig. 6 by way of example.
The memory 61 is a computer readable storage medium, and may be used to store a software program, a computer executable program, and a module, such as program instructions/modules corresponding to an access control method for an application service in an embodiment of the present invention (for example, a required application set acquisition module 510, an authorized application set acquisition module 520, a subscription service set acquisition module 530, and an authorized service set acquisition module 540 in an access control apparatus for an application service).
The method comprises the following steps:
responding to an application request of a first user, acquiring a demand application set contained in the application request, and transferring the demand application set to a first platform for application authorization;
acquiring an authorized application set fed back by the first platform aiming at the required application set, and confirming a first subscription service range of each authorized application in the authorized application set;
based on the first subscription service range, responding to a service subscription request of a first user aiming at a target authorized application, and acquiring a subscription service set included in the service subscription request;
And transferring the subscription service set to a second platform for service authorization, and acquiring an authorization service set fed back by the second platform aiming at the subscription service set so as to enable the target authorization application to access the corresponding application service.
The memory 61 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, at least one application program required for functions; the storage data area may store data created according to the use of the terminal, etc. In addition, the memory 61 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some examples, memory 61 may further comprise memory remotely located relative to processor 60, which may be connected to the device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
Example seven
A seventh embodiment of the present invention also provides a computer-readable storage medium having stored thereon a computer program for executing an access control method of an application service when executed by a computer processor, the method comprising:
Responding to an application request of a first user, acquiring a demand application set contained in the application request, and transferring the demand application set to a first platform for application authorization;
acquiring an authorized application set fed back by the first platform aiming at the required application set, and confirming a first subscription service range of each authorized application in the authorized application set;
based on the first subscription service range, responding to a service subscription request of a first user aiming at a target authorized application, and acquiring a subscription service set included in the service subscription request;
and transferring the subscription service set to a second platform for service authorization, and acquiring an authorization service set fed back by the second platform aiming at the subscription service set so as to enable the target authorization application to access the corresponding application service.
Of course, the storage medium provided by the embodiments of the present invention and including the computer executable instructions is not limited to the method operations described above, and may also perform the related operations in the access control method for the application service provided by any embodiment of the present invention.
From the above description of embodiments, it will be clear to a person skilled in the art that the present invention may be implemented by means of software and necessary general purpose hardware, but of course also by means of hardware, although in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, etc., and include several instructions for causing a computer device (which may be a personal computer, an application server, or a network device, etc.) to execute the method according to the embodiments of the present invention.
It should be noted that, in the embodiment of the above-mentioned access control device for application service, each unit and module included are only divided according to the functional logic, but not limited to the above-mentioned division, so long as the corresponding functions can be implemented; in addition, the specific names of the functional units are also only for distinguishing from each other, and are not used to limit the protection scope of the present invention.
Note that the above is only a preferred embodiment of the present invention and the technical principle applied. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, while the invention has been described in connection with the above embodiments, the invention is not limited to the embodiments, but may be embodied in many other equivalent forms without departing from the spirit or scope of the invention, which is set forth in the following claims.
Claims (10)
1. An access control method for an application service, comprising:
responding to an application request of a first user, acquiring a demand application set contained in the application request, and transferring the demand application set to a first platform for application authorization;
The step of transferring the demand application set to the first platform for application authorization comprises the following steps:
splitting the required application set into at least one application work order;
according to the application type corresponding to the required application set, associating the application work order with a corresponding authorized user in a first platform to complete the authorization processing of the application work order;
acquiring an authorized application set fed back by the first platform aiming at the required application set, and confirming a first subscription service range of each authorized application in the authorized application set;
based on the first subscription service range, responding to a service subscription request of a first user aiming at a target authorized application, and acquiring a subscription service set included in the service subscription request;
the subscription service set is transferred to a second platform for service authorization, and an authorization service set fed back by the second platform aiming at the subscription service set is obtained, so that the target authorization application accesses corresponding application service;
the step of transferring the subscription service set to a second platform for service authorization comprises the following steps:
splitting the subscription service set into at least one service work order;
and associating the service worksheet with a corresponding authorized user in a second platform according to the service type corresponding to the subscription service set so as to complete the authorization processing of the service worksheet.
2. The method of claim 1, further comprising, before responding to the application request of the first user, obtaining a required application set included in the application request, and transferring the required application set to the first platform for application authorization:
responding to an account registration request initiated by a second user, and judging whether the account registration request is an account registration request initiated by an invitation code;
if yes, creating and logging in an account corresponding to the account registration request;
if not, creating an account corresponding to the account registration request, acquiring user basic information included in the account registration request, and transferring the user basic information to a third platform to perform registration authorization of the account registration request;
and acquiring an authorization result fed back by the third platform aiming at the user basic information, and confirming that the second user is the first user according to the authorization result.
3. The method of claim 2, further comprising, prior to determining whether the account registration request is an account registration request initiated for an invitation code in response to a second user initiated account registration request:
Creating an invitation code corresponding to at least one user contained in an invitation registration list according to the invitation registration list, wherein the invitation registration list comprises user information corresponding to a first user and a second user;
and when the user corresponding to the invitation code does not hold the invitation code, sending the created invitation code to the second user according to the user information.
4. The method of claim 1, wherein streaming the set of required applications to the first platform for application authorization comprises:
acquiring at least one application identifier corresponding to the required application set, and splitting the required application set into at least one application work order according to the application identifier;
correspondingly, acquiring the authorized application set fed back by the first platform aiming at the requirement application set comprises the following steps:
and obtaining an authorization result fed back by the authorized user aiming at the application worksheet to form the authorized application set.
5. The method of claim 1, wherein streaming the subscription service set to a second platform for service authorization comprises:
acquiring at least one service identifier corresponding to the subscription service set, and splitting the subscription service set into at least one service work order according to the service identifier;
Correspondingly, acquiring the authorization service set fed back by the second platform aiming at the subscription service set comprises the following steps:
and obtaining an authorization result fed back by the authorized user aiming at the service worksheet to form the authorization service set.
6. An application service access control system, comprising:
the first platform is used for authorizing an application request initiated based on a demand application selected in the application service interface to generate an authorized application set; the application request comprises a demand application set;
the first platform is specifically configured to split the required application set into at least one application work order;
according to the application type corresponding to the required application set, associating the application worksheet to a corresponding authorized user so as to complete the authorization processing of the application worksheet;
a second platform for authorizing a service subscription request initiated for a subscription service selected in a service subscription interface by a target authorization application based on the authorization application set, generating an authorization service set; wherein, the service subscription request comprises a subscription service set;
the second platform is specifically configured to split the subscription service set into at least one service worksheet;
According to the service type corresponding to the subscription service set, associating the service work order to a corresponding authorized user so as to complete the authorization processing of the service work order;
the first user end is used for providing the application service interface and the service subscription interface, and respectively initiating the application request and the service subscription request based on the application service interface and the service subscription interface so as to access corresponding application services based on the authorization of the first platform and the second platform respectively.
7. The system of claim 6, further comprising:
the third platform is used for receiving the account registration request according to the invitation code, acquiring user basic information contained in the account registration request, and carrying out registration authorization on the user basic information;
the second user end is used for receiving the invitation code, receiving user basic information according to the invitation code and initiating the account registration request;
and the fourth platform is used for receiving a confirmation invitation request initiated by the second user terminal based on the invitation code and completing identity verification according to the confirmation invitation request.
8. An access control apparatus for an application service, comprising:
the demand application set acquisition module is used for responding to an application request of a first user, acquiring a demand application set contained in the application request, and transferring the demand application set to the first platform for application authorization;
The demand application set acquisition module includes:
a demand application set splitting unit, configured to split the demand application set into at least one application work order;
the first authorized user association unit is used for associating the application worksheet with the corresponding authorized user in the first platform according to the application type corresponding to the required application set so as to complete the authorization processing of the application worksheet;
the authorization application set acquisition module is used for acquiring an authorization application set fed back by the first platform aiming at the demand application set and confirming a first subscription service range of each authorization application in the authorization application set;
the subscription service set acquisition module is used for responding to a service subscription request of the first user for the target authorized application based on the first subscription service range to acquire a subscription service set included in the service subscription request;
the authorization service set acquisition module is used for streaming the subscription service set to a second platform for service authorization, and acquiring an authorization service set fed back by the second platform aiming at the subscription service set so as to enable the target authorization application to access the corresponding application service;
the authorization service set acquisition module comprises:
a subscription service set splitting unit, configured to split the subscription service set into at least one service work order;
And the second authorized user association unit is used for associating the service worksheet with the corresponding authorized user in the second platform according to the service type corresponding to the subscription service set so as to complete the authorization processing of the service worksheet.
9. An electronic device, the device comprising:
one or more processors;
a memory for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the access control method of application services of any of claims 1-5.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements an access control method for an application service according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110521856.3A CN113111339B (en) | 2021-05-13 | 2021-05-13 | Access control method, device, equipment and medium for application service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110521856.3A CN113111339B (en) | 2021-05-13 | 2021-05-13 | Access control method, device, equipment and medium for application service |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113111339A CN113111339A (en) | 2021-07-13 |
| CN113111339B true CN113111339B (en) | 2023-12-19 |
Family
ID=76722358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110521856.3A Active CN113111339B (en) | 2021-05-13 | 2021-05-13 | Access control method, device, equipment and medium for application service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113111339B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11537705B2 (en) * | 2020-10-27 | 2022-12-27 | Dell Products L.P. | Device access control system |
| CN113610651A (en) * | 2021-08-17 | 2021-11-05 | 上海镁信健康科技有限公司 | PBM ecosystem's open platform |
| CN115495783B (en) * | 2022-09-20 | 2023-05-23 | 北京三维天地科技股份有限公司 | Method and system for solving configuration type data service exposure |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102043993A (en) * | 2009-10-13 | 2011-05-04 | 上海虹迪物流配送有限公司 | System control method for transport management system |
| CN111078204A (en) * | 2019-12-25 | 2020-04-28 | 江苏共融科技有限公司 | Business middling front-end system based on micro front-end architecture |
| CN111371787A (en) * | 2020-03-04 | 2020-07-03 | 广州市百果园信息技术有限公司 | Login registration method, device, system, server and medium for middle station service |
| WO2020220783A1 (en) * | 2019-04-29 | 2020-11-05 | 华为技术有限公司 | Proxy subscription authorization method and device |
| CN111988422A (en) * | 2020-08-31 | 2020-11-24 | 广州市百果园信息技术有限公司 | Subscription method, device, server and storage medium of application service |
| CN112231660A (en) * | 2020-10-15 | 2021-01-15 | 浪潮云信息技术股份公司 | Invitation code registration authorization implementation method and system based on permission distribution |
| CN112613024A (en) * | 2021-01-07 | 2021-04-06 | 国网上海市电力公司 | Data interaction method, device and system and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040022258A1 (en) * | 2002-07-30 | 2004-02-05 | Docomo Communications Laboratories Usa, Inc. | System for providing access control platform service for private networks |
| CN110324390A (en) * | 2018-03-30 | 2019-10-11 | 京东方科技集团股份有限公司 | A kind of cut-in method, platform of internet of things, application apparatus, service equipment |
-
2021
- 2021-05-13 CN CN202110521856.3A patent/CN113111339B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102043993A (en) * | 2009-10-13 | 2011-05-04 | 上海虹迪物流配送有限公司 | System control method for transport management system |
| WO2020220783A1 (en) * | 2019-04-29 | 2020-11-05 | 华为技术有限公司 | Proxy subscription authorization method and device |
| CN111078204A (en) * | 2019-12-25 | 2020-04-28 | 江苏共融科技有限公司 | Business middling front-end system based on micro front-end architecture |
| CN111371787A (en) * | 2020-03-04 | 2020-07-03 | 广州市百果园信息技术有限公司 | Login registration method, device, system, server and medium for middle station service |
| CN111988422A (en) * | 2020-08-31 | 2020-11-24 | 广州市百果园信息技术有限公司 | Subscription method, device, server and storage medium of application service |
| CN112231660A (en) * | 2020-10-15 | 2021-01-15 | 浪潮云信息技术股份公司 | Invitation code registration authorization implementation method and system based on permission distribution |
| CN112613024A (en) * | 2021-01-07 | 2021-04-06 | 国网上海市电力公司 | Data interaction method, device and system and storage medium |
Non-Patent Citations (3)
| Title |
|---|
| 基于Web服务组合的智能配电服务共享关键技术研究;谭洪恩;《硕士论文电子期刊》;全文 * |
| 电信行业应用集中运营支撑平台的设计与构建;李明明;《硕士论文电子期刊》;全文 * |
| 社会公共资源网络化共享对城乡融合发展的影响效应研究;王欢;《硕士论文电子期刊》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113111339A (en) | 2021-07-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113111339B (en) | Access control method, device, equipment and medium for application service | |
| US20200285978A1 (en) | Model training system and method, and storage medium | |
| US10637676B2 (en) | Method, apparatus, and system for managing follower accounts in groups | |
| WO2019232825A1 (en) | Information customization transmission method, device, computer device and storage medium | |
| CN103986584A (en) | Double-factor identity verification method based on intelligent equipment | |
| CN103942616B (en) | Car insurance calculation quotation service system based on mobile internet | |
| CN110619206B (en) | Operation and maintenance risk control method, system, equipment and computer readable storage medium | |
| CN111556052A (en) | Authority management method, processing device and storage medium | |
| CN105378703A (en) | Methods and systems for validating multiple methods of input using unified rule set | |
| US20230412539A1 (en) | Limited functionality interface for communication platform | |
| CN103944861A (en) | Voice verification system | |
| US10003592B2 (en) | Active directory for user authentication in a historization system | |
| CN109615329A (en) | Processing method, device and computer equipment on the line of conductive suggestion | |
| US20130312068A1 (en) | Systems and methods for administrating access in an on-demand computing environment | |
| CN111614641A (en) | Cloud account management system and application method | |
| CN108140079A (en) | Device authentication system | |
| CN114268487A (en) | Authority control method and device based on industrial identification node | |
| US20230262045A1 (en) | Secure management of a robotic process automation environment | |
| CN112488672B (en) | Method for realizing government affair second batch service and service system | |
| CN103428161A (en) | Phone authentication service system | |
| CN112507668A (en) | Project data storage certificate method, storage certificate system, terminal equipment and readable storage medium | |
| DE202020005751U1 (en) | Managing user identities in a multi-tenant managed service | |
| CN111523817A (en) | Order business processing method, device, equipment and medium based on big data | |
| CN103310138A (en) | Account managing device and a method thereof | |
| CN110334906A (en) | Business data processing method, device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |