Disclosure of Invention
In view of this, the embodiments of the present invention provide a method, an apparatus, and a storage medium for replacing a token, so as to ensure security of source codes.
In order to achieve the above object, the embodiment of the present invention provides the following technical solutions:
a method of token replacement, comprising:
responding to a token acquisition request of a login user for a website system corresponding to a current login website, and storing first token data corresponding to the token acquisition request;
when a token replacement request is detected to be initiated by a page background, the token replacement request is analyzed to obtain identification information of a target system required to perform token conversion;
verifying whether first token data for token replacement is legal or not;
if the second token data of the target system is legal, acquiring the second token data of the target system, and storing the second token data to the front end;
when the heterogeneous page triggered by the user is detected, the second token data is read, and a data request is initiated to the target system based on the second token data;
and acquiring and displaying feedback data of the target system.
Optionally, in the token replacement method, the target system is a system corresponding to each heterogeneous page embedded in the target website.
Optionally, before responding to a token acquisition request of a login user for a website system corresponding to a current login website, the token replacement method further includes:
acquiring and storing an authentication interface of a website system and a token generation interface of a target system;
the checking whether the first token data for token replacement is legal or not comprises the following steps:
checking whether first token data for performing token replacement is legal or not by adopting an authentication interface of the website system;
the obtaining the second token data of the target system includes:
and obtaining second token data of the target system through a token generation interface of the target system.
Optionally, in the above token replacement method, when the number of stored token generation interfaces is greater than 1, obtaining second token data of the target system through the token generation interfaces of the target system includes:
and acquiring second token data of the target system through a token generation interface of the target system corresponding to the heterogeneous page.
Optionally, in the above token replacement method, the method further includes:
scanning the target system embedded in the current login website, judging whether a new target system is embedded in or removed from the current login website, acquiring and storing a token generation interface of the new target system when the new target system is embedded in the current login website, and deleting the stored token generation interface of the removed target system when the target system is removed from the current login website.
A token replacement device comprising:
the first token data acquisition unit is used for responding to a token acquisition request of a login user for a website system corresponding to a current login website and storing first token data corresponding to the token acquisition request;
the replacement request response unit is used for analyzing the token replacement request when the token replacement request initiated by the page background is detected, so as to obtain the identification information of the target system required to perform token conversion;
a verification unit for verifying whether the first token data for performing the token replacement is legal;
the second token data acquisition unit is used for acquiring second token data of the target system if the first token data are detected to be legal, and storing the second token data to the front end;
the data interaction unit is used for reading the second token data when detecting that the user triggers the heterogeneous page, and initiating a data request to the target system based on the second token data; and acquiring and displaying feedback data of the target system.
Optionally, in the token replacement device,
the first token data acquisition unit is further used for, before responding to a token acquisition request of a login user for a website system corresponding to a current login website: acquiring and storing an authentication interface of a website system;
the second token data acquisition unit is further used for acquiring and storing a token generation interface of the target system before acquiring second token data of the target system;
at this time, the verifying whether the first token data for performing the token replacement is legal includes:
checking whether first token data for performing token replacement is legal or not by adopting an authentication interface of the website system;
the obtaining the second token data of the target system includes:
and obtaining second token data of the target system through a token generation interface of the target system.
Optionally, in the token replacement device,
when the number of the saved token generation interfaces is greater than 1, acquiring second token data of the target system through the token generation interfaces of the target system, wherein the second token data comprises the following steps:
and acquiring second token data of the target system through a token generation interface of the target system corresponding to the heterogeneous page.
Optionally, the token replacement device further includes:
scanning the target system embedded in the current login website, judging whether a new target system is embedded in or removed from the current login website, acquiring and storing a token generation interface of the new target system when the new target system is embedded in the current login website, and deleting the stored token generation interface of the removed target system when the target system is removed from the current login website.
A storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps of the token replacement method of any one of the preceding claims.
Based on the technical scheme, when a user logs in a current website, the first token data of the website system corresponding to the current website are obtained and stored, after the login is successful, a token replacement request initiated by the background of the current website is automatically processed, security verification is carried out on the first token data in the token replacement request, when the verification is passed, second token data of the target system corresponding to each heterogeneous webpage embedded in the current website is obtained, when the heterogeneous webpage is triggered, data interaction is carried out on the target system based on the second token data, the first token data and the second token data can be directly obtained at the front end in the triggering process of the heterogeneous webpage, the data in the website system is invisible to the user, and the second token data can be directly adopted for carrying out data access on the target system, so that the security of the data in the website system is ensured.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
To prevent front end source code from being directly exposed when jumping among multiple applets, the application discloses a token replacement method, which can be applied to a client, see fig. 1, and can include:
step S101: responding to a token acquisition request of a login user for a website system corresponding to a current login website, and storing first token data corresponding to the token acquisition request.
Referring to fig. 1 and 2, when a user logs in a current login website by using a client, a system applying the method automatically generates a token acquisition request for acquiring token data of the current login website, sends the token acquisition request to a website system corresponding to the current login website, after acquiring the token acquisition request, the website system generates first token data (atoken) corresponding to the website system, sends the first token data atoken of the website system as real-time response data of the token acquisition request to the client, and after acquiring the first token data atoken, the client stores the first token data atoken in a front-end browser of the client, and at this time, the user can successfully log in the current login website.
Step S102: when a token replacement request initiated by a page background is detected, the token replacement request is analyzed to obtain identification information of a target system required to perform token conversion.
After a user logs in the current login website, if a heterogeneous page exists in the current login website, a page background automatically initiates a token replacement request, and when a device applying the method detects that the page background initiates the token replacement request, the token replacement request is analyzed to obtain identification information of a target system required to perform token conversion, wherein the token replacement request includes at least stored first token data atoken and identification information of the target system, and the identification information of the target system can refer to address information of a token generation interface of the target system.
Step S103: it is checked whether the first token data for token replacement is valid.
In this step, in order to ensure the security of the front end source code, before performing token replacement, security verification needs to be performed on the first token data included in the token replacement request, that is, security verification is performed on the first token data that is fetched by the client, and when security verification is performed, the website system may be used to perform security verification.
Step S104: and if the second token data of the target system is legal, acquiring the second token data of the target system, and storing the second token data to the front end.
After the security verification is carried out on the first token data, if the security verification of the first token data is passed, executing the step, if the security verification fails, not responding to the token replacement request, and carrying out error reporting. When the step is executed, the token data token of the target system corresponding to each heterogeneous webpage embedded in the current login website is obtained, the token data is recorded as second token data btoken, and then the second token data btoken is stored to a client side to wait for system call.
Step S105: and when the heterogeneous page triggered by the user is detected, the second token data is read, and a data request is initiated to the target system based on the second token data.
In the step, when the heterogeneous page of the current website is detected to be triggered by a user, second token data btoken of a target system corresponding to the triggered heterogeneous page is extracted, and data interaction is directly carried out on the target system corresponding to the heterogeneous page based on the second token data btoken.
Step S106: and acquiring and displaying feedback data of the target system.
According to the technical scheme disclosed by the embodiment of the application, when a user logs in a current website, first token data of a website system corresponding to the current website are acquired and stored, after the user logs in successfully, a token replacement request initiated by a background of the current website is automatically processed, security verification is carried out on the first token data in the token replacement request, when the verification passes, second token data of a target system corresponding to each heterogeneous webpage embedded in the current website is acquired, when the heterogeneous webpage is triggered, data interaction is carried out on the basis of the second token data directly with the target system, the first token data and the second token data can be acquired directly at the front end in the triggering process of the heterogeneous webpage, in-site data in the website system are invisible to the user, and the second token data can be directly adopted for carrying out data access on the target system, so that the security of the data in the website system is ensured.
In the foregoing embodiments of the present application, the target system is a system corresponding to each heterogeneous page embedded in the target website, and the heterogeneous page is a plug-in or a function control embedded in the current login website.
The above solution disclosed in the embodiments of the present application may be implemented by a preset application program, for example, the above may be implemented by a JAVA application program, which is loaded on the client, and when the client is started locally, the above procedure is automatically executed. In the above scheme, the authentication interface of the website system may be cured at the client, and when the security check is performed on the first token data, the first token data may be directly sent to the website system end through the authentication interface of the website system, and the security check is performed at the website system end. Correspondingly, the token generation interfaces of the target system corresponding to the heterogeneous webpages in the current login website can be solidified at the client, and when the client needs to use, the token generation interfaces are directly called, namely, when the security check passes, second token data of the target system are obtained at the client, and then the client directly obtains the system interface of the target system based on the second token data.
That is, in summary, before responding to the token acquisition request of the login user for the website system corresponding to the current login website, the method further includes:
and acquiring and storing an authentication interface of the website system and a token generation interface of the target system at the client. In the technical solution disclosed in this embodiment, the authentication interface and the token generation interface may provide a request parameter request and a response data processing rule response, where the request parameter is mainly a request header parameter, a url parameter and a request body parameter, and the response data processing rule may support two formats of JSON and a common character string, and certainly may also support other formats, where JSON uses XPath definition rules, and the common character string uses regular expression processing rules;
at this time, the verifying whether the first token data for performing the token replacement is legal includes:
checking whether first token data for performing token replacement is legal or not by adopting an authentication interface of the website system;
at this time, the obtaining the second token data of the target system includes:
and obtaining second token data of the target system through a token generation interface of the target system.
In this way, the authentication interface and the token generation interface are both solidified at the client, so that the problem of source code leakage caused by excessive data facing the user in the website system can be effectively prevented.
In the technical solution disclosed in this embodiment, the number of token generation interfaces stored at the client may be greater than 1, and the target systems corresponding to different token generation interfaces are different;
when the number of the saved token generation interfaces is greater than 1, acquiring second token data of the target system through the token generation interfaces of the target system, wherein the second token data comprises the following steps:
and acquiring second token data of the target system through a token generation interface of the target system corresponding to the heterogeneous page.
In the technical solution disclosed in another embodiment of the present application, considering that a user may autonomously add or delete a heterogeneous web page in the target website based on his own needs, when the heterogeneous web page in the current login website changes, the stored token generation interface may be adjusted based on the change, that is, in the above solution, the method may further include:
scanning the target system embedded in the current login website, judging whether a new target system is embedded in or removed from the current login website, acquiring and storing a token generation interface of the new target system in a client when the new target system is embedded in the current login website, and deleting the stored token generation interface of the removed target system by the client when the target system is removed from the current login website.
In this embodiment, corresponding to the above method, the present application further discloses a token replacing device, and please refer to the content of the above method embodiment for specific working content of each unit in the device, and the token replacing device provided in the embodiment of the present invention is described below, where the token replacing device described below and the token replacing method described above may refer to each other correspondingly.
Referring to fig. 3, a token replacement apparatus disclosed in an embodiment of the present application includes:
a first token data acquisition unit 100, configured to respond to a token acquisition request of a login user for a website system corresponding to a current login website, and store first token data corresponding to the token acquisition request;
the replacement request response unit 200 is configured to parse the token replacement request when detecting that the page background initiates the token replacement request, so as to obtain identification information of a target system that needs to perform token conversion;
a checking unit 300 for checking whether the first token data for performing the token replacement is legal;
a second token data acquisition unit 400, configured to acquire second token data of the target system if the first token data is detected to be legal, and store the second token data to a front end;
the data interaction unit 500 is configured to read the second token data when detecting that the user triggers the heterogeneous page, and initiate a data request to the target system based on the second token data; and acquiring and displaying feedback data of the target system.
Corresponding to the method, the first token data acquisition unit is further configured to, before responding to a token acquisition request of a login user for a website system corresponding to a current login website: acquiring and storing an authentication interface of a website system;
the second token data acquisition unit is further used for acquiring and storing a token generation interface of the target system before acquiring second token data of the target system;
at this time, the verifying whether the first token data for performing the token replacement is legal includes:
checking whether first token data for performing token replacement is legal or not by adopting an authentication interface of the website system;
the obtaining the second token data of the target system includes:
and obtaining second token data of the target system through a token generation interface of the target system.
Corresponding to the method, when the number of the stored token generation interfaces is greater than 1, obtaining second token data of the target system through the token generation interfaces of the target system comprises the following steps:
and acquiring second token data of the target system through a token generation interface of the target system corresponding to the heterogeneous page.
Corresponding to the method, the method further comprises:
scanning the target system embedded in the current login website, judging whether a new target system is embedded in or removed from the current login website, acquiring and storing a token generation interface of the new target system when the new target system is embedded in the current login website, and deleting the stored token generation interface of the removed target system when the target system is removed from the current login website.
Corresponding to the above method, the present application also discloses a storage medium, characterized in that the storage medium stores a plurality of instructions, which are adapted to be loaded by a processor to perform the steps in the token replacement method according to any of the above.
Specifically, corresponding to the above method, the instructions, when executed, are specifically configured to perform the following operations:
responding to a token acquisition request of a login user for a website system corresponding to a current login website, and storing first token data corresponding to the token acquisition request;
when a token replacement request is detected to be initiated by a page background, the token replacement request is analyzed to obtain identification information of a target system required to perform token conversion;
verifying whether first token data for token replacement is legal or not;
if the second token data of the target system is legal, acquiring the second token data of the target system, and storing the second token data to the front end;
when the heterogeneous page triggered by the user is detected, the second token data is read, and a data request is initiated to the target system based on the second token data;
and acquiring and displaying feedback data of the target system.
The instruction is further used for, before responding to a token acquisition request of a login user for a website system corresponding to a current login website:
acquiring and storing an authentication interface of a website system and a token generation interface of a target system;
the checking whether the first token data for token replacement is legal or not comprises the following steps:
checking whether first token data for performing token replacement is legal or not by adopting an authentication interface of the website system;
the obtaining the second token data of the target system includes:
and obtaining second token data of the target system through a token generation interface of the target system.
When the number of the stored token generation interfaces is greater than 1, the instruction obtains the second token data of the target system through the token generation interfaces of the target system, and specifically includes:
and acquiring second token data of the target system through a token generation interface of the target system corresponding to the heterogeneous page.
The instructions are also for:
scanning the target system embedded in the current login website, judging whether a new target system is embedded in or removed from the current login website, acquiring and storing a token generation interface of the new target system when the new target system is embedded in the current login website, and deleting the stored token generation interface of the removed target system when the target system is removed from the current login website.
The storage medium stores a plurality of instructions, which can be realized in the form of codes, and the type and the coding mode of the codes can be selected according to the demands of users.
For convenience of description, the above system is described as being functionally divided into various modules, respectively. Of course, the functions of each module may be implemented in the same piece or pieces of software and/or hardware when implementing the present invention.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for a system or system embodiment, since it is substantially similar to a method embodiment, the description is relatively simple, with reference to the description of the method embodiment being made in part. The systems and system embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. Those of ordinary skill in the art will understand and implement the present invention without undue burden.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative elements and steps are described above generally in terms of functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. The software modules may be disposed in Random Access Memory (RAM), memory, read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
It is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.