CN114301685A - System authorization verification method and system - Google Patents
System authorization verification method and system Download PDFInfo
- Publication number
- CN114301685A CN114301685A CN202111634455.5A CN202111634455A CN114301685A CN 114301685 A CN114301685 A CN 114301685A CN 202111634455 A CN202111634455 A CN 202111634455A CN 114301685 A CN114301685 A CN 114301685A
- Authority
- CN
- China
- Prior art keywords
- authorization
- information
- server
- platform system
- menu code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 276
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000012795 verification Methods 0.000 title claims abstract description 29
- 238000009434 installation Methods 0.000 claims abstract description 66
- 238000012545 processing Methods 0.000 description 8
- 238000007689 inspection Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Abstract
The invention discloses a system authorization verification method and a system, wherein the method comprises the following steps: the method comprises the steps that an SDK interceptor intercepts a request sent by a user for accessing a platform system, obtains a function menu code of an interface corresponding to the request as a menu code to be verified, and obtains server information of a server correspondingly installed on the platform system as the server information to be verified; the method comprises the steps that an SDK interceptor obtains authorization information of a platform system, server information in the authorization information is obtained as authorization server information, a function menu code in the authorization information is obtained as an authorization menu code, and the authorization information is obtained by authorization of the platform system in advance; if the information of the server to be verified is consistent with the information of the authorization server and the menu code to be verified is in the authorization menu code, the SDK interceptor determines that the installation server and the menu code to be verified are authorized, otherwise, the SDK interceptor determines that the installation server and/or the menu code to be verified are unauthorized. The method and the system can realize effective management and control of the use of the platform system.
Description
Technical Field
The invention relates to the technical field of software management and control, in particular to a system authorization verification method and a system.
Background
Since the situation awareness platform system is deployed on a client unit installation server at present, and needs to implement corresponding management and control on the use of the platform system, a technical scheme for implementing management and control on the use of the platform system does not exist in the prior art, how to provide a technical scheme for implementing management and control on the use of the platform system is a problem to be urgently solved by technical personnel in the field at present.
Disclosure of Invention
The invention aims to provide a system authorization verification method and a system, which can realize effective management and control on the use of a platform system.
In order to achieve the above purpose, the invention provides the following technical scheme:
a system authorization verification method, comprising:
the method comprises the steps that an SDK interceptor intercepts a request sent by a user for accessing a platform system, obtains a function menu code of an interface corresponding to the request as a menu code to be verified, and obtains server information of a server correspondingly installed on the platform system as the server information to be verified;
the SDK interceptor acquires authorization information of the platform system, acquires server information in the authorization information as authorization server information, and acquires a function menu code in the authorization information as an authorization menu code; wherein the authorization information is obtained by authorizing the platform system in advance;
if the information of the server to be verified is consistent with the information of the authorization server and the menu code to be verified is in the authorization menu code, the SDK interceptor determines that the installation server and the menu code to be verified are authorized, otherwise, determines that the installation server and/or the menu code to be verified are unauthorized.
Preferably, the method further comprises the following steps:
and if the account information currently logged in the platform system passes authentication, the platform system acquires the currently imported authorization file, acquires the authorization information from the authorization file, and stores the authorization information into a preset database for acquisition as required.
Preferably, after the platform system obtains the currently imported authorization file, the method further includes:
the platform system stores the authorization file into the installation server and sets the storage duration of the authorization file in the database as a preset duration;
the SDK interceptor acquires the authorization information of the platform system, and comprises the following steps:
and the SDK interceptor acquires the authorization information from the database, if the acquisition is successful, the step of acquiring the authorization server information and the authorization menu code is executed, otherwise, the authorization file is acquired from the installation server, and the authorization information is acquired from the authorization file.
Preferably, the method further comprises the following steps:
the SDK authorization file generator acquires a registration file, acquires registration information in the registration file, adds corresponding authorization time limits for server information and function menu codes in the registration information respectively, obtains server information and function menu code corresponding authorization information respectively containing the corresponding authorization time limits, and generates an authorization file containing the authorization information; wherein, the registration information is obtained by registering for the platform system in advance;
before the SDK interceptor determines that the installation server and the menu code to be verified are authorized, the method further includes:
and the SDK interceptor determines whether the current date is in the date range corresponding to the authorization time limit, if so, the step of determining that the installation server and the menu code to be verified are authorized is executed, and otherwise, the installation server and/or the menu code to be verified are determined to be unauthorized.
Preferably, the generating an authorization file containing the authorization information includes:
encrypting the authorization information, and generating an authorization file based on the encrypted authorization information;
the SDK interceptor acquires the server information and the function menu code in the authorization information, and comprises the following steps:
and the SDK interceptor decrypts the authorization information to obtain the server information and the function menu code in the authorization information.
Preferably, the method further comprises the following steps:
if the current account information logged in the platform system passes the authentication, the platform system initiates a request for obtaining the server information to the SDK encryptor, the SDK encryptor obtains the server information for installing the server and returns the server information to the platform system, the platform system obtains the self function menu code, generates corresponding registration information based on the server information and the function menu code, and generates a registration file containing the registration information.
Preferably, the generating, by the platform system, the registration file including the registration information includes:
the platform system encrypts the registration information and generates a registration file based on the encrypted registration information;
acquiring the registration information in the registration file, including:
and the SDK authorization file generator decrypts the acquired registration file to acquire the registration information in the registration file.
The utility model provides a system authorization check system, includes platform system and SDK interceptor, wherein:
the platform system is used for: for user access;
the SDK interceptor is configured to: when a user accesses a platform system, intercepting an access request sent by the user to access the platform system, acquiring a functional menu code of an interface corresponding to the access request as a menu code to be verified, and acquiring server information of a server currently and correspondingly installed on the platform system as information to be verified; acquiring authorization information corresponding to the platform system, acquiring server information contained in the authorization information as authorization information, and acquiring a function menu code contained in the authorization information as an authorization menu code, wherein the authorization information is obtained after the platform system is authorized in advance; and if the information to be verified is consistent with the authorization information and the menu code to be verified is in the authorization menu code, determining that the installation server and the menu code to be verified are authorized, otherwise, determining that the installation server and/or the menu code to be verified are unauthorized.
Preferably, the platform system is further configured to: and if the account information currently logged in the platform system passes authentication, acquiring a currently imported authorization file, acquiring the authorization information from the authorization file, and storing the authorization information into a preset database for acquisition as required.
Preferably, the platform system is further configured to: after the currently imported authorization file is acquired, storing the authorization file into the installation server, and setting the storage duration of the authorization file in the database as a preset duration;
the SDK interceptor is specifically configured to: and acquiring the authorization information from the database, if the acquisition is successful, executing the step of acquiring authorization server information and an authorization menu code, otherwise, acquiring the authorization file from the installation server, and acquiring the authorization information from the authorization file.
The invention provides a system authorization verification method and a system, wherein the method comprises the following steps: the method comprises the steps that an SDK interceptor intercepts a request sent by a user for accessing a platform system, obtains a function menu code of an interface corresponding to the request as a menu code to be verified, and obtains server information of a server correspondingly installed on the platform system as the server information to be verified; the method comprises the steps that an SDK interceptor obtains authorization information of a platform system, obtains server information in the authorization information as authorization server information, obtains a function menu code in the authorization information as an authorization menu code, and obtains the authorization information authorized for the platform system in advance; if the information of the server to be verified is consistent with the information of the authorization server and the menu code to be verified is in the authorization menu code, the SDK interceptor determines that the installation server and the menu code to be verified are authorized, otherwise, determines that the installation server and/or the menu code to be verified are unauthorized. When a user accesses a platform system, the SDK interceptor intercepts the request sent by the user, acquires the functional menu code of the interface corresponding to the request and the server information of the corresponding installation server of the platform system, and respectively carries out authorization verification on the functional menu code of the interface corresponding to the request and the server information of the corresponding installation server of the platform system by using the authorized functional menu code and the server information obtained when the authorization of the platform system is carried out in advance, so that the user is allowed to use the platform to realize subsequent service processing after the authorization verification is passed, otherwise, the user is not allowed to use the platform to realize the subsequent service processing, and the effective management and control on the use of the platform system are realized by the mode.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a system authorization verification method according to an embodiment of the present invention;
fig. 2 is a flowchart of generation of a registration file in the system authorization verification method according to the embodiment of the present invention;
fig. 3 is a flowchart of generation of an authorization file in the system authorization verification method according to the embodiment of the present invention;
fig. 4 is a flowchart of platform system authorization in the system authorization verification method according to an embodiment of the present invention;
fig. 5 is a flowchart of authorization verification in the system authorization verification method according to the embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a flowchart of a system authorization verification method according to an embodiment of the present invention is shown, which specifically includes:
s11: the SDK interceptor intercepts a request sent by a user accessing the platform system, acquires a function menu code of an interface corresponding to the request as a menu code to be verified, and acquires server information of a server installed corresponding to the platform system as the server information to be verified.
It should be noted that, when a user accesses the platform system, no matter what kind of request the user sends, the SDK interceptor intercepts the request, and obtains the function menu code of the interface corresponding to the request and the server information of the platform system installation server; the function menu code is a menu of each function provided, and the server information may include information such as an IP address and an installation server version.
S12: the method comprises the steps that an SDK interceptor obtains authorization information of a platform system, obtains server information in the authorization information as authorization server information, and obtains a function menu code in the authorization information as an authorization menu code; wherein, the authorization information is authorized for the platform system in advance.
The SDK interceptor acquires authorization information obtained when authorization is realized for the platform system in advance, wherein the authorization information comprises authorized server information for installing the server and authorized function menu codes. Therefore, in the embodiment of the present application, after the server information and the function menu code included in the authorization information are obtained, the server information in the authorization information may be compared with the server information obtained in step S11, if the comparison result is that the two are consistent, it indicates that the installation server corresponding to the server information obtained in step S11 is authorized, otherwise, it indicates that the installation server corresponding to the server information obtained in step S11 is not authorized; when it is determined that the server information in the authorization information is consistent with the server information acquired in step S11, it may be determined whether the function menu code acquired in step S11 is within the function menu code in the authorization information, and if so, it may be interpreted that the function menu code acquired in step S11 is authorized, otherwise, it may be interpreted that the function menu code acquired in step S11 is unauthorized. Corresponding authorization verification is achieved when a user accesses the platform system in the mode, and then after the installation server and the function menu code of the platform system are determined to be authorized, subsequent business processing can be conducted by using the platform system, otherwise, the subsequent business processing cannot be achieved by using the platform system, and effective management and control over the use of the platform system are achieved.
S13: if the information of the server to be verified is consistent with the information of the authorization server and the menu code to be verified is in the authorization menu code, the SDK interceptor determines that the installation server and the menu code to be verified are authorized, otherwise, the SDK interceptor determines that the installation server and/or the menu code to be verified are unauthorized.
When a user accesses a platform system, the SDK interceptor intercepts the request sent by the user, acquires the functional menu code of the interface corresponding to the request and the server information of the corresponding installation server of the platform system, and respectively carries out authorization verification on the functional menu code of the interface corresponding to the request and the server information of the corresponding installation server of the platform system by using the authorized functional menu code and the server information obtained when the authorization of the platform system is carried out in advance, so that the user is allowed to use the platform to realize subsequent service processing after the authorization verification is passed, otherwise, the user is not allowed to use the platform to realize the subsequent service processing, and the effective management and control on the use of the platform system are realized by the mode.
The system authorization verification method provided by the embodiment of the invention can further comprise the following steps: if the account information of the current login platform system passes the authentication, the platform system initiates a request for obtaining the server information to the SDK encryptor, the SDK encryptor obtains the server information for installing the server and returns the server information to the platform system, the platform system obtains the self function menu code, generates corresponding registration information based on the server information and the function menu code, and generates a registration file containing the registration information.
The platform system generates a registration file containing registration information, and may include: the platform system encrypts the registration information and generates a registration file based on the encrypted registration information;
acquiring the registration information in the registration file may include: and the SDK authorization file generator decrypts the acquired registration file to acquire the registration information in the registration file.
It should be noted that the present application includes four major processes, which are respectively registration file generation, authorization file generation, platform system authorization, and authorization verification during runtime, where the authorization verification during runtime includes steps S11 to S13. As shown in fig. 2, the service information is server information, the function menu authority code is a function menu code, and the authorized registration file is a registration file; the corresponding process of generating the registration file may specifically include:
logging in a platform system by using an administrator account, and authenticating the account and a password by the platform system; the account information comprises an account and a password;
when the authentication is passed, the platform system enters an authorization console of the platform system, the platform system automatically initiates a request for obtaining server information of the installation server to the SDK encryptor, and at the moment, the SDK encryptor obtains server information server of the installation server (including but not limited to an IP address IP of the installation server, a CPU version model CPU of the installation server, a hard disk sequence hardDisk of the installation server, and system information system of the installation server) and returns the server information server to the platform system; for example, the installation server plaintext string is:
{“ip”:”192.168.34.64”,“cpu”:”Xxx”,“hardDisk”:”ggg”,“system”:”Linux”}
server information name | Specific information |
ip | 192.168.34.64 |
cpu | Xxx |
hardDisk | ggg |
system | Linux |
Thirdly, the platform system acquires a function menu code menu _ codes of the platform system; for example, the function menu code plaintext character string is:
{ "A": command scheduling "," B ": notification early warning", "C": information analysis "," D ": tracking traceability }
Function menu authority code | Function menu name |
A | Commanding and dispatching |
B | Reporting early warning |
C | Information analysis |
D | Tracing and tracing source |
E | Inspection and supervision |
Fourthly, the platform system generates a json character string (registration information) according to the server information and the functional menu code, and sends the json character string to the SDK encryptor for encryption; for example, the json string is:
{
{“ip”:”192.168.34.64”,“cpu”:”Xxx”,“hardDisk”:”ggg”,“system”:”Linux”},
{ "A": command scheduling "," B ": notification early warning", "C": information analysis "," D ": tracking traceability }
}
The encrypted string corresponding to the json string in the above example is:
ewp74oCcaXDigJ064oCdMTkyLjE2OC4zNC42NOKAne+8jOKAnGNwdeK AnTrigJ1YeHjigJ3vvIzigJxoYXJkRGlza+KAnTrigJ1nZ2figJ3vvIzigJxzeXN0ZW3igJ064oCdTGludXjigJ1977yMCnvigJxB4oCdOuKAneaMh+aMpeiwg+W6puKA ne+8jOKAnELigJ064oCd6YCa5oql6aKE6K2m4oCd77yM4oCcQ+KAnTrigJ3mg4XmiqXliIbmnpDigJ3vvIzigJxE4oCdOuKAnei/vei4qua6r+a6kOKAnX0KfQ==
and fifthly, the platform system generates a license reqx file (registration file) according to the encryption string.
The system authorization verification method provided by the embodiment of the invention can further comprise the following steps: the SDK authorization file generator acquires a registration file, acquires registration information in the registration file, adds corresponding authorization time limits for server information and function menu codes in the registration information respectively, obtains server information and function menu code corresponding authorization information respectively containing the corresponding authorization time limits, and generates an authorization file containing the authorization information; wherein, the registration information is obtained by registering for the platform system in advance;
before the SDK interceptor determines that the installation server and the menu code to be verified are authorized, the method may further include: and the SDK interceptor determines whether the current date is in the date range corresponding to the authorization time limit, if so, the step of determining that the installation server and the menu code to be verified are authorized is executed, and otherwise, the installation server and/or the menu code to be verified are determined to be unauthorized.
Generating an authorization file containing authorization information may include: encrypting the authorization information, and generating an authorization file based on the encrypted authorization information;
the obtaining, by the SDK interceptor, the server information and the function menu code in the authorization information may include: and the SDK interceptor decrypts the authorization information to obtain the server information and the function menu code in the authorization information.
It should be noted that the authorization time limit may be an authorization deadline; as shown in fig. 3, the authorized registration encryption information (the same authorized encryption information) is the encrypted registration information, the json string is the json character string, and the function menu is the function menu code; the corresponding process of generating the authorization file may specifically include:
firstly, when an SDK authorization file generator takes a license reqx file, the license reqx file is firstly analyzed to obtain registration information and a json character string is obtained through decryption;
secondly, the SDK authorization file generator obtains server information (including but not limited to an IP address IP of an installation server, a CPU version model CPU of the installation server, a hard disk sequence hardDisk of the installation server, and a system information system of the installation server) and a function menu code menu of a platform system from a json character string, and carries out authorization deadline on IP, CPU, hardDisk and system, for example, the authorization time of 192.168.34.64IP is 1 month and 1 day in 2030, and a clear authorization character string (server information in the authorization information) of the installation server is obtained: { "ip": 192.168.34.64|2030-01-01 "," cpu ": Xxx | 2030-01-01", "hardDisk": ggg |2030-01-01 "," system ": Linux | 2030-01-01" }
Server information name | Specific information | Authorization deadline |
ip | 192.168.34.64 | 2030-01-01 |
cpu | Xxx | 2030-01-01 |
hardDisk | Xxx | 2030-01-01 |
system | Linux | 2030-01-01 |
For example, if ACD is authorized for 2030, 1 and not for BE, the following table can BE obtained:
function menu authority code | Function menu name | Whether or not to authorize | Authorization expiration date |
A | Commanding and dispatching | Is that | 2030-01-01 |
B | Reporting early warning | Whether or not | |
C | Information analysis | Is that | 2030-01-01 |
D | Tracing and tracing source | Is that | 2030-01-01 |
E | Inspection and supervision | Whether or not |
The function menu code plaintext authorization character string (function menu code in authorization information) may be:
{ "A": command scheduling | is |2030-01-01 "," B ": notify early warning | No", "C": intelligence analysis | is |2030-01-01 "," D ": tracking traceability | is | 2030-01-01" }
Generating authorization plaintext json information (authorization information) may be:
{
{“ip”:”192.168.34.64|2030-01-01”,“cpu”:”Xxx|2030-01-01”,“hardDisk”:”ggg|2030-01-01”,“system”:”Linux|2030-01-01”},
{ "A": command scheduling | is |2030-01-01 "," B ": notify early warning | No", "C": intelligence analysis | is |2030-01-01 "," D ": tracking traceability | is | 2030-01-01" }
}
The encrypted authorization information may be:
ewp74oCcaXDigJ064oCdMTkyLjE2OC4zNC42NHwyMDMwLTAxLTAx4oCd77yM4oCcY3B14oCdOuKAnVh4eHwyMDMwLTAxLTAx4oCd77yM4oCca GFyZERpc2vigJ064oCdZ2dnfDIwMzAtMDEtMDHigJ3vvIzigJxzeXN0ZW3igJ064oCdTGludXh8MjAzMC0wMS0wMeKAnX0sCnvigJxB4oCdOuKAneaMh+aM peiwg+W6pnzmmK98MjAzMC0wMS0wMeKAne+8jOKAnELigJ064oCd6YCa5oql6aKE6K2mfOWQpuKAne+8jOKAnEPigJ064oCd5oOF5oql5YiG5p6QfOaYr3wyMDMwLTAxLTAx4oCd77yM4oCcROKAnTrigJ3ov73ouKrmuq/mupB85pivf DIwMzAtMDEtMDHigJ19Cn0=。
the system authorization verification method provided by the embodiment of the invention can further comprise the following steps: and if the account information of the current login platform system passes the authentication, the platform system acquires the currently imported authorization file, acquires the authorization information from the authorization file, and stores the authorization information into a preset database for acquisition as required.
After the platform system obtains the currently imported authorization file, the method may further include: the platform system stores the authorization file into the installation server, and sets the storage duration of the authorization file in the database as a preset duration;
the obtaining of the authorization information of the platform system by the SDK interceptor may include: and the SDK interceptor acquires the authorization information from the database, if the acquisition is successful, the steps of acquiring the authorization server information and the authorization menu code are executed, otherwise, the authorization file is acquired from the installation server, and the authorization information is acquired from the authorization file.
Wherein the preset time can be set according to actual needs, such as 5 minutes; as shown in fig. 4, the authorization encryption information (the same authorization encryption string and the encryption string) is the encrypted authorization information, and the corresponding process of generating the authorization file may specifically include:
the first step is as follows: when the platform system is authorized, account authentication is also needed, and after the platform system passes the authentication, an authorized console appears;
the second step is that: introducing a license.lic file, analyzing the license by the platform system to obtain encrypted authorization information, and sending the encrypted authorization information to a redis (database) for storage, wherein the storage time is 5 minutes;
the third step: license file is stored in the installation server directory/etc/license so that the license information is acquired again when the license information in the redis is invalid (storage time is exceeded).
For the above technical solution disclosed in the present application, in a specific implementation manner, as shown in fig. 5, an authority menu code (same menu authority code, menu code) is an authority menu, authorized encryption information (same encryption string information) is encrypted authorization information, a json string is a json character string, and the corresponding authorization check during running specifically may include:
the first step is as follows: when a user accesses the platform system, an SDK interceptor embedded in the platform system is triggered to intercept a request initiated by the user, and a URL accessed by the user is obtained through the intercepted request;
the second step is that: after the SDK interceptor takes the URL accessed by the user, taking the authority menu M of the interface according to the URL, and taking the function menu code menu _ code corresponding to the interface according to M;
the third step: the SDK interceptor requests a redis to obtain authorization information, if the redis authorization information is invalid, license.li files are obtained from a directory/letc/license again to be analyzed to obtain the authorization information, and the authorization information is decrypted to obtain a plain json character string;
the fourth step: obtaining authorized server information (installation server IP, CPU, hardDisk and system information) according to a plaintext json character string, simultaneously obtaining the server information (IP, CPU, hardDisk and system information) of the current installation server, comparing the authorized server information with the server information of the current installation server, if the server information is consistent with the server information of the current installation server, verifying the server information, and otherwise, prompting that the installation server is not authorized;
the fifth step: judging whether a corresponding function menu code of an accessed interface is in a json character string or not according to the plaintext json character string, if not, prompting that the function is not authorized, if so, acquiring an authorization expiration date of the function menu code from the plaintext json character string, comparing the date with the current date, if so, checking to pass, and if not, prompting that the authorization is overdue;
and a sixth step: and if the verification of the installation server and the verification of the function menu code both pass, releasing the request to perform the next service processing, otherwise, not realizing the corresponding service processing.
The method includes the steps that a registration file license.reqx file is generated by encrypting server information installed on the basis of a platform system and all function menu codes of the platform system, the server information and the function menu codes are obtained by decrypting according to the license.reqx file, authorization is carried out according to the server information and the function menu codes obtained by decoding and the authorization is encrypted to generate an authorization license.lic file, authorization verification is carried out when a user accesses the platform system every time, and the verification granularity is menu dimension; therefore, authorization can be carried out according to function points bought by a customer, loss of the company caused by the fact that the customer is provided with multiple functions is avoided, authorization can be carried out according to server information, and the fact that each computer is not installed and used limits the fact that the customer installs the software to other places to cause loss of the company.
The embodiment of the invention also provides a system authorization checking system, which can comprise a platform system and an SDK interceptor, wherein:
a platform system to: for user access;
an SDK interceptor to: when a user accesses the platform system, intercepting an access request sent by the user access platform system, acquiring a functional menu code of an interface corresponding to the access request as a menu code to be verified, and acquiring server information of a server currently and correspondingly installed on the platform system as information to be verified; acquiring authorization information corresponding to the platform system, wherein server information contained in the authorization information is acquired as authorization information, and a function menu code contained in the authorization information is acquired as an authorization menu code, and the authorization information is obtained after the platform system is authorized in advance; and if the information to be verified is consistent with the authorization information and the menu code to be verified is in the authorization menu code, determining that the installation server and the menu code to be verified are authorized, and otherwise, determining that the installation server and/or the menu code to be verified are unauthorized.
In the system authorization check system provided in the embodiment of the present invention, the platform system may further be configured to: and if the account information of the current login platform system passes the authentication, acquiring the currently imported authorization file, acquiring authorization information from the authorization file, and storing the authorization information into a preset database for acquisition as required.
In the system authorization check system provided in the embodiment of the present invention, the platform system may further be configured to: after the currently imported authorization file is acquired, storing the authorization file into an installation server, and setting the storage duration of the authorization file in a database as a preset duration;
the SDK interceptor may be specifically configured to: and obtaining the authorization information from the database, if the obtaining is successful, executing the step of obtaining the authorization server information and the authorization menu code, otherwise, obtaining the authorization file from the installation server, and obtaining the authorization information from the authorization file.
It should be noted that, for the description of the relevant part in the system authorization checking system provided in the embodiment of the present invention, reference is made to the detailed description of the corresponding part in the system authorization checking method provided in the embodiment of the present invention, and details are not repeated herein. In addition, parts of the technical solutions provided in the embodiments of the present invention that are consistent with the implementation principles of the corresponding technical solutions in the prior art are not described in detail, so as to avoid redundant description.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A system authorization verification method, comprising:
the method comprises the steps that an SDK interceptor intercepts a request sent by a user for accessing a platform system, obtains a function menu code of an interface corresponding to the request as a menu code to be verified, and obtains server information of a server correspondingly installed on the platform system as the server information to be verified;
the SDK interceptor acquires authorization information of the platform system, acquires server information in the authorization information as authorization server information, and acquires a function menu code in the authorization information as an authorization menu code; wherein the authorization information is obtained by authorizing the platform system in advance;
if the information of the server to be verified is consistent with the information of the authorization server and the menu code to be verified is in the authorization menu code, the SDK interceptor determines that the installation server and the menu code to be verified are authorized, otherwise, determines that the installation server and/or the menu code to be verified are unauthorized.
2. The method of claim 1, further comprising:
and if the account information currently logged in the platform system passes authentication, the platform system acquires the currently imported authorization file, acquires the authorization information from the authorization file, and stores the authorization information into a preset database for acquisition as required.
3. The method of claim 2, wherein after the platform system obtains the currently imported authorization file, the method further comprises:
the platform system stores the authorization file into the installation server and sets the storage duration of the authorization file in the database as a preset duration;
the SDK interceptor acquires the authorization information of the platform system, and comprises the following steps:
and the SDK interceptor acquires the authorization information from the database, if the acquisition is successful, the step of acquiring the authorization server information and the authorization menu code is executed, otherwise, the authorization file is acquired from the installation server, and the authorization information is acquired from the authorization file.
4. The method of claim 3, further comprising:
the SDK authorization file generator acquires a registration file, acquires registration information in the registration file, adds corresponding authorization time limits for server information and function menu codes in the registration information respectively, obtains server information and function menu code corresponding authorization information respectively containing the corresponding authorization time limits, and generates an authorization file containing the authorization information; wherein, the registration information is obtained by registering for the platform system in advance;
before the SDK interceptor determines that the installation server and the menu code to be verified are authorized, the method further includes:
and the SDK interceptor determines whether the current date is in the date range corresponding to the authorization time limit, if so, the step of determining that the installation server and the menu code to be verified are authorized is executed, and otherwise, the installation server and/or the menu code to be verified are determined to be unauthorized.
5. The method of claim 4, wherein generating an authorization file containing the authorization information comprises:
encrypting the authorization information, and generating an authorization file based on the encrypted authorization information;
the SDK interceptor acquires the server information and the function menu code in the authorization information, and comprises the following steps:
and the SDK interceptor decrypts the authorization information to obtain the server information and the function menu code in the authorization information.
6. The method of claim 5, further comprising:
if the current account information logged in the platform system passes the authentication, the platform system initiates a request for obtaining the server information to the SDK encryptor, the SDK encryptor obtains the server information for installing the server and returns the server information to the platform system, the platform system obtains the self function menu code, generates corresponding registration information based on the server information and the function menu code, and generates a registration file containing the registration information.
7. The method of claim 6, wherein the platform system generating a registration file containing the registration information comprises:
the platform system encrypts the registration information and generates a registration file based on the encrypted registration information;
acquiring the registration information in the registration file, including:
and the SDK authorization file generator decrypts the acquired registration file to acquire the registration information in the registration file.
8. The system authorization checking system is characterized by comprising a platform system and an SDK interceptor, wherein:
the platform system is used for: for user access;
the SDK interceptor is configured to: when a user accesses a platform system, intercepting an access request sent by the user to access the platform system, acquiring a functional menu code of an interface corresponding to the access request as a menu code to be verified, and acquiring server information of a server currently and correspondingly installed on the platform system as information to be verified; acquiring authorization information corresponding to the platform system, acquiring server information contained in the authorization information as authorization information, and acquiring a function menu code contained in the authorization information as an authorization menu code, wherein the authorization information is obtained after the platform system is authorized in advance; and if the information to be verified is consistent with the authorization information and the menu code to be verified is in the authorization menu code, determining that the installation server and the menu code to be verified are authorized, otherwise, determining that the installation server and/or the menu code to be verified are unauthorized.
9. The system of claim 8, wherein the platform system is further configured to: and if the account information currently logged in the platform system passes authentication, acquiring a currently imported authorization file, acquiring the authorization information from the authorization file, and storing the authorization information into a preset database for acquisition as required.
10. The system of claim 9, wherein the platform system is further configured to: after the currently imported authorization file is acquired, storing the authorization file into the installation server, and setting the storage duration of the authorization file in the database as a preset duration;
the SDK interceptor is specifically configured to: and acquiring the authorization information from the database, if the acquisition is successful, executing the step of acquiring authorization server information and an authorization menu code, otherwise, acquiring the authorization file from the installation server, and acquiring the authorization information from the authorization file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111634455.5A CN114301685B (en) | 2021-12-29 | 2021-12-29 | System authorization verification method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111634455.5A CN114301685B (en) | 2021-12-29 | 2021-12-29 | System authorization verification method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114301685A true CN114301685A (en) | 2022-04-08 |
CN114301685B CN114301685B (en) | 2024-01-26 |
Family
ID=80971829
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111634455.5A Active CN114301685B (en) | 2021-12-29 | 2021-12-29 | System authorization verification method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114301685B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104113549A (en) * | 2014-07-28 | 2014-10-22 | 百度在线网络技术(北京)有限公司 | Platform authorization method, platform server side, application client side and system |
CN110096849A (en) * | 2019-04-02 | 2019-08-06 | 深圳市中博科创信息技术有限公司 | A kind of License authorization and authentication method, device, equipment and readable storage medium storing program for executing |
CN111147572A (en) * | 2019-12-24 | 2020-05-12 | 中国建设银行股份有限公司 | Cloud customer service platform management system and method |
US20210109895A1 (en) * | 2019-10-11 | 2021-04-15 | Citrix Systems, Inc. | Determining user interface contexts for requested resources |
-
2021
- 2021-12-29 CN CN202111634455.5A patent/CN114301685B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104113549A (en) * | 2014-07-28 | 2014-10-22 | 百度在线网络技术(北京)有限公司 | Platform authorization method, platform server side, application client side and system |
CN110096849A (en) * | 2019-04-02 | 2019-08-06 | 深圳市中博科创信息技术有限公司 | A kind of License authorization and authentication method, device, equipment and readable storage medium storing program for executing |
US20210109895A1 (en) * | 2019-10-11 | 2021-04-15 | Citrix Systems, Inc. | Determining user interface contexts for requested resources |
CN111147572A (en) * | 2019-12-24 | 2020-05-12 | 中国建设银行股份有限公司 | Cloud customer service platform management system and method |
Non-Patent Citations (3)
Title |
---|
刘海玲;裴连群;: "计算机网络信息安全问题及防护策略", 自动化与仪器仪表, no. 09 * |
曾辛;袁华松;张人方;谭剑;: "利用态势感知技术加强网络信息安全平台建设", 广播电视信息, no. 02 * |
白万荣;张驯;杨磊;吴晓妮;: "电力企业信息系统双因子身份认证研究", 电力信息与通信技术, no. 06 * |
Also Published As
Publication number | Publication date |
---|---|
CN114301685B (en) | 2024-01-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3453136B1 (en) | Methods and apparatus for device authentication and secure data exchange between a server application and a device | |
CN107483495B (en) | Big data cluster host management method, management system and server | |
EP2755162B1 (en) | Identity controlled data center | |
WO2015186820A1 (en) | Kernel program including relational data base, and method and device for executing said program | |
US20110197077A1 (en) | Software feature authorization through delegated agents | |
US20110138177A1 (en) | Online public key infrastructure (pki) system | |
CN111475782B (en) | API (application program interface) key protection method and system based on SGX (generalized Standard X) software extension instruction | |
US20090089881A1 (en) | Methods of licensing software programs and protecting them from unauthorized use | |
WO2021139338A1 (en) | Data access permission verification method and apparatus, computer device, and storage medium | |
US11626998B2 (en) | Validated payload execution | |
CN112887340B (en) | Password resetting method and device, service management terminal and storage medium | |
WO2023072817A1 (en) | Control of access to computing resources implemented in isolated environments | |
CN111770087A (en) | Service node verification method and related equipment | |
CN111614686A (en) | Key management method, controller and system | |
CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
CN110619194B (en) | Upgrade package encryption and decryption methods and devices | |
US20080313743A1 (en) | Network Software License Management and Piracy Protection | |
EP2517140B1 (en) | Securing execution of computational resources | |
CN114301685B (en) | System authorization verification method and system | |
CN108347411B (en) | Unified security guarantee method, firewall system, equipment and storage medium | |
CN112769784A (en) | Text processing method and device, computer readable storage medium and processor | |
KR20150074128A (en) | Method for downloading at least one software component onto a computing device, and associated computer program product, computing device and computer system | |
CN114499888B (en) | Private key protection and analysis method and device for signature service | |
KR20120031616A (en) | Software authentication method in network | |
CN111787369B (en) | Root authority control method and system for smart television and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |