CN113569179A - Subsystem access method and device based on unified website - Google Patents
Subsystem access method and device based on unified website Download PDFInfo
- Publication number
- CN113569179A CN113569179A CN202110844255.6A CN202110844255A CN113569179A CN 113569179 A CN113569179 A CN 113569179A CN 202110844255 A CN202110844255 A CN 202110844255A CN 113569179 A CN113569179 A CN 113569179A
- Authority
- CN
- China
- Prior art keywords
- subsystem
- access
- menu
- unified
- mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000013475 authorization Methods 0.000 claims description 58
- 238000004590 computer program Methods 0.000 claims description 19
- 238000007667 floating Methods 0.000 claims description 6
- 230000004069 differentiation Effects 0.000 claims description 3
- 230000008447 perception Effects 0.000 abstract description 3
- 238000012545 processing Methods 0.000 description 9
- 235000014510 cooky Nutrition 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000010354 integration Effects 0.000 description 5
- 230000003044 adaptive effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 238000003032 molecular docking Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000002441 reversible effect Effects 0.000 description 2
- 230000032683 aging Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012163 sequencing technique Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 230000001550 time effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
- G06F16/972—Access to data in other repository systems, e.g. legacy data or dynamic Web page generation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/954—Navigation, e.g. using categorised browsing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Remote Sensing (AREA)
- Radar, Positioning & Navigation (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a subsystem access method and device based on a unified website, wherein the unified website comprises a plurality of subsystems, each subsystem corresponds to at least one public menu, and the method comprises the following steps: responding to a click instruction of a user on the public menu, at least determining a corresponding opening mode and a first access address of the subsystem according to the menu attribute of the public menu, and sending an access request of the subsystem to a server side based on the first access address; acquiring a second access address returned by the server; and accessing the subsystem based on the second access address and the opening mode. By the method, different subsystems are compatible and coexisted, and are not in a single or dispersed state any more, so that all subsystems can be browsed in a unified website without perception and contrast, and the submenus are opened according to different access modes.
Description
Technical Field
The application relates to the technical field of computers, in particular to a subsystem access method and device based on a unified website.
Background
In order to rapidly and vividly show applications and services developed by various manufacturers on the same website, a realization method of a unified website adaptive to a distributed system architecture is developed. The unified website is an advanced expression form of the integrated engineering, serves as an information window, is displayed to a user in a browser mode, and integrates gaps among subsystems. In the unified website, a user only logs in once to complete all functions of the portal, and the user can smoothly access a plurality of mutually trusted subsystems without perception through a menu integrated by the unified website.
The existing unified website can only display information in the website, and can only simply jump to an integration mode of multiple manufacturers, cross-service, cross-system and cross-website, a unified menu entry and a unified login entry are not needed, so that the website is very dispersed and non-unified, the structure is not good, and the later maintenance is not easy.
In summary, an effective solution is not obtained at present for the problem that the implementation technology of the unified website in the related art cannot be compatible with subsystems with different service docking requirements.
Disclosure of Invention
The embodiment of the application provides a subsystem access method and device based on a unified website, different subsystems are compatible and coexistent, a single state and a dispersed state are avoided, perception-free and contrast-free browsing to all subsystems can be achieved on the unified website, and submenus are opened according to different access modes.
In a first aspect, an embodiment of the present application provides a subsystem access method based on a unified website, where the unified website includes a plurality of subsystems, each subsystem corresponds to at least one common menu, and the method includes: responding to a click instruction of a user on the public menu, at least determining a corresponding opening mode and a first access address of the subsystem according to the menu attribute of the public menu, and sending an access request of the subsystem to a server side based on the first access address; acquiring a second access address returned by the server, wherein the second access address is obtained by temporarily redirecting the server in an authorization mode of the menu attribute and the first access address based on the access request; and accessing the subsystem based on the second access address and the opening mode.
The embodiment is used for solving the problem that a plurality of different subsystems can not be uniformly integrated in one uniform website, the uniform website supports embedding no matter where the subsystems are deployed, the system is not influenced by cross-domain of a browser, the subsystems can be fully browsed in a public menu on the uniform website, different authorization modes corresponding to the different subsystems are obtained through menu authorization parameters, and the different service docking requirements of the different subsystems are met.
Different subsystems accessed in the embodiment can have different opening modes, so that the flexibility of the accessed subsystems is further improved, and the integration degree is high.
In one possible embodiment, the unified website is further configured to perform the following steps: responding to an instruction of a user for clicking a subsystem on the public menu, verifying whether the current state is a login state, and displaying the public menu in a differentiation mode according to the access authority identification of each public menu in the login state.
In one possible embodiment, the differentiated display includes: and displaying the public menu with the access right by using an accessible identifier, and displaying the public menu without the access right by using an inaccessible identifier.
In one embodiment, the unified website is further configured to perform the following steps: and if the current state is the unregistered state, displaying all the public menus, wherein each public menu cannot be accessed.
In one possible embodiment, the menu authorization parameter includes one of a token parameter, an authorization code parameter, and an opening parameter, and the authorization mode is determined to be a token mode, an authorization code mode, and an opening mode according to the token parameter, the authorization code parameter, and the opening parameter.
In one possible embodiment, the menu attribute further includes a subsystem open type parameter, where the subsystem open parameter includes one of a floating frame tag, a current window tag, and a new window tag, and the subsystem open mode is determined to be in-line open, current window open, and new window open according to the floating frame tag, the current window tag, and the new window tag.
In one embodiment, the menu attribute further includes an access authority identifier, the access authority of the subsystem is determined according to the access authority identifier, and the public menu with the access authority and the public menu without the access authority are displayed on the unified website.
In a second aspect, an embodiment of the present application provides a subsystem access apparatus based on a unified website, including: the address request module is used for responding to a click instruction of a user on the public menu, at least determining a corresponding opening mode and a first access address of the subsystem according to the menu attribute of the public menu, and sending an access request of the subsystem to a server based on the first access address; the address analysis module is used for acquiring a second access address returned by the server, wherein the second access address is obtained by temporarily redirecting the server in an authorization mode of the menu attribute and the first access address based on the access request; and the subsystem access module accesses the subsystem based on the second access address and the opening mode.
In a third aspect, an embodiment of the present application provides a computer program product, which includes a software code portion, and when the computer program product is run on a computer, the software code portion is configured to execute the unified website-based subsystem access method according to the first aspect.
In a fourth aspect, an embodiment of the present application provides an electronic apparatus, which includes a memory and a processor, where the memory stores a computer program, and the processor is configured to execute the computer program to perform the unified website-based subsystem access method according to the first aspect.
In a fifth aspect, an embodiment of the present application provides a storage medium, where a computer program is stored in the storage medium, where the computer program is configured to execute the unified website-based subsystem access method according to the first aspect when running.
The main contributions and innovation points of the invention are as follows:
according to the scheme, through the definition of the menu attributes, the open mode and the authorization mode of the subsystem can be adaptively adjusted when the authorized user accesses the corresponding subsystem, so that the unified website can be integrated with the subsystems with different service requirements at the beginning, and the technical effects of displaying information in the website and uniformly logging in the subsystems of multiple manufacturers, cross-service, cross-system and cross-website are achieved.
The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below to provide a more thorough understanding of the application.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a flow chart of a unified website based subsystem access method according to an embodiment of the present application;
FIG. 2 is a unified web site public menu presentation form in an embodiment of the present application;
FIG. 3 is a flow chart of subsystem integration via token mode;
FIG. 4 is a flow chart of subsystem integration via code mode;
FIG. 5 is a unified website logout subsystem access invalidation flow diagram;
FIG. 6 is a flow diagram of a subsystem access token invalidation unified website logout;
FIG. 7 is a unified web site overall architecture diagram;
FIG. 8 is a block diagram of a unified website based subsystem access mechanism according to an embodiment of the present application;
fig. 9 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
Example one
The embodiment of the application provides a subsystem access method based on a unified website, the unified website comprises a plurality of subsystems, each subsystem corresponds to at least one public menu, and referring to fig. 1, the unified website is used for executing the following steps S101 to S103:
step S101, responding to a click instruction of a user on the public menu, at least determining a corresponding opening mode and a first access address of the subsystem according to the menu attribute of the public menu, and sending an access request of the subsystem to a server based on the first access address.
In this step, the subsystems may include official screens, large screens, business management systems, modeling, gateway interface services, authority systems, data catalogs, intelligent search, FAQ help, and the like, integrated into a unified website. Each common menu corresponds to a subsystem, and clicking on the common menu can access the corresponding subsystem, including applications, services, and the like.
Specifically, each public menu corresponds to a menu attribute, and through definition of the menu attributes, an authorized user can perform adaptive adjustment on the opening mode of the subsystem when accessing the corresponding subsystem, so that the beneficial effect of integrating the subsystems which need to be accessed in different opening modes is achieved.
In this step, the address spliced by the src is an address for accessing the service, the first access address refers to an actual address for accessing the subsystem, such as an application and a service, the server analyzes the authorization mode and the first access address to obtain an encrypted jump target address and determines the jump target address as a second access address for accessing the subsystem, and the unified website realizes secure access to the subsystem through the second access address.
In one embodiment, the menu attribute further includes a subsystem open type parameter, where the subsystem open parameter includes one of a floating frame tag, a current window tag, and a new window tag, and the subsystem open mode is determined to be in-line open, current window open, and new window open according to the floating frame tag, the current window tag, and the new window tag.
In this embodiment, the opening mode is set in the menu attribute through the subsystem opening type parameter, and is stored in the authority end, where the authority end is a management system capable of managing at least each public menu.
For example, when the corresponding subsystem is opened in an embedded opening mode, the embedded frame is called by the unified website, and the server acquires the address corresponding to the iframe frame, so that the content area of the unified website is embedded into the subsystem; when the corresponding subsystem is opened in the current window opening mode, the server side obtains an address corresponding to the _ self frame, and the unified website displayed by the browser window is replaced by the subsystem; and when the corresponding subsystem is opened in the new window opening mode, the server acquires the address corresponding to the _ blank frame, and the subsystem opens a new window of the browser to display.
In step S101, the unified website discriminates by which way the subsystem is opened according to the menu attribute. The unified website supports the following subsystem opening modes: embedded, new window, current window. Meanwhile, the unified website sends a system login request to the server side through the public menu, so that a first access address is obtained. The opening mode of the subsystem specifically comprises the following steps:
embedding: the subsystems are switched into the unified website to be integrated, and the uniformity is high. The advantage of this mode is that the user only clicks the public menu, then the content area of the unified website displays the content of the subsystem, and the switching access is very natural. Although the user has access to the services of the subsystems, the business logic of the user operation is also implemented in the unified web site.
The new window type: in the browser, a browsing window display subsystem is newly opened relative to the unified website. The method is very suitable for some subsystems, such as FAQ (frequently asked questions and answers), information display and the like. Namely, the user opens the subsystem, and can operate in the unified website by providing related content in the subsystem.
The current window formula: and replacing the unified website displayed in the browser with the subsystem. This approach simply uses the unified web site as a bridge for jumping.
Step S102, a second access address returned by the server is obtained, wherein the second access address is obtained by the server through temporary redirection in the authorization mode of the menu attribute and the first access address based on the access request.
And S103, accessing the subsystem based on the second access address and the opening mode.
In step S102, the first access address is stored in the authority, and the server parses the first access address to obtain a url address of the subsystem and each parameter of the menu attribute, where the url refers to a jump target address encrypted by the server. The unified website obtains the menu authorization parameters from the unified website and determines the specific authorization type according to the menu authorization parameters, so that the subsystem service logic is developed.
In one embodiment, the menu authorization parameter includes one of a token parameter, an authorization code parameter, and an opening parameter, and the authorization mode is determined to be a token mode, an authorization code mode, and an opening mode according to the token parameter, the authorization code parameter, and the opening parameter.
In this embodiment, three types of authorization modes are supported: the token mode, the code authorization code mode and the open mode realize the mode of verifying the user identity of multiple subsystems through different authorization modes, so that the subsystems with different authorization modes can be accessed in a unified website. The three authorization modes basically comprise most of the existing subsystems, are wide in orientation and can flexibly deal with different service scenes.
For example, when the subsystem is integrated through a token mode, the subsystem analyzes an address, acquires a token and other parameters, authenticates the user identity based on the token and acquires that the token is invalid, thereby expanding the service processing of the subsystem; when the subsystem is integrated through a code authorization code mode, the subsystem analyzes an address, obtains a code and other parameters, authenticates the user identity and token expiration information through the obtained code, or can directly obtain user permission information from a direct permission service by using the code, wherein the code permission authentication has the characteristic of one-time failure, so that the risk of exposing subsystem resources can be avoided; furthermore, when the subsystem is integrated through open mode, the address of Src actually changes to: subsystem actual url + other parameters. Open (url) method, the unified website directly jumps to the subsystem.
In one embodiment, the menu authorization parameter is set in a menu attribute, and the menu attribute further includes: and the actual address of the subsystem carries the menu authorization parameter in the menu attribute, the jump path and accesses the subsystem according to the jump path.
In this embodiment, the menu authorization parameter is used to determine the authorization mode of the subsystem, the subsystems in different authorization modes acquire the user permission information and the token aging information through different carried access tokens, and when the user has permission and the token is not invalid, access to the subsystem is realized through a jump path.
In one embodiment, the menu attribute further includes an access authority identifier, the access authority of the subsystem is determined according to the access authority identifier, and the public menu with the access authority and the public menu without the access authority are displayed on the unified website.
In this embodiment, the access right parameter indicates whether the user has access right to a certain subsystem, the value of the access right parameter is true or false, the unified website activates all public menus with access right true, and access to the authorized subsystem is realized through a jump path.
The difference between the embodiment and the prior art is that the user can browse the public menu no matter whether the sub-system has the access right or not, so that the user can browse all the sub-systems from the unified website without perception and contrast no matter whether the access right or the login state is changed, and the stability of the system is ensured.
Specifically, in the related art, the website display is different for users with different access rights in the unified website integrating multiple subsystems, so that when the access rights of the users are changed, if the users do not log in or log in, public menus on the unified website seen by the users can be increased and decreased, the use experience of the users is influenced, and by the scheme, all the subsystems integrated on the unified website are displayed, and even if the rights of the users are different, the public menus on the website seen by the users cannot be famous and outsourced or disappear, so that the practicability of the system can be improved.
In one embodiment, the unified website is further configured to perform the following steps: and responding to an instruction for clicking a subsystem on the public menu, verifying whether the current login state is the login state, and displaying the public menu in a differentiation mode according to the access authority identification of each public menu in the login state.
In this embodiment, the unified website re-renders the public menu according to the access authority identifier in the user login state, so as to activate the authorized public menu portion, enable the authorized public menu portion to be accessed, and enable the public menu portion that cannot be accessed to be displayed in the unified website.
Specifically, the differentiated display includes: and displaying the public menu with the access right by using an accessible identifier, and displaying the public menu without the access right by using an inaccessible identifier.
That is, the visitor is made clear of which part of the public menu he has access rights to by means of the accessible identification and the inaccessible identification.
In this embodiment, by accessible identification, such as: the mouse displays a hand shape and a font displays a highlight to prompt the user that the public menu can be accessed; by inaccessible identities, such as: the mouse is displayed as a disabled shape, the font is grayed out and not clickable, etc. prompts the user that the public menu is not accessible.
In one embodiment, the unified website is further configured to perform the following steps: and if the current state is the unregistered state, displaying all the public menus, wherein each public menu cannot be accessed.
In the embodiment, no matter whether the subsystem has access authority or not, all accessed subsystems can be displayed in the non-login state, the access to the browser which is not allowed to cross the domain is realized through the inaccessibility, and the resource with the access authority can be accessed only when the user logs in.
In step S102, the common menu refers to menu navigation on the unified website. The subsystems which can be accessed by the unified website are very flexible, the docking requirements of different services of different subsystems can be met, and the multiple subsystems are displayed together in the unified website according to the same style, so that the integration degree of the distributed system is high.
In the case of different sources, the browser may disable cross-domain. In this way, for example, the access domain name of the unified website: http: com:8080/login, then in http: there will be a back-end service on the server corresponding to com: 8080. When a user accesses a menu, the src of the iframe in the website is unified, namely: the server address (http:// 123.456.com:8080) + url + subsystem parameter of the current click menu. Then the domain name and src are homologous to the browser, i.e. no cross-domain is generated. The server receives the access information, analyzes the access information, and acquires the actual address from the right end for redirection. Thus, the unified website supports embedding wherever the subsystems are deployed. The method is not influenced by the cross-domain browser, and is very convenient.
In summary, the present application aims to provide a technical solution for implementing adaptive adjustment of the opening mode and the authorization mode of a sub-website when an authorized user accesses a corresponding sub-website by defining menu attributes, and in the implementation, the open menus of all accessed sub-systems can be displayed no matter whether the user logs in, the way of accessing resources is determined by using sub-system opening parameters, and when the server obtains a request, the authorization mode is further determined by using the menu attributes, the user is authenticated by using a corresponding authorization mode, and the accessible menus are refreshed by using a local refresh mode after the authentication is successful, so that the user can access the sub-system which the user has the authority to access.
Illustratively, a refinement scheme for integrating multiple subsystems by using a unified website in the present application is described below by using specific examples and combining usage scenarios.
And the user accesses the unified website for the first time, and the unified website interacts with the server. On one hand, whether the user logs in is detected, on the other hand, the public menu returned by the server side is obtained, and traversal display is carried out, namely, all the public menus can be visualized by the unified website in the state that whether the user logs in or not. And the server returns Session to the uniform website cookie where the user is located by using the Session technology. The unified website carries out interaction with a server side with a session identifier (session identifier) unique to the user in the cookie, and whether the user logs in is verified.
Fig. 2 is a presentation form of a common menu of the unified website, and referring to fig. 2, when a user is in a non-login state in the unified website, the common menu of the unified website is all highlighted. When the user is in a login state in the unified website, the public menu of the unified website is partially refreshed according to whether the current user has an access authority identifier (HasPermission) of the authority.
Specifically, the current user is represented with an accessible identifier to have access to the common menu: the mouse displays a hand shape and the font displays are highlighted; the current user is represented by an inaccessible identifier without access to the public menu: the mouse is displayed as a disabled shape, the font is grayed out, and cannot be clicked.
The user who does not log in can browse all public menus in the unified website, but when a certain public menu is clicked, the unified website and the server side carry out interactive verification to judge whether the user logs in, if the user does not log in, the unified website cannot jump or be embedded into the subsystem, the unified website pops up a login box, and the user is prompted to log in. The user can send login requests in various modes such as short message login, account password login, code scanning login and the like.
The server side checks the identity of the current user according to the data sent by the unified website, if the identity of the user is checked to pass, the login is successful, the server side issues the access certificate and stores the access certificate in the cookie of the unified website, and the unified website carries the access certificate in the cookie to interact with the service. The server returns the menu JSON of the access user. And the unified website performs recursive processing on the JSON returned by the server. And after the processing is finished, the unified website carries out local refreshing on the public menu part.
The menu attribute in the public menu comprises the following key fields:
the menu ordering is used for identifying the arrangement order of the public menus. Illustratively, when the menu ordering is not set, the menu ordering can be reversed according to the newly added operation time, so that the newly added menu is displayed in front; when a number is written on the menu sequence, the number is used as the sequencing basis, and the numbers can be sequenced from small to large. If 1, the menu is displayed in the first place, and other unfilled ones are in reverse order according to the new operation time. In some embodiments, if there are the same sort numbers in the menu, then the reverse sort is done by the new time. The display mode of the public menu can be more flexible by setting the menu sorting field.
After receiving an access request of a user to any menu with authority, the unified website judges the opening mode field of the opening mode subsystem of the menu.
Subsystem opening modes are divided into three types: iframe, _ blank, _ self.
When the subsystem is opened in the iframe frame, the address corresponding to the frame: the server address + url of the current click menu + subsystem parameters. Namely, the embedded subsystem of the unified website content area is realized, and the detailed steps of the realization method are as follows:
and the unified website calls an Iframe frame, and the server acquires the content in the src and judges the menu authorization mode of the menu clicked by the user. The menu authorization modes are divided into three types of authorization modes: token mode (token mode), code mode (authorized code mode), and open mode (open mode).
The method comprises the steps that in a token mode, after a user logs in successfully, a server side obtains a session identifier and src content of the user, obtains a code of a click menu according to parameters of the src, and asks a permission side for all fields of the menu according to the code; the actual address of the subsystem in the field is configured through an authority end, and the authority end is a management system integrating organization management, user management, role management and menu management. And the authentication center issues a new access token to the server according to the session identifier. Finally, the redirection of the server side is as follows: the actual address of the menu + the new access token + other parameters, i.e. the address change: the actual address of the subsystem + token + other parameters. The content area of the unified website is switched into a subsystem, and the subsystem processes the address carried by the unified website.
Referring to fig. 3, in the token mode, the subsystem resolves the address and obtains the token and other parameters. The authentication center is a system integrating functions of token issuing, token checking and the like. The subsystem interacts with the authentication center through the token to acquire information such as a user and the time effect of the token, so that other service processing logics of the subsystem are developed.
An authorization code mode, that is, the server obtains a new access token from the authentication center through a spring security auth2.0 authorization code mode, and the server redirects to: the actual address of the menu + the new access token + other parameters, i.e. the address change: subsystem real address + code + other parameters.
Referring to fig. 4, in the authorization code mode, the subsystem parses the address and obtains the code and other parameters. And obtaining an access token by the authentication center through the obtained code, and obtaining authority information such as a user and token expiration information through the token. In addition, the code can also be directly used to acquire the user authority information from the direct authority service. The code is invalid after one-time use.
In the open mode, the manner of acquiring the new access token is as described above, and the server side redirection is as follows: the actual address of the menu + the new access token + other parameters. The address of Src actually changes to: the actual url of the subsystem plus other parameters, and the unified website directly jumps to the subsystem through a window.
When the open mode of the subsystem is the _ blank frame, the subsystem opens a new window display of the browser. When the subsystem is a _ self frame, the unified website displayed by the browser window is replaced by the subsystem. The two opening modes also support a token mode, a code mode and an open mode, and the jump addresses are as follows: the server address + url of the current click menu + subsystem parameters.
The detailed steps are as follows:
token mode, server redirection, subsystem address change: the actual url + token + other parameters of the subsystem. Open (url, name) method is utilized by the unified website, the name designates authorization mode grandType, and the subsystem is opened. The subsystem also acquires the token and other parameters through the address, and then interacts with the authentication center through the token to acquire information such as the user and the like, so that development processing of related services is performed.
The three authorization modes respectively correspond to different service requirements, and specifically include:
token mode: the method is a simple and poor-safety authorization mode developed for meeting business requirements, the mode unifies subsystems exposed by a website server side to processed access tokens, and the subsystems can be integrated very simply and efficiently.
Authorization code mode: namely a spring security auth2.0 authorization code mode, the unified website server exposes the disposable code to the subsystem, and the subsystem with high requirement on security level is met.
Open mode: the system is suitable for integrating some service logics which are not required to be embedded into the unified website but are required to realize the subsystem through the access token provided by the unified website.
Referring to fig. 5, the user logs out actively, the unified website interacts with the server, the server clears the user login credentials in the session object, the access token is invalid, the logging out is successful, and the unified website becomes an unregistered state. At this time, the subsystem is in a log-out state because the access token cannot be taken by interacting with the authentication center.
For the condition that the access token in the subsystem fails and the login state of the unified website does not fail, two processing modes can be provided. One is that the inside of the subsystem prompts a page to tell the user that the access token is invalid, the user clicks a menu corresponding to the subsystem on the unified website, the user can walk the login process again, and then the access token is authorized through the above modes to log in again.
Referring to fig. 6, another subsystem realizes cross-source communication to notify the unified website that the access token is invalid through a Window postMessage () computer method. And the unified website monitors the information of the subsystem through window, addeventlistener () and interacts with the server, clears the user login certificate in the session object, quits the whole system and restores the non-login state.
In summary, referring to fig. 7, the user clicks the access menu, the unified website determines whether the user logs in, and if not, a login box pops up to prompt the user to log in. In a login state, the unified website acquires the menu attribute of the user with the access certificate in the cookie, determines the opening mode of the subsystem, sends a subsystem login request to the server, and the server determines the menu authorization mode of the subsystem and displays the subsystem in the opening mode of the subsystem: when the openType is the iframe, the content is switched to the subsystem; when the openType is _ blank, the subsystem opens a new window of the browser to display; when the openType is _ self, the unified website displayed by the browser window is replaced by the sub-system.
Example two
Based on the same concept, referring to fig. 8, the present application further provides a subsystem access apparatus based on a unified website, including:
an address request module 801, configured to, in response to a click instruction of a user on the public menu, determine at least an opening manner and a first access address of the corresponding subsystem according to a menu attribute of the public menu, and send an access request of the subsystem to a server based on the first access address;
an address resolution module 802, configured to obtain a second access address returned by the server, where the second access address is obtained by performing temporary redirection on the server in an authorization mode of the menu attribute and the first access address based on the access request;
a subsystem access module 803, which accesses the subsystem based on the second access address and the opening mode.
EXAMPLE III
The present embodiment also provides an electronic device, referring to fig. 9, comprising a memory 904 and a processor 902, wherein the memory 904 stores a computer program, and the processor 902 is configured to execute the computer program to perform the steps of any of the above method embodiments.
Specifically, the processor 902 may include a Central Processing Unit (CPU), or A Specific Integrated Circuit (ASIC), or may be configured to implement one or more integrated circuits of the embodiments of the present application.
The memory 904 may be used to store or cache various data files for processing and/or communication purposes, as well as possibly computer program instructions for execution by the processor 902.
The processor 902 may implement any of the above embodiments of the unified website based subsystem access methods by reading and executing computer program instructions stored in the memory 904.
Optionally, the electronic apparatus may further include a transmission device 906 and an input/output device 908, wherein the transmission device 906 is connected to the processor 902, and the input/output device 908 is connected to the processor 902.
The transmitting device 906 may be used to receive or transmit data via a network. Specific examples of the network described above may include wired or wireless networks provided by communication providers of the electronic devices. In one example, the transmission device includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmitting device 906 can be a Radio Frequency (RF) module configured to communicate with the internet via wireless.
The input-output device 908 is used to input or output information. In the present embodiment, the input information may be login information, a common menu click instruction, a menu attribute, and the like, and the output information may be a notification message, a common menu, and the like.
Alternatively, in this embodiment, the processor 902 may be configured to execute the following steps by a computer program:
s101, responding to a click instruction of a user on the public menu, at least determining a corresponding opening mode and a first access address of the subsystem according to menu attributes of the public menu, and sending an access request of the subsystem to a server side based on the first access address.
S102, a second access address returned by the server is obtained, wherein the second access address is obtained by the server through temporary redirection in the authorization mode of the menu attribute and the first access address based on the access request.
S103, accessing the subsystem based on the second access address and the opening mode.
It should be noted that, for specific examples in this embodiment, reference may be made to examples described in the foregoing embodiments and optional implementations, and details of this embodiment are not described herein again.
In addition, in combination with the first embodiment, the embodiment of the present application may be implemented by providing a storage medium. The storage medium having stored thereon a computer program; the computer program, when executed by a processor, implements the unified website based subsystem access method in the above embodiments.
It should be understood by those skilled in the art that various features of the above embodiments can be combined arbitrarily, and for the sake of brevity, all possible combinations of the features in the above embodiments are not described, but should be considered as within the scope of the present disclosure as long as there is no contradiction between the combinations of the features.
The above examples are merely illustrative of several embodiments of the present application, and the description is more specific and detailed, but not to be construed as limiting the scope of the present application. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present application shall be subject to the appended claims.
Claims (11)
1. A method for accessing a unified website, wherein the unified website comprises a plurality of subsystems, each subsystem corresponds to at least one common menu, and the method comprises:
responding to a click instruction of a user on the public menu, at least determining a corresponding opening mode and a first access address of the subsystem according to the menu attribute of the public menu, and sending an access request of the subsystem to a server side based on the first access address;
acquiring a second access address returned by the server, wherein the second access address is obtained by temporarily redirecting the server in an authorization mode of the menu attribute and the first access address based on the access request;
and accessing the subsystem based on the second access address and the opening mode.
2. The unified website based subsystem access method of claim 1, wherein said unified website is further configured to perform the steps of:
responding to an instruction of a user for clicking a subsystem on the public menu, verifying whether the current state is a login state, and displaying the public menu in a differentiation mode according to the access authority identification of each public menu in the login state.
3. The unified website based subsystem access method of claim 2, wherein said differentiated display comprises: and displaying the public menu with the access right by using an accessible identifier, and displaying the public menu without the access right by using an inaccessible identifier.
4. The unified website based subsystem access method of claim 1, further comprising: and if the current state is the unregistered state, displaying all the public menus, wherein each public menu cannot be accessed.
5. The unified website-based subsystem access method according to claim 1, wherein the menu attribute includes a menu authorization parameter, and the authorization mode in the menu attribute is determined based on the menu authorization parameter, wherein the menu authorization parameter includes one of a token parameter, an authorization code parameter, and an opening parameter, and the authorization mode is determined to be a token mode, an authorization code mode, and an opening mode according to the token parameter, the authorization code parameter, and the opening parameter.
6. The unified website based subsystem access method according to claim 1, wherein the menu attribute further comprises a subsystem open type parameter, wherein the subsystem open parameter comprises one of a floating frame tag, a current window tag and a new window tag, and the subsystem open mode is determined to be in-line open, current window open and new window open according to the floating frame tag, the current window tag and the new window tag.
7. The unified website based subsystem access method as claimed in claim 1, wherein said menu attributes further comprise an access right identifier, wherein access right to said subsystem is determined according to said access right identifier, and said public menu with said access right and without said access right is displayed on said unified website.
8. A unified website based subsystem access apparatus, comprising:
the address request module is used for responding to a click instruction of a user on the public menu, at least determining a corresponding opening mode and a first access address of the subsystem according to the menu attribute of the public menu, and sending an access request of the subsystem to a server based on the first access address;
the address analysis module is used for acquiring a second access address returned by the server, wherein the second access address is obtained by temporarily redirecting the server in an authorization mode of the menu attribute and the first access address based on the access request;
and the subsystem access module accesses the subsystem based on the second access address and the opening mode.
9. A computer program product comprising software code portions for performing the unified website based subsystem access method according to any of claims 1 to 7 when said computer program product is run on a computer.
10. An electronic device comprising a memory and a processor, wherein the memory stores a computer program, and the processor is configured to execute the computer program to perform the unified website based subsystem access method according to any one of claims 1 to 7.
11. A storage medium having a computer program stored thereon, wherein the computer program is configured to be executed by a processor to perform the unified website based subsystem access method according to any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110844255.6A CN113569179A (en) | 2021-07-26 | 2021-07-26 | Subsystem access method and device based on unified website |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110844255.6A CN113569179A (en) | 2021-07-26 | 2021-07-26 | Subsystem access method and device based on unified website |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113569179A true CN113569179A (en) | 2021-10-29 |
Family
ID=78167393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110844255.6A Pending CN113569179A (en) | 2021-07-26 | 2021-07-26 | Subsystem access method and device based on unified website |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113569179A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115473754A (en) * | 2022-07-27 | 2022-12-13 | 青岛海尔科技有限公司 | Multi-system access management method and device and multi-system management platform |
| CN115865436A (en) * | 2022-11-22 | 2023-03-28 | 平安银行股份有限公司 | Multi-application multi-page authority management method and device and computer equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130007846A1 (en) * | 2011-07-01 | 2013-01-03 | Telefonaktiebolaget L M Ericsson (Publ) | Methods and Arrangements for Authorizing and Authentication Interworking |
| CN108243183A (en) * | 2017-12-20 | 2018-07-03 | 北京车和家信息技术有限公司 | Integrated control method, system and the computer equipment of gate system |
| CN108881232A (en) * | 2018-06-21 | 2018-11-23 | 北京海泰方圆科技股份有限公司 | Sign-on access method, apparatus, storage medium and the processor of operation system |
| CN109088884A (en) * | 2018-09-26 | 2018-12-25 | 平安医疗健康管理股份有限公司 | Network address access method, device, server and the storage medium of identity-based verifying |
| CN109145539A (en) * | 2018-08-22 | 2019-01-04 | 深圳点猫科技有限公司 | A kind of right management method and electronic equipment of more programming projects |
| CN111818088A (en) * | 2020-07-28 | 2020-10-23 | 深圳壹账通智能科技有限公司 | Authorization mode management method and device, computer equipment and readable storage medium |
-
2021
- 2021-07-26 CN CN202110844255.6A patent/CN113569179A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130007846A1 (en) * | 2011-07-01 | 2013-01-03 | Telefonaktiebolaget L M Ericsson (Publ) | Methods and Arrangements for Authorizing and Authentication Interworking |
| CN108243183A (en) * | 2017-12-20 | 2018-07-03 | 北京车和家信息技术有限公司 | Integrated control method, system and the computer equipment of gate system |
| CN108881232A (en) * | 2018-06-21 | 2018-11-23 | 北京海泰方圆科技股份有限公司 | Sign-on access method, apparatus, storage medium and the processor of operation system |
| CN109145539A (en) * | 2018-08-22 | 2019-01-04 | 深圳点猫科技有限公司 | A kind of right management method and electronic equipment of more programming projects |
| CN109088884A (en) * | 2018-09-26 | 2018-12-25 | 平安医疗健康管理股份有限公司 | Network address access method, device, server and the storage medium of identity-based verifying |
| CN111818088A (en) * | 2020-07-28 | 2020-10-23 | 深圳壹账通智能科技有限公司 | Authorization mode management method and device, computer equipment and readable storage medium |
Non-Patent Citations (2)
| Title |
|---|
| 石瑞生: "《网络空间安全专业规划教材 大数据安全与隐私保护》", 31 May 2019, 北京邮电大学出版社, pages: 39 - 41 * |
| 贾蓓 等: "《矿山工程CAD》", 30 April 2015, 中国矿业大学出版社, pages: 208 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115473754A (en) * | 2022-07-27 | 2022-12-13 | 青岛海尔科技有限公司 | Multi-system access management method and device and multi-system management platform |
| CN115865436A (en) * | 2022-11-22 | 2023-03-28 | 平安银行股份有限公司 | Multi-application multi-page authority management method and device and computer equipment |
| CN115865436B (en) * | 2022-11-22 | 2024-04-12 | 平安银行股份有限公司 | Multi-application multi-page authority management method and device and computer equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10909212B2 (en) | Obfuscating network page structure | |
| US10320776B2 (en) | Protection of application passwords using a secure proxy | |
| US10740411B2 (en) | Determining repeat website users via browser uniqueness tracking | |
| US10560435B2 (en) | Enforcing restrictions on third-party accounts | |
| AU2019322806B2 (en) | Location-based access to controlled access resources | |
| US20220232003A1 (en) | Limiting scopes in token-based authorization systems | |
| CN103930897A (en) | Mobile application, single sign-on management | |
| US10250585B1 (en) | Identity migration between organizations | |
| CN109683936A (en) | Gray scale dissemination method and device, storage medium and electronic equipment | |
| CN110661776B (en) | Sensitive data tracing method, device, security gateway and system | |
| US10387872B2 (en) | Browser-based payment for content | |
| CN113569179A (en) | Subsystem access method and device based on unified website | |
| CN111355720B (en) | Method, system and equipment for accessing intranet by application and computer storage medium | |
| CN106464497A (en) | Methods and systems of issuing, transmitting and managing tokens using a low-latency session syndication framework | |
| CN110968760A (en) | Webpage data crawling method and device, and webpage login method and device | |
| CN111241523B (en) | Authentication processing method, device, equipment and storage medium | |
| CN116484338A (en) | Database access method and device | |
| US10803164B2 (en) | Validating sign-out implementation for identity federation | |
| US10187262B2 (en) | Automated multi-user system detection | |
| CN116438778A (en) | Persistent source value of assumed alternate identity | |
| CN114006757A (en) | GIS service access control method, device, framework, medium and equipment | |
| CN114186216A (en) | System access control method, system, computer device and storage medium | |
| CN116781392A (en) | Login method, device, system and equipment | |
| Coffie | MonitR: A mobile application for monitoring online accounts’ security | |
| CN116560655A (en) | Method and equipment for integrally managing background |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |