CN114301685B - System authorization verification method and system - Google Patents
System authorization verification method and system Download PDFInfo
- Publication number
- CN114301685B CN114301685B CN202111634455.5A CN202111634455A CN114301685B CN 114301685 B CN114301685 B CN 114301685B CN 202111634455 A CN202111634455 A CN 202111634455A CN 114301685 B CN114301685 B CN 114301685B
- Authority
- CN
- China
- Prior art keywords
- authorization
- information
- server
- platform system
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 269
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000012795 verification Methods 0.000 title claims abstract description 34
- 238000009434 installation Methods 0.000 claims abstract description 78
- 238000012545 processing Methods 0.000 description 9
- 238000007689 inspection Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a system authorization verification method and a system, wherein the method comprises the following steps: the SDK interceptor intercepts a request sent by a user accessing the platform system, acquires a function menu code of an interface corresponding to the request as a menu code to be verified, and acquires server information of an installation server corresponding to the platform system as server information to be verified; the SDK interceptor acquires authorization information of the platform system, acquires server information in the authorization information as authorization server information, and acquires function menu codes in the authorization information as authorization menu codes, wherein the authorization information is obtained by authorizing the platform system in advance; if the information of the server to be verified is consistent with the information of the authorization server, and the menu code to be verified is in the authorization menu code, the SDK interceptor determines that the installation server and the menu code to be verified are authorized, otherwise, the SDK interceptor determines that the installation server and/or the menu code to be verified are not authorized. The platform system management and control method and device can effectively manage and control the use of the platform system.
Description
Technical Field
The invention relates to the technical field of software management and control, in particular to a system authorization verification method and system.
Background
The situation awareness platform system is deployed on the client unit installation server, so that corresponding control over the use of the platform system is needed, and the technical scheme for realizing control over the use of the platform system does not exist in the prior art, so that the technical scheme for realizing control over the use of the platform system is provided, and the problem to be solved is urgent for the person skilled in the art at present.
Disclosure of Invention
The invention aims to provide a system authorization verification method and system, which can realize effective management and control of the use of a platform system.
In order to achieve the above object, the present invention provides the following technical solutions:
a system authorization verification method, comprising:
the SDK interceptor intercepts a request sent by a user accessing a platform system, acquires a function menu code of an interface corresponding to the request as a menu code to be verified, and acquires server information of an installation server corresponding to the platform system as server information to be verified;
the SDK interceptor acquires the authorization information of the platform system, acquires server information in the authorization information as authorization server information, and acquires a function menu code in the authorization information as an authorization menu code; the authorization information is obtained by authorizing the platform system in advance;
if the information of the server to be verified is consistent with the information of the authorization server, and the menu code to be verified is in the authorization menu code, the SDK interceptor determines that the installation server and the menu code to be verified are authorized, otherwise, determines that the installation server and/or the menu code to be verified are not authorized.
Preferably, the method further comprises:
if the account information currently logged in the platform system passes the authentication, the platform system acquires a currently imported authorization file, acquires the authorization information from the authorization file, and stores the authorization information into a preset database for acquisition when required.
Preferably, after the platform system acquires the currently imported authorization file, the method further includes:
the platform system stores the authorization file into the installation server, and sets the duration of the authorization file stored in the database as a preset duration;
the SDK interceptor acquires authorization information of the platform system, including:
the SDK interceptor acquires the authorization information from the database, if the acquisition is successful, the step of acquiring the authorization server information and the authorization menu code is executed, otherwise, the authorization file is acquired from the installation server, and the authorization information is acquired from the authorization file.
Preferably, the method further comprises:
the SDK authorization file generator acquires a registration file, acquires registration information in the registration file, adds corresponding authorization time limits for server information and function menu codes in the registration information respectively, acquires server information and function menu code corresponding authorization information respectively containing the corresponding authorization time limits, and generates an authorization file containing the authorization information; the registration information is obtained by registering the platform system in advance;
before the SDK interceptor determines that the installation server and the menu code to be verified are authorized, the SDK interceptor further includes:
the SDK interceptor determines whether the current date is in the date range corresponding to the authorized time limit, if so, the step of determining that the installation server and the menu code to be verified are authorized is executed, otherwise, the installation server and/or the menu code to be verified are/is determined to be unauthorized.
Preferably, generating the authorization file including the authorization information includes:
encrypting the authorization information, and generating an authorization file based on the encrypted authorization information;
the SDK interceptor acquires the server information and the function menu code in the authorization information, and comprises:
and the SDK interceptor decrypts the authorization information to obtain server information and function menu codes therein.
Preferably, the method further comprises:
if the account information of the current login platform system passes the authentication, the platform system initiates a request for acquiring server information to an SDK (software development kit) encryptor, the SDK encryptor acquires the server information of an installation server and returns the server information to the platform system, the platform system acquires a function menu code of the platform system, generates corresponding registration information based on the server information and the function menu code, and generates a registration file containing the registration information.
Preferably, the platform system generates a registration file containing the registration information, including:
the platform system encrypts the registration information and generates a registration file based on the encrypted registration information;
obtaining registration information in the registration file includes:
and the SDK authorization file generator obtains the registration file, then decrypts the registration file and obtains the registration information in the registration file.
A system authorization check system comprises a platform system and an SDK interceptor, wherein:
the platform system is used for: for user access;
the SDK interceptor is configured to: when a user accesses a platform system, intercepting an access request sent by the user accessing the platform system, acquiring a function menu code of an interface corresponding to the access request as a menu code to be verified, and acquiring server information of a current corresponding installation server of the platform system as information to be verified; acquiring authorization information corresponding to the platform system, acquiring server information contained in the authorization information as authorization information, and acquiring a function menu code contained in the authorization information as an authorization menu code, wherein the authorization information is obtained after the platform system is authorized in advance; if the information to be verified is consistent with the authorization information and the menu code to be verified is in the authorization menu code, determining that the installation server and the menu code to be verified are authorized, otherwise, determining that the installation server and/or the menu code to be verified are not authorized.
Preferably, the platform system is further configured to: if the account information currently logged in the platform system passes the authentication, a currently imported authorization file is acquired, the authorization information is acquired from the authorization file, and the authorization information is stored in a preset database for acquisition when needed.
Preferably, the platform system is further configured to: after acquiring a currently imported authorization file, storing the authorization file into the installation server, and setting the storage duration of the authorization file in the database as a preset duration;
the SDK interceptor is specifically for: and acquiring the authorization information from the database, if the acquisition is successful, executing the step of acquiring the authorization server information and the authorization menu code, otherwise, acquiring the authorization file from the installation server, and acquiring the authorization information from the authorization file.
The invention provides a system authorization verification method and a system, wherein the method comprises the following steps: the SDK interceptor intercepts a request sent by a user accessing a platform system, acquires a function menu code of an interface corresponding to the request as a menu code to be verified, and acquires server information of an installation server corresponding to the platform system as server information to be verified; the SDK interceptor acquires authorization information of the platform system, acquires server information in the authorization information as authorization server information, and acquires function menu codes in the authorization information as authorization menu codes, wherein the authorization information is obtained by authorizing the platform system in advance; if the information of the server to be verified is consistent with the information of the authorization server, and the menu code to be verified is in the authorization menu code, the SDK interceptor determines that the installation server and the menu code to be verified are authorized, otherwise, determines that the installation server and/or the menu code to be verified are not authorized. When a user accesses the platform system, the SDK interceptor intercepts a request sent by the user, acquires a function menu code of a corresponding interface of the request and server information of a corresponding installation server of the platform system, and respectively performs authorization verification on the function menu code of the corresponding interface of the request and the server information of the corresponding installation server of the platform system by utilizing the authorized function menu code and the server information obtained in advance for authorizing the platform system, so that the user is allowed to use the platform to realize subsequent service processing after the authorization verification is passed, otherwise, the user is not allowed to use the platform to realize subsequent service processing, and effective management and control on the use of the platform system are realized in the mode.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a system authorization verification method provided in an embodiment of the present invention;
FIG. 2 is a flowchart of registration file generation in a system authorization verification method according to an embodiment of the present invention;
FIG. 3 is a flowchart of authorization file generation in a system authorization verification method according to an embodiment of the present invention;
FIG. 4 is a flowchart of platform system authorization in a system authorization verification method according to an embodiment of the present invention;
fig. 5 is a flowchart of authorization verification in the system authorization verification method according to the embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Referring to fig. 1, a flowchart of a system authorization verification method provided by an embodiment of the present invention may specifically include:
s11: the SDK interceptor intercepts a request sent by a user accessing the platform system, acquires a function menu code of an interface corresponding to the request as a menu code to be verified, and acquires server information of an installation server corresponding to the platform system as server information to be verified.
When a user accesses the platform system, the SDK interceptor intercepts a request and acquires a function menu code of an interface corresponding to the request and server information of a platform system installation server no matter what kind of request is sent by the user; the function menu code is a menu of various functions provided, and the server information may include information such as an IP address, an installation server version, and the like.
S12: the SDK interceptor acquires authorization information of the platform system, acquires server information in the authorization information as authorization server information, and acquires function menu codes in the authorization information as authorization menu codes; the authorization information is obtained by authorizing the platform system in advance.
The SDK interceptor acquires authorization information obtained when the platform system is authorized in advance, wherein the authorization information comprises server information of an authorized installation server and authorized function menu codes. Therefore, after obtaining the server information and the function menu code included in the authorization information, the embodiment of the application can compare the server information in the authorization information with the server information obtained in the step S11, if the comparison result is consistent, it is indicated that the server information obtained in the step S11 corresponds to the installation server and is authorized, otherwise, it is indicated that the server information obtained in the step S11 corresponds to the installation server and is not authorized; when it is determined that the server information in the authorization information is consistent with the server information acquired in step S11, it may be determined whether the function menu code acquired in step S11 is within the function menu code in the authorization information, if so, it is indicated that the function menu code acquired in step S11 is authorized, otherwise, it is indicated that the function menu code acquired in step S11 is not authorized. By the method, corresponding authorization verification is realized when a user accesses the platform system, and further after the fact that the installation server and the function menu code of the platform system are authorized, the platform system can be used for subsequent service processing, or else, the platform system cannot be used for realizing subsequent service processing, so that effective management and control of the use of the platform system are realized.
S13: if the information of the server to be verified is consistent with the information of the authorization server, and the menu code to be verified is in the authorization menu code, the SDK interceptor determines that the installation server and the menu code to be verified are authorized, otherwise, the SDK interceptor determines that the installation server and/or the menu code to be verified are not authorized.
When a user accesses the platform system, the SDK interceptor intercepts a request sent by the user, acquires a function menu code of a corresponding interface of the request and server information of a corresponding installation server of the platform system, and respectively performs authorization verification on the function menu code of the corresponding interface of the request and the server information of the corresponding installation server of the platform system by utilizing the authorized function menu code and the server information obtained in advance for authorizing the platform system, so that the user is allowed to use the platform to realize subsequent service processing after the authorization verification is passed, otherwise, the user is not allowed to use the platform to realize subsequent service processing, and effective management and control on the use of the platform system are realized in the mode.
The system authorization verification method provided by the embodiment of the invention can further comprise the following steps: if the account information of the current login platform system passes the authentication, the platform system initiates a request for acquiring server information to an SDK (software development kit) encryptor, the SDK encryptor acquires the server information of an installation server and returns the server information to the platform system, the platform system acquires a function menu code of the platform system, generates corresponding registration information based on the server information and the function menu code, and generates a registration file containing the registration information.
The platform system generates a registration file containing registration information, which may include: the platform system encrypts the registration information and generates a registration file based on the encrypted registration information;
the obtaining registration information in the registration file may include: the SDK authorization file generator obtains the registration file and then decrypts the registration file to obtain the registration information in the registration file.
It should be noted that the present application is composed of four large steps, which are respectively registration file generation, authorization file generation, platform system authorization and authorization verification during operation, and the authorization verification during operation includes steps S11 to S13. As shown in fig. 2, the service information is server information, the function menu authority code is a function menu code, and the authorized registration file is a registration file; the corresponding process of generating the registration file may specifically include:
logging in a platform system by using an administrator account number, and authenticating the account number and the password by the platform system; the account information comprises an account and a password;
when the authentication is passed, an authorization console of a platform system is entered, the platform system automatically initiates a request for acquiring server information of an installation server to an SDK (software development kit) encryptor, and the SDK encryptor acquires server information server (including but not limited to an IP address IP of the installation server, CPU version type CPU of the installation server, hard disk sequence hardDisk of the installation server and system information system of the installation server) of the installation server and returns the server information server to the platform system; for example, the installation server plaintext string is:
{“ip”:”192.168.34.64”,“cpu”:”Xxx”,“hardDisk”:”ggg”,“system”:”Linux”}
| server information name | Specific information |
| ip | 192.168.34.64 |
| cpu | Xxx |
| hardDisk | ggg |
| system | Linux |
Thirdly, the platform system obtains menu codes menu_codes of the platform system; for example, the function menu code plaintext character string is:
{ "A": "command and dispatch", "B": "notify and early warning", "C": "information analysis", "D": "trace and trace source" }
| Function menu authority code | Function menu name |
| A | Command dispatch |
| B | Notification and pre-warning device |
| C | Information analysis |
| D | Tracking traceability |
| E | Inspection supervision |
The fourth step, the platform system generates a json character string (registration information) according to the server information and the function menu code, and sends the json character string to the SDK encryptor for encryption; for example json strings are:
{
{“ip”:”192.168.34.64”,“cpu”:”Xxx”,“hardDisk”:”ggg”,“system”:”Linux”},
{ "A": "command and dispatch", "B": "notify and early warning", "C": "information analysis", "D": "trace and trace source" }
}
The encrypted string corresponding to the json string in the above example is:
ewp74oCcaXDigJ064oCdMTkyLjE2OC4zNC42NOKAne+8jOKAnGNwdeK AnTrigJ1YeHjigJ3vvIzigJxoYXJkRGlza+KAnTrigJ1nZ2figJ3vvIzigJxzeXN0ZW3igJ064oCdTGludXjigJ1977yMCnvigJxB4oCdOuKAneaMh+aMpeiwg+W6puKA ne+8jOKAnELigJ064oCd6YCa5oql6aKE6K2m4oCd77yM4oCcQ+KAnTrigJ3mg4XmiqXliIbmnpDigJ3vvIzigJxE4oCdOuKAnei/vei4qua6r+a6kOKAnX0KfQ==
and fifthly, the platform system generates a license.reqx file (registration file) according to the encrypted string.
The system authorization verification method provided by the embodiment of the invention can further comprise the following steps: the SDK authorization file generator acquires a registration file, acquires registration information in the registration file, adds corresponding authorization time limits for server information and function menu codes in the registration information respectively, acquires server information and function menu code corresponding authorization information respectively containing the corresponding authorization time limits, and generates an authorization file containing the authorization information; the registration information is obtained by registering the platform system in advance;
before the SDK interceptor determines that the installation server and the menu code to be verified are authorized, the method may further include: the SDK interceptor determines whether the current date is in the date range corresponding to the authorized time limit, if so, the step of determining that the installation server and the menu code to be verified are authorized is executed, otherwise, the installation server and/or the menu code to be verified are/is determined to be unauthorized.
Generating an authorization file containing authorization information may include: encrypting the authorization information and generating an authorization file based on the encrypted authorization information;
the SDK interceptor acquiring the server information and the function menu code in the authorization information may include: the SDK interceptor decrypts the authorization information to obtain server information and function menu codes therein.
It should be noted that the authorization time period may be an authorization deadline; as shown in fig. 3, the authorization registration encryption information (same authorization encryption information) is encrypted registration information, the json string is a json character string, and the function menu is a function menu code; the corresponding process of generating the authorization file may specifically include:
when the SDK authorization file generator takes a license.reqx file, firstly analyzing the license.reqx file to obtain registration information and decrypting to obtain json character strings;
the second step, the SDK authorization file generator will obtain server information (including but not limited to installation server IP address IP, installation server CPU version type CPU, installation server hard disk sequence hardDisk, installation server system information system) and function menu code menu_codes of platform system from json character string, and execute authorization deadline to IP, CPU, hardDisk, system, for example, to 192.168.34.64IP authorization time is cut off from 2030 to 1 month and 1 day, installation server plaintext authorization character string (server information in authorization information): { "ip": "192.168.34.64|2030-01-01", "cpu": "Xxx|2030-01-01", "hardDisk": "ggg|2030-01-01", "system": "Linux|2030-01-01" }
| Server information name | Specific information | Authorized expiration time |
| ip | 192.168.34.64 | 2030-01-01 |
| cpu | Xxx | 2030-01-01 |
| hardDisk | Xxx | 2030-01-01 |
| system | Linux | 2030-01-01 |
For example, when the authorized time for the function menu code ACD is 2030, 1 month and 1 day, and the BE is not authorized, the following table can BE obtained:
| function menu authority code | Function menu name | Whether or not to authorize | Authorization expiration date |
| A | Command dispatch | Is that | 2030-01-01 |
| B | Notification and pre-warning device | Whether or not | |
| C | Information analysis | Is that | 2030-01-01 |
| D | Tracking traceability | Is that | 2030-01-01 |
| E | Inspection supervision | Whether or not |
The function menu code plaintext authorization string (function menu code in the authorization information) may be:
{ "A": "command and dispatch|is|2030-01-01", "B": "report early warning|no", "C": "information analysis|is|2030-01-01", "D": "trace and trace source|is|2030-01-01" }
The generation of the authorization plaintext json information (authorization information) may be:
{
{“ip”:”192.168.34.64|2030-01-01”,“cpu”:”Xxx|2030-01-01”,“hardDisk”:”ggg|2030-01-01”,“system”:”Linux|2030-01-01”},
{ "A": "command and dispatch|is|2030-01-01", "B": "report early warning|no", "C": "information analysis|is|2030-01-01", "D": "trace and trace source|is|2030-01-01" }
}
The encrypted authorization information may be:
ewp74oCcaXDigJ064oCdMTkyLjE2OC4zNC42NHwyMDMwLTAxLTAx4oCd77yM4oCcY3B14oCdOuKAnVh4eHwyMDMwLTAxLTAx4oCd77yM4oCca GFyZERpc2vigJ064oCdZ2dnfDIwMzAtMDEtMDHigJ3vvIzigJxzeXN0ZW3igJ064oCdTGludXh8MjAzMC0wMS0wMeKAnX0sCnvigJxB4oCdOuKAneaMh+aM peiwg+W6pnzmmK98MjAzMC0wMS0wMeKAne+8jOKAnELigJ064oCd6YCa5oql6aKE6K2mfOWQpuKAne+8jOKAnEPigJ064oCd5oOF5oql5YiG5p6QfOaYr3wyMDMwLTAxLTAx4oCd77yM4oCcROKAnTrigJ3ov73ouKrmuq/mupB85pivf DIwMzAtMDEtMDHigJ19Cn0=。
the system authorization verification method provided by the embodiment of the invention can further comprise the following steps: if the account information of the current login platform system passes the authentication, the platform system acquires the currently imported authorization file, acquires the authorization information from the authorization file, and stores the authorization information into a preset database for acquisition when required.
After the platform system acquires the currently imported authorization file, the method may further include: the platform system stores the authorization file into the installation server, and sets the duration of the authorization file stored in the database as a preset duration;
the obtaining, by the SDK interceptor, authorization information for the platform system may include: the SDK interceptor acquires authorization information from the database, if the acquisition is successful, executing the steps of acquiring the information of the authorization server and the authorization menu code, otherwise, acquiring an authorization file from the installation server, and acquiring the authorization information from the authorization file.
The preset time length can be set according to actual needs, such as 5 minutes; as shown in fig. 4, the authorization encryption information (same authorization encryption string and encryption string) is encrypted authorization information, and the corresponding process of generating the authorization file may specifically include:
the first step: account authentication is also required when the platform system is authorized, and an authorization console appears after authentication passes through the platform system;
and a second step of: importing license file, analyzing the license file by the platform system, taking the encrypted authorization information, and sending the encrypted authorization information to a redis (database) for storage for 5 minutes;
and a third step of: the authorization file license is stored in the installation server directory/etc/license so that the authorization information is acquired again when the authorization information in the redis is invalid (the storage time is exceeded).
For the above technical solution disclosed in the present application, in a specific implementation manner, as shown in fig. 5, the authority menu code (same menu authority code, menu code) is an authority menu, the authorization encryption information (same encryption string information) is encrypted authorization information, the json string is a json character string, and the authorization verification during corresponding operation specifically may include:
the first step: when a user accesses the platform system, an SDK interceptor embedded in the platform system is triggered to intercept a request initiated by the user, and the URL accessed by the user is acquired through the intercepted request;
and a second step of: after the SDK interceptor obtains the URL accessed by the user, obtaining an authority menu M of the interface according to the URL, and obtaining a function menu code menu_code corresponding to the interface according to the M;
and a third step of: the SDK interceptor requests the redis to acquire the authorization information, if the redis authorization information is invalid, acquiring license.li files from the catalogue/letc/license again to acquire the authorization information, and decrypting the authorization information to acquire the plaintext json character string;
fourth step: obtaining authorized server information (IP (Internet protocol) of an installation server, CPU (Central processing Unit), hardDisk (system information) according to the plaintext json character string, simultaneously obtaining the server information (IP, CPU, hardDisk, system information) of the current installation server, comparing the authorized server information with the server information of the current installation server, if the authorized server information is consistent with the server information of the current installation server, checking the server information, and otherwise prompting that the installation server is unauthorized;
fifth step: judging whether the accessed interface corresponding function menu code menu_code is in the json character string or not according to the plaintext json character string, if not, prompting that the function is not authorized, if yes, comparing the date of the authorized expiration date of the function menu code obtained from the plaintext json character string with the current date, if the date is larger than the current date, checking to pass, and if the date is smaller than the current date, prompting that the authorization is expired;
sixth step: if the check of the installation server and the check of the function menu code are passed, the request is released to carry out the next service processing, otherwise, the corresponding service processing is not required to be realized.
The method comprises the steps that a registration file license.reqx file is generated based on server information installed on a platform system and all function menu codes of the platform system in an encrypted mode, the server information and the function menu codes are obtained through decryption according to the license.reqx file, authorization is carried out according to the server information and the function menu codes obtained through decoding, the authorization license.lic file is generated through encryption, authorization verification is carried out when a user accesses the platform system each time, and verification granularity is equal to menu dimensions; therefore, the method can authorize according to the function points purchased by the clients, avoid the loss of the clients caused by displaying excessive functions, authorize according to the server information, not install and use each computer, and limit the loss of the clients caused by installing the software to other places.
The embodiment of the invention also provides a system authorization verification system, which can comprise a platform system and an SDK interceptor, wherein:
a platform system for: for user access;
an SDK interceptor for: when a user accesses the platform system, intercepting an access request sent by the user accessing the platform system, acquiring a function menu code of an interface corresponding to the access request as a menu code to be verified, and acquiring server information of a current corresponding installation server of the platform system as information to be verified; acquiring authorization information corresponding to the platform system, acquiring server information contained in the authorization information as authorization information, and acquiring function menu codes contained in the authorization information as authorization menu codes, wherein the authorization information is obtained after the platform system is authorized in advance; if the information to be verified is consistent with the authorization information and the menu code to be verified is in the authorization menu code, determining that the installation server and the menu code to be verified are authorized, otherwise, determining that the installation server and/or the menu code to be verified are not authorized.
The system authorization verification system provided by the embodiment of the invention, the platform system can also be used for: if the account information of the current login platform system passes the authentication, a currently imported authorization file is acquired, authorization information is acquired from the authorization file, and the authorization information is stored in a preset database for acquisition when needed.
The system authorization verification system provided by the embodiment of the invention, the platform system can also be used for: after the currently imported authorization file is obtained, storing the authorization file into an installation server, and setting the duration of the authorization file stored in a database as a preset duration;
the SDK interceptor may be specifically for: and acquiring authorization information from the database, if the acquisition is successful, executing the steps of acquiring the authorization server information and the authorization menu code, otherwise, acquiring an authorization file from the installation server, and acquiring the authorization information from the authorization file.
It should be noted that, for the description of the relevant part in the system authorization verification system provided by the embodiment of the present invention, please refer to the detailed description of the corresponding part in the system authorization verification method provided by the embodiment of the present invention, which is not repeated here. In addition, the parts of the above technical solutions provided in the embodiments of the present invention, which are consistent with the implementation principles of the corresponding technical solutions in the prior art, are not described in detail, so that redundant descriptions are avoided.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A system authorization verification method, comprising:
the SDK interceptor intercepts a request sent by a user accessing a platform system, acquires a function menu code of an interface corresponding to the request as a menu code to be verified, and acquires server information of an installation server corresponding to the platform system as server information to be verified;
the SDK interceptor acquires the authorization information of the platform system, acquires server information in the authorization information as authorization server information, and acquires a function menu code in the authorization information as an authorization menu code; the authorization information is obtained by authorizing the platform system in advance;
if the information of the server to be verified is consistent with the information of the authorization server, and the menu code to be verified is in the authorization menu code, the SDK interceptor determines that the installation server and the menu code to be verified are authorized, otherwise, determines that the installation server and/or the menu code to be verified are not authorized.
2. The method as recited in claim 1, further comprising:
if the account information currently logged in the platform system passes the authentication, the platform system acquires a currently imported authorization file, acquires the authorization information from the authorization file, and stores the authorization information into a preset database for acquisition when required.
3. The method of claim 2, wherein after the platform system obtains the currently imported authorization file, further comprising:
the platform system stores the authorization file into the installation server, and sets the duration of the authorization file stored in the database as a preset duration;
the SDK interceptor acquires authorization information of the platform system, including:
the SDK interceptor acquires the authorization information from the database, if the acquisition is successful, the step of acquiring the authorization server information and the authorization menu code is executed, otherwise, the authorization file is acquired from the installation server, and the authorization information is acquired from the authorization file.
4. A method according to claim 3, further comprising:
the SDK authorization file generator acquires a registration file, acquires registration information in the registration file, adds corresponding authorization time limits for server information and function menu codes in the registration information respectively, acquires server information and function menu code corresponding authorization information respectively containing the corresponding authorization time limits, and generates an authorization file containing the authorization information; the registration information is obtained by registering the platform system in advance;
before the SDK interceptor determines that the installation server and the menu code to be verified are authorized, the SDK interceptor further includes:
the SDK interceptor determines whether the current date is in the date range corresponding to the authorization time limit, if so, the step of determining that the installation server and the menu code to be verified are authorized is executed, otherwise, the installation server and/or the menu code to be verified are/is determined to be unauthorized.
5. The method of claim 4, wherein generating an authorization file containing the authorization information comprises:
encrypting the authorization information, and generating an authorization file based on the encrypted authorization information;
the SDK interceptor acquires the server information and the function menu code in the authorization information, and comprises:
and the SDK interceptor decrypts the authorization information to obtain server information and function menu codes therein.
6. The method as recited in claim 5, further comprising:
if the account information of the current login platform system passes the authentication, the platform system initiates a request for acquiring server information to an SDK (software development kit) encryptor, the SDK encryptor acquires the server information of an installation server and returns the server information to the platform system, the platform system acquires a function menu code of the platform system, generates corresponding registration information based on the server information and the function menu code, and generates a registration file containing the registration information.
7. The method of claim 6, wherein the platform system generating a registration file containing the registration information comprises:
the platform system encrypts the registration information and generates a registration file based on the encrypted registration information;
obtaining registration information in the registration file includes:
and the SDK authorization file generator obtains the registration file, then decrypts the registration file and obtains the registration information in the registration file.
8. The system authorization verification system is characterized by comprising a platform system and an SDK interceptor, wherein:
the platform system is used for: for user access;
the SDK interceptor is configured to: when a user accesses a platform system, intercepting an access request sent by the user accessing the platform system, acquiring a function menu code of an interface corresponding to the access request as a menu code to be verified, and acquiring server information of a current corresponding installation server of the platform system as information to be verified; acquiring authorization information corresponding to the platform system, acquiring server information contained in the authorization information as authorization information, and acquiring a function menu code contained in the authorization information as an authorization menu code, wherein the authorization information is obtained after the platform system is authorized in advance; if the information to be verified is consistent with the authorization information and the menu code to be verified is in the authorization menu code, determining that the installation server and the menu code to be verified are authorized, otherwise, determining that the installation server and/or the menu code to be verified are not authorized.
9. The system of claim 8, wherein the platform system is further configured to: if the account information currently logged in the platform system passes the authentication, a currently imported authorization file is acquired, the authorization information is acquired from the authorization file, and the authorization information is stored in a preset database for acquisition when needed.
10. The system of claim 9, wherein the platform system is further configured to: after acquiring a currently imported authorization file, storing the authorization file into the installation server, and setting the storage duration of the authorization file in the database as a preset duration;
the SDK interceptor is specifically for: and acquiring the authorization information from the database, if the acquisition is successful, executing the step of acquiring the authorization server information and the authorization menu code, otherwise, acquiring the authorization file from the installation server, and acquiring the authorization information from the authorization file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111634455.5A CN114301685B (en) | 2021-12-29 | 2021-12-29 | System authorization verification method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111634455.5A CN114301685B (en) | 2021-12-29 | 2021-12-29 | System authorization verification method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114301685A CN114301685A (en) | 2022-04-08 |
| CN114301685B true CN114301685B (en) | 2024-01-26 |
Family
ID=80971829
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111634455.5A Active CN114301685B (en) | 2021-12-29 | 2021-12-29 | System authorization verification method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301685B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104113549A (en) * | 2014-07-28 | 2014-10-22 | 百度在线网络技术(北京)有限公司 | Platform authorization method, platform server side, application client side and system |
| CN110096849A (en) * | 2019-04-02 | 2019-08-06 | 深圳市中博科创信息技术有限公司 | A kind of License authorization and authentication method, device, equipment and readable storage medium storing program for executing |
| CN111147572A (en) * | 2019-12-24 | 2020-05-12 | 中国建设银行股份有限公司 | Cloud customer service platform management system and method |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210109895A1 (en) * | 2019-10-11 | 2021-04-15 | Citrix Systems, Inc. | Determining user interface contexts for requested resources |
-
2021
- 2021-12-29 CN CN202111634455.5A patent/CN114301685B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104113549A (en) * | 2014-07-28 | 2014-10-22 | 百度在线网络技术(北京)有限公司 | Platform authorization method, platform server side, application client side and system |
| CN110096849A (en) * | 2019-04-02 | 2019-08-06 | 深圳市中博科创信息技术有限公司 | A kind of License authorization and authentication method, device, equipment and readable storage medium storing program for executing |
| CN111147572A (en) * | 2019-12-24 | 2020-05-12 | 中国建设银行股份有限公司 | Cloud customer service platform management system and method |
Non-Patent Citations (3)
| Title |
|---|
| 利用态势感知技术加强网络信息安全平台建设;曾辛;袁华松;张人方;谭剑;;广播电视信息(第02期);全文 * |
| 电力企业信息系统双因子身份认证研究;白万荣;张驯;杨磊;吴晓妮;;电力信息与通信技术(第06期);全文 * |
| 计算机网络信息安全问题及防护策略;刘海玲;裴连群;;自动化与仪器仪表(第09期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114301685A (en) | 2022-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7295068B2 (en) | Federated key management | |
| EP3453136B1 (en) | Methods and apparatus for device authentication and secure data exchange between a server application and a device | |
| CN110597538B (en) | Software upgrading method and OTA upgrading system based on OTA upgrading system | |
| CN107483495B (en) | Big data cluster host management method, management system and server | |
| US9336369B2 (en) | Methods of licensing software programs and protecting them from unauthorized use | |
| WO2015186820A1 (en) | Kernel program including relational data base, and method and device for executing said program | |
| CN107528865B (en) | File downloading method and system | |
| CN105103119A (en) | Data security service | |
| US20110138177A1 (en) | Online public key infrastructure (pki) system | |
| US11626998B2 (en) | Validated payload execution | |
| CN108156119B (en) | Login verification method and device | |
| CN105122265A (en) | Data security service system | |
| CN105447715A (en) | Method and apparatus for anti-theft electronic coupon sweeping by cooperating with third party | |
| CN107948235B (en) | JAR-based cloud data security management and audit device | |
| US20120047074A1 (en) | Methods of protecting software programs from unauthorized use | |
| US11258601B1 (en) | Systems and methods for distributed digital rights management with decentralized key management | |
| JP2003050641A (en) | Program management system, its program management method, and information management program | |
| CN110807210B (en) | Information processing method, platform, system and computer storage medium | |
| US20080313743A1 (en) | Network Software License Management and Piracy Protection | |
| CN110619194B (en) | Upgrade package encryption and decryption methods and devices | |
| WO2007060016A2 (en) | Self provisioning token | |
| CN107276966B (en) | Control method and login system of distributed system | |
| JP2019047334A (en) | Data processing unit, data processing method and program for data processing | |
| US20230244797A1 (en) | Data processing method and apparatus, electronic device, and medium | |
| US20030212639A1 (en) | Method and system for providing secure authoring services for protected software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |