CN114650154B

CN114650154B - Webpage authority behavior control method and device, computer equipment and storage medium

Info

Publication number: CN114650154B
Application number: CN202011495849.2A
Authority: CN
Inventors: 张锦发
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2020-12-17
Filing date: 2020-12-17
Publication date: 2023-07-18
Anticipated expiration: 2040-12-17
Also published as: CN114650154A

Abstract

The application relates to a webpage authority behavior control method, a webpage authority behavior control device, computer equipment and a storage medium. The method comprises the following steps: detecting a permission behavior request triggered by a current H5 webpage, intercepting the permission behavior request to acquire current operating system information and current application program information, and searching a target permission control interface corresponding to the current operating system information based on the stored corresponding relation; invoking a current authority control interface to determine a target authority behavior type corresponding to the authority behavior request, and determining a matched target authority type based on the target authority behavior type; and searching a target authority control strategy corresponding to the target authority type based on the current application program information, and controlling the authority behavior in the current H5 webpage according to the target authority control strategy. By adopting the method, the suitability of page authority control can be improved.

Description

Webpage authority behavior control method and device, computer equipment and storage medium

Technical Field

The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for controlling web page authority behavior, a computer device, and a storage medium.

Background

With the development of front-end technology, H5 (HTML 5, hypertext 5.0) technology has emerged, HTML5 being a language description way of constructing Web content. The H5 webpage is a webpage manufactured by using an HTML5 advanced webpage technology and can be operated on equipment ends such as a PC, an Android, an IOS and the like. At present, the H5 webpage is to inject the authority control service class of the system into the self-defined code, and when the H5 webpage uses the system authority of PC, android, IOS and the like, the authority control service class is called to call the authority, so that the management and control of the system authority are completed. However, since different terminals may have different versions of operating systems, when the same H5 web page is displayed in different terminals, a situation that the permission control service class of the operating system cannot be invoked often occurs, so that permission behavior of the H5 web page cannot be controlled, and thus, a problem of suitability exists when the permission behavior control is performed on the H5 web page.

Disclosure of Invention

In view of the foregoing, it is desirable to provide a method, an apparatus, a computer device, and a storage medium for controlling web page authority behavior with suitability.

A web page entitlement behavior control method, the method comprising:

Detecting a permission behavior request triggered by a current H5 webpage, intercepting the permission behavior request to acquire current operating system information and current application program information, and searching a target permission control interface corresponding to the current operating system information based on a stored corresponding relation, wherein the corresponding relation refers to the corresponding relation between each operating system information and the permission control interface;

invoking a current authority control interface to determine a target authority behavior type corresponding to the authority behavior request, and determining a matched target authority type based on the target authority behavior type;

and searching a target authority control strategy corresponding to the target authority type based on the current application program information, and controlling the authority behavior in the current H5 webpage according to the target authority control strategy.

A web page entitlement behavior control device, said device comprising:

the interface searching module is used for detecting a permission behavior request triggered by a current H5 webpage, intercepting the permission behavior request to acquire current operating system information and current application program information, and searching a target permission control interface corresponding to the current operating system information based on a stored corresponding relation, wherein the corresponding relation refers to the corresponding relation between each operating system information and the permission control interface;

The type determining module is used for calling the current authority control interface to determine a target authority behavior type corresponding to the authority behavior request, and determining a matched target authority type based on the target authority behavior type;

and the permission control module is used for searching a target permission control strategy corresponding to the target permission type based on the current application program information, and performing permission behavior control in the current H5 webpage according to the target permission control strategy.

A computer device comprising a memory storing a computer program and a processor which when executing the computer program performs the steps of:

A computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:

According to the webpage authority behavior control method, device, computer equipment and storage medium, when the current H5 webpage triggering authority behavior request is detected, the corresponding target authority control interface is searched through the current operating system information acquired by intercepting the authority behavior request, the corresponding target authority control interface corresponding to the current operating system information is searched based on the stored corresponding relation, the corresponding target authority control interface can be searched due to the fact that the corresponding relation between each operating system information and the authority control interface is stored, then the target authority behavior type is determined through the target authority control interface, the authority behavior is controlled according to the target authority type, and therefore the problem that the authority behavior of the H5 webpage cannot be controlled when the operating system is upgraded is avoided, and the adaptability of the H5 webpage authority control is improved. And the target authority control strategy corresponding to the target authority type searched based on the current application program information is obtained, and the authority behavior of the current H5 webpage is controlled by using the target authority control strategy, so that the authority behaviors of the H5 webpage in different application programs can be controlled, and the universality of the authority behavior control of the H5 webpage is improved.

Drawings

FIG. 1 is an application environment diagram of a web page permission behavior control method in one embodiment;

FIG. 2 is a flowchart of a web page permission behavior control method according to an embodiment;

FIG. 3 is a flow diagram of a lookup target rights control interface in one embodiment;

FIG. 4 is a schematic diagram of an application scenario of an H5 web page rights behavior control SDK in one embodiment;

FIG. 5 is a flowchart of acquiring rights control policy information in one embodiment;

FIG. 6 is a flow diagram of triggering a pull event in one embodiment;

FIG. 7 is a flow chart of acquiring and storing rights control policy information in one embodiment;

FIG. 8 is a schematic diagram of an H5 web page in one embodiment;

FIG. 9 is a diagram of an application authorization dialog box in the embodiment of FIG. 8;

FIG. 10 is a schematic diagram of a rights behavior processing application selection interface in the embodiment of FIG. 8;

FIG. 11 is a flow diagram of a target entitlement control policy in one embodiment;

FIG. 12 is a flowchart of a web page permission behavior control method in one embodiment;

FIG. 13 is a schematic diagram of a framework of an H5 web page entitlement behavior control SDK in accordance with one embodiment;

FIG. 14 is a flow chart of page authority control in one embodiment;

FIG. 15 is a block diagram illustrating a configuration of a web page entitlement behavior control device in one embodiment;

fig. 16 is an internal structural view of a computer device in one embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.

The webpage authority behavior control method can be applied to an application environment shown in fig. 1. Wherein the terminal 102 communicates with the server 104 via a network. The terminal 102 detects a permission behavior request triggered by a current H5 webpage, intercepts the permission behavior request to acquire current operating system information and current application program information, and searches a target permission control interface corresponding to the current operating system information based on a stored corresponding relation, wherein the corresponding relation refers to the corresponding relation between each operating system information and the permission control interface;

the terminal 102 invokes the current rights control interface to determine a target rights behavior type corresponding to the rights behavior request, and determines a matched target rights type based on the target rights behavior type; the terminal 102 searches for a target authority control policy corresponding to the target authority type based on the current application information, performs authority behavior control in the current H5 webpage according to the target authority control policy, and the terminal 102 may upload the authority control execution result to the server 104 for storage. The terminal 102 may be, but not limited to, various personal computers, notebook computers, smartphones, tablet computers, and portable wearable devices, and the server 104 may be implemented by a stand-alone server or a server cluster composed of a plurality of servers.

In one embodiment, as shown in fig. 2, a web page authority behavior control method is provided, and the method is applied to the terminal in fig. 1 for illustration, and includes the following steps:

step 202, detecting a permission behavior request triggered by a current H5 webpage, intercepting the permission behavior request to obtain current operating system information and current application program information, and searching a target permission control interface corresponding to the current operating system information based on a stored corresponding relationship, wherein the corresponding relationship refers to a corresponding relationship between each operating system information and the permission control interface.

The current H5 webpage refers to the H5 webpage currently accessed by the terminal. The H5 web page may be a web page in an Application program, for example, a page accessed through a browser Application program, or a page accessed through a browser in other Application programs (APP). The permission behavior refers to a behavior requiring operating system permission triggered by a webpage, and the permission behavior can comprise a behavior requiring operating system permission such as making a call, reading/sending information, copying/pasting, accessing a gallery, accessing an album, accessing a geographic position, capturing a screen and the like. The rights behavior request refers to a request triggered in the H5 web page by the rights behavior. For example, a telephone number dialing request triggered by clicking on a telephone number in an H5 web page, a link skip request triggered by clicking on text with a link in an H5 web page, and so on. An operating system refers to a computer program that manages computer hardware and software resources. The operating system needs to handle basic things such as managing and configuring memory, determining priority of supply and demand of system resources, controlling input devices and output devices, operating network and managing file system. Operating systems include Windows (Microsoft Windows operating system), macOS (apple computer operating system), linux (UNIX-like operating system), iOS (apple mobile device operating system), android (Android operating system), and the like. The operating system information refers to information for uniquely identifying an operating system in the terminal, including an operating system version, a name, and a type, etc. The current operating system information refers to operating system information for running the current H5 web page. Application information refers to information for identifying an application, including an application package name, an application version name, and an application version number, and the like. The current application information refers to application information for running the current H5 web page. The authority control interface is an interface of the operating system for performing web page authority control. Different operating systems provide different rights control interfaces. The different versions of the same operating system provide different rights control interfaces, and the same operating system provides different rights control interfaces in different vendor devices. The target authority control interface is the authority control interface of the current operating system corresponding to the current operating system information.

Specifically, the correspondence between each operating system information and the rights control interface is already stored in the terminal. Then the terminal runs the current H5 webpage in the current application program, when the terminal detects the permission behavior request triggered by the current H5 webpage, the terminal intercepts the permission behavior request to acquire the current operating system information through the operating system interface, then the terminal can acquire the current application program information from the configuration file of the current application program, and searches the target permission control interface corresponding to the current operating system information according to the corresponding relation between the stored operating system information and the permission control interface.

In one embodiment, the terminal may also obtain vendor information for the terminal device, which is used to identify the vendor that produced the terminal device, which may be a vendor name, or the like. And searching corresponding current operating system information according to manufacturer information of the terminal equipment. Different device vendors may have different operating system information. For example, different mobile phone manufacturers can perform system optimization based on an Android native system to obtain an optimized Android system, for example, a mobile phone manufacturer can use an interface of a custom ROM. At this time, the information of the corresponding optimized operating system is obtained according to the information of the mobile phone manufacturer, and the current operating system information is obtained.

Step 204, the current authority control interface is called to determine the target authority behavior type corresponding to the authority behavior request, and the matched target authority type is determined based on the target authority behavior type.

The permission behavior type refers to the type of content corresponding to the triggering permission behavior, and comprises the types of pure characters, characters with hyperlinks, mobile phone numbers, email addresses, maps, pictures with links and the like. For example, the authority behavior of the user is to click on the mobile phone number, and at this time, the authority behavior type corresponding to the action of clicking on the mobile phone number is determined to be the mobile phone number. The target permission behavior type refers to a permission behavior request triggered by the current H5 webpage, and the permission behavior request corresponds to the permission behavior type and can be at least one of a text with a hyperlink, a mobile phone number, an Email (Email) address, a map and a picture with a link. The rights type refers to the type of rights corresponding to the rights required to execute the rights behavior request. The permission types may include a dial phone number permission type, a send email permission type, a geographic location permission type, a storage permission type, a web page skip permission type, an audio recording permission type, a file upload permission type, a text copy permission type, an access gallery permission type, and so on. The operating system permissions required to execute different permission behavior requests are different. The target authority type refers to an authority type matching the target authority behavior type. For example, when the target authority behavior type is a mobile phone number, the authority type may be a dialing mobile phone number authority type.

Specifically, the terminal calls the current authority control interface to analyze the authority behavior request, acquires the authority behavior content in the authority behavior request, and determines the target authority behavior type corresponding to the authority behavior request according to the net friend behavior content. And then determining a target authority type matched with the target authority type according to the corresponding relation between the pre-acquired authority type and the authority type.

Step 206, searching a target authority control strategy corresponding to the target authority type based on the current application program information, and performing authority behavior control in the current H5 webpage according to the target authority control strategy.

The authority control strategy refers to a strategy for realizing authority control, and different authority types have different authority control strategies, for example, the authority control strategy corresponding to the authority type of dialing the telephone number can be that the telephone number can be dialed after the user is authorized. For another example, the authority control policy corresponding to the text copy authority type may be to prohibit the user from copying text, etc. The terminal acquires and stores the authority control strategy corresponding to each authority type in advance. The target authority control strategy refers to an authority control strategy corresponding to the target authority type. The permission behavior control refers to controlling the behavior of operating system permission used by the H5 webpage, wherein the operating system permission comprises at least one of calling, reading/sending information, copying/pasting, accessing a gallery, accessing an album, geographic position and screen capturing.

Specifically, the terminal acquires and stores the authority control strategies corresponding to different authority types of the application program information with the H5 webpage in advance. And then the terminal searches each authority type corresponding to the corresponding consistent application program information according to the current application program information, matches the target authority type with each authority type, and takes the authority control strategy corresponding to the consistent authority type as the target authority control strategy when the target authority type is matched with the consistent authority type. And then performing authority behavior control on the current H5 webpage according to the target authority control strategy, namely, executing the target authority control strategy by the terminal to control the authority behavior, for example, applying for authorization prompt and the like.

According to the webpage authority behavior control method, when the current H5 webpage triggering authority behavior request is detected, the corresponding target authority control interface is searched through the current operating system information acquired by intercepting the authority behavior request, the corresponding target authority control interface corresponding to the current operating system information is searched based on the stored corresponding relation, the corresponding target authority control interface can be searched due to the fact that the corresponding relation between each operating system information and the authority control interface is stored, then the target authority behavior type is determined through the target authority control interface, and authority control is carried out according to the target authority type, so that the problem that the authority of the H5 webpage cannot be controlled when the operating system is upgraded is solved, and the adaptability of the H5 webpage authority control is improved. And the target authority control strategy corresponding to the target authority type searched based on the current application program information is obtained, and the authority behavior of the current H5 webpage is controlled by using the target authority control strategy, so that the authority behaviors of the H5 webpage in different application programs can be controlled, and the universality of the authority behavior control of the H5 webpage is improved.

In one embodiment, the current application corresponding to the current application information includes a service SDK docking layer and a service SDK, the service SDK includes an H5 web page permission behavior control SDK, and the H5 web page permission behavior control SDK is used for integrating into different service SDKs to perform permission behavior control on the H5 web page;

as shown in fig. 3, step 202, namely, detecting a permission behavior request triggered by a current H5 web page, acquiring current operating system information and current application program information based on the permission behavior request, and searching a corresponding target permission control interface based on the current operating system information, includes:

step 302, when loading the current H5 webpage, calling the service SDK through the service SDK docking layer to establish an H5 webpage running environment, and displaying the current H5 webpage in the H5 webpage running environment.

Where SDK (Software Development Kit ) refers to a collection of development tools when building application software for a platform, software, etc. The service SDK refers to an SDK that implements specific service functions, for example, an SDK that implements WeChat application login. The service SDK interfacing layer refers to a bridging layer of the application APP and the service SDK. The H5 webpage authority behavior control SDK is used for integrating into different service SDKs to control the authority behavior of the H5 webpage. The H5 webpage authority behavior control SDK provides a unified interface for the service SDK to use. The H5 webpage authority behavior control SDK is provided for the service SDK or APP for integrated use, so that the APP can realize unified control of the H5 webpage authority behavior, a service party can concentrate on developing service functions, authority behavior control is not required to be realized, and development efficiency is improved.

Specifically, when the terminal loads the H5 webpage through the H5 webpage URL (Uniform Resource Locator ), the service SDK is called by the service SDK docking layer to establish an H5 webpage running environment, and the current H5 webpage is run in the H5 webpage running environment.

Step 304, detecting, by the H5 web page permission behavior control SDK, that the permission behavior request triggered by the current H5 web page obtains the current operating system information and the current application program information based on the permission behavior request, and searching for a corresponding target permission control interface based on the current operating system information.

Specifically, the H5 web page authority behavior control SDK has different operation systems and different types of authority policy execution schemes corresponding to different manufacturer devices, specifically, the H5 web page authority behavior control SDK comprises authority policy execution schemes of different authority type control realized by different versions of different operation systems such as an android operation system, an apple operation system, a Microsoft operation system and the like, and meanwhile, the H5 web page authority behavior control SDK also comprises authority policy execution schemes of different authority type control realized by different mobile phone manufacturers such as Chinese and millet and the like. Then the terminal calls the H5 webpage authority behavior control SDK to detect an authority behavior request triggered by the current H5 webpage, intercepts the authority behavior request, analyzes the intercepted authority behavior request to obtain current operating system information and current application program information, and searches a corresponding target authority control interface based on the current operating system information. The request for intercepting the authority behavior may be intercepting by executing preset authority behavior interception buried points, different authority behaviors may be set with different interception buried points, and specifically, a repackaging scheme may be used to inject code segments of the buried points into corresponding positions. For example, the interception portal of the preset buried point may be an interception method provided by using WebSettings (configuration and management of webviews) class of Android webviews (which is a very important control of an Android platform, mainly renders and displays H5 web pages and supports functions such as interaction between Android and H5 web pages). Interception may also be performed using APP or Activity (interface to interact with the user) lifecycle method callbacks. Interception may also be performed using a method callback of class Android WebViewClient (to help WebView handle various notifications, request events).

In a specific embodiment, as shown in fig. 4, an application scenario diagram of an integrated H5 web page rights behavior control SDK is shown, where the APP includes a service SDK docking layer and a service SDK to implement a service function of the APP, and the service SDK includes implementation of the H5 web page rights behavior control SDK and related logic. When the H5 webpage is operated through the service function of the APP, the permission behavior of the H5 webpage is used for controlling the SDK to control the permission behavior. And combining the H5 webpage authority behavior control SDK with the service requirement to obtain a service SDK, and providing the service SDK for the APP for use. Because the needs of the APP are diversified, the interface provided by the service SDK can be ensured not to be modified by providing the service SDK docking layer, and meanwhile, the needs of the video APP can be diversified. The H5 webpage authority behavior control SDK is provided for the service SDK or the APP application program for integrated use, so that the service SDK is enabled to concentrate on service requirements, and relevant logic of the H5 webpage authority behavior control is processed through the H5 webpage authority behavior control SDK.

In the embodiment, the H5 webpage authority behavior control SDK is integrated into different service SDKs to control the H5 webpage authority, so that the suitability and the universality of the H5 webpage authority behavior control are improved.

In one embodiment, as shown in fig. 5, before step 202, that is, before detecting the permission behavior request triggered by the current H5 web page, intercepting the permission behavior request to obtain the current operating system information and the current application program information, and searching the target permission control interface corresponding to the current operating system information based on the saved correspondence, the method further includes:

step 502, detecting a triggering permission control policy information pulling event, and sending a permission control policy information pulling request to a server in response to the permission control policy information pulling event, wherein the permission control policy information pulling request carries a user identifier.

The authority control policy information is information for performing authority control on the behavior of the H5 webpage. The rights control policy information includes a rights type, a rights control policy, and application information. The user identification is used to uniquely identify the user. The rights control policy information pulling event is used to pull the rights control policy information.

Specifically, the terminal detects a trigger right control policy information pulling event, where the terminal may detect the trigger right control policy information pulling event according to a preset time interval, and does not perform processing when the trigger right control policy information pulling event is not detected. When the triggering authority control strategy information pulling event is detected, an authority control strategy information pulling request is sent to a server in response to the authority control strategy information pulling event, and the authority control strategy information pulling request carries a user identifier.

Step 504, obtaining byte stream data returned by the server, and analyzing the byte stream data to obtain authority control strategy information, wherein the authority control strategy information is searched by the server according to the user identification.

Specifically, a user identifier and corresponding authority control strategy information are preset in the server, when the server receives an authority control strategy information pulling request sent by the terminal, the corresponding authority control strategy information is searched according to the user identifier, then the authority control strategy information is transmitted to the terminal through a byte stream data format, the terminal acquires byte stream data returned by the server, and then the byte stream data is analyzed to obtain the authority control strategy information.

In one embodiment, the permission control policy information pulling request carries device information of the terminal, and when the server receives the permission control policy information pulling request, the server can find out corresponding permission control policy information according to the device information of the terminal. And presetting right control strategy information corresponding to different terminal devices by the server. And then returning the searched authority control strategy information to the terminal.

Step 506, the storage authority corresponding to the current application program is obtained, and the authority control strategy information is stored according to a preset storage format based on the storage authority, wherein the authority control strategy information comprises an authority type, an authority control strategy and application program information.

The storage authority refers to the authority of the current application program for storing data in the terminal, and comprises the granted storage authority and the un-granted storage, and the current application program is applied for the storage authority through the current operating system. The preset storage format is a data format of preset storage authority control strategy information.

Specifically, the terminal acquires the storage authority corresponding to the current application program. Storing the authority control strategy information according to the storage authorities according to preset storage formats, wherein different storage authorities have different preset storage formats and different storage modes. For example, when the current application program has been granted the storage right, the right control policy information may be stored in the storage space, or the right control policy information may be directly stored in the cache. When the current application storage right is not granted, the right control policy information may be stored in the private storage space of the current application.

In a specific embodiment, the rights control policy information may include fields as shown in table 1 below:

TABLE 1 rights control policy information field table

Field name	Meaning of
		policyId	Unique identification of authority policy, and server side automatically generates
appPkgName	Application package name (object of authority policy validation)
		appVersionName	Application version name
appVersionCode	Application version number
		policyContentKey	Unique identification of rights type
policyContentValue	Execution scheme of authority policy

Wherein each application program has a total identifier of authority policy, and the record is automatically generated by the server by using the politid field. appPkgName is used to record the installation package name of an application. The appversion name is used to record the version name of the application. The appversion code field is used to record the version number of the application program, and appPkgName, appVersionName and appversion code are used together to uniquely identify the corresponding application program, i.e., all rights policies corresponding to the rights policy total identity are only valid for that application program. The policcontentkey field is used for recording the unique identifier of the rights type, the unique identifier of the rights type is used for uniquely identifying the rights type, and different rights types have different identifiers. The policcontentvalue is used for recording the specific implementation scheme of the authority policy, and each authority type has a corresponding specific implementation scheme of the authority policy. In one embodiment, when the rights type is acquired, the rights type is matched with the content of the policcontentKey field, and when the rights type match is consistent, the rights policy set by policcontentvalue corresponding to the type match consistent rights type is used for execution.

In the above embodiment, when the terminal detects the event of triggering the pulling of the rights control policy information, the rights control policy information is pulled from the server and stored, so that the subsequent use is facilitated.

In one embodiment, as shown in fig. 6, step 502, i.e., detecting a trigger entitlement control policy information pull event, includes:

step 602, monitoring the network state according to a preset first time interval, and triggering a permission control policy information pulling event when the network state changes from the first network state to the second network state. Or (b)

The network state is used to represent the state of the current network of the terminal, including the network unconnected state and the network connected state, where the network may be a 2G (second generation mobile phone communication specification) network, a 3G (third generation mobile communication technology) network, a 4G (fourth generation mobile communication technology) network, or a 5G network. The preset first time interval is a preset time interval for monitoring the network signal, for example, the preset first time interval may be 1 hour. The first network state refers to a network unconnected state. The second network state refers to a network connected state.

Specifically, the terminal monitors the network state according to a preset first time interval, and when detecting that the network state changes from a network unconnected state to a network connected state, triggers an authority control strategy information pulling event. For example, the terminal detects the network state every 1 hour, does not process when detecting that the network state is not changed, and triggers the permission control policy information pulling event when detecting that the network state is changed from the network unconnected state to the network connected state. For example, when detecting that the network state changes from the 5G network unconnected state to the 5G network connected state, the permission control policy information pulling event is triggered to pull the permission control policy information from the server. For another example, when detecting that the network state changes from 4G network unconnected to 4G network connected, the permission control policy information pulling event is triggered to pull the permission control policy information from the server. In one embodiment, the network state may also be monitored in real time, and when a change in the network state from a network unconnected state to a network connected state is detected, a rights control policy information pull event is triggered.

Step 604, monitoring the screen state according to a preset second time interval, and triggering a permission control strategy information pulling event when the screen state is changed from the first screen state to the second screen state. Or (b)

The second time interval refers to a preset time interval, and the second time interval may be the same as or different from the first time interval. The screen state refers to a brightness state of a terminal screen, the first screen state refers to a first brightness state of the screen, and the first screen state can be that the screen is in a black screen state or in a low brightness state. The second screen state refers to a second brightness state of the screen, and the second screen state may be a brightness state of the screen in normal use or a high brightness state of the screen.

Specifically, or the terminal may monitor the screen state at the second time interval, when the screen state is changed from the first screen state to the second screen state, the permission control policy information pulling event may be triggered, for example, when the screen state is changed from the black screen state to the brightness state of normal use, that is, when the screen is changed from black to bright. The entitlement control policy information pull event may also be triggered when the screen state changes directly from a low brightness state to a high brightness state. In one embodiment, the screen state may also be monitored in real time, triggering a rights control policy information pull event when the screen state transitions from a first screen state to a second screen state.

Step 606, when the rights control initialization interface is invoked for initialization, a rights control policy information pull event is triggered.

The authority control initialization interface is used for creating a required environment of the H5 webpage authority behavior control SDK and starting abnormal thread pull authority control strategy information when the application program is started.

Specifically, when the terminal starts the current application program and invokes the permission control initialization interface to initialize, the terminal creates the required running environment of the H5 webpage permission behavior control SDK and triggers the permission control policy information pulling event, namely, invokes the abnormal thread to send the permission control policy information pulling request to the server, thereby acquiring the permission control policy information. That is, when the current application is started, the right control policy information pulling event is triggered to pull the right control policy information from the server.

In the embodiment, the right control policy information pulling event is triggered under different conditions to acquire the right control policy information, so that the latest right control policy information can be acquired in time, and the right behavior of the H5 webpage can be controlled more conveniently.

In one embodiment, step 506, that is, storing the rights control policy information according to a preset storage format based on the storage rights, includes:

And storing the authority control strategy information into the memory according to the basic data type storage format.

The basic data type is a basic type of data storage, and comprises an int type, a float type, a bootean type, a List type, a Map type and the like.

Specifically, the server may directly store the rights control policy information into the memory according to the basic data type storage format. For example, the list can be stored in a terminal cache in the form of list, so that the use is convenient. Or in the form of map type. Rights control policy information may also be stored in memory in the int type.

Or converting the authority control strategy information into a binary byte stream, storing the binary byte stream into a private storage position of the current application program when the storage authority is unauthorized storage, and storing the binary byte stream into a storage space when the storage authority is authorized storage.

The binary byte stream refers to a binary byte stream generated by using the JCE protocol to generate the rights control policy information. JCE is a binary, support field dynamic augmentation, code automatic generation, cross-platform communication, data transfer protocol. The JCE protocol encodes using TTLV (Tag-Type-Length-Value), and encoded data is composed of two parts, header information and real data. The private storage location refers to a private directory location of the current application, such as a storage location where the current application installation package is located. The storage space refers to the storage space of the terminal itself, such as an SD card in a mobile phone (the SD memory card is a new generation memory device based on a semiconductor flash memory). The terminal can also convert the authority control strategy information into a self-defined storage format for storage.

Specifically, the terminal obtains and uses the JCE protocol to convert the authority control strategy information into a binary byte stream, then searches the storage authority of the current application program, and stores the binary byte stream in a file mode to the private storage position of the current application program when the storage authority is unauthorized storage. When the storage authority is authorized to store, the binary byte stream is stored in the storage space in a file mode. In a specific embodiment, the file name suffix storing the rights control policy information is named dat. For example, the permission control policy information may be stored in a file named permission.

In the embodiment, the authority control strategy information is stored to different positions based on the preset storage format of the storage authority, so that the subsequent access of the authority control strategy information is facilitated, and different application scene requirements can be met.

In one embodiment, before step 202, before detecting the permission behavior request triggered by the current H5 web page, intercepting the permission behavior request to obtain the current operating system information and the current application program information, and searching the target permission control interface corresponding to the current operating system information based on the saved correspondence, the method further includes:

And receiving byte stream data pushed by a server according to the user identification or the equipment information, analyzing the byte stream data to obtain the authority control strategy information, and storing the authority control strategy information.

Specifically, the device information is used to indicate specific information of the terminal device, including the model, brand, motherboard, CPU model, unique identification code, and the like of the terminal device. After establishing network connection with the terminal, the server can actively push the authority control strategy information to the terminal. The pushing can be performed according to a preset time interval. The server can push the authority control strategy information to the corresponding device information or the user identifier according to the preset binding relation between the user identifier or the device information and the authority control strategy information. The server can push the authority control strategy information to be pushed according to the record of the sending history authority control strategy information. The terminal receives byte stream data pushed by the server according to the user identification or the equipment information, analyzes the byte stream data to obtain the authority control strategy information, and stores the obtained authority control strategy information. For example, the server pushes the permission control policy information corresponding to the mobile phone, and can push the permission control policy information corresponding to the apple mobile phone.

In one embodiment, after the rights control policy information is updated, the updated rights control policy information is pushed to the terminal corresponding to the user identifier, where the rights control policy information update may refer to addition, deletion, modification, and the like of the rights control policy information. The manager can update the rights control policy information stored in the server through the rights management platform. For example, the manager can add the authority type and the authority policy corresponding to the application program in the authority control policy information, that is, the manager adds the authority type and the authority policy corresponding to the newly added application program to the H5 web page authority behavior control SDK through the management terminal. And uploading the right type and the right policy corresponding to the newly added application program to a server, and updating the stored H5 webpage right behavior control SDK by the server by using the right type and the right policy corresponding to the newly added application program. For example, the manager may delete the rights type and the corresponding rights policy in the rights control policy information. The manager can send the deleted authority type identifier and the corresponding authority policy identifier to the server through the management terminal, and the server deletes the authority type and the authority policy matched in the H5 webpage authority behavior control SDK according to the deleted authority type identifier and the corresponding authority policy identifier. For example, the manager may also modify the rights type or rights policy in the rights control policy information. The manager can upload the modified authority strategy to the server through the management terminal, and the server replaces the authority strategy corresponding to the same authority type in the H5 webpage authority behavior control SDK with the modified authority strategy.

In the embodiment, the terminal can acquire the authority control strategy information pushed by the server and store the authority control strategy information, so that the convenience of acquiring the authority control strategy information is improved.

In a specific embodiment, as shown in fig. 7, a flowchart of acquiring and storing rights control policy information is shown. Specifically: the authority control policy information can be generated in the H5 webpage control background, and a manager at the server side can manage the authority control policy information in the H5 webpage control background through the authority management platform, for example, the authority control policy information is added, updated, deleted and the like, and a user or terminal device can be bound with the authority control policy information. And then the server side can carry out push service, pull service and data management service of the authority control strategy information through the authority control strategy service platform. The push service is to push the rights control policy information to the terminal, the pull service is to return the rights control policy information to the terminal when the terminal pulls the rights control policy information, and the data management service is to record push information and pull information, such as a user object pushed or pulled, the rights control policy information pushed, and the like. The mobile phone is provided with an H5 webpage authority behavior control SDK for carrying out the pulling of the authority control strategy information, specifically, after the H5 webpage authority behavior control SDK is initialized, the H5 webpage authority behavior control SDK is actively used for carrying out the pulling of the authority control strategy information through the H5 webpage authority behavior control SDK when the mobile phone is connected with a network or a screen of the mobile phone is lightened by detecting the authority control service initialization or the mobile phone is connected with the network, namely, the authority control strategy information is pulled from a server, the pulled authority control strategy information is analyzed, and then the analyzed authority control strategy information is stored in a mobile phone memory or a mobile phone storage space in a preset storage format according to the storage authority of an application program. And the server side can actively push the authority control strategy information to the mobile phone after establishing network connection with the mobile phone, and then store the mobile phone memory or the mobile phone storage space in a preset storage format according to the storage authority of the application program.

In one embodiment, step 202, that is, detecting a permission behavior request triggered by a current H5 web page, intercepting the permission behavior request to obtain current operating system information and current application program information, and searching a target permission control interface corresponding to the current operating system information based on the saved correspondence, includes the steps of:

detecting a permission behavior request triggered by a current H5 webpage, calling a security verification interface based on the permission behavior request, intercepting the permission behavior request to acquire current operating system information and current application program information when identity security verification passes through the security verification interface, and searching a target permission control interface corresponding to the current operating system information based on the stored corresponding relation.

Specifically, the security verification interface is used for verifying identity security, namely, the terminal detects a permission behavior request triggered by the current H5 webpage, calls the security verification interface based on the permission behavior request, acquires the identity information of the current terminal through the security verification interface, matches the preset security identity information, and passes the security verification when the matching is consistent. The identity information of the current terminal can be terminal equipment information, user information input by a user or the like, and then when the security verification is passed through the security verification interface, the current operating system information and the current application program information are obtained, and the corresponding target permission control interface is searched based on the current operating system information according to the preset corresponding relation between the operating system and the permission control interface.

In a specific embodiment, the License SDK may be used to check and protect the external interface of the H5 web page entitlement behavior control SDK, where the service SDK only allows APP that obtains License authorization to use, and prevents unauthorized APP from using the service SDK without obtaining License. When the H5 webpage authority behavior control SDK is called, the time, the number of users and the terminal IP address of the H5 webpage authority behavior control SDK are detected through the License SDK, and when the detection is in the authorized time, the authorized users and the authorized terminal IP address pass the verification, namely the safety verification passes, the H5 webpage authority behavior control SDK can be called to control the authority behavior of the H5 webpage. In one embodiment, the code of the H5 web page rights behavior control SDK is obfuscated under the condition of protecting the internal logic, then the H5 web page rights behavior control SDK after the obfuscation is provided to the service SDK, the service SDK and the H5 web page rights behavior control SDK after the obfuscation are combined and packaged together to obtain a aar package, aar (Android Archive) package is a binary archive file of the Android library item, and the aar package is provided to the application program for use.

In the embodiment, the security verification interface is used for performing security verification and then performing control on the H5 webpage authority behavior, so that the security of the control on the H5 webpage authority behavior is ensured.

In one embodiment, after step 206, i.e. after searching for the target rights control policy corresponding to the target rights type based on the current application information, the method further comprises:

and when the target authority control strategy is not found, acquiring the current operating system authority execution strategy, and controlling the authority behavior in the current H5 webpage according to the current operating system authority execution strategy.

Specifically, the current operating system permission execution policy refers to a permission execution policy defined by the current operating system itself, for example, the current operating system permission execution policy may be a permission execution policy corresponding to the default target permission type by the operating system. When the terminal does not find the target authority control strategy, the target authority type is not provided with the corresponding authority control strategy, and at the moment, the current operating system authority execution strategy can be obtained, and the current H5 webpage is subjected to authority behavior control according to the current operating system authority execution strategy, so that the condition that the H5 webpage behavior cannot be subjected to authority control is avoided, and the condition that the H5 webpage behavior can be normally subjected to authority control is ensured.

In one embodiment, when the matched target authority type is not found based on the target authority type, the current operating system authority execution strategy is directly acquired, and authority behavior control is performed in the current H5 webpage according to the current operating system authority execution strategy.

In one embodiment, step 206, that is, performing rights behavior control in the current H5 web page according to the target rights control policy, includes the steps of:

displaying a permission behavior processing application selection interface, detecting a selection event triggering a target permission behavior processing application through the permission behavior processing application selection interface, and displaying a permission behavior authorization page in response to the selection event.

The authority behavior processing application is used for performing authority behavior processing after authority behavior authorization. The rights behavior processing application selection interface is used for displaying the rights behavior processing application. For example, the display can be performed on an H5 webpage popup window. The authority behavior authorization page refers to a page where a user authorizes authority behavior. The target authority behavior processing application uses the selected application for processing the authority behavior of the current H5 webpage. The selection event refers to an event that the user selects the rights behavior processing application, and the selection may be performed by clicking a rights behavior processing application icon, or by pressing an option button, or the like.

Specifically, the terminal executes a target authority control strategy to display an authority behavior processing application selection interface, and each authority behavior processing application to be selected is displayed in the authority behavior processing application selection interface. In one embodiment, the rights behavior processing application may also be displayed in a popup or may be displayed in other manners, such as in a list. When the terminal detects a selection event triggering the target authority behavior processing application through the authority behavior processing application selection interface, the terminal responds to the selection event to display an authority behavior authorization page, and the authorization to the network behavior is obtained through the network behavior authorization page. Rights behavior authorization may also be performed through a dialog box in response to a selection event exposing a dialog box for application authorization.

And when receiving an authorization instruction through the authorization page, starting the target authorization processing application.

Specifically, the user can perform authorization processing through the authorization page of the authorization behavior, for example, the user performs authorization by clicking an authorization button in the authorization page of the authorization behavior, and when the terminal receives an authorization instruction through the authorization page of the authorization behavior, the terminal starts a target authorization behavior processing application to perform authorization behavior processing. For example, when the right to read the stored data is obtained, a picture application may be started to upload the picture. When an authorization instruction is not received through the authorization page, the authorization instruction is not authorized, and the authorization instruction can be prompted through a popup window, or can be prompted through a notification message, or can be prompted through a mail, or can be prompted through a short message, and the like. The user can also perform prohibition authorization processing through the permission behavior authorization page, for example, permission is always prohibited by clicking an always prohibited button in the permission behavior authorization page, that is, permission corresponding to the hand-changed permission behavior is prohibited.

In one embodiment, the terminal executes the target permission control policy to display a permission behavior processing application selection interface, and detects that a selection event triggering the target permission behavior processing application through the permission behavior processing application selection interface displays a permission prohibition prompt popup for prompting that the target permission type is in a state of prohibition of authorization. And then when detecting the operation of triggering to return to the H5 webpage, displaying the H5 webpage. Or when detecting the operation of triggering the permission modification, displaying an authorization state modification page of the target permission type, and when detecting the operation of triggering the modification completion, acquiring the permission state corresponding to the modified target permission type, modifying the stored permission state corresponding to the target permission type and returning to the H5 webpage. The permission status refers to the status of the system permission corresponding to the target permission type, and includes an authorized status, an unauthorized status and the like.

In one embodiment, the terminal executes the target authority control strategy to display an authority behavior processing application selection interface, detects that a selection event of the target authority behavior processing application is triggered to jump to an identity authentication page through the authority behavior processing application selection interface, displays an authorization application dialogue page when identity authentication is passed through the identity authentication page, and starts the target authority behavior processing application after authorization information is acquired through the authorization application dialogue page.

In one embodiment, as shown in fig. 8, a schematic diagram of an H5 web page is shown, where the H5 web page is an H5 web page that is opened for feedback problems using a Chrome browser. When a user clicks an icon for uploading a picture in the H5 webpage, the terminal can read data stored in the mobile phone after the user is authorized. At this time, the conventional implementation is shown in fig. 9, which is a schematic diagram of a conventional application authorization dialog. The conventional technology, namely that the H5 webpage authority behavior control SDK is not integrated in the Chrome browser, can directly call an application dialog box of the storage authority of the Android system when a user clicks an icon of an uploaded picture. After the user's always allowed authorization is obtained through the authorization application dialog box, the uploading of the picture can be performed. In this application, as shown in fig. 10, a schematic diagram of a rights behavior processing application selection interface is shown. The same H5 web page is opened in fig. 10 by a secure workspace H5 container, which provides a secure environment for the operation of the H5 web page. When the user clicks the icon of the H5 webpage uploading picture, a picture application selection interface is displayed first when the target authority control strategy is executed. When the user clicks a picture application button in a picture application selection interface, the authorization page is displayed again to acquire the user's permission authorization all the time, and the picture application selected by the user is started to carry out picture selection uploading.

In the above embodiment, the security of the rights behavior request processing can be improved by selecting the rights behavior processing application and then performing the authorization.

In one embodiment, as shown in fig. 11, step 206, that is, searching for the target rights control policy corresponding to the target rights type based on the current application information, includes:

step 1102, obtaining the encrypted rights control policy information and the corresponding digital signature, and performing integrity verification on the encrypted rights control policy information based on the digital signature, and obtaining a decryption key when verification passes.

The encrypted authority control strategy information is obtained by encrypting the authority control strategy information by using an encryption algorithm. The digital signature is obtained by using a digital signature algorithm to digitally sign the encrypted authority control strategy information.

The terminal acquires the encrypted authority control strategy information, namely the authority control strategy information is stored in the terminal after being encrypted, the terminal acquires the encrypted authority control strategy information and the corresponding digital signature when in use, the digital signature is used for carrying out integrity verification on the encrypted authority control strategy information, namely the hash value of the encrypted authority control strategy information is calculated, the digital signature decryption key is used for decrypting the digital signature to obtain the decrypted hash value, the decrypted hash value is compared with the calculated hash value, when the calculated hash value is consistent with the decrypted hash value, the digital signature verification is passed, and when the hash value is inconsistent, the authority control strategy information is tampered, and the verification is failed. And the terminal acquires the decryption key when the digital signature passes the verification. The decryption key may be generated according to a user password, which may be an account password used when the user logs in to the application program. The decryption key may also be generated from a terminal device unique identification code that is used to uniquely identify the terminal device.

And step 1104, decrypting the encrypted authority control strategy information by using the decryption key to obtain the authority control strategy information, wherein the authority control strategy information comprises application program information, authority type and authority control strategy.

Specifically, the terminal decrypts the encrypted authority control strategy information by using the decryption key to obtain the authority control strategy information, wherein the authority control strategy information comprises application program information, an authority type corresponding to the application program information and an authority control strategy corresponding to the authority type.

In one embodiment, the terminal may first obtain the decryption key, decrypt the encrypted rights control policy information using the decryption key to obtain decrypted rights control policy information, then calculate a hash value of the decrypted rights control policy information, and pass the digital signature verification when the hash value of the decrypted rights control policy information is consistent with the hash value in the digital signature.

Step 1106, the current application program information is matched in the authority control strategy information, and when the matching is successful, the authority type and the authority control strategy corresponding to the successfully matched application program information are obtained from the authority control strategy information.

Specifically, the terminal searches the application program information consistent with the current application program information in the authority control strategy information, when the consistent application program information is found, the matching is successful, and at the moment, the authority type and the authority control strategy corresponding to the successfully matched application program information are obtained from the authority control strategy information.

Step 1108, matching the target authority type in the authority types corresponding to the successfully matched application program information, and taking the authority control strategy corresponding to the successfully matched authority type as the target authority control strategy when the matching is successful.

Specifically, the terminal searches the target authority type in the authority types corresponding to the successfully matched application program information, and when the consistent target authority type is found, the terminal is successfully matched, and acquires the authority control strategy corresponding to the successfully matched authority type, so that the target authority control strategy is obtained. In a specific embodiment, the server may encrypt the rights control policy information using AES (Advanced Encryption Standard ) algorithm, and sign the encrypted rights control policy information using RSA (RSA algorithm) encryption algorithm, and then push the rights control policy information and the digital signature of the encryption right to the terminal.

In the embodiment, the rights control policy information is subjected to digital signature verification, so that the rights control policy information is guaranteed to be not tampered, the encrypted rights control policy information is stored in the terminal, and is decrypted and then used when in use, the rights control policy information is prevented from being exposed, and the security of the rights control policy information is guaranteed.

In one embodiment, the web page authority behavior control method further includes the steps of:

when the current H5 webpage is loaded, acquiring preset current H5 webpage authority information, and updating the authority corresponding to the current H5 webpage according to the preset current H5 webpage authority information to acquire the webpage target authority.

The current H5 webpage authority information refers to preset authority strategies corresponding to various webpage behaviors of the current H5 webpage. The page target authority refers to an authority strategy corresponding to a page behavior set in the H5 webpage, and different authority strategies can be set for different page behaviors.

Specifically, when the terminal loads the H5 webpage, preset current H5 webpage authority information can be obtained, and the authority corresponding to the current H5 webpage is updated according to the preset current H5 webpage authority information to obtain the webpage target authority. For example, preset permission policies in the current H5 web page permission information may be used to omit permission settings that set various page behaviors in websettings.

When the permission behavior request triggered by the current H5 webpage is detected, permission behavior control is carried out on the current H5 webpage according to the page target permission.

Specifically, when detecting a permission behavior request triggered by a current H5 webpage, the terminal intercepts the permission behavior request through a preset buried point, analyzes the content of the permission behavior request, acquires a target permission type according to the content of the permission behavior request, searches a permission strategy corresponding to the target permission type from a target permission of the webpage, and executes the permission strategy to control the permission behavior in the current H5 webpage. In a specific embodiment, the rights behavior request may be intercepted by an APP/Activity lifecycle pre-embedded point.

In the embodiment, the authority behavior control is performed on the current H5 webpage through the updated page target authority, so that the efficiency of webpage authority behavior control is improved.

In a specific embodiment, as shown in fig. 12, the web page authority behavior control method includes the following steps:

step 1202, when loading the current H5 webpage, calling a service SDK through a service SDK docking layer to establish an H5 webpage running environment, and displaying the current H5 webpage in the H5 webpage running environment;

In step 1204, the permission behavior request triggered by the current H5 web page is detected by the H5 web page permission behavior control SDK, the permission behavior request is intercepted to obtain the current operating system information and the current application program information, and the target permission control interface corresponding to the current operating system information is searched based on the saved correspondence.

In step 1206, the current rights control interface is called by the H5 web page rights control SDK to determine the target rights behavior type corresponding to the rights behavior request, and the matched target rights type is determined based on the target rights behavior type.

Step 1208, the encrypted rights control policy information and the corresponding digital signature are obtained through the H5 web page rights behavior control SDK, integrity verification is performed on the encrypted rights control policy information based on the digital signature, and when verification is passed, a decryption key is obtained.

In step 1210, the H5 web page rights behavior control SDK decrypts the encrypted rights control policy information using the decryption key to obtain rights control policy information, where the rights control policy information includes application information, rights type, and rights control policy.

In step 1212, the current application information is matched in the rights control policy information by the H5 web page rights behavior control SDK, and when the matching is successful, the rights type and the rights control policy corresponding to the successfully matched application information are obtained from the rights control policy information.

In step 1214, the SDK is controlled to match the target authority type in the authority types corresponding to the successfully matched application program information through the H5 web page authority behavior, and when the matching is successful, the authority control policy corresponding to the successfully matched authority type is used as the target authority control policy.

In step 1216, the target authority behavior processing application selection interface is displayed by executing the target authority control strategy through the H5 web page authority behavior control SDK, a selection event triggering the target authority behavior processing application through the authority behavior processing application selection interface is detected, the authority behavior authorization page is displayed in response to the selection event, and when an authorization instruction is received through the authority behavior authorization page, the target authority behavior processing application is started.

In this embodiment, before step 1202, the steps are further included:

and monitoring the network state according to a preset first time interval, and triggering an authority control strategy information pulling event when the network state is changed from the first network state to the second network state. Or monitoring the screen state according to a preset second time interval, and triggering a right control strategy information pulling event when the screen state is changed from the first screen state to the second screen state. Or when the authority control initialization interface is called for initialization, triggering an authority control strategy information pulling event, and responding to the authority control strategy information pulling event to send an authority control strategy information pulling request to the server, wherein the authority control strategy information pulling request carries a user identifier. Byte stream data returned by the server is obtained, the byte stream data is analyzed to obtain authority control strategy information, and the authority control strategy information is searched by the server according to the user identification; and acquiring the storage authority corresponding to the current application program, and storing the authority control strategy information into the memory according to the storage format of the basic data type. Or converting the authority control strategy information into a binary byte stream, storing the binary byte stream into a private storage position of the current application program when the storage authority is unauthorized storage, and storing the binary byte stream into a storage space when the storage authority is authorized storage. The rights control policy information includes a rights type, a rights control policy, and application information.

The application scenario also provides an application scenario, and the application scenario applies the webpage authority behavior control method. Specifically, the application of the web page permission behavior control method in the application scene is as follows:

in the smart phone WeChat application program, an H5 webpage authority behavior control SDK is integrated in the smart phone WeChat application program. As shown in fig. 13, an architecture diagram of an H5 web page rights behavior control SDK includes an interface layer and a service implementation layer, where the interface layer includes an initialization interface, a rights external interface, and a service injection interface. The initialization interface is used for creating a required running environment of the H5 webpage authority behavior control SDK and starting an abnormal thread to pull authority policy information from a server, and is called when a WeChat application program is started. The service injection interface is used for accessing the customized service. For example, a service that injects statistics through a service injection interface that is invoked when a WeChat application is started. The permission external interface is used for carrying out interception recognition and other treatments on page permission behaviors. The service realization layer comprises the realization of the interface layer, the pulling, analysis and storage of the authority strategy information, the execution of the authority strategy, the statistical reporting of the execution result and the like.

Specifically:

as shown in fig. 14, a flow chart of performing authority control on an SDK for controlling authority of an H5 web page is shown, wherein when a user performs page access in a WeChat application through an H5 web page access address URL, an H5 web page is displayed, when an authority behavior request triggered by a current H5 web page is detected, current operating system information and current application program information are obtained, a corresponding target authority control interface is searched based on the current operating system information, the authority behavior control SDK of the H5 web page intercepts the authority behavior request by calling the target authority control interface, and the intercepted information is analyzed to obtain a target authority behavior type. For example, by monitoring a callback of a method for long-pressing a webpage provided by an Android system, obtaining long-pressing content by a webview, hittestresult, gettype () method, wherein the content comprises pure text, text with hyperlinks, mobile phone numbers, email addresses, maps, pictures with links and the like, then determining that the permission behavior type is "mobile phone number type" according to the current long-pressing content "mobile phone number", and determining that the matched target permission type is "dialing phone number" according to the permission behavior type. At this time, the authority control strategy corresponding to the WeChat application dialing telephone number is searched in the authority strategy information, and is executed according to the authority control strategy.

In another embodiment, the H5 web page permission behavior control SDK intercepts the permission behavior request by calling the target permission control interface, and analyzes the intercepted information to obtain the target permission behavior type. For example, the rights behavior type may be obtained by parameters in the callback of the webview client. For example, the parameters may specifically be URLs for network requests beginning with "http://" and "https://", URLs for opening Android applications beginning with "intent://", URLs for opening sms applications beginning with "sms://", URLs for opening map applications beginning with "geo:0, 0q=", URLs for opening email applications beginning with "mail:" and URLs for opening telephony applications beginning with "tel:". And obtaining the corresponding authority behavior type according to the specific content of the parameter, and then determining the matched authority type according to the page behavior type. For example, the specific content of the parameter may be a URL beginning with tel, and the permission behavior type is obtained as a "click phone number" at this time, and the matching permission type is searched for as a "dial phone number" according to the permission behavior type. When the matched authority type of dialing telephone number is found, the authority control strategy corresponding to the WeChat application of dialing telephone number is found in the authority strategy information, and the execution is carried out according to the execution scheme of the authority control strategy. When the matched authority type of dialing telephone number is not found, the default execution strategy of dialing telephone number of the operating system is acquired for execution.

In another embodiment, when a user performs page access through an H5 webpage access address URL in a WeChat application, displaying an H5 webpage, acquiring preset current H5 webpage authority information, and updating the authority corresponding to the current H5 webpage according to the preset current H5 webpage authority information to obtain a page target authority. When a permission behavior request triggered by a current H5 webpage is detected, intercepting the permission behavior request through a buried point preset by an APP/Activity life cycle, analyzing the intercepted permission behavior request, identifying a permission type, and then performing permission behavior control in the current H5 webpage according to a permission control strategy corresponding to the permission type in a set page target permission.

It should be understood that, although the steps in the flowcharts of fig. 2, 3, 5, 6, 11, and 12 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least a portion of the steps of fig. 2, 3, 5, 6, 11, and 12 may include a plurality of steps or stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the execution of the steps or stages is not necessarily sequential, but may be performed in turn or alternately with at least a portion of the steps or stages of other steps or steps.

In one embodiment, as shown in fig. 15, a web page authority behavior control apparatus 1500 is provided, which may employ a software module or a hardware module, or a combination of both, as a part of a computer device, and specifically includes: an interface lookup module 1502, a type determination module 1504, and a rights control module 1506, wherein:

the interface searching module 1502 is configured to detect a permission behavior request triggered by a current H5 web page, intercept the permission behavior request to obtain current operating system information and current application information, and search a target permission control interface corresponding to the current operating system information based on a stored correspondence, where the correspondence is a correspondence between each operating system information and the permission control interface.

The type determining module 1504 is configured to invoke the current rights control interface to determine a target rights behavior type corresponding to the rights behavior request, and determine a matched target rights type based on the target rights behavior type.

The permission control module 1506 is configured to find a target permission control policy corresponding to the target permission type based on the current application information, and perform permission behavior control in the current H5 web page according to the target permission control policy.

In one embodiment, the current application corresponding to the current application information includes a service SDK docking layer and a service SDK, the service SDK includes an H5 web page permission behavior control SDK, and the H5 web page permission behavior control SDK is used for integrating into different service SDKs to perform permission behavior control in an H5 web page;

the interface searching module 1502 includes:

the page display unit is used for calling a service SDK through the service SDK docking layer to establish an H5 webpage running environment when the current H5 webpage is loaded, and displaying the current H5 webpage in the H5 webpage running environment;

the interface searching unit is used for detecting a permission behavior request triggered by the current H5 webpage through the H5 webpage permission behavior control SDK, intercepting the permission behavior request to acquire current operating system information and current application program information, and searching a target permission control interface corresponding to the current operating system information based on the stored corresponding relation.

In one embodiment, the web page permission behavior control apparatus 1500 further includes:

the request sending module is used for detecting a triggering authority control strategy information pulling event, responding to the authority control strategy information pulling event and sending an authority control strategy information pulling request to the server, wherein the authority control strategy information pulling request carries a user identifier;

The information acquisition module is used for acquiring byte stream data returned by the server, analyzing the byte stream data to obtain authority control strategy information, and the authority control strategy information is searched by the server according to the user identification;

the storage module is used for acquiring the storage authority corresponding to the current application program, and storing the authority control strategy information based on the storage authority according to a preset storage format, wherein the authority control strategy information comprises an authority type, an authority control strategy and application program information.

In one embodiment, the request sending module includes:

the network monitoring module is used for monitoring the network state according to a preset first time interval, and triggering an authority control strategy information pulling event when the network state changes from the first network state to the second network state; or (b)

The screen monitoring module is used for monitoring the screen state according to a preset second time interval, and triggering an authority control strategy information pulling event when the screen state is changed from the first screen state to the second screen state; or (b)

And the initialization module is used for triggering an authority control strategy information pulling event when the authority control initialization interface is invoked for initialization.

In one embodiment, the storage module is further configured to store the rights control policy information into the memory according to a basic data type storage format; or converting the authority control strategy information into a binary byte stream, storing the binary byte stream into a private storage position of the current application program when the storage authority is unauthorized storage, and storing the binary byte stream into a storage space when the storage authority is authorized storage.

the pushing information acquisition module is used for receiving the byte stream data pushed by the server according to the user identification or the equipment information, analyzing the pushed byte stream data to obtain the authority control strategy information, and storing the authority control strategy information.

In one embodiment, the interface searching module 1502 is further configured to detect a permission behavior request triggered by the current H5 web page, call the security verification interface based on the permission behavior request, intercept the permission behavior request to obtain the current operating system information and the current application program information when the identity security verification is passed through the security verification interface, and search the target permission control interface corresponding to the current operating system information based on the saved correspondence.

and the system executing module is used for acquiring the current operating system authority executing strategy when the target authority control strategy is not found, and controlling the authority behavior in the current H5 webpage according to the current operating system authority executing strategy.

In one embodiment, the rights control module 1506 is further configured to display a rights behavior processing application selection interface, detect a selection event that triggers the target rights behavior processing application through the rights behavior processing application selection interface, and display a rights behavior authorization page in response to the selection event; and when receiving an authorization instruction through the authorization page, starting the target authorization processing application.

In one embodiment, the interface lookup module 1502 is further configured to obtain encrypted rights control policy information and a corresponding digital signature, perform integrity verification on the encrypted rights control policy information based on the digital signature, and obtain a decryption key when the verification passes; decrypting the encrypted rights control policy information by using the decryption key to obtain rights control policy information, wherein the rights control policy information comprises application information, rights type and rights control policy; matching current application program information in the authority control strategy information, and acquiring the authority type and the authority control strategy corresponding to the successfully matched application program information from the authority control strategy information when the matching is successful; and matching the target authority type in the authority type corresponding to the successfully matched application program information, and taking the authority control strategy corresponding to the successfully matched authority type as the target authority control strategy when the matching is successful.

the permission updating module is used for acquiring preset current H5 webpage permission information when the current H5 webpage is loaded, and updating permissions corresponding to the current H5 webpage according to the preset current H5 webpage permission information to obtain page target permissions;

And the target authority control module is used for controlling the authority behavior of the current H5 webpage according to the page target authority when detecting the authority behavior request triggered by the current H5 webpage.

For specific limitation of the web page permission behavior control device, reference may be made to the limitation of the web page permission behavior control method hereinabove, and the description thereof will not be repeated here. The above-mentioned various modules in the web page authority behavior control device may be implemented in whole or in part by software, hardware, and a combination thereof. The above modules may be embedded in hardware or may be independent of a processor in the computer device, or may be stored in software in a memory in the computer device, so that the processor may call and execute operations corresponding to the above modules.

In one embodiment, a computer device is provided, which may be a terminal, and the internal structure thereof may be as shown in fig. 16. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless mode can be realized through WIFI, an operator network, NFC (near field communication) or other technologies. The computer program, when executed by a processor, implements a web page entitlement behavior control method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, can also be keys, a track ball or a touch pad arranged on the shell of the computer equipment, and can also be an external keyboard, a touch pad or a mouse and the like.

It will be appreciated by those skilled in the art that the structure shown in fig. 16 is merely a block diagram of a portion of the structure associated with the present application and is not limiting of the computer device to which the present application is applied, and that a particular computer device may include more or fewer components than shown, or may combine certain components, or have a different arrangement of components.

In an embodiment, there is also provided a computer device comprising a memory and a processor, the memory having stored therein a computer program, the processor implementing the steps of the method embodiments described above when the computer program is executed.

In one embodiment, a computer-readable storage medium is provided, storing a computer program which, when executed by a processor, implements the steps of the method embodiments described above.

In one embodiment, a computer program product or computer program is provided that includes computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions, so that the computer device performs the steps in the above-described method embodiments.

Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed, may comprise the steps of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, or the like. Volatile memory can include random access memory (Random Access Memory, RAM) or external cache memory. By way of illustration, and not limitation, RAM can be in the form of a variety of forms, such as static random access memory (Static Random Access Memory, SRAM) or dynamic random access memory (Dynamic Random Access Memory, DRAM), and the like.

The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.

The above examples merely represent a few embodiments of the present application, which are described in more detail and are not to be construed as limiting the scope of the invention. It should be noted that it would be apparent to those skilled in the art that various modifications and improvements could be made without departing from the spirit of the present application, which would be within the scope of the present application. Accordingly, the scope of protection of the present application is to be determined by the claims appended hereto.

Claims

1. A web page entitlement behavior control method, the method comprising:

detecting a permission behavior request triggered by a current H5 webpage, intercepting the permission behavior request to obtain current operating system information and current application program information, and searching a target permission control interface corresponding to the current operating system information based on a stored corresponding relation, wherein the corresponding relation refers to the corresponding relation between each operating system information and the permission control interface;

invoking the target authority control interface to determine a target authority type corresponding to the authority action request, and determining a target authority type matched with the target authority action type according to a pre-acquired corresponding relation between the authority action type and the authority type, wherein the target authority action type is a type corresponding to the authority required by executing the authority action request and is determined according to the authority action content obtained by analyzing the authority action request; the authority behavior content refers to webpage content corresponding to the authority behavior, and the authority behavior refers to behavior which is triggered by a webpage and needs the authority of an operating system; the permission behavior type refers to the type of webpage content corresponding to the triggering permission behavior;

2. The method of claim 1, wherein the current application corresponding to the current application information includes a service SDK docking layer and a service SDK, the service SDK includes an H5 web page rights behavior control SDK, and the H5 web page rights behavior control SDK is used for integrating into different service SDKs to perform rights behavior control in an H5 web page;

detecting a permission behavior request triggered by a current H5 webpage, intercepting the permission behavior request to acquire current operating system information and current application program information, and searching a target permission control interface corresponding to the current operating system information based on a stored corresponding relation, wherein the method comprises the following steps:

when loading the current H5 webpage, calling a service SDK through the service SDK docking layer to establish an H5 webpage running environment, and displaying the current H5 webpage in the H5 webpage running environment;

and detecting a permission behavior request triggered by the current H5 webpage through the H5 webpage permission behavior control SDK, intercepting the permission behavior request to acquire current operating system information and current application program information, and searching a target permission control interface corresponding to the current operating system information based on the stored corresponding relation.

3. The method according to claim 1, wherein, before the detecting the permission behavior request triggered by the current H5 web page, intercepting the permission behavior request to obtain current operating system information and current application program information, and searching for a target permission control interface corresponding to the current operating system information based on the saved correspondence, further comprises:

detecting a triggering authority control strategy information pulling event, and responding to the authority control strategy information pulling event to send an authority control strategy information pulling request to a server, wherein the authority control strategy information pulling request carries a user identifier;

acquiring byte stream data returned by the server, and analyzing the byte stream data to obtain authority control strategy information, wherein the authority control strategy information is searched by the server according to the user identification;

and acquiring a storage authority corresponding to the current application program, and storing the authority control strategy information according to a preset storage format based on the storage authority, wherein the authority control strategy information comprises an authority type, an authority control strategy and application program information.

4. A method according to claim 3, wherein detecting a trigger entitlement control policy information pull event comprises:

Monitoring a network state according to a preset first time interval, and triggering an authority control strategy information pulling event when the network state changes from a first network state to a second network state; or (b)

Monitoring a screen state according to a preset second time interval, and triggering a permission control strategy information pulling event when the screen state is changed from a first screen state to a second screen state; or (b)

When the authority control initialization interface is invoked for initialization, an authority control strategy information pulling event is triggered.

5. A method according to claim 3, wherein storing the rights control policy information in a preset storage format based on the storage rights comprises:

storing the authority control strategy information into a memory according to a basic data type storage format; or (b)

And converting the authority control strategy information into a binary byte stream, storing the binary byte stream into a private storage position of the current application program when the storage authority is unauthorized storage, and storing the binary byte stream into a storage space when the storage authority is authorized storage.

6. The method according to claim 1, wherein, before the detecting the permission behavior request triggered by the current H5 web page, intercepting the permission behavior request to obtain current operating system information and current application program information, and searching for a target permission control interface corresponding to the current operating system information based on the saved correspondence, further comprises:

And receiving byte stream data pushed by a server according to the user identification or the equipment information, analyzing the pushed byte stream data to obtain authority control strategy information, and storing the authority control strategy information.

7. The method according to claim 1, wherein the detecting the permission behavior request triggered by the current H5 web page, intercepting the permission behavior request to obtain current operating system information and current application program information, and searching the target permission control interface corresponding to the current operating system information based on the saved correspondence, includes:

detecting a permission behavior request triggered by a current H5 webpage, calling a security verification interface based on the permission behavior request, intercepting the permission behavior request to acquire current operating system information and current application program information when identity security verification is passed through the security verification interface, and searching a target permission control interface corresponding to the current operating system information based on a stored corresponding relation.

8. The method of claim 1, further comprising, after said looking up a target rights control policy corresponding to said target rights type based on said current application information:

And when the target authority control strategy is not found, acquiring a current operating system authority execution strategy, and controlling the authority behavior in the current H5 webpage according to the current operating system authority execution strategy.

9. The method of claim 1, wherein performing rights behavior control in the current H5 web page according to the target rights control policy comprises:

displaying a permission behavior processing application selection interface, detecting a selection event triggering a target permission behavior processing application through the permission behavior processing application selection interface, and displaying a permission behavior authorization page in response to the selection event;

and when an authorization instruction is received through the authority behavior authorization page, starting the target authority behavior processing application.

10. The method according to claim 1, wherein the searching for the target rights control policy corresponding to the target rights type based on the current application information includes:

acquiring encrypted authority control strategy information and a corresponding digital signature, carrying out integrity verification on the encrypted authority control strategy information based on the digital signature, and acquiring a decryption key when verification is passed;

Decrypting the encrypted authority control strategy information by using the decryption key to obtain the authority control strategy information, wherein the authority control strategy information comprises application program information, authority type and authority control strategy;

matching the current application program information in the authority control strategy information, and acquiring the authority type and the authority control strategy corresponding to the successfully matched application program information from the authority control strategy information when the matching is successful;

and matching a target authority type in the authority types corresponding to the successfully matched application program information, and taking the authority control strategy corresponding to the successfully matched authority type as a target authority control strategy when the matching is successful.

11. The method according to claim 1, wherein the method further comprises:

when the current H5 webpage is loaded, acquiring preset current H5 webpage authority information, and updating the authority corresponding to the current H5 webpage according to the preset current H5 webpage authority information to obtain a webpage target authority;

and when the permission behavior request triggered by the current H5 webpage is detected, performing permission behavior control in the current H5 webpage according to the page target permission.

12. A web page entitlement behavior control device, the device comprising:

the interface searching module is used for detecting a permission behavior request triggered by a current H5 webpage, intercepting the permission behavior request to acquire current operating system information and current application program information, and searching a target permission control interface corresponding to the current operating system information based on a stored corresponding relation;

the type determining module is used for calling the target authority control interface to determine a target authority behavior type corresponding to the authority behavior request, determining the target authority behavior type according to the corresponding relation between the pre-acquired authority behavior type and the authority type, wherein the target authority behavior type is used for determining the matched target authority behavior type, analyzing the authority behavior request, acquiring the authority behavior content in the authority behavior request, and determining according to the authority behavior content, wherein the target authority type is the type corresponding to the authority required by executing the authority behavior request; the authority behavior content refers to webpage content corresponding to the authority behavior, and the authority behavior refers to behavior which is triggered by a webpage and needs the authority of an operating system; the permission behavior type refers to the type of webpage content corresponding to the triggering permission behavior;

13. The apparatus of claim 12, wherein the current application corresponding to the current application information includes a service SDK docking layer and a service SDK, the service SDK includes an H5 web page permission behavior control SDK, and the H5 web page permission behavior control SDK is configured to integrate into a different service SDK to perform permission behavior control on an H5 web page;

an interface lookup module comprising:

14. The apparatus of claim 12, wherein the apparatus further comprises:

the storage module is used for acquiring the storage authority corresponding to the current application program, and storing the authority control strategy information according to a preset storage format based on the storage authority, wherein the authority control strategy information comprises an authority type, an authority control strategy and application program information.

15. The apparatus of claim 14, wherein the request sending module comprises:

the network monitoring module is used for monitoring the network state according to a preset first time interval, and triggering an authority control strategy information pulling event when the network state is changed from the first network state to the second network state; or (b)

16. The apparatus of claim 14, wherein the storage module is further configured to store the entitlement control policy information in a memory in a basic data type storage format; or converting the authority control strategy information into a binary byte stream, storing the binary byte stream into a private storage position of the current application program when the storage authority is unauthorized storage, and storing the binary byte stream into a storage space when the storage authority is authorized storage.

17. The apparatus of claim 12, wherein the apparatus further comprises:

the push information acquisition module is used for receiving byte stream data pushed by a server according to user identification or equipment information, analyzing the pushed byte stream data to obtain authority control strategy information, and storing the authority control strategy information.

18. The apparatus of claim 12, wherein the interface lookup module is further configured to detect a permission behavior request triggered by a current H5 web page, invoke a security verification interface based on the permission behavior request, intercept the permission behavior request to obtain current operating system information and current application information when identity security verification is passed through the security verification interface, and lookup a target permission control interface corresponding to the current operating system information based on a stored correspondence.

19. The apparatus of claim 12, wherein the apparatus further comprises:

and the system executing module is used for acquiring a current operating system authority executing strategy when the target authority control strategy is not found, and controlling the authority behavior in the current H5 webpage according to the current operating system authority executing strategy.

20. The apparatus of claim 12, wherein the rights control module is further configured to display a rights behavior processing application selection interface, detect a selection event triggering a target rights behavior processing application through the rights behavior processing application selection interface, and display a rights behavior authorization page in response to the selection event; and when an authorization instruction is received through the authority behavior authorization page, starting the target authority behavior processing application.

21. The apparatus of claim 12, wherein the interface lookup module is further configured to obtain encrypted entitlement control policy information and a corresponding digital signature, perform integrity verification of the encrypted entitlement control policy information based on the digital signature, and obtain a decryption key when the verification passes; decrypting the encrypted authority control strategy information by using the decryption key to obtain the authority control strategy information, wherein the authority control strategy information comprises application program information, authority type and authority control strategy; matching the current application program information in the authority control strategy information, and acquiring the authority type and the authority control strategy corresponding to the successfully matched application program information from the authority control strategy information when the matching is successful; and matching a target authority type in the authority types corresponding to the successfully matched application program information, and taking the authority control strategy corresponding to the successfully matched authority type as a target authority control strategy when the matching is successful.

22. The apparatus of claim 12, wherein the apparatus further comprises:

the permission updating module is used for acquiring preset current H5 webpage permission information when the current H5 webpage is loaded, and updating permissions corresponding to the current H5 webpage according to the preset current H5 webpage permission information to acquire page target permissions;

And the target authority control module is used for controlling the authority behavior in the current H5 webpage according to the page target authority when the authority behavior request triggered by the current H5 webpage is detected.

23. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any one of claims 1 to 11 when the computer program is executed.

24. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the steps of the method of any one of claims 1 to 11.