CN114157535B - Double-responsibility chain micro-service gateway system and processing method thereof - Google Patents
Double-responsibility chain micro-service gateway system and processing method thereof Download PDFInfo
- Publication number
- CN114157535B CN114157535B CN202111207467.XA CN202111207467A CN114157535B CN 114157535 B CN114157535 B CN 114157535B CN 202111207467 A CN202111207467 A CN 202111207467A CN 114157535 B CN114157535 B CN 114157535B
- Authority
- CN
- China
- Prior art keywords
- information
- service
- verification
- service request
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 12
- 238000012545 processing Methods 0.000 claims abstract description 140
- 238000012795 verification Methods 0.000 claims description 215
- 238000001914 filtration Methods 0.000 claims description 186
- 238000000034 method Methods 0.000 claims description 71
- 230000008569 process Effects 0.000 claims description 27
- 230000009977 dual effect Effects 0.000 claims description 13
- 230000002159 abnormal effect Effects 0.000 claims description 12
- 238000012550 audit Methods 0.000 claims description 10
- 238000004806 packaging method and process Methods 0.000 claims description 9
- 230000006870 function Effects 0.000 abstract description 49
- 238000011161 development Methods 0.000 abstract description 12
- 230000008878 coupling Effects 0.000 abstract description 4
- 238000010168 coupling process Methods 0.000 abstract description 4
- 238000005859 coupling reaction Methods 0.000 abstract description 4
- 230000005856 abnormality Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 9
- 230000026676 system process Effects 0.000 description 4
- 238000002347 injection Methods 0.000 description 3
- 239000007924 injection Substances 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 239000012141 concentrate Substances 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 230000001419 dependent effect Effects 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000002161 passivation Methods 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The application provides a double-responsibility-chain micro-service gateway system and a processing method thereof. The functions of processing the public non-business operations, which are originally scattered in the business system, of each business micro-service are integrated into the dual-responsibility-chain gateway to be uniformly realized, so that the coupling of the public non-business operations and the business operations in the business system is solved, the code repetition is reduced, the influence of the public non-business operation abnormality on the business is reduced, a developer does not need to pay attention to the non-business operation functions, only needs to pay attention to the development of business codes, and the overall development efficiency is improved.
Description
Technical Field
The application relates to the technical field of data processing, in particular to a double-responsibility-chain micro-service gateway system and a processing method thereof.
Background
In the development of a traditional software system, many non-services need to be coupled with service codes, and a plurality of services also have repeated codes, but the expandability is not high. The conventional system authentication operation requires a common login authentication logic method, and then the login authentication is judged before the service method. Thus, each method writes one or several repeated authentication codes, if there are multiple services, each service needs to write one common method, the repeated codes are very many, and if the authentication logic is modified, each service needs to be modified, which brings problems for software development efficiency, maintainability and the like.
Therefore, a solution to the problems of excessive repeated codes, difficult maintenance and low expansibility caused by repeated coupling to specific service codes for common functions needs to be provided.
Disclosure of Invention
In view of the foregoing, an object of the present application is to provide a dual-responsibility chain micro-service gateway system and a processing method thereof.
Based on the above object, the present application provides a dual-responsibility-chain micro-service gateway system, which is characterized by comprising a gateway receiving end, a dual-responsibility-chain gateway connected with the gateway receiving end, and a gateway output end connected with the dual-responsibility-chain gateway, and comprising:
the gateway receiving end is used for receiving service request information sent by a front-end application or service feedback information sent by a service system and sending the service request information or the service feedback information to the dual-responsibility chain gateway;
the dual-responsibility chain gateway is used for receiving the service request information or the service feedback information, identifying the public non-service information in the service request information or the service feedback information for processing, and sending the obtained service request processing result or service feedback processing result to the gateway output end;
The gateway output end is used for sending the received service request processing result to the service system or sending the received service feedback processing result to the front-end application.
In some embodiments, the dual-responsibility chain gateway processes the public non-business information in the business request information or the business feedback information by adopting a filtering responsibility chain when identifying the public non-business information to process, wherein the filtering responsibility chain comprises:
the device comprises a verification filter module, a decryption filter module connected with the verification filter module and a result filter module connected with the decryption filter module; wherein,
the verification filtering module is used for receiving the service request information sent by the gateway receiving end, identifying public non-service information of the service request information, processing the verification information to obtain a verification processing result when the verification information is identified, adding the verification processing result into the service request information to obtain first service request information, sending the first service request information to the decryption filtering module, or receiving the service feedback information sent by the gateway receiving end and sending the service feedback information to the decryption filtering module;
The decryption filter module is used for receiving the first service request information, identifying public non-service information of the first service request information, calling a preset decryption algorithm to decrypt when identifying parameters needing to be decrypted, adding a decryption result into the first service request information to obtain second service request information, sending the second service request information to the risk filter module, or receiving the service feedback information sent by the verification filter module and sending the service feedback information to the result filter module;
the result filtering module is configured to receive the second service request information, send the second service request information as a service request processing result to the gateway output end, or receive the service feedback information sent by the decryption filtering module, identify public non-service information of the service feedback information, call a preset encryption algorithm to encrypt when identifying parameters needing encryption, and add an encryption result to the service feedback information to obtain the service feedback processing result and send the service feedback processing result to the gateway output end.
In some embodiments, the filtering responsibility chain further comprises:
The risk filtering module is connected between the decryption filtering module and the result filtering module;
and the processing module is used for receiving the second service request information, identifying public non-service information of the second service request information, calling a preset processing strategy to perform innocent treatment when the harmful information is identified, adding a innocent treatment result into the second service request information to obtain third service request information, and sending the third service request information to the result filtering module, or receiving service feedback information sent by the decryption filtering module and sending the service feedback information to the result filtering module.
In some embodiments, the filtering responsibility chain further comprises:
the error filtering module is respectively connected with the verification filtering module, the decryption filtering module, the risk filtering module and the result filtering module;
the system comprises a verification filtering module, a decryption filtering module, a risk filtering module and a result filtering module, wherein the verification filtering module is used for receiving abnormal information formed by at least one of the verification filtering module, the decryption filtering module, the risk filtering module and the result filtering module in the execution process; and packaging the abnormal information, sending a packaging result to the gateway output end, and sending the packaging result to the front-end application by the gateway output end.
In some embodiments, the verification filtering module processes the verification information to obtain a verification processing result, and adds the verification processing result to the service request information to obtain first service request information, where the verification responsibility chain includes:
the login authentication verification module is connected between the request method verification module and the decryption filter module; wherein,
the request method verification module is used for receiving the service request information sent by the gateway receiving end, identifying public non-service information of the service request information, identifying the verification information from the public non-service information of the service request information, identifying the verification information, judging whether the request method is correct or not when the request method is identified, adding a judgment result into the verification information to obtain first verification information, and sending the first verification information to the login authentication verification module;
the login authentication verification module is used for receiving the first verification information, identifying the first verification information, judging whether the login authentication information meets preset requirements when the login authentication information is identified, adding a judging result into the first verification information to obtain second verification information, adding the second verification information serving as a verification processing result into the service request information to obtain first service request information, and sending the first service request information to the decryption filtering module.
In some embodiments, the checking responsibility chain further comprises:
the request timeout checking module is connected between the login authentication checking module and the decryption filtering module;
and the decryption filtering module is used for receiving the second verification information, identifying the second verification information, judging whether the request time is overtime when the request time is identified, adding the judging result into the second verification information to obtain third verification information, adding the third verification information as the verification processing result into the service request information to obtain the first service request information, and sending the first service request information to the decryption filtering module.
In some embodiments, the checking responsibility chain further comprises:
the request override verification module is connected between the request timeout verification module and the decryption filter module;
and the decryption filter module is used for receiving the third check information, identifying the third check information, judging whether the request information is unauthorized when the request information is identified, adding the judgment result into the third check information to obtain fourth check information, adding the fourth check information as the check processing result into the service request information to obtain the first service request information, and sending the first service request information to the decryption filter module.
In some embodiments, the checking responsibility chain further comprises:
the blacklist verification module is connected with the request override verification module and the decryption filter module;
and the decryption filter module is used for receiving the fourth verification information, identifying the fourth verification information, judging whether the identity information is in a preset blacklist or not when the identity information is identified, adding a judgment result into the fourth verification information to obtain fifth verification information, adding the fifth verification information as a verification processing result into the service request information to obtain the first service request information, and sending the first service request information to the decryption filter module.
In some embodiments, the dual-responsibility chain gateway sends the service request processing result or the service feedback processing result to a pre-developed audit log for recording.
The application also provides a processing method of the dual-responsibility chain micro-service gateway system, which comprises the following steps:
receiving service request information sent by a front-end application or service feedback information sent by a service system;
responding to the public non-business information in the identified business request information or the business feedback information, and processing the business request information or the public non-business information in the business feedback information to obtain a business request processing result or a business feedback processing result;
And sending the service request processing result to the service system or sending the service feedback processing result to the front-end application.
As can be seen from the above description, the dual-responsibility-chain micro-service gateway system and the processing method thereof provided by the present application processes public non-service operations by providing a single dual-responsibility-chain gateway, where the dual-responsibility-chain gateway includes each module for solving public non-service operations, and is used for executing corresponding public non-service operations respectively, so that service micro-services in the service system no longer need to execute these public non-service operations, only need to execute service operations, and decoupling of public non-service operations and service operations is achieved. Meanwhile, when a developer develops the business micro-service, the public non-business operation is not required to be executed by adopting the business micro-service, the function of realizing the public non-business operation is not required to be repeatedly developed for each business micro-service, the code repetition rate of the business micro-service is reduced, the developer is not required to consume energy non-business codes, and the working efficiency of the developer is improved.
Drawings
In order to more clearly illustrate the technical solutions of the present application or related art, the drawings that are required to be used in the description of the embodiments or related art will be briefly described below, and it is apparent that the drawings in the following description are only embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort to those of ordinary skill in the art.
Fig. 1 is a schematic diagram of a dual-responsibility chain micro-service gateway system according to an embodiment of the present application;
fig. 2 is a schematic diagram of a dual-responsibility chain gateway according to an embodiment of the present application;
fig. 3 is a schematic diagram of performing parameter encryption and decryption by the dual-responsibility chain gateway according to the embodiment of the present application;
fig. 4 is a schematic diagram of a dual-responsibility chain gateway for processing risk information according to an embodiment of the present application;
fig. 5 is a schematic diagram of a processing method of a dual-responsibility chain micro-service gateway system according to an embodiment of the present application;
fig. 6 is a schematic diagram of a verification responsibility chain of a dual responsibility chain gateway in a dual responsibility chain micro-service gateway system according to an embodiment of the present application to process service request information or service feedback information;
fig. 7 is a schematic diagram of a verification responsibility chain processing verification information of a dual responsibility chain gateway in a dual responsibility chain micro-service gateway system according to an embodiment of the present application.
Detailed Description
For the purposes of making the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail below with reference to the accompanying drawings.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present application should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present application belongs. The terms "first," "second," and the like, as used in embodiments of the present application, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items. The terms "connected" or "connected," and the like, are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect.
In the related art, many non-business operations need to be coupled with business codes when a business system is developed, so that repetitive codes exist in a plurality of services, and the expandability is not high. For example, the authentication operation of the conventional system requires a common login authentication logic method, and then the login authentication is judged before the service method. Each method thus writes one or several lines of repeated authentication codes. If there are multiple services, each service needs to write one common method, repeated codes are very much, and many problems are brought to software development efficiency, maintainability and the like. At this time, if the authentication logic is modified, each service needs to be modified, and the service coupling is strong. Even if the tangent plane programming is adopted, the code repetition problem inside the system can be reduced, and the code repetition problem of each system can not be solved.
In order to solve the above problems, the present application provides a dual-responsibility chain micro-service gateway system, for service request information sent from a front-end application or service feedback information sent by a service system, the dual-responsibility chain micro-service gateway system processes public non-service operation therein, and then sends the service request information processed with the public non-service operation information to a corresponding service micro-service in the service system for processing or sends the service feedback information processed with the public non-service operation information to a front-end application. The code repetition of public non-business operation in each business micro-service in the business system is reduced, and the influence of public non-business operation abnormality on business is reduced.
Referring to fig. 1, the dual-responsibility chain micro-service gateway system provided in the present application includes a gateway receiving end 101, a dual-responsibility chain gateway 102 connected with the gateway receiving end 101, and a gateway output end 103 connected with the dual-responsibility chain gateway 102, where:
the gateway receiving end 101 is configured to receive service request information sent by a front-end application or service feedback information sent by a service system, and send the service request information or the service feedback information to the dual-responsibility chain gateway.
The gateway receiving end 101 is a pre-configured data interface for receiving information. The front-end application refers to a hardware device or software that receives service request information and displays a processing result of a service system, and is responsible for sending the received service request information, such as a query request, an operation request, and the like, to the gateway receiving end 101.
The service system includes multiple service micro-services for processing different service requests, and is responsible for sending service feedback information such as query results, operation results and the like to the gateway receiving end 101.
The dual-responsibility chain gateway 102 is configured to receive the service request information or the service feedback information, identify the public non-service information in the service request information or the service feedback information for processing, and send the obtained service request processing result or the service feedback processing result to the gateway output end.
The dual-responsibility-chain gateway 102 extracts common non-operation functions such as login authentication, parameter encryption and decryption, anomaly identification and the like which are originally dispersed in each business micro-service, integrates the common non-operation functions into modules for realizing different common non-business operation functions, and then connects the modules into independent gateway services in a responsibility chain mode according to a certain sequence.
After receiving the service request information or the service feedback information, the dual-responsibility chain gateway 102 processes the public non-service operation information therein and sends the obtained service request information processing result to the service system or the service feedback wanted information processing result to the front-end application. Taking the example that the dual-responsibility chain gateway 102 receives the query request from the gateway receiving end 101, the front-end application encrypts the parameters in the query request by adopting a preset encryption algorithm, and because the query request may not only correspond to a single service micro-service in the service system, when the dual-responsibility chain gateway is not adopted, each service micro-service needs to call a decryption algorithm to decrypt the encrypted parameters when receiving the query request, and then obtains and processes the parameters required by the front-end application to obtain the query result. After the dual-responsibility-chain gateway is adopted, a module responsible for decryption function in the dual-responsibility-chain gateway invokes a corresponding decryption algorithm to decrypt the encrypted related parameters, then the decrypted related parameters are sent to a service system through a gateway output end, and the service system distributes the received decrypted related parameters to corresponding service micro-services, so that each service micro-service removes the step of decrypting and acquiring the required parameters.
And the gateway output terminal 103 is configured to send the received service request processing result to the service system, or send the received service feedback processing result to the front-end application.
The gateway output end 103 is a pre-configured data interface for sending information, sends service request processing results obtained by processing service request information such as a query request, an operation request and the like by the dual-responsibility chain gateway to the service system, and then the service system selects a corresponding service micro-service for processing.
Or sending the service feedback processing result obtained by processing the service feedback information such as the query result, the operation result and the like by the dual-responsibility chain gateway to the front-end application, and displaying the service feedback processing result by the front-end application.
According to the dual-responsibility-chain micro-service gateway system provided by the application, functions of executing public non-service operations such as a verification function, a decryption function and an encryption function of each service micro-service in the service system are integrated into a single gateway service, when a front-end application sends service request information to the service system or the service system sends service feedback information to a front-end application, the service request information is firstly sent to the dual-responsibility-chain micro-service gateway system, the dual-responsibility-chain micro-service gateway system processes the public non-service operations including login authentication, parameter encryption and decryption and the like, and then a service request processing result or a service feedback processing result is sent to the corresponding service system or the front-end application. The service micro-service in the service system only needs to execute the service function of the service micro-service, and the decoupling of the public non-service operation and the service operation is realized. The development of corresponding functions aiming at public non-business operation is not needed to be considered when a developer develops business micro-services, and the developer can concentrate on the development of business codes, so that the working efficiency of the developer is improved.
Optionally, the dual-responsibility-chain gateway 102 in the present application processes the public non-business operation information in the received business request information or business feedback information by adopting a filtering responsibility chain, where the filtering responsibility chain is the main responsibility chain of the dual-responsibility-chain gateway 102. When the dual-responsibility chain gateway 102 receives the service request information or the service feedback information, the modules on the filtering responsibility chain respectively process the public non-service operation information in sequence, and transmit the processing result to the gateway output end along the filtering responsibility chain. Referring to fig. 2, the filtering responsibility chain includes a verification filter module 201, a decryption filter module 202 connected to the verification filter module 201, and a result filter module 204 connected to the decryption filter module 202.
The verification filtering module 201 is configured to receive service request information sent by a gateway receiving end, identify public non-service information of the service request information, process the verification information to obtain a verification processing result when the verification information is identified, add the verification processing result to the service request information to obtain first service request information, send the first service request information to the decryption filtering module 202, or receive service feedback information sent by the gateway receiving end, and send the service feedback information to the decryption filtering module 202.
The verification filtering module 201 is obtained by integrating the functions of verifying the service request information after receiving the service request information by using each service micro service originally, and can realize various verification functions such as verification of a request method, verification of login authentication, and the like. The verification filtering module 201 executes corresponding verification operation according to the verification type corresponding to the service request information, and transmits the service request information passing verification to the next module of the filtering responsibility chain to perform corresponding processing; and for the service request information which does not pass the verification, feeding back the information which does not pass the verification to the front-end application. Taking login authentication verification as an example, the verification filtering module 201 needs to judge whether the user name and the password in the received service request information are matched according to a pre-stored user name-password combination, and if the user name and the password are matched, the result of the login authentication verification is added into the service request information to obtain first service request information, and the first service request information is continuously transmitted to the next module for processing; otherwise, the unmatched result is fed back to the front-end application as an exception through the gateway output 103.
The decryption filtering module 202 is configured to receive the first service request information, identify public non-service information of the first service request information, and when identifying parameters that need to be decrypted, invoke a preset decryption algorithm to decrypt, and add a decryption result to the first service request information to obtain second service request information, send the second service request information to the result filtering module 204, or receive service feedback information sent by the verification filtering module 201, and send the service feedback information to the result filtering module 204.
The front-end application calls an encryption algorithm to encrypt the received operation parameters in order to ensure the safety of the information transmission process, and when the encrypted operation parameters are transmitted to the service micro-service of the service system along with the service request information, the service micro-service also needs to call a corresponding decryption algorithm to decrypt so as to obtain the operation parameters, and then executes corresponding operation according to the operation parameters. In this case, the setting of the decryption function needs to be considered when each business micro-service is developed, and the workload of the developer is increased. To solve this problem, the decryption function in each service micro-service is integrated and developed to obtain a decryption filter module 202, and this module invokes a pre-stored decryption algorithm to decrypt the encrypted parameters in the received first service request information, and sends the second service request information with the decrypted parameters to the next module of the filtering responsibility chain.
The result filtering module 204 is configured to receive the second service request information, send the second service request information to the gateway output end as a service request processing result, or receive the service feedback information sent by the decryption filtering module 202, identify public non-service information of the service feedback information, and when identifying a parameter that needs to be encrypted, invoke a preset encryption algorithm to encrypt, add the encryption result to the service feedback information, obtain a service feedback processing result, and send the service feedback processing result to the gateway output end.
In order to ensure the safety of the information transmission process, after the operation corresponding to the operation parameters is executed to obtain the processing result, the business micro-service also encrypts the processing result by adopting an encryption algorithm and then sends the processing result to the front-end application to decrypt by adopting a corresponding decryption algorithm. In this case, it is also necessary to consider how to implement the encryption function in developing business micro services, thereby increasing the workload of developers. In order to solve the problem, the encryption function which needs to be realized by each service micro-service separately is integrated and developed to obtain a result filtering module 204, a pre-stored encryption algorithm is called by the module to encrypt a processing result in service feedback information which is transmitted to the result filtering module 204 along a filtering responsibility chain, the processing result is transmitted to a front-end application through an output end of a gateway, and the front-end application calls a corresponding decryption algorithm to decrypt to obtain the processing result.
Optionally, referring to fig. 2, between the decryption filtering module 202 and the result filtering module 204, a risk filtering module 203 may be further connected, and configured to receive the second service request information, identify public non-service information of the second service request information, and when harmful information is identified, invoke a preset processing policy to perform innocent treatment, add a innocent treatment result to the second service request information to obtain third service request information, send the third service request information to the result filtering module, or receive service feedback information sent by the decryption filtering module 202, and send the service feedback information to the result filtering module 204.
In order to prevent the damage and loss of service system data caused by attack of some service micro-services, a corresponding risk filtering function needs to be developed when the service micro-services are developed to prevent the attack and protect the data security, so that the workload of developers is increased. In order to solve the problem, the risk filtering functions dispersed in each business micro-service in the business system are integrated to obtain the risk filtering module 203, so that the risk filtering module 203 can effectively prevent security risks such as cross-station request attack, request counterfeiting attack, man-in-the-middle attack and the like; and the security risks of preventing structured query language (Structured Query Language, SQL) injection attack, page Trojan horse hanging and the like are realized based on a sensitive word passivation mechanism. And the risk filtering module 203 not only prevents the protection of the original business micro-service which needs to be protected, but also can provide protection for the business micro-service which does not develop the risk filtering function before, thereby expanding the protection range of the business micro-service.
Optionally, referring to fig. 2, in the filtering responsibility chain, an anomaly filtering module 205 connected to the verification filtering module 201, the decryption filtering module 202, the risk filtering module 203, and the result filtering module 204 respectively is further included, and is configured to receive anomaly information formed by anomalies occurring in at least one of the verification filtering module 201, the decryption filtering module 202, the risk filtering module 203, and the result filtering module 204 during execution; and packaging the abnormal information, sending the packaging result to the gateway output end, and sending the packaging result to the front-end application by the gateway output end.
The exception filtering module 205 receives exception information, including exception information such as CisBrokenTokenException, cisBusinessException, cisMissRandomKeyException, cisMissTokenException, which is generated in the execution process of the other modules on the filtering responsibility chain and sent to the exception filtering module 205, encapsulates the exception information into Token damage, service exception, random key loss, token loss and the like, and then sends the exception information to the front-end application through a configured data interface for realizing communication with the front-end application, and the data interface is displayed by the front-end application, so that the exception occurrence in the execution process of reporting to the front-end application by each module alone is avoided, and each module in the dual responsibility chain gateway does not need to be configured alone to realize the data interface for realizing communication with the front-end application.
Optionally, the specific implementation link of the verification filtering module 201 is a verification responsibility chain, that is, a sub responsibility chain of the filtering responsibility chain, and forms a dual responsibility chain gateway together with the filtering responsibility chain. Referring to fig. 2, the verification responsibility chain includes: the request method checking module 206, and the login authentication checking module 207 respectively connected with the request method checking module 206 and the decryption filtering module 202.
The request method checking module 206 is configured to receive service request information sent by the gateway receiving end, identify public non-service information of the service request information, identify check information from the public non-service information of the service request information, identify the check information, determine whether the request method is correct when the request method is identified, add the determination result into the check information to obtain first check information, and send the first check information to the login authentication checking module 207.
The request method verification module 206 identifies a request method in the verification information and determines whether the request method is correct, including: firstly, adding tag data after a request parameter representing a request method by a front-end application, wherein the tag data is calculated by the front-end application by adopting an encryption algorithm according to the request parameter; when the request method verification module identifies the request parameters with the tag data, the request parameters are identified and calculated by adopting the same encryption algorithm, and the calculated value is compared with the identified tag data, and if the calculated value is the same with the identified tag data, the request method verification is carried out. The request methods originally verified by the service micro-services needing to be verified by the request methods are uniformly processed by the request method verification module 207, so that the request method verification function does not need to be repeatedly developed when the service micro-services needing to be verified are developed.
The login authentication verification module 207 is configured to receive the first verification information, identify the first verification information, determine whether the login authentication information meets a preset requirement when identifying the login authentication information, add the determination result into the first verification information to obtain second verification information, add the second verification information as a verification processing result into the service request information to obtain first service request information, and send the first service request information to the decryption filtering module 202.
When the login authentication verification module 207 determines whether the login authentication information meets the preset requirement, the login authentication verification module determines whether the user name and the password in the verification information are matched according to the user name-password combination pre-stored in the database; the received identity verification information is judged to be matched with the prestored identity verification information such as fingerprints, and the login authentication function realized by each service micro-service needing to be logged in originally is integrated into the login authentication verification module 207, so that the service micro-services needing to be logged in and authenticated only need to receive the service request information passing the login authentication, and the service operation is executed, thereby improving the working efficiency of the service micro-services.
Optionally, referring to fig. 2, between the login authentication verification module 207 and the decryption filtering module 202, a request timeout verification module 208 may be further connected, and configured to receive the second verification information, identify the second verification information, determine whether to timeout when the request time is identified, add the determination result to the second verification information to obtain third verification information, add the third verification information as a verification processing result to the service request information to obtain first service request information, and send the first service request information to the decryption filtering module 202.
The request timeout checking module 207 determines whether the request time is timeout, for example, when a certain service micro-service of the service system receives a login request processed by the dual-responsibility-chain gateway, and successfully logs in the service micro-service, when an operation request is subsequently sent from a front-end application to the service micro-service through the dual-responsibility-chain gateway, the request timeout checking module 207 identifies a time interval between the operation request and the login request, and determines whether the time interval exceeds a preset time threshold. If the time threshold is exceeded, the request is overtime, and the business micro-service needs to be logged in again and the operation request is sent again in time. The request timeout checking module 207 integrates the functions of verifying whether the operation request received by the user is timeout or not, which are originally realized by each business micro-service, so that a developer does not need to specially develop the request timeout checking function when developing the business micro-service, the workload is saved, and the development efficiency is further improved.
Optionally, referring to fig. 2, a request override verification module 209 may be further connected between the request timeout verification module 208 and the decryption filter module 202, and configured to receive third verification information, identify the third verification information, determine whether to override when identifying the request information, add the determination result to the third verification information to obtain fourth verification information, add the fourth verification information as a verification processing result to the service request information to obtain first service request information, and send the first service request information to the decryption filter module 202.
The request override checking module 209 determines whether the request information is override, for example, a certain service micro-service in the service system divides high, medium and low three levels of authorities for an operator logging in the service micro-service, and each level of authority has limitation on the operation that can be performed, for example, a high authority person can execute the functions of publishing comments, querying content and browsing content of the service micro-service, a medium authority person can execute the functions of querying content and browsing content, and a low authority person can only execute the functions of browsing content, and records the authorities and corresponding executable functions in the request override checking module 207. When a low-authority person wants to send an operation instruction for realizing the function of inquiring content to the business micro-service, the request checking module 209 judges that the operation instruction is unauthorized according to the pre-stored authority level and the corresponding executable function. The request verification module 209 can also realize authority levels and corresponding executable operation functions of each business micro-service in the unified business system, so that a set of authority levels and corresponding executable operation functions are prevented from being set for each business micro-service independently, the complexity of the business system is reduced, and the workload of developers is also reduced.
Optionally, referring to fig. 2, a blacklist checking module 210 may be further connected between the request override checking module 209 and the decryption filtering module 202, and configured to receive fourth checking information, identify the fourth checking information, determine whether the identity information is in a preset blacklist when the identity information is identified, add the determination result to the fourth checking information to obtain fifth checking information, add the fifth checking information as a checking result to the service request information to obtain first service request information, and send the first service request information to the decryption filtering module 202.
The blacklist verification module 210 identifies the identity information, matches the identity information with a blacklist preset in the blacklist verification module 210, and if the matching is successful, determines that an operator corresponding to the identity information is in the blacklist, and the service system cannot execute an operation instruction sent by the operator. The blacklist verification functions which are originally realized by each business micro-service independently are integrated together, and the blacklist verification module is obtained through integration and development, so that the blacklist verification functions do not need to be set when the business micro-service is developed, and a developer is focused on the development of business codes.
On the basis of the checking responsibility chain, a new checking module can be further expanded according to the checking function to be realized, and the method is implemented in the concrete: for example, a sensitive word verification module needs to be added to the re-verification responsibility chain, and only the sensitive word verification functions respectively realized by different business micro-services are integrated and developed to obtain the sensitive word verification module, and the sensitive word verification module is connected between the blacklist verification module 210 and the decryption filter module 202 and used for executing the corresponding sensitive word verification function, so that the expansion of the verification responsibility chain is completed.
Optionally, the dual-responsibility chain gateway provided by the application further sends the service request processing result or the service feedback processing result to a pre-developed audit log for recording. The method and the system realize the recording of the working condition of the double-responsibility-chain micro-service gateway system, and record the working condition, thereby facilitating the subsequent inquiry of related data when the double-responsibility-chain micro-service gateway system is maintained. In addition to this way, each module, i.e. the filtering responsibility chain and the checking responsibility chain in the dual responsibility chain gateway, can send the processing result of the module to the pre-developed audit log through the pre-configured event record interface. The content of the audit log record includes: request parameters, request paths, request types, request time, operation types, event types, exception information, and the like. Compared with the method that each business micro-service carries out the recording and then summarizing of the audit log, the dual-responsibility-chain gateway uniformly receives and records the audit log information, so that the audit log can be recorded conveniently and rapidly, and the working efficiency of a business system is improved.
As an optional embodiment, referring to fig. 3, when implementing encryption and decryption of parameters, the dual-responsibility chain micro-service gateway system provided in the present application includes:
In step S301, the front-end application sends encryption parameters to the gateway.
The front-end application calls a built-in encryption algorithm to encrypt the received operation parameters to obtain encryption parameters, and the encryption parameters are sent to the dual-responsibility chain gateway through the gateway receiving end.
In step S302, the gateway decrypts the encryption parameters and sends the encryption parameters to the service system.
In this step, since only encryption and decryption of the parameters need to be executed, the encrypted parameters do not need to be processed by the verification filter module, and reach the decryption filter module along the filtering responsibility chain, the decryption filter module calls a decryption algorithm corresponding to the encrypted parameters to decrypt the encrypted parameters to obtain operation parameters, the operation parameters are sent to the gateway output end along the filtering responsibility chain, and the gateway output end sends the operation parameters to the service system.
Step S303, the business system processes the parameters and sends the processing result to the gateway.
In the step, the service system executes operation according to the operation parameters, generates a corresponding processing result, and sends the processing result to the dual-responsibility chain gateway through the gateway receiving end.
Step S304, the gateway encrypts the processing result and sends the encryption result to the front-end application.
In the step, the processing result reaches a result filtering module along a filtering responsibility chain, a preset encryption algorithm is called by the result filtering module to encrypt to obtain an encryption result, and the encryption result is sent to a front-end application through a gateway output end.
In step S305, the front end applies the decryption encryption result to obtain a processing result.
In the step, the front-end application calls a preset decryption algorithm, decrypts the received encryption result to obtain a processing result of the service system, and displays the processing result on a graphical interface of the front-end application.
In the above steps, the decryption of the operation parameters and the encryption of the processing results are respectively realized by the decryption filtering module and the result filtering module, and are not executed by the service micro-service which needs to process the operation parameters in the service, so that the development of the decryption function and the encryption function is omitted when the service micro-service is developed, and the workload of developers is reduced.
As an alternative embodiment, referring to fig. 4, a risk filtering module in a dual responsibility chain micro service gateway system provided in the present application includes, when protecting against SQL injection:
in step S401, the attacker inputs the attack code through the front-end application and sends it to the gateway.
In this step, an attacker inputs an attack code' or 1=1 at the front end application, and sends the attack code to the dual-responsibility chain gateway through the gateway receiving end.
Step S402, the gateway recognizes the attack code and performs innocent treatment to obtain a innocent treatment result.
In the step, the dual-responsibility-chain gateway receives the attack codes and transmits the attack codes along the filtering responsibility chains, when the attack codes are transmitted to the risk filtering module of the filtering responsibility chains, the risk filtering module detects the attack codes, and the half angle 'in the attack codes is converted into the full angle' based on the regular expression detection sensitive characters, so that harmless treatment is completed, and the purpose of dulling the attack codes into non-executable instructions is achieved.
In step S403, the gateway sends the processing result to the service system.
In the step, the dual-responsibility-chain gateway continuously transmits the passivated attack codes along the filtering responsibility chains and sends the passivated attack codes to the service system through the gateway output end, and the passivated attack codes cannot execute SQL injection, so that the service system is not affected.
As an alternative embodiment, referring to fig. 5, the present application further provides a processing method of the dual-responsibility chain micro service gateway system, including:
step S501, receiving service request information sent by a front-end application or service feedback information sent by a service system.
In this step, the front-end application sends service request information or the service system sends service feedback information to the gateway receiving end of the dual-responsibility chain micro-service gateway system, and the gateway receiving end receives the information.
Step S502, in response to identifying the public non-service information in the service request information or the service feedback information, processes the service request information or the public non-service information in the service feedback information to obtain a service request processing result or a service feedback processing result.
In the step, a gateway receiving end of the double-responsibility-chain micro-service gateway system sends the received service request information or service feedback information to a double-responsibility-chain gateway for processing, and the service request processing result or service feedback processing result obtained by the double-responsibility-chain gateway is sent to a gateway output end.
The dual-responsibility-chain gateway adopts a filtering responsibility chain to process service request information or service feedback information, wherein the filtering responsibility chain is a main responsibility chain of the dual-responsibility-chain gateway, and comprises: the system comprises a verification filter module, a decryption filter module connected with the verification filter module and a result filter module connected with the decryption filter module. Referring to fig. 6, the dual responsibility chain gateway, when processing service request information or service feedback information, includes:
step S601, receiving service request information or service feedback information sent by a gateway receiving end, identifying the received service request information by a verification filtering module, processing the verification information to obtain a verification processing result when identifying the verification information, adding the verification processing result into the service request information to obtain first service request information, and sending the first service request information to a decryption filtering module. Or receiving the service feedback information and sending the service feedback information to the decryption filter module.
When the verification filtering module processes the verification information, a verification responsibility chain is adopted, and the verification responsibility chain is a specific implementation chain of the verification filtering module and is also a sub responsibility chain of the filtering responsibility chain, and comprises a request method verification module and a login authentication verification module connected between the request method verification module and the decryption filtering module. Referring to fig. 7, the check responsibility chain includes, when processing check information:
step S701, receiving service request information sent by a gateway receiving end, identifying a request method in the check information in the service request information by a request method check module, performing check judgment, adding a judgment result into the check information to obtain first check information, and sending the first check information to a login authentication check module.
Step S702, receiving first verification information sent by a request method verification module, identifying login authentication information in the first verification information by a login authentication module, judging, adding a judgment result into the first verification information to obtain second verification information, adding the second verification information into service request information to obtain first service request information, and then sending the first service request information to a decryption filter module for processing.
Step S703, receiving the second check information sent by the login authentication check module, identifying the request time by the request timeout check module, judging whether to timeout, adding the judgment result into the second check information to obtain third check information, adding the third check information into the service request information to obtain the first service request information, and sending to the decryption filter module for processing.
In this step, in order to determine whether the request time in the verification information is overtime, a request overtime verification module may be further connected between the login authentication verification module and the decryption filtering module.
Step S704, the received request overtime check module receives the third check information, the request override check module identifies the request information and judges whether the request is override, the judging result is added into the third check information to obtain fourth check information, the fourth check information is added into the service request information to obtain first service request information, and the first service request information is sent to the decryption filter module for processing.
In this step, in order to determine whether the request information in the check information is unauthorized, a request unauthorized check module may be connected between the login authentication check module and the decryption filter module.
Step S705, receiving the fourth check information sent by the request override check module, identifying the identity information therein by the blacklist check module and judging whether the identity information is in a preset blacklist, adding the judging result into the fourth check information to obtain fifth check information, adding the fifth check information into the service request information to obtain first service request information, and sending the first service request information to the decryption filter module for processing.
In this step, in order to determine whether the identity information in the check information is in the blacklist of the dual-responsibility-chain gateway system, a blacklist check module may also be connected between the request override check module and the decryption filter module.
Step S602, receiving first service request information sent by the verification filtering module, identifying parameters to be decrypted by the decryption filtering module, calling a preset decryption algorithm to decrypt the parameters to be decrypted, adding a decryption result into the first service request information to obtain second service request information, and sending the second service request information to the result filtering module. Or receiving the service feedback information sent by the verification filtering module and sending the service feedback information to the result filtering module.
Step S603, receiving the second service request information sent by the decryption filtering module, and sending the second service request information to the gateway output end of the dual-responsibility chain micro-service gateway system by the result filtering module as a service request processing result. Or receiving the service feedback information transmitted along the verification filtering module and the decryption filtering module, identifying parameters needing to be encrypted in the service feedback information, calling a preset encryption algorithm to encrypt, and adding an encryption result into the service feedback information and transmitting the service feedback information to the gateway output end.
Step S604, receiving the second service request information sent by the decryption filter module, identifying harmful information from the second service request information by the risk filter module, invoking a preset processing method to perform harmless treatment on the harmful information, adding the processing result into the second service request information to obtain third service request information, and sending the third service request information to the result filter module. Or receiving the service feedback information from the decryption filtering module and sending the service feedback information to the result filtering module.
In this step, a risk filtering module may be connected between the decryption filtering module and the result filtering module of the filtering responsibility chain, and the risk filtering module may be used to identify the harmful information in the service request information and perform harmless treatment.
Step S605, when each module of the dual-responsibility chain gateway is abnormal in the execution process, the abnormal types are sent to the abnormal filtering module, and the abnormal filtering module encapsulates the abnormal types and then sends the abnormal types to the front-end application, so that the function of abnormal early warning is achieved.
In this step, the filtering responsibility chain further includes an anomaly filtering module connected to the verification filtering module, the decryption filtering module, the result filtering module, and the risk filtering module, respectively.
Step S503, sending the service request processing result to the service system, or sending the service feedback processing result to the front-end application.
The double-responsibility-chain gateway also sends the service request processing result or the service feedback processing result to an audit log developed in advance, and the audit log records the working condition of the double-responsibility-chain micro-service gateway system.
In the step, the dual-responsibility-chain gateway transmits the service request processing result or the service feedback processing result to the gateway output end of the dual-responsibility-chain micro-service gateway system, and the gateway output end transmits the service request processing result to the service system or transmits the service feedback processing result to the front-end application.
When the front-end application sends service request information to the service system or the service system sends service feedback information to the front-end application, the processing method of the dual-responsibility chain micro-service gateway system firstly sends the service request information to the dual-responsibility chain micro-service gateway system, the dual-responsibility chain micro-service gateway system processes public non-service operations including login authentication, parameter encryption and decryption and the like, and then sends a service request processing result or a service feedback processing result to the corresponding service system or the front-end application. The service micro-service in the service system only needs to execute the service function of the service micro-service, and the decoupling of the public non-service operation and the service operation is realized. The development of corresponding functions for executing public non-business operations is not needed to be considered when a developer develops business micro-services, and the developer can concentrate on the development of business codes, so that the working efficiency of the developer is improved.
In summary, in the dual-responsibility-chain micro-service gateway system provided by the application, the functions of processing public non-service operations of each service micro-service originally scattered in the service system are integrated into modules for realizing different functions, the modules are connected in a responsibility chain form to obtain the dual-responsibility-chain gateway, each module in the dual-responsibility-chain gateway processes the public non-service operation information in service request information or service feedback information, and the service micro-service processing of the service system only needs to process the service operations, so that the coupling between the public non-service operations and the service operations in the service system is solved. When the business micro-service is developed, only how to realize the business function is needed to be considered, the function for executing the public non-business operation is not required to be repeatedly developed for each business micro-service, the code repetition is reduced, the influence of the public non-business operation abnormality on the business is also reduced, and the overall development efficiency is improved. And the service system is characterized in that the service system is connected with the service system through the service system, and the service system is connected with the service system through the service system.
It should be noted that, the method of the embodiments of the present application may be performed by a single device, for example, a computer or a server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the methods of embodiments of the present application, and the devices may interact with each other to complete the methods.
It should be noted that some embodiments of the present application are described above. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the application (including the claims) is limited to these examples; the technical features of the above embodiments or in the different embodiments may also be combined within the idea of the present application, the steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present application as described above, which are not provided in detail for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the embodiments of the present application. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the embodiments of the present application, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform on which the embodiments of the present application are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the application, it should be apparent to one skilled in the art that embodiments of the application can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the present application has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The present embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Accordingly, any omissions, modifications, equivalents, improvements and/or the like which are within the spirit and principles of the embodiments are intended to be included within the scope of the present application.
Claims (8)
1. The double-responsibility-chain micro-service gateway system is characterized by comprising a gateway receiving end, a double-responsibility-chain gateway connected with the gateway receiving end and a gateway output end connected with the double-responsibility-chain gateway, and the double-responsibility-chain micro-service gateway system comprises:
the gateway receiving end is used for receiving service request information sent by a front-end application or service feedback information sent by a service system and sending the service request information or the service feedback information to the dual-responsibility chain gateway;
the dual-responsibility chain gateway is used for receiving the service request information or the service feedback information, identifying the public non-service information in the service request information or the service feedback information for processing, and sending the obtained service request processing result or service feedback processing result to the gateway output end;
the gateway output end is used for sending the received service request processing result to the service system or sending the received service feedback processing result to the front-end application;
When the dual-responsibility chain gateway identifies the public non-business information in the business request information or the business feedback information to process, a filtering responsibility chain is adopted to process, and the filtering responsibility chain comprises the following steps:
the device comprises a verification filter module, a decryption filter module connected with the verification filter module and a result filter module connected with the decryption filter module; wherein,
the verification filtering module is used for receiving the service request information sent by the gateway receiving end, identifying public non-service information of the service request information, processing the verification information to obtain a verification processing result when the verification information is identified, adding the verification processing result into the service request information to obtain first service request information, sending the first service request information to the decryption filtering module, or receiving the service feedback information sent by the gateway receiving end and sending the service feedback information to the decryption filtering module;
the decryption filter module is used for receiving the first service request information, identifying public non-service information of the first service request information, calling a preset decryption algorithm to decrypt when identifying parameters needing to be decrypted, adding a decryption result into the first service request information to obtain second service request information, and sending the second service request information to the risk filter module, or receiving the service feedback information sent by the verification filter module and sending the service feedback information to the result filter module;
The result filtering module is configured to receive the second service request information, send the second service request information to the gateway output end as the service request processing result, or receive the service feedback information sent by the decryption filtering module, identify public non-service information of the service feedback information, call a preset encryption algorithm to encrypt when identifying parameters needing encryption, and add an encryption result to the service feedback information to obtain the service feedback processing result and send the service feedback processing result to the gateway output end;
the filtering responsibility chain further comprises:
the risk filtering module is connected between the decryption filtering module and the result filtering module;
and the processing module is used for receiving the second service request information, identifying public non-service information of the second service request information, calling a preset processing strategy to perform innocent treatment when the harmful information is identified, adding a innocent treatment result into the second service request information to obtain third service request information, and sending the third service request information to the result filtering module, or receiving service feedback information sent by the decryption filtering module and sending the service feedback information to the result filtering module.
2. The dual responsibility chain micro-service gateway system of claim 1, wherein the filtering responsibility chain further comprises:
the error filtering module is respectively connected with the verification filtering module, the decryption filtering module, the risk filtering module and the result filtering module;
the system comprises a verification filtering module, a decryption filtering module, a risk filtering module and a result filtering module, wherein the verification filtering module is used for receiving abnormal information formed by at least one of the verification filtering module, the decryption filtering module, the risk filtering module and the result filtering module in the execution process; and packaging the abnormal information, sending a packaging result to the gateway output end, and sending the packaging result to the front-end application by the gateway output end.
3. The dual-responsibility chain micro-service gateway system according to claim 1, wherein the verification filtering module processes the verification information to obtain a verification processing result, and adds the verification processing result to the service request information to obtain first service request information, and uses a verification responsibility chain to process the first service request information, and the verification responsibility chain includes:
the login authentication verification module is connected between the request method verification module and the decryption filter module; wherein,
The request method verification module is used for receiving the service request information sent by the gateway receiving end, identifying public non-service information of the service request information, identifying the verification information from the public non-service information of the service request information, identifying the verification information, judging whether the request method is correct or not when the request method is identified, adding a judgment result into the verification information to obtain first verification information, and sending the first verification information to the login authentication verification module;
the login authentication verification module is used for receiving the first verification information, identifying the first verification information, judging whether the login authentication information meets preset requirements when the login authentication information is identified, adding a judging result into the first verification information to obtain second verification information, adding the second verification information serving as a verification processing result into the service request information to obtain first service request information, and sending the first service request information to the decryption filtering module.
4. The dual responsibility chain micro-service gateway system of claim 3, wherein the checking responsibility chain further comprises:
The request timeout checking module is connected between the login authentication checking module and the decryption filtering module;
and the decryption filtering module is used for receiving the second verification information, identifying the second verification information, judging whether the request time is overtime when the request time is identified, adding the judging result into the second verification information to obtain third verification information, adding the third verification information as the verification processing result into the service request information to obtain the first service request information, and sending the first service request information to the decryption filtering module.
5. The dual responsibility chain micro-service gateway system of claim 4, wherein the checking responsibility chain further comprises:
the request override verification module is connected between the request timeout verification module and the decryption filter module;
and the decryption filter module is used for receiving the third check information, identifying the third check information, judging whether the request information is unauthorized when the request information is identified, adding the judgment result into the third check information to obtain fourth check information, adding the fourth check information as the check processing result into the service request information to obtain the first service request information, and sending the first service request information to the decryption filter module.
6. The dual responsibility chain micro-service gateway system of claim 5, wherein the checking responsibility chain further comprises:
the blacklist verification module is connected with the request override verification module and the decryption filter module;
and the decryption filter module is used for receiving the fourth verification information, identifying the fourth verification information, judging whether the identity information is in a preset blacklist or not when the identity information is identified, adding a judgment result into the fourth verification information to obtain fifth verification information, adding the fifth verification information as a verification processing result into the service request information to obtain the first service request information, and sending the first service request information to the decryption filter module.
7. The dual-responsibility chain micro-service gateway system of claim 1, wherein the dual-responsibility chain gateway sends the service request processing result or the service feedback processing result to a pre-developed audit log for recording.
8. A processing method of a double-responsibility chain micro-service gateway system comprises the following steps:
receiving service request information sent by a front-end application or service feedback information sent by a service system, and identifying the service request information or the service feedback information by utilizing a filtering responsibility chain;
Responding to the public non-business information in the identified business request information or the business feedback information, and processing the business request information or the public non-business information in the business feedback information to obtain a business request processing result or a business feedback processing result;
sending the service request processing result to the service system or sending the service feedback processing result to the front-end application;
when the public non-business information in the business request information or the business feedback information is identified to be processed, a filtering responsibility chain is adopted to process, and the filtering responsibility chain comprises the following steps:
the device comprises a verification filter module, a decryption filter module connected with the verification filter module and a result filter module connected with the decryption filter module; wherein,
the verification filtering module is used for receiving the service request information sent by the gateway receiving end, identifying public non-service information of the service request information, processing the verification information to obtain a verification processing result when the verification information is identified, adding the verification processing result into the service request information to obtain first service request information, sending the first service request information to the decryption filtering module, or receiving the service feedback information sent by the gateway receiving end and sending the service feedback information to the decryption filtering module;
The decryption filter module is used for receiving the first service request information, identifying public non-service information of the first service request information, calling a preset decryption algorithm to decrypt when identifying parameters needing to be decrypted, adding a decryption result into the first service request information to obtain second service request information, and sending the second service request information to the risk filter module, or receiving the service feedback information sent by the verification filter module and sending the service feedback information to the result filter module;
the result filtering module is configured to receive the second service request information, send the second service request information to the gateway output end as the service request processing result, or receive the service feedback information sent by the decryption filtering module, identify public non-service information of the service feedback information, call a preset encryption algorithm to encrypt when identifying parameters needing encryption, and add an encryption result to the service feedback information to obtain the service feedback processing result and send the service feedback processing result to the gateway output end;
the filtering responsibility chain further comprises:
the risk filtering module is connected between the decryption filtering module and the result filtering module;
And the processing module is used for receiving the second service request information, identifying public non-service information of the second service request information, calling a preset processing strategy to perform innocent treatment when the harmful information is identified, adding a innocent treatment result into the second service request information to obtain third service request information, and sending the third service request information to the result filtering module, or receiving service feedback information sent by the decryption filtering module and sending the service feedback information to the result filtering module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111207467.XA CN114157535B (en) | 2021-10-15 | 2021-10-15 | Double-responsibility chain micro-service gateway system and processing method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111207467.XA CN114157535B (en) | 2021-10-15 | 2021-10-15 | Double-responsibility chain micro-service gateway system and processing method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114157535A CN114157535A (en) | 2022-03-08 |
| CN114157535B true CN114157535B (en) | 2024-03-12 |
Family
ID=80462716
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111207467.XA Active CN114157535B (en) | 2021-10-15 | 2021-10-15 | Double-responsibility chain micro-service gateway system and processing method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114157535B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683313A (en) * | 2013-11-27 | 2015-06-03 | 中兴通讯股份有限公司 | Multimedia business processing device, multimedia business processing method and multimedia business processing system |
| CN109783562A (en) * | 2019-01-17 | 2019-05-21 | 北京沃东天骏信息技术有限公司 | A kind of method and device for business processing |
| WO2021025432A1 (en) * | 2019-08-07 | 2021-02-11 | 엘지전자 주식회사 | Ims signaling |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7802234B2 (en) * | 2003-01-02 | 2010-09-21 | Oracle International Corporation | Integration of context-sensitive runtime metrics into integrated development environments |
-
2021
- 2021-10-15 CN CN202111207467.XA patent/CN114157535B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104683313A (en) * | 2013-11-27 | 2015-06-03 | 中兴通讯股份有限公司 | Multimedia business processing device, multimedia business processing method and multimedia business processing system |
| CN109783562A (en) * | 2019-01-17 | 2019-05-21 | 北京沃东天骏信息技术有限公司 | A kind of method and device for business processing |
| WO2021025432A1 (en) * | 2019-08-07 | 2021-02-11 | 엘지전자 주식회사 | Ims signaling |
Non-Patent Citations (2)
| Title |
|---|
| 基于复杂事件处理的业务规则管理系统的研究;余玉涵;刘锋;;电脑知识与技术(第10期);全文 * |
| 多维电子渠道建设中微服务架构的应用与实践;周春;戴波;邢占伟;彭磊;高磊;;数字技术与应用(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114157535A (en) | 2022-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8566934B2 (en) | Apparatus and method for enhancing security of data on a host computing device and a peripheral device | |
| US8904195B1 (en) | Methods and systems for secure communications between client applications and secure elements in mobile devices | |
| CN111683157B (en) | Network security protection method for Internet of things equipment | |
| CN109412812B (en) | Data security processing system, method, device and storage medium | |
| CN112468995B (en) | Searchable encryption privacy protection method and system based on Internet of vehicles | |
| CN111130799B (en) | Method and system for HTTPS protocol transmission based on TEE | |
| US20230412636A1 (en) | Risk measurement method for user account and related apparatus | |
| CN108900595B (en) | Method, device and equipment for accessing data of cloud storage server and computing medium | |
| CN114528602A (en) | Security chip operation method and device based on attack detection behavior | |
| CN111147447A (en) | Data protection method and system | |
| CN112865965B (en) | Train service data processing method and system based on quantum key | |
| CN111314315B (en) | Open platform multi-dimensional safety control system and method | |
| CN114157535B (en) | Double-responsibility chain micro-service gateway system and processing method thereof | |
| CN115659359A (en) | Business system access active auditing method and system | |
| CN111669746B (en) | Protection system for information security of Internet of things | |
| US20010048747A1 (en) | Method and device for implementing secured data transmission in a networked environment | |
| CN110933028B (en) | Message transmission method, device, network equipment and storage medium | |
| CN114466353A (en) | App user ID information protection device and method, electronic equipment and storage medium | |
| CN114039748A (en) | Identity authentication method, system, computer device and storage medium | |
| CN108289102B (en) | Micro-service interface safe calling device | |
| CN113938878A (en) | Equipment identifier anti-counterfeiting method and device and electronic equipment | |
| CN101894233B (en) | Trusted reconfigurable device and using method thereof | |
| CN114257410B (en) | Identity authentication method and device based on digital certificate and computer equipment | |
| KR101296402B1 (en) | Registration method for mobile otp device using encrypted seed | |
| US20230308260A1 (en) | Apparatus for Receiving Cryptographically Protected Communication Data and Method for Receiving Cryptographically Protected Communication Data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |