CN113259436A - Network request processing method and device - Google Patents

Network request processing method and device Download PDF

Info

Publication number
CN113259436A
CN113259436A CN202110525365.6A CN202110525365A CN113259436A CN 113259436 A CN113259436 A CN 113259436A CN 202110525365 A CN202110525365 A CN 202110525365A CN 113259436 A CN113259436 A CN 113259436A
Authority
CN
China
Prior art keywords
request
service
network request
network
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110525365.6A
Other languages
Chinese (zh)
Other versions
CN113259436B (en
Inventor
安兴朝
杨培旭
赵钊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202110525365.6A priority Critical patent/CN113259436B/en
Publication of CN113259436A publication Critical patent/CN113259436A/en
Application granted granted Critical
Publication of CN113259436B publication Critical patent/CN113259436B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/566Grouping or aggregating service requests, e.g. for unified processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/12Avoiding congestion; Recovering from congestion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a method and a device for processing a network request, and relates to the technical field of mobile interconnection. One embodiment of the method comprises: receiving a network request sent by a client, wherein the network request comprises: request address and user information; determining a service provider corresponding to the network request; generating a service request corresponding to the network request, and forwarding the service request to the service provider; and acquiring return data returned by the service provider aiming at the service request, and sending the return data to the client. This embodiment may multiplex sharing of services from different sources.

Description

Network request processing method and device
Technical Field
The present invention relates to the field of mobile internet technologies, and in particular, to a method and an apparatus for processing a network request.
Background
Different enterprises or different departments of the same enterprise respectively precipitate some public services in the process of project development. However, these public services are dispersed within each enterprise or department and are not reused and shared, so that some excellent public services are only limited to be used within the enterprise or department, and the value of the public services is not fully exerted.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for processing a network request, which can multiplex and share services from different sources.
In a first aspect, an embodiment of the present invention provides a method for processing a network request, which is applied to a gateway, and includes:
receiving a network request sent by a client, wherein the network request comprises: request address and user information;
determining a service provider corresponding to the network request;
generating a service request corresponding to the network request, and forwarding the service request to the service provider;
and acquiring return data returned by the service provider aiming at the service request, and sending the return data to the client.
Optionally, before generating the service request corresponding to the network request, the method further includes:
performing security check on the user information, wherein the security check comprises at least one of the following: whether the user is registered or not, whether the user is in an available state or not and whether the dynamic password of the user is legal or not;
the generating a service request corresponding to the network request includes:
and if the user information passes the security verification, generating a service request corresponding to the network request.
Optionally, the generating a service request corresponding to the network request includes:
acquiring configuration information of the service according to the request address;
processing the network request according to the configuration information;
and generating the service request according to the processing result of the network request.
Optionally, the configuration information includes: whether to perform access expiration check;
the processing the network request according to the configuration information includes:
acquiring request time information and current time information of the network request;
judging whether the network request is overdue or not according to the request time information and the current time information;
the generating the service request according to the processing result of the network request comprises:
and if the judgment result represents that the network request is not overdue, generating a service request corresponding to the network request.
Optionally, the configuration information includes: a first data conversion mode;
the processing the network request according to the configuration information includes:
performing data conversion on the data in the network request according to the first data conversion mode;
the generating the service request according to the processing result of the network request comprises:
and generating the service request according to the converted network request.
Optionally, the configuration information includes: first encryption and decryption information;
the processing the network request according to the configuration information includes:
decrypting the information in the network request according to the first encryption and decryption information;
the generating the service request according to the processing result of the network request comprises:
and generating the service request according to the decrypted network request.
Optionally, the generating a service request corresponding to the network request includes:
acquiring configuration information of the service according to the request address, wherein the configuration information comprises: a data assembly mode;
and assembling the data in the network request according to the data assembling mode to generate the service request.
Optionally, the configuration information further includes: a second data conversion mode and/or second encryption and decryption information;
the sending the return data to the client includes:
processing the returned data according to the second data conversion mode and/or the second encryption and decryption information;
and sending the processed return data to the client.
Optionally, the method further comprises:
generating a dynamic password for the target user;
and checking the user information of the target user according to the dynamic password.
Optionally, the method further comprises:
acquiring monitoring information, wherein the monitoring information comprises at least one of the following: service access volume, service success rate, number of concurrencies, average transaction response time consumption, and number of clicks per second.
Optionally, the method further comprises:
determining a data flow rate of the network request;
and carrying out congestion control on the network request according to the data flow rate.
Optionally, the performing congestion control on the network request according to the data flow rate includes:
determining the congestion degree of a network in which the gateway is positioned;
and if the congestion degree is greater than the preset degree and the data flow rate is greater than the preset flow rate, discarding the network request.
In a second aspect, an embodiment of the present invention provides a device for processing a network request, which is applied in a gateway, and includes:
a request receiving module, configured to receive a network request sent by a client, where the network request includes: request address and user information;
a provider determining module, configured to determine a service provider corresponding to the network request;
the request forwarding module is used for generating a service request corresponding to the network request and forwarding the service request to the service provider;
and the data return module is used for acquiring return data returned by the service provider aiming at the service request and sending the return data to the client.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any of the embodiments described above.
In a fourth aspect, an embodiment of the present invention provides a computer-readable medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the method of any one of the above embodiments.
One embodiment of the above invention has the following advantages or benefits: the method comprises the steps of receiving a network request sent by a client, converting the network request sent by the client into a service request meeting the service request received by a service provider, and forwarding the service request to the service provider corresponding to the network request. The client can access a plurality of services from different sources by using the method of the embodiment of the invention. Therefore, the embodiment of the invention can multiplex and share the services from different sources.
Furthermore, the format protocol or the like of the service request issued by the client and the request supported by the service provider is likely to be inconsistent. Under the condition that a background server code of a service provider is not changed, a network request is converted into a service request corresponding to the service provider through a gateway, so that loose coupling between a client application and the service provider application is realized, uniform access and management of the client request are realized, and better access experience is brought to a user.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a schematic diagram of an application scenario of a method for processing a network request according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating a flow of a method for processing a network request according to an embodiment of the present invention;
fig. 3 is a schematic diagram illustrating a flow of another network request processing method according to an embodiment of the present invention;
fig. 4 is a schematic diagram illustrating a flow of a method for processing a network request according to another embodiment of the present invention;
fig. 5 is a schematic structural diagram of a gateway according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a device for processing a network request according to an embodiment of the present invention;
fig. 7 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Different enterprises or project groups respectively provide services, are independently deployed, are independently called internally, and have different externally provided service specifications. Services developed by different enterprises or project groups are overlapped, high-quality services cannot be fully utilized, server resources are wasted, and unnecessary human resources are wasted due to the fact that externally provided service specifications are inconsistent. Wherein the service specification comprises: management and access specifications
The scheme of the embodiment of the invention aims to solve the problems of unified management of the service, unified similar safety management service and unified access specification, the unified management of the service reduces the waste of server resources, the access specifications are consistent, the user experience is increased, different access specifications of the same service are avoided, and the human resources familiar with different access specifications are saved.
Fig. 1 is a schematic diagram of an application scenario of a method for processing a network request according to an embodiment of the present invention. As shown in fig. 1, the service request distribution method according to the embodiment of the present invention may be applied to the gateway device 104. The gateway device 104 may be a gateway, router, switch, firewall, or the like.
The clients 101, 102, 103 send service request messages to the gateway device 104, and the gateway device 104 receives the network requests sent by the clients 101, 102, 103, converts the network requests into service requests conforming to the service providers 105, 106, 107, and forwards the service requests to the service providers corresponding to the network requests.
Clients 101, 102, 103 may be cell phones, notebooks, tablets, laptop portable computers, servers, and the like. The service providers 105, 106, 107 may be servers deployed based on a centralized architecture or may be servers deployed based on a distributed microservice architecture.
It should be noted that the method for processing the network request provided by the embodiment of the present invention is generally executed by the gateway device 104, and accordingly, the processing device for the network request is generally disposed in the gateway device 104.
Fig. 2 is a schematic diagram of a flow of a method for processing a network request according to an embodiment of the present invention, as shown in fig. 2, the method includes:
step 201: receiving a network request sent by a client, wherein the network request comprises: request address and user information.
Step 202: and determining a service provider corresponding to the network request.
The method can be characterized in that a service information table can be prestored on the gateway equipment, and configuration information can be stored in the service information table and comprises the following steps: request address, service provider address, user information, verification information, and the like. Through the information in the service information table and the information in the network request, the service provider information corresponding to the network request can be determined.
Step 203: and generating a service request corresponding to the network request, and forwarding the service request to the service provider.
The format protocol, etc. of the service request issued by the client and the request supported by the service provider is likely to be inconsistent. The configuration information may include information such as an assembly method, a data conversion method, an encryption and decryption method for the network request. And according to the configuration information, converting, encrypting, decrypting, assembling and the like are carried out on the data in the service request so as to generate the service request supported by the service provider. For example, the processing of json to xml message, the processing of xml to json, and the like are performed on the data in the network request according to the data conversion mode, so that the subsequent forwarding and use are facilitated.
Step 204: and acquiring return data returned by the service provider aiming at the service request, and sending the return data to the client.
In the embodiment of the invention, the network request sent by the client is received, the network request sent by the client is converted into the service request which is in line with the service request received by the service provider, and the service request is forwarded to the service provider corresponding to the network request. A client may access multiple services from different organizations using the methods of embodiments of the present invention. Therefore, the embodiment of the invention can solve the problem that the services from different organizations cannot be multiplexed and shared.
Furthermore, the format protocol or the like of the service request issued by the client and the request supported by the service provider is likely to be inconsistent. Under the condition that a background server code of a service provider is not changed, a network request is converted into a service request corresponding to the service provider through a gateway, so that uniform access and management of client requests are realized, and better access experience is brought to a user.
In an embodiment of the present invention, before generating the service request corresponding to the network request, the method further includes: and carrying out security check on the user information, wherein the security check comprises at least one of the following steps: whether the user is registered or not, whether the user is in an available state or not and whether the dynamic password of the user is legal or not; and if the user information passes the security verification, generating a service request corresponding to the network request.
According to the request information sent by the client side, the user information and the access address are included, simple user information is carried out to check whether the user is registered or not, whether the user is in an available state or not, whether a dynamic password of the user is legal or not, and the access starting time request parameter is set in the context of request processing so as to be used in subsequent processing. By carrying out safety verification on the user information, the operating pressure of a service provider can be reduced, the safety of the network is improved, and the service provider can respond to the network request better.
Fig. 3 is a schematic diagram of a flow of a method for processing a network request according to an embodiment of the present invention, as shown in fig. 3, the method includes:
step 301: receiving a network request sent by a client, wherein the network request comprises: request address and user information.
Step 302: and determining a service provider corresponding to the network request.
Step 303: and acquiring the configuration information of the service according to the request address.
Step 304: and processing the network request according to the configuration information.
Step 305: and generating a service request according to the processing result of the network request, and forwarding the service request to the service provider.
Step 306: and acquiring return data returned by the service provider aiming at the service request, and sending the return data to the client.
The configuration information may include: whether to carry out access expiration check, a first data conversion mode, first encryption and decryption information, a data assembly mode, a second data conversion mode and second encryption and decryption information. The first data conversion mode is a mode of performing data conversion on data in the network request. The first encryption and decryption information is a way of decrypting information in the network request. The second data conversion mode is a mode of performing data conversion on the return data. The second encryption and decryption information is a way of decrypting the returned data.
And acquiring configuration information of the service in service management according to the user information and the accessed address, wherein the configuration information comprises whether access expiration check is carried out, whether access data conversion is carried out, whether encryption and decryption conversion is carried out, and whether signature verification is carried out. For example, according to the configuration information, whether the network request is expired is determined through the request time information and the current time information. And performing json-to-xml message processing or xml-to-json processing on the data in the network request according to the first data conversion mode, so that the subsequent forwarding and use are facilitated. And decrypting the data in the network request according to the first encryption and decryption method to obtain plaintext data.
After the safety verification, the data conversion and the data decryption are completed, the data in the network request are assembled according to the assembly mode in the service configuration information, the target service address is obtained according to the service configuration information, the assembled service request is forwarded, the return data are obtained from the service provider, and the return data are subjected to the data conversion, the decryption and the encryption according to the service configuration and returned to the request client side of the service. Specifically, the return data is processed according to the second data conversion mode and/or the second encryption and decryption information, and the processed return data is sent to the client.
In one embodiment of the invention, the method further comprises: generating a dynamic password for the target user; and checking the user information of the target user according to the dynamic password.
A dynamic password for the service is generated and a particular user is bound for user information for which the user initiates the request. The dynamic password may be a random string of UUID (Universally Unique Identifier), and the dynamic password may be verified according to the requested user information.
And generating a security public and private key according to the encryption algorithm of the service for encryption and decryption of the request data by unified management, binding the public and private key to the dynamic password by the security management, obtaining the public and private key according to the dynamic password by unified access, and encrypting and decrypting the data according to the encryption algorithm configured by the service. By checking the user information, the network security can be better protected, and the possibility of malicious attack is reduced.
In one embodiment of the invention, the method further comprises: acquiring monitoring information, wherein the monitoring information comprises at least one of the following: service access volume, service success rate, number of concurrencies, average transaction response time consumption, and number of clicks per second.
And collecting monitoring information of the network request, such as service access amount, service success rate, concurrency number, average transaction response time consumption and clicks per second, user information, request time consumption, request parameters, request state and the like. When abnormal values occur in some monitoring information, an alarm can be sent out. Furthermore, a data retrieval function is provided, and the request amount, average time consumption, service system and service success rate of the service are provided to the outside, so that related technicians can calculate and eliminate possible faults according to the state of each service, and the normal operation of the system is guaranteed.
Fig. 4 is a schematic diagram of a flow of a method for processing a network request according to an embodiment of the present invention, as shown in fig. 4, the method includes:
step 401: receiving a network request sent by a client, wherein the network request comprises: request address and user information.
Step 402: a data flow rate requested by the network is determined.
The data flow rate of the network request is the data flow rate of the service to which the network request belongs. The service to which the network request belongs may be determined by at least one of the following attributes of the packet to be forwarded: source IP address, destination IP address, protocol number, source port number, destination port number.
Step 403: and carrying out congestion control on the network request according to the data flow rate.
The congestion level of the network in which the gateway is located may be determined first. And if the congestion degree is greater than the preset degree and the data flow rate is greater than the preset flow rate, discarding the network request. When the congestion degree is serious, the network message with the larger data flow rate is discarded, and the network message with the smaller data flow rate is not required to be discarded, so that the network congestion condition can be effectively relieved.
Step 404: and determining a service provider corresponding to the network request subjected to congestion control.
Step 405: and generating a service request corresponding to the network request, and forwarding the service request to the service provider.
Step 406: and acquiring return data returned by the service provider aiming at the service request, and sending the return data to the client.
In the embodiment of the invention, the network request is subjected to congestion control according to the data flow rate, so that the condition that the network is in a congestion state for a long time can be reduced. The method of the embodiments of the present invention enables more efficient congestion control than indiscriminately dropping all network requests.
Each service needs to be registered with the gateway before the network request is fulfilled by the gateway. The business process flow for registering the service to the gateway is as follows: each enterprise or project group will need the registered service, and will submit the application in the service management system according to the characteristics of the service. And the service management system carries out service approval and judges whether the service can be registered in the gateway service center or not. The service system registers the service to the gateway by relying on the delivered service registration SDK (Software Development Kit) after the service management system passes the approval. And all services in the service system are registered in the gateway service center, so that unified services can be provided through the gateway.
Fig. 5 is a schematic structural diagram of a gateway according to an embodiment of the present invention. As shown in fig. 5, the method of the embodiment of the present invention is mainly performed around unified access, service management, security management and statistical metering of a unified gateway. The unified access is responsible for forwarding of services, safety verification, data conversion and forwarding of services. The security management is responsible for generating and distributing security keys, and the service management is responsible for registering and monitoring services and storing characteristics of the services. Counting the count of service access, the service access amount, the service success rate, the service statistics and other monitoring information.
The unified access is a core component of the unified gateway, and the component realizes the receiving and forwarding of services, the permission verification of request data, the security verification, the encryption and decryption and the log record of request information. The service management of the unified gateway mainly comprises the following functions:
the service registration, the dynamic registration of the system service to the service management system when the system service is started, the service management system can monitor the state of the service dynamically according to the heartbeat, and the registration information of the service is modified; the service management can configure the registered service through the interface, and manage the registered service to configure or modify the service parameters.
And (4) service discovery, namely acquiring the registered service through service management by the unified gateway, and carrying out service processing according to the service information of the registration place.
And (4) service detection, namely, the service management judges whether the service has a fault according to the health of the heartbeat monitoring detection service and carries out fault isolation on the service.
The security management provides a basis for security verification and provides encryption and decryption passwords for unified access. The security management generates a dynamic password of the service and binds a specific user for the user to initiate the requested user information, and the unified access can carry out the dynamic password verification according to the requested user information.
And the security management generates a security public and private key according to the encryption algorithm of the service for encryption and decryption of the request data by unified management, binds the public and private key to the dynamic password, acquires the public and private key according to the dynamic password by unified access, and encrypts and decrypts the data according to the encryption algorithm configured by the service.
The statistical measurement is mainly used for monitoring the system and the service, and the stable and safe operation of the system is ensured. And uniformly accessing and collecting user information, request time consumption, request parameters and request state sending messages of the service request. And counting, measuring and receiving the messages uniformly accessed and sent, providing a data retrieval function, and providing the request quantity, average time consumption, service system and service success rate of the service to the outside.
In the embodiment of the invention, the dynamic management of the service and the dynamic support of various service types are solved by utilizing the unified gateway technology, such as: the method can support encryption and decryption, data type conversion, checking of request data and checking of user authority. Meanwhile, unified management, unified routing and unified specification of the service are achieved.
Fig. 6 is a schematic structural diagram of a device for processing a network request according to an embodiment of the present invention. As shown in fig. 6, the apparatus includes:
a request receiving module 601, configured to receive a network request sent by a client, where the network request includes: request address and user information;
a provider determining module 602, configured to determine a service provider corresponding to the network request;
a request forwarding module 603, configured to generate a service request corresponding to the network request, and forward the service request to a service provider;
and the data returning module 604 is configured to obtain return data returned by the service provider for the service request, and send the return data to the client.
In one embodiment of the present invention, further comprising:
a security check module 605, configured to perform security check on the user information, where the security check includes at least one of: whether the user is registered or not, whether the user is in an available state or not and whether the dynamic password of the user is legal or not;
the request forwarding module 603 is specifically configured to:
and if the user information passes the security verification, generating a service request corresponding to the network request.
In an embodiment of the present invention, the request forwarding module 603 is specifically configured to:
acquiring configuration information of the service according to the request address;
processing the network request according to the configuration information;
and generating a service request according to the processing result of the network request.
In one embodiment of the invention, the configuration information includes: whether to perform access expiration check;
the request forwarding module 603 is specifically configured to:
acquiring request time information and current time information of a network request;
judging whether the network request is overdue or not according to the request time information and the current time information;
and if the judgment result indicates that the network request is not overdue, generating a service request corresponding to the network request.
In one embodiment of the invention, the configuration information includes: a first data conversion mode;
the request forwarding module 603 is specifically configured to:
performing data conversion on the data in the network request according to the first data conversion mode;
and generating a service request according to the converted network request.
In one embodiment of the invention, the configuration information includes: first encryption and decryption information;
the request forwarding module 603 is specifically configured to:
decrypting the information in the network request according to the first encryption and decryption information;
and generating a service request according to the decrypted network request.
In an embodiment of the present invention, the request forwarding module 603 is specifically configured to:
acquiring configuration information of the service according to the request address, wherein the configuration information comprises: a data assembly mode;
and assembling the data in the network request according to the data assembling mode to generate the service request.
In one embodiment of the present invention, the configuration information further includes: a second data conversion mode and/or second encryption and decryption information;
the data return module 604 is specifically configured to:
processing the returned data according to the second data conversion mode and/or the second encryption and decryption information;
and sending the processed return data to the client.
In one embodiment of the present invention, further comprising:
a password verification module 606 for generating a dynamic password for the target user;
and checking the user information of the target user according to the dynamic password.
In one embodiment of the present invention, further comprising:
an information monitoring module 607, configured to obtain monitoring information, where the monitoring information includes at least one of: service access volume, service success rate, number of concurrencies, average transaction response time consumption, and number of clicks per second.
In one embodiment of the present invention, further comprising:
a congestion control module 607 for determining the data flow rate of the network request;
and carrying out congestion control on the network request according to the data flow rate.
In an embodiment of the present invention, the congestion control module 607 is specifically configured to:
determining the congestion degree of a network in which a gateway is positioned;
and if the congestion degree is greater than the preset degree and the data flow rate is greater than the preset flow rate, discarding the network request.
An embodiment of the present invention provides an electronic device, including:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the method of any of the embodiments described above.
Referring now to FIG. 7, shown is a block diagram of a computer system 700 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data necessary for the operation of the system 700 are also stored. The CPU 701, the ROM 702, and the RAM 703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: the device comprises a request receiving module, a provider determining module, a request forwarding module and a data returning module. The names of these modules do not constitute a limitation to the module itself in some cases, and for example, the request receiving module may also be described as a "module that receives a network request sent by a client.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise:
receiving a network request sent by a client, wherein the network request comprises: request address and user information;
determining a service provider corresponding to the network request;
generating a service request corresponding to the network request, and forwarding the service request to the service provider;
and acquiring return data returned by the service provider aiming at the service request, and sending the return data to the client.
According to the technical scheme of the embodiment of the invention, the network request sent by the client is received, the network request sent by the client is converted into the service request which is in line with the service request received by the service provider, and the service request is forwarded to the service provider corresponding to the network request. A client may access multiple services from different organizations using the methods of embodiments of the present invention. Therefore, the embodiment of the invention can share the services from different organizations in a multiplexing way.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (15)

1. A network request processing method is applied to a gateway and comprises the following steps:
receiving a network request sent by a client, wherein the network request comprises: request address and user information;
determining a service provider corresponding to the network request;
generating a service request corresponding to the network request, and forwarding the service request to the service provider;
and acquiring return data returned by the service provider aiming at the service request, and sending the return data to the client.
2. The method of claim 1, wherein before generating the service request corresponding to the network request, further comprising:
performing security check on the user information, wherein the security check comprises at least one of the following: whether the user is registered or not, whether the user is in an available state or not and whether the dynamic password of the user is legal or not;
the generating a service request corresponding to the network request includes:
and if the user information passes the security verification, generating a service request corresponding to the network request.
3. The method of claim 1, wherein the generating the service request corresponding to the network request comprises:
acquiring configuration information of a service according to the request address and the user information;
processing the network request according to the configuration information;
and generating the service request according to the processing result of the network request.
4. The method of claim 3, wherein the configuration information comprises: whether to perform access expiration check;
the processing the network request according to the configuration information includes:
acquiring current time information and request time information of the network request;
judging whether the network request is overdue or not according to the current time information and the request time information;
the generating the service request according to the processing result of the network request comprises:
and if the judgment result represents that the network request is not overdue, generating a service request corresponding to the network request.
5. The method of claim 3, wherein the configuration information comprises: a first data conversion mode;
the processing the network request according to the configuration information includes:
performing data conversion on the data in the network request according to the first data conversion mode;
the generating the service request according to the processing result of the network request comprises:
and generating the service request according to the converted network request.
6. The method of claim 3, wherein the configuration information comprises: first encryption and decryption information;
the processing the network request according to the configuration information includes:
decrypting the information in the network request according to the first encryption and decryption information;
the generating the service request according to the processing result of the network request comprises:
and generating the service request according to the decrypted network request.
7. The method of claim 1, wherein the generating the service request corresponding to the network request comprises:
acquiring configuration information of a service according to the request address and the user information, wherein the configuration information comprises: a data assembly mode;
and assembling the data in the network request according to the data assembling mode to generate the service request.
8. The method of claim 7, wherein the configuration information further comprises: a second data conversion mode and/or second encryption and decryption information;
the sending the return data to the client includes:
processing the returned data according to the second data conversion mode and/or the second encryption and decryption information;
and sending the processed return data to the client.
9. The method of claim 1, further comprising:
generating a dynamic password for the target user;
and checking the user information of the target user according to the dynamic password.
10. The method of claim 1, further comprising:
acquiring monitoring information, wherein the monitoring information comprises at least one of the following: service access volume, service success rate, number of concurrencies, average transaction response time consumption, and number of clicks per second.
11. The method of claim 1, further comprising:
determining a data flow rate of the network request;
and carrying out congestion control on the network request according to the data flow rate.
12. The method of claim 11, wherein the congestion controlling the network request according to the data flow rate comprises:
determining the congestion degree of a network in which the gateway is positioned;
and if the congestion degree is greater than the preset degree and the data flow rate is greater than the preset flow rate, discarding the network request.
13. A network request processing device is applied to a gateway and comprises the following components:
a request receiving module, configured to receive a network request sent by a client, where the network request includes: request address and user information;
a provider determining module, configured to determine a service provider corresponding to the network request;
the request forwarding module is used for generating a service request corresponding to the network request and forwarding the service request to the service provider;
and the data return module is used for acquiring return data returned by the service provider aiming at the service request and sending the return data to the client.
14. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-12.
15. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-12.
CN202110525365.6A 2021-05-12 2021-05-12 Network request processing method and device Active CN113259436B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110525365.6A CN113259436B (en) 2021-05-12 2021-05-12 Network request processing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110525365.6A CN113259436B (en) 2021-05-12 2021-05-12 Network request processing method and device

Publications (2)

Publication Number Publication Date
CN113259436A true CN113259436A (en) 2021-08-13
CN113259436B CN113259436B (en) 2023-04-07

Family

ID=77181845

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110525365.6A Active CN113259436B (en) 2021-05-12 2021-05-12 Network request processing method and device

Country Status (1)

Country Link
CN (1) CN113259436B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113973139A (en) * 2021-10-20 2022-01-25 北京沃东天骏信息技术有限公司 Message processing method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103024095A (en) * 2012-11-23 2013-04-03 北京百度网讯科技有限公司 Data center system and data center service providing method
CN110224997A (en) * 2019-05-21 2019-09-10 深圳壹账通智能科技有限公司 Service process for exposing, device and terminal device based on gateway
CN110266517A (en) * 2019-05-21 2019-09-20 深圳壹账通智能科技有限公司 External service call method, device and terminal device based on gateway
CN110381163A (en) * 2019-07-30 2019-10-25 普信恒业科技发展(北京)有限公司 The method and gateway node of gateway node for transmitting service request
CN110650186A (en) * 2019-09-06 2020-01-03 上海陆家嘴国际金融资产交易市场股份有限公司 Interface calling method and device, computer equipment and storage medium
CN111212075A (en) * 2020-01-02 2020-05-29 腾讯云计算(北京)有限责任公司 Service request processing method and device, electronic equipment and computer storage medium
CN111290865A (en) * 2020-02-10 2020-06-16 腾讯科技(深圳)有限公司 Service calling method and device, electronic equipment and storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103024095A (en) * 2012-11-23 2013-04-03 北京百度网讯科技有限公司 Data center system and data center service providing method
CN110224997A (en) * 2019-05-21 2019-09-10 深圳壹账通智能科技有限公司 Service process for exposing, device and terminal device based on gateway
CN110266517A (en) * 2019-05-21 2019-09-20 深圳壹账通智能科技有限公司 External service call method, device and terminal device based on gateway
CN110381163A (en) * 2019-07-30 2019-10-25 普信恒业科技发展(北京)有限公司 The method and gateway node of gateway node for transmitting service request
CN110650186A (en) * 2019-09-06 2020-01-03 上海陆家嘴国际金融资产交易市场股份有限公司 Interface calling method and device, computer equipment and storage medium
CN111212075A (en) * 2020-01-02 2020-05-29 腾讯云计算(北京)有限责任公司 Service request processing method and device, electronic equipment and computer storage medium
CN111290865A (en) * 2020-02-10 2020-06-16 腾讯科技(深圳)有限公司 Service calling method and device, electronic equipment and storage medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113973139A (en) * 2021-10-20 2022-01-25 北京沃东天骏信息技术有限公司 Message processing method and device

Also Published As

Publication number Publication date
CN113259436B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
US9749292B2 (en) Selectively performing man in the middle decryption
US11038854B2 (en) Terminating SSL connections without locally-accessible private keys
US8621206B2 (en) Authority-neutral certification for multiple-authority PKI environments
JP4709721B2 (en) Third-party access gateway for communication services
JP4526526B2 (en) Third-party access gateway for communication services
US10659441B2 (en) Dynamically managing, from a centralized service, valid cipher suites allowed for secured sessions
CN110839087B (en) Interface calling method and device, electronic equipment and computer readable storage medium
US9276944B2 (en) Generalized certificate use in policy-based secure messaging environments
CN109886692B (en) Data transmission method, device, medium and electronic equipment based on block chain
TW200935848A (en) Selectively loading security enforcement points with security association information
US20080301053A1 (en) Service broker
TWI416923B (en) Secure data communications in web services
CN112287364A (en) Data sharing method, device, system, medium and electronic equipment
CN113225351A (en) Request processing method and device, storage medium and electronic equipment
US20160269382A1 (en) Secure Distribution of Non-Privileged Authentication Credentials
CN113259436B (en) Network request processing method and device
CN111131308B (en) Calling system and method based on service
CN114679265B (en) Flow acquisition method, device, electronic equipment and storage medium
CN113923251A (en) Distributed gateway system
CN113348452A (en) Method and system for digital rights management
CN114697065B (en) Security authentication method and security authentication device
CN113419878B (en) Data operation method and device
CN116319993A (en) Security business service request access system, method, device and equipment
CN117786738A (en) Distributed intelligent economic management system
CN115515135A (en) Alliance communication method, system, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20220921

Address after: 25 Financial Street, Xicheng District, Beijing 100033

Applicant after: CHINA CONSTRUCTION BANK Corp.

Address before: 12 / F, 15 / F, No. 99, Yincheng Road, Shanghai pilot Free Trade Zone, 200120

Applicant before: Jianxin Financial Science and Technology Co.,Ltd.

GR01 Patent grant
GR01 Patent grant