CN114697100A

CN114697100A - An authentication method, system, terminal and storage medium for separate setting of front and back ends

Info

Publication number: CN114697100A
Application number: CN202210295727.1A
Authority: CN
Inventors: 刘正强
Original assignee: Beijing Lailai Technology Co ltd
Current assignee: Beijing Lailai Technology Co ltd
Priority date: 2022-03-24
Filing date: 2022-03-24
Publication date: 2022-07-01

Abstract

The invention discloses an authentication method, system, terminal and storage medium for separating front-end and back-end. The target resource authority corresponding to the user ID renders a first-level system page, and the first-level system page includes access links of multiple systems; receives a system access command, and obtains the user ID according to the system access command and the target resource authority The corresponding second-level module resource permissions, third-level page resource permissions, and fourth-level interface resource permissions are used to render corresponding pages. The present invention establishes a complete set of authentication mechanism, and the rules are clearly defined, which can ensure the safe and stable operation of the system.

Description

An authentication method, system, terminal and storage medium for separating front-end and back-end settings

技术领域technical field

本发明涉及前后端分离设置鉴权技术领域，特别涉及一种前后端分离设置鉴权方法、系统、终端及存储介质。The invention relates to the technical field of front-end and back-end separation setting authentication, in particular to a front-end and back-end separation setting authentication method, system, terminal and storage medium.

背景技术Background technique

随着移动设备普及，传统意义上的PC模式难以支撑移动互联网化的发展，越来越多的企业采用前端和后端分离，由后端提供数据接口，其他端通过用户信息来调用。With the popularization of mobile devices, the PC model in the traditional sense cannot support the development of mobile Internet. More and more enterprises adopt the separation of front-end and back-end, the back-end provides data interfaces, and the other ends are called through user information.

但是在现有技术中，权限固定在前端路由文件里，规则定义不够清晰，不能保障前端页面权限控制安全稳定地运行。However, in the prior art, the authority is fixed in the front-end routing file, and the rule definition is not clear enough, which cannot guarantee the safe and stable operation of the authority control of the front-end page.

因此，现有技术还有待改进和提高。Therefore, the existing technology still needs to be improved and improved.

发明内容SUMMARY OF THE INVENTION

针对现有技术的上述缺陷，本发明提供一种前后端分离设置鉴权方法、系统、终端及存储介质，旨在解决现有技术中权限规则定义不清晰，不能保证前端页面权限控制安全稳定运行的问题。Aiming at the above-mentioned defects of the prior art, the present invention provides an authentication method, system, terminal and storage medium for separating the front and back ends, aiming to solve the problem that the definition of authority rules in the prior art is not clear, and the front-end page authority control cannot be guaranteed to operate safely and stably The problem.

为了解决上述技术问题，本发明所采用的技术方案如下：In order to solve the above-mentioned technical problems, the technical scheme adopted in the present invention is as follows:

本发明的第一方面，提供一种前后端分离设置鉴权方法，所述方法包括：A first aspect of the present invention provides a front-end and back-end separation setting authentication method, the method comprising:

获取用户ID，根据所述用户ID从后端获取所述用户ID对应的目标资源权限；Obtain the user ID, and obtain the target resource authority corresponding to the user ID from the back end according to the user ID;

根据所述用户ID对应的目标资源权限渲染一级系统页面，所述一级系统页面中包括多个系统的访问链接；Rendering a first-level system page according to the target resource authority corresponding to the user ID, where the first-level system page includes access links of multiple systems;

接收系统访问命令，根据所述系统访问命令和所述目标资源权限获取所述用户ID对应的二级模块资源权限、三级页面资源权限和四级接口资源权限以渲染相应页面。A system access command is received, and according to the system access command and the target resource authority, the second-level module resource authority, the third-level page resource authority, and the fourth-level interface resource authority corresponding to the user ID are obtained to render the corresponding page.

所述的前后端分离设置鉴权方法，其中，所述根据所述用户ID从后端获取所述用户ID对应的目标资源权限，包括：The front-end and back-end separation setting authentication method, wherein the obtaining the target resource authority corresponding to the user ID from the back-end according to the user ID includes:

根据所述用户ID确定用户角色，根据所述用户角色确定所述目标资源权限。A user role is determined according to the user ID, and the target resource authority is determined according to the user role.

所述的前后端分类设置鉴权方法，其中，所述用户ID对应的目标资源权限的资源是预先在所述后端创建的，所述目标资源权限中的非一级资源对应有父级资源。The front-end and back-end classification setting authentication method, wherein the resource of the target resource authority corresponding to the user ID is created in the back-end in advance, and the non-first-level resource in the target resource authority corresponds to a parent resource .

所述的前后端分离设置鉴权方法，其中，所述根据所述系统访问命令和所述目标资源权限获取二级模块资源权限、三级页面资源权限和四级接口资源权限以渲染相应页面，包括：The front-end and back-end separation setting authentication method, wherein, according to the system access command and the target resource authority, obtaining the second-level module resource authority, the third-level page resource authority and the fourth-level interface resource authority to render the corresponding page, include:

根据所述系统访问命令对应的系统ID和token进入sso页面；Enter the sso page according to the system ID and token corresponding to the system access command;

通过所述sso页面进行路由匹配，获取所述用户ID在所述系统ID对应的系统内的二级模块资源权限和所述三级页面资源权限的关联路由数据；Route matching is performed through the sso page, and the associated routing data of the secondary module resource authority and the tertiary page resource authority of the user ID in the system corresponding to the system ID is obtained;

根据所述关联路由数据和所述用户ID在所述系统ID对应的系统内的四级接口资源权限渲染页面。The page is rendered according to the associated routing data and the user ID's level-4 interface resource authority in the system corresponding to the system ID.

所述的前后端分离设置鉴权方法，其中，所述根据所述关联路由数据和所述用户ID在所述系统ID对应的系统内的四级接口资源权限渲染页面，包括：The front-end and back-end separation setting authentication method, wherein the rendering a page according to the associated routing data and the user ID in the system corresponding to the system ID level-4 interface resource authority, includes:

根据所述关联路由数据生成系统页面菜单；Generate a system page menu according to the associated routing data;

根据所述目标资源权限中的四级接口资源权限确定所述系统页面菜单中的按钮的显示方式。The display mode of the buttons in the system page menu is determined according to the four-level interface resource authority in the target resource authority.

所述的前后端分离设置鉴权方法，其中，所述通过所述sso页面进行路由匹配，获取所述二级模块资源和所述三级页面资源的关联路由数据，包括：The authentication method for separate setting of front and back ends, wherein the performing route matching through the sso page to obtain the associated routing data of the secondary module resource and the tertiary page resource, comprising:

通过所述sso页面将前端路由对象和预先缓存在所述sso页面中的所述系统ID对应的所有所述二级模块资源和所述三级页面资源进行方法匹配，得到过滤路由数据；Through the sso page, the front-end routing object is matched with all the second-level module resources and the third-level page resources corresponding to the system ID pre-cached in the sso page to obtain filtering routing data;

将所述过滤路由数据添加至前端路由，得到所述关联路由数据。The filtering routing data is added to the front-end routing to obtain the associated routing data.

所述的前后端分离设置鉴权方法，其中，所述根据所述目标资源权限中的四级接口资源权限确定所述页面中的按钮的显示方式，包括：The authentication method for separate setting of front-end and back-end, wherein the determining the display mode of the buttons in the page according to the four-level interface resource authority in the target resource authority includes:

通过所述sso页面将所述用户ID对应的所有四级接口资源权限与所述系统ID对应的系统中的所有四级接口资源进行API地址和请求方式匹配以判断所述页面中的按钮是否有操作权限；Through the sso page, match all the level-4 interface resource permissions corresponding to the user ID with all level-4 interface resources in the system corresponding to the system ID by matching API addresses and request methods to determine whether the buttons on the page have operating authority;

当按钮有操作权限时，确定按钮的显示方式为高亮显示，当按钮无操作权限时，确定按钮的显示方式为隐藏或置灰显示。When the button has operation authority, the display mode of the OK button is highlighted, and when the button has no operation authority, the display mode of the OK button is hidden or grayed out.

本发明的第二方面，提供一种前后端分离设置鉴权系统，包括：A second aspect of the present invention provides a front-end and back-end separation setting authentication system, comprising:

权限确定模块，所述权限确定模块用于获取用户ID，根据所述用户ID从后端获取所述用户ID对应的目标资源权限；a permission determination module, which is used to obtain a user ID, and obtain a target resource permission corresponding to the user ID from the back end according to the user ID;

一级系统渲染模块，所述一级系统渲染模块用于根据所述用户ID对应的目标资源权限渲染一级系统页面，所述一级系统页面中包括多个系统的访问链接；A first-level system rendering module, the first-level system rendering module is used to render a first-level system page according to the target resource authority corresponding to the user ID, and the first-level system page includes access links of multiple systems;

页面渲染模块，所述页面渲染模块用于接收系统访问命令，根据所述系统访问命令和所述目标资源权限获取所述用户ID对应的二级模块资源权限、三级页面资源权限和四级接口资源权限以渲染相应页面。A page rendering module, the page rendering module is configured to receive a system access command, and obtain the second-level module resource authority, third-level page resource authority, and fourth-level interface corresponding to the user ID according to the system access command and the target resource authority Resource permissions to render the corresponding page.

本发明的第三方面，提供一种终端，所述终端包括处理器、与处理器通信连接的计算机可读存储介质，所述计算机可读存储介质适于存储多条指令，所述处理器适于调用所述计算机可读存储介质中的指令，以执行实现上述任一项所述的前后端分离设置鉴权方法的步骤。A third aspect of the present invention provides a terminal, the terminal includes a processor and a computer-readable storage medium communicatively connected to the processor, the computer-readable storage medium is suitable for storing a plurality of instructions, the processor is suitable for invoking the instructions in the computer-readable storage medium to execute the steps of implementing the authentication method for separate front-end and back-end settings described in any one of the above.

本发明的第四方面，提供一种计算机可读存储介质，所述计算机可读存储介质存储有一个或者多个程序，所述一个或者多个程序可被一个或者多个处理器执行，以实现上述任一项所述的前后端分离设置鉴权方法的步骤。A fourth aspect of the present invention provides a computer-readable storage medium, where the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to achieve The steps of setting the authentication method separately for the front and back ends as described in any of the above.

与现有技术相比，本发明提供了一种前后端分离设置鉴权方法、系统、终端及存储介质，本发明提供的前后端分离设置鉴权方法中，基于后台配置资源权限，建立一级系统资源、二级模块资源、三级页面资源和四级接口资源，根据用户的流程先获取一级系统页面，再逐级获取系统内的页面权限，建立了一套完整的鉴权机制，规则定义清晰，保障系统安全稳定运行。Compared with the prior art, the present invention provides a front-end and back-end separation setting authentication method, system, terminal and storage medium. System resources, second-level module resources, third-level page resources and fourth-level interface resources, according to the user's process, first obtain the first-level system page, and then obtain the page permissions in the system level by level, and establish a complete set of authentication mechanism, rules The definition is clear to ensure the safe and stable operation of the system.

附图说明Description of drawings

图1为本发明提供的前后端分离设置鉴权方法的实施例的流程图；1 is a flowchart of an embodiment of an authentication method provided by the present invention in which the front and back ends are separated and set;

图2为本发明提供的前后端分离设置鉴权方法的实施例中创建资源的过程图；2 is a process diagram of creating a resource in an embodiment of the authentication method provided by the present invention;

图3为本发明提供的前后端分离设置鉴权方法的实施例中各级资源的示意图；3 is a schematic diagram of resources at all levels in the embodiment of the authentication method provided by the present invention for separating the front and back ends;

图4为本发明提供的前后端分离设置鉴权方法的实施例中资源数据保存的处理流程图；Fig. 4 is the processing flow chart of resource data preservation in the embodiment of the authentication method provided by the present invention;

图5为本发明提供的前后端分离设置鉴权方法的实施例中角色-资源权限操作流程图；5 is a flow chart of the role-resource authority operation in the embodiment of the authentication method provided by the present invention by separating the front and back ends;

图6为本发明提供的前后端分离设置鉴权方法的实施例中前端系统和路由鉴权的处理流程图；Fig. 6 is the processing flow chart of front-end system and route authentication in the embodiment of front-end and back-end separation setting authentication method provided by the present invention;

图7为本发明提供的前后端分离设置鉴权方法的实施例中一级系统资源页面效果图；7 is an effect diagram of a first-level system resource page in an embodiment of the authentication method provided by the present invention;

图8为本发明提供的前后端分离设置鉴权方法的实施例中菜单资源权限的处理流程图；Fig. 8 is the processing flow chart of the menu resource authority in the embodiment of the authentication method provided by the present invention;

图9为本发明提供的前后端分离设置鉴权方法的实施例中路由鉴权的过程示意图；9 is a schematic diagram of a process of route authentication in an embodiment of the authentication method provided by the present invention;

图10为本发明提供的前后端分离设置鉴权方法的实施例中路由匹配的过程示意图；10 is a schematic diagram of the process of route matching in the embodiment of the authentication method provided by the present invention;

图11本发明提供的前后端分离设置鉴权方法的实施例中页面菜单效果图；Figure 11 is an effect diagram of a page menu in an embodiment of the authentication method provided by the present invention;

图12为本发明提供的前后端分离设置鉴权方法的实施例中接口鉴权过程示意图；12 is a schematic diagram of the interface authentication process in the embodiment of the authentication method provided by the present invention;

图13为本发明提供的前后端分离设置鉴权方法的实施例中按钮显示效果示意图；13 is a schematic diagram of a button display effect in an embodiment of the authentication method provided by the present invention;

图14为本发明提供的前后端分离设置鉴权系统的实施例的结构原理图；14 is a schematic structural diagram of an embodiment of an authentication system provided by the present invention in which the front and back ends are separated;

图15为本发明提供的终端的实施例的原理示意图。FIG. 15 is a schematic diagram of the principle of an embodiment of a terminal provided by the present invention.

具体实施方式Detailed ways

为使本发明的目的、技术方案及效果更加清楚、明确，以下参照附图并举实施例对本发明进一步详细说明。应当理解，此处所描述的具体实施例仅用以解释本发明，并不用于限定本发明。In order to make the objectives, technical solutions and effects of the present invention clearer and clearer, the present invention will be further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

本发明提供的前后端分离设置鉴权方法，可以是由终端来执行。所述终端包括但不限于是各种计算机、服务器、手机、平板电脑、可穿戴式设备等。The front-end and back-end separation setting authentication method provided by the present invention may be performed by a terminal. The terminals include, but are not limited to, various computers, servers, mobile phones, tablet computers, wearable devices, and the like.

实施例一Example 1

如图1所示，所述前后端分离设置鉴权方法的一个实施例中，包括步骤：As shown in FIG. 1, an embodiment of the authentication method for separating front-end and back-end settings includes the steps:

S100、获取用户ID，根据所述用户ID从后端获取所述用户ID对应的目标资源权限。S100. Obtain a user ID, and obtain a target resource authority corresponding to the user ID from the back end according to the user ID.

在本实施例中，预先在后端创建资源，并将资源分配给不同的用户ID，生成各个用户ID对应的目标资源权限，为了提升资源分配的效率，可以基于角色来分配资源，即，所述根据所述用户ID从后端获取所述用户ID对应的目标资源权限，包括：In this embodiment, resources are created at the back end in advance, and resources are allocated to different user IDs to generate target resource permissions corresponding to each user ID. In order to improve the efficiency of resource allocation, resources can be allocated based on roles, that is, all Described obtaining the target resource authority corresponding to the user ID from the back end according to the user ID, including:

所述用户ID对应的目标资源权限的资源是预先在所述后端创建的，所述目标资源权限中的非一级资源对应有父级资源。具体地，如图2、图3和图4所示，资源分为一级系统资源、二级模块资源、三级页面资源和四级接口资源，其中，二级模块资源和三级页面资源可以统称为菜单资源或路由资源，接口资源属于菜单资源的子类，菜单资源属于系统资源的子类。The resource of the target resource permission corresponding to the user ID is created in the backend in advance, and the non-primary resource in the target resource permission corresponds to a parent resource. Specifically, as shown in FIG. 2, FIG. 3 and FIG. 4, resources are divided into first-level system resources, second-level module resources, third-level page resources and fourth-level interface resources, wherein the second-level module resources and third-level page resources can be They are collectively referred to as menu resources or routing resources, interface resources are subclasses of menu resources, and menu resources are subclasses of system resources.

在新增系统指出在资源管理一级菜单里新增系统的系统资源，包括系统的url和系统名称。一级系统资源是在应用入口显示的用户可访问的所有系统，一级系统资源表可以如表1所示：In the new system, point out the system resources of the new system in the first-level menu of resource management, including the url and system name of the system. The first-level system resources are all the systems accessible to the user displayed in the application portal. The first-level system resource table can be shown in Table 1:

系统名称system name 请求方式request method URL地址URL address 操作operate xx内容中心xx content center getget http://wwww.xxx.com/path1http://www.xxx.com/path1 xxxx xx结算中心xx settlement center getget http://wwww.xxx.com/path2http://www.xxx.com/path2 xxxx xx客服中心xx customer service center getget http://wwww.xxx.com/path3http://www.xxx.com/path3 xxxx xx运维中心xx operation and maintenance center getget http://wwww.xxx.com/path4http://www.xxx.com/path4 xxxx

表1Table 1

二级模块资源主要关联系统的父级菜单地址，需要填写所属系统、url、模块名，其中所属系统即为一级系统资源。二级模块资源表可以如表2所示：The secondary module resource is mainly associated with the parent menu address of the system. You need to fill in the system, url, and module name to which it belongs. The system to which it belongs is the primary system resource. The secondary module resource table can be shown in Table 2:

模块名称module name 所属系统owning system 请求方式request method URL地址URL address 操作operate Xx管理XxManagement xx内容中心xx content center getget /path5/path5 xxxx Xx审核Xx review xx结算中心xx settlement center getget /path6/path6 xxxx Xx记录Xx record xx客服中心xx customer service center getget /path7/path7 xxxx Xx模块Xx module xx运维中心xx operation and maintenance center getget /path8/path8 xxxx

表2Table 2

三级页面资源，属于二级模块资源里面的子类页面地址，需要填写所属的二级模块、名称和url，三级页面资源表可以如表3所示：The third-level page resource belongs to the subclass page address in the second-level module resource. You need to fill in the second-level module, name and url to which it belongs. The third-level page resource table can be shown in Table 3:

页面名称page name 所属系统owning system 所属模块owning module 请求方式request method URL地址URL address 操作operate Xx列表Xx list xx内容中心xx content center xx管理xx management getget /path9/path9 xxxx Xx详情XxDetails xx内容中心xx content center xx管理xx management getget /path10/path10 xxxx Xx录入Xx entry xx内容中心xx content center xx管理xx management getget /path11/path11 xxxx Xx查询Xx query xx运维中心xx operation and maintenance center xx管理xx management getget /path12/path12 xxxx

表3table 3

四级接口资源，也可以称为功能资源，在选择三级页面资源后，可进入其对应四级功能资源列表页，然后新增三级页面资源下的所有功能接口数据，需要天线所属页面、功能名称和url。四级接口资源表可以如表4所示：Level-4 interface resources can also be called functional resources. After selecting a level-3 page resource, you can enter its corresponding level-4 function resource list page, and then add all functional interface data under level-3 page resources. You need the page to which the antenna belongs, Feature name and url. The four-level interface resource table can be shown in Table 4:

页面名称page name 所属系统owning system 所属模块owning module 请求方式request method URL地址URL address 操作operate xx列表xx list xx内容中心xx content center xx管理xx management postpost /path13/path13 xxxx xx详情xx details xx内容中心xx content center xx管理xx management getget /path14/path14 xxxx xx录入xx input xx内容中心xx content center xx管理xx management putput /path15/path15 xxxx xx查询xx query xx运维中心xx operation and maintenance center xx管理xx management deletedelete /path16/path16 xxxx

表4Table 4

在创建资源时，如果选择资源级别，如果是非一级资源，则需要选择对应的父级资源，如果是一级资源，则可以直接存储。When creating a resource, if you select the resource level, if it is a non-first-level resource, you need to select the corresponding parent resource, and if it is a first-level resource, you can directly store it.

如图5所示，创建用户和角色，角色列表添加角色，需要填写角色名称、父级橘色，是否突破父级选项，其中父级角色初始化是超级管理员。将角色和对应的资源进行关联，在角色列表设置资源权限，勾选创建资源阶段创建号的资源并进行保存。对于已创建的用户，将用户和角色进行关联，这样就实现了对于每个用户都对应配置了资源权限。As shown in Figure 5, to create a user and role, add a role to the role list, you need to fill in the role name, parent orange, and whether to break through the parent option, where the parent role is initialized as a super administrator. Associate the role with the corresponding resource, set the resource permission in the role list, select the resource with the number created in the resource creation stage and save it. For created users, associate users with roles, so that resource permissions are configured for each user.

S200、根据所述用户ID对应的目标资源权限渲染一级系统页面，所述一级系统页面中包括多个系统的访问链接。S200. Render a first-level system page according to the target resource authority corresponding to the user ID, where the first-level system page includes access links of multiple systems.

在本实施例中，对于多个系统，采用同一应用来控制，如图6所示，用户通过用户ID登录应用后，首先根据所述用户ID获取一级系统资源权限，然后渲染出一级系统页面，效果图如图7所示。In this embodiment, multiple systems are controlled by the same application. As shown in FIG. 6 , after the user logs in to the application through the user ID, he first obtains the first-level system resource authority according to the user ID, and then renders the first-level system. page, the rendering is shown in Figure 7.

S300、接收系统访问命令，根据所述系统访问命令和所述目标资源权限获取所述用户ID对应的二级模块资源权限、三级页面资源权限和四级接口资源权限以渲染相应页面。S300. Receive a system access command, and obtain the second-level module resource authority, third-level page resource authority, and fourth-level interface resource authority corresponding to the user ID according to the system access command and the target resource authority to render the corresponding page.

所述根据所述系统访问命令和所述目标资源权限获取二级模块资源权限、三级页面资源权限和四级接口资源权限以渲染相应页面，包括：The obtaining the second-level module resource authority, the third-level page resource authority and the fourth-level interface resource authority according to the system access command and the target resource authority to render the corresponding page, including:

通过所述子系统sso页面进行路由匹配，获取所述用户ID在所述系统ID对应的系统内的二级模块资源权限和所述三级页面资源权限的关联路由数据；Route matching is performed through the subsystem sso page, and the associated routing data of the secondary module resource authority and the tertiary page resource authority of the user ID in the system corresponding to the system ID is obtained;

当用户点击某个系统链接时，发出所述系统访问命令，携带该系统的系统ID以及用户对应的token进入到系统sso页面，通过sso页面对当前访问用户的系统权限进行二、三级资源与异步路由匹配出关联路由数据，再通过addRoutes方法生成系统菜单。When the user clicks on a system link, the system access command is issued, and the system ID of the system and the token corresponding to the user are entered into the system sso page. The asynchronous routing matches the associated routing data, and then generates the system menu through the addRoutes method.

如图8所示，在接收到所述系统访问命令后，需要匹配新增路由以实现页面菜单的渲染，具体地，如图9所示，在所述sso页面存在有当前系统的所有二、三、四级资源，具体存储在vuex，并且保持资源数据持久化，适当根据角色资源数据对浏览器做缓存，可以根据资源的访问数量和频率对sso页面中缓存的资源数据进行清除和更新，提升访问速度。定义前端权限控制文件和方法，方法包括过滤路由方法、缓存权限方法和动态添加路由方法。将所述用户ID对应的路由资源权限与所述系统ID对应的系统中的所有二、三级资源进行匹配，实现路由过滤。如图10所示，在匹配成功后，根据匹配成功的路由资源权限获取所述关联路由数据，将所述关联路由数据增加到前端路由中，以实现系统页面菜单的渲染，如图11所示。As shown in FIG. 8 , after receiving the system access command, it is necessary to match the new route to realize the rendering of the page menu. Specifically, as shown in FIG. 9 , there are all two, The third and fourth level resources are stored in vuex, and the resource data is kept persistent. The browser is appropriately cached according to the role resource data. The resource data cached in the sso page can be cleared and updated according to the number and frequency of resource visits. Improve access speed. Define front-end permission control files and methods, including filtering routing methods, caching permission methods, and dynamically adding routing methods. The routing resource authority corresponding to the user ID is matched with all secondary and tertiary resources in the system corresponding to the system ID to implement route filtering. As shown in Figure 10, after the matching is successful, the associated routing data is obtained according to the successfully matched routing resource authority, and the associated routing data is added to the front-end routing to realize the rendering of the system page menu, as shown in Figure 11 .

路由鉴权的代码如下：The code for route authentication is as follows:

所述根据所述关联路由数据和所述用户ID在所述系统ID对应的系统内的四级接口资源权限渲染页面，包括：The described rendering page according to the associated routing data and the user ID in the system corresponding to the system ID's four-level interface resource authority, including:

根据所述目标资源权限中的四级接口资源权限确定所述页面中的按钮的显示方式。The display mode of the buttons in the page is determined according to the four-level interface resource authority in the target resource authority.

所述根据所述目标资源权限中的四级接口资源权限确定所述页面中的按钮的显示方式，包括：The determining the display mode of the buttons in the page according to the four-level interface resource authority in the target resource authority includes:

涉及到页面菜单中按钮操作的权限控制采用约定式方案实现，即前端在页面代码层预定好每个按钮操作对应的四级资源，以及四级资源的api接口地址和请求方式，通过指令方式与当前系统的所有四级接口资源去匹配从而判断按钮是否有操作权限，进而确定按钮的显示方式。The permission control involving button operations in the page menu is implemented by a conventional scheme, that is, the front-end pre-books the four-level resource corresponding to each button operation in the page code layer, as well as the api interface address and request method of the four-level resource. All four-level interface resources of the current system are matched to determine whether the button has operation authority, and then determine the display mode of the button.

具体地，如图12所示，在前端端口文件中定义对应的接口地址和请求方式，同组件引入方式将接口定义的数据参数与指令进行绑定。例如在sso页面中缓存四级接口资源时设置其格式为[‘get’,‘url’]，其中‘get’示例为请求方式,‘url’示例为接口地址，存储请求方式，将请求方式和接口地址同时作为匹配条件，可以避免不同的操作类型有相同的url，单纯地根据url无法区分对应操作的情况。按钮通过指令的方式关联到所述用户ID的所有四级资源权限进行匹配，过滤出所述用户ID在当前系统(所述系统ID对应的系统)内的四级资源权限，从而判断出菜单中的每个按钮是否有操作权限，根据是否有操作权限进行按钮的高亮或置灰隐藏设置，效果图如图13所示。Specifically, as shown in FIG. 12 , the corresponding interface address and request method are defined in the front-end port file, and the data parameters defined by the interface are bound to the instruction in the same component introduction method. For example, when caching a level-4 interface resource in an sso page, set its format to ['get','url'], where the 'get' example is the request method, and the 'url' example is the interface address, which stores the request method, and combines the request method with the The interface address is also used as a matching condition, which can avoid the situation that different operation types have the same url, and the corresponding operation cannot be distinguished simply based on the url. The button is associated with all the four-level resource rights of the user ID by means of instructions to match, and filter out the four-level resource rights of the user ID in the current system (the system corresponding to the system ID), so as to determine the menu. Whether each button of the button has operation authority, according to whether there is operation authority, the button is highlighted or grayed out and hidden. The effect diagram is shown in Figure 13.

按钮操作权限鉴权的代码如下：The code for button operation permission authentication is as follows:

其中$_has方法封装如下：The $_has method is encapsulated as follows:

按钮引用如下：The button reference is as follows:

<el-button v-has＝"titleParams.permission.add"></el-button><el-button v-has="titleParams.permission.add"></el-button>

综上所述，本实施例提供一种前后端分离设置鉴权方法，通过目标链接来确定对应的目标数据提供方和目标数据规范，根据目标数据规范从目标数据提供方处采集目标数据，根据合作协议的不同，需要从多个数据提供方处采集数据或增加数据提供方时，只需要增加链接映射至不同的数据提供方和数据规范即可，不需要新建新的前后端分离设置鉴权接口，减少了重复工作。To sum up, this embodiment provides an authentication method for separating front-end and back-end settings. The corresponding target data provider and target data specification are determined through target links, and target data is collected from the target data provider according to the target data specification. Depending on the cooperation agreement, when you need to collect data from multiple data providers or add data providers, you only need to add links and map them to different data providers and data specifications. There is no need to create new front-end and back-end separation settings for authentication. interface, reducing duplication of work.

应该理解的是，虽然本发明说明书附图中给出的的流程图中的各个步骤按照箭头的指示依次显示，但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明，这些步骤的执行并没有严格的顺序限制，这些步骤可以以其它的顺序执行。而且，流程图中的至少一部分步骤可以包括多个子步骤或者多个阶段，这些子步骤或者阶段并不必然是在同一时刻执行完成，而是可以在不同的时刻执行，这些子步骤或者阶段的执行顺序也不必然是依次进行，而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the various steps in the flowcharts given in the accompanying drawings of the present invention are shown in sequence according to the arrows, these steps are not necessarily executed in sequence according to the sequence shown by the arrows. Unless explicitly stated herein, the execution of these steps is not strictly limited to the order, and these steps may be performed in other orders. Moreover, at least a part of the steps in the flowchart may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily executed at the same time, but may be executed at different times. The execution of these sub-steps or stages The sequence is also not necessarily sequential, but may be performed alternately or alternately with other steps or sub-steps of other steps or at least a portion of a phase.

本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程，是可以通过计算机程序来指令相关的硬件来完成，所述的计算机程序可存储于一非易失性计算机可读取计算机可读存储介质中，该计算机程序在执行时，可包括如上述各方法的实施例的流程。其中，本发明所提供的各实施例中所使用的对存储器、存储、数据库或其它介质的任何引用，均可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM)或者外部高速缓冲存储器。作为说明而非局限，RAM以多种形式可得，诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDRSDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)等。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing relevant hardware through a computer program, and the computer program can be stored in a non-volatile computer-readable computer. In the readable storage medium, when executed, the computer program may include the processes of the above-mentioned method embodiments. Wherein, any reference to memory, storage, database or other medium used in the various embodiments provided by the present invention may include non-volatile and/or volatile memory. Nonvolatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory may include random access memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in various forms such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Road (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.

实施例二Embodiment 2

基于上述实施例，本发明还相应提供了一种前后端分离设置鉴权系统，如图14所示，所述前后端分离设置鉴权系统包括：Based on the above embodiment, the present invention also provides a front-end and back-end separation setting authentication system. As shown in FIG. 14 , the front-end and back-end separation setting authentication system includes:

权限确定模块，所述权限确定模块用于获取用户ID，根据所述用户ID从后端获取所述用户ID对应的目标资源权限，具体如实施例一中所述；a permission determination module, the permission determination module is configured to obtain a user ID, and obtain the target resource permission corresponding to the user ID from the back end according to the user ID, specifically as described in Embodiment 1;

一级系统渲染模块，所述一级系统渲染模块用于根据所述用户ID对应的目标资源权限渲染一级系统页面，所述一级系统页面中包括多个系统的访问链接，具体如实施例一中所述；A first-level system rendering module, the first-level system rendering module is used to render a first-level system page according to the target resource authority corresponding to the user ID, and the first-level system page includes access links of multiple systems, as in the embodiment. as stated in one;

页面渲染模块，所述页面渲染模块用于接收系统访问命令，根据所述系统访问命令和所述目标资源权限获取所述用户ID对应的二级模块资源权限、三级页面资源权限和四级接口资源权限以渲染相应页面，具体如实施例一中所述。A page rendering module, the page rendering module is configured to receive a system access command, and obtain the second-level module resource authority, third-level page resource authority, and fourth-level interface corresponding to the user ID according to the system access command and the target resource authority resource permissions to render the corresponding page, as described in the first embodiment.

实施例三Embodiment 3

基于上述实施例，本发明还相应提供了一种终端，如图15所示，所述终端包括处理器10以及存储器20。图15仅示出了终端的部分组件，但是应理解的是，并不要求实施所有示出的组件，可以替代的实施更多或者更少的组件。Based on the above embodiment, the present invention also provides a terminal correspondingly, as shown in FIG. 15 , the terminal includes a processor 10 and a memory 20 . FIG. 15 only shows some components of the terminal, but it should be understood that it is not required to implement all the shown components, and more or less components may be implemented instead.

所述存储器20在一些实施例中可以是所述终端的内部存储单元，例如终端的硬盘或内存。所述存储器20在另一些实施例中也可以是所述终端的外部存储设备，例如所述终端上配备的插接式硬盘，智能存储卡(Smart Media Card,SMC)，安全数字(SecureDigital,SD)卡，闪存卡(Flash Card)等。进一步地，所述存储器20还可以既包括所述终端的内部存储单元也包括外部存储设备。所述存储器20用于存储安装于所述终端的应用软件及各类数据。所述存储器20还可以用于暂时地存储已经输出或者将要输出的数据。在一实施例中，存储器20上存储有前后端分离设置鉴权程序30，该前后端分离设置鉴权程序30可被处理器10所执行，从而实现本申请中前后端分离设置鉴权方法。In some embodiments, the memory 20 may be an internal storage unit of the terminal, such as a hard disk or a memory of the terminal. In other embodiments, the memory 20 may also be an external storage device of the terminal, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD card) equipped on the terminal. ) card, flash card (Flash Card) and so on. Further, the memory 20 may also include both an internal storage unit of the terminal and an external storage device. The memory 20 is used for storing application software and various types of data installed in the terminal. The memory 20 can also be used to temporarily store data that has been output or is to be output. In one embodiment, the memory 20 stores a front-end and back-end separation setting authentication program 30, and the front-end and back-end separation setting authentication program 30 can be executed by the processor 10, thereby realizing the front-end and back-end separation setting authentication method in this application.

所述处理器10在一些实施例中可以是一中央处理器(Central Processing Unit,CPU)，微处理器或其他芯片，用于运行所述存储器20中存储的程序代码或处理数据，例如执行所述前后端分离设置鉴权方法等。In some embodiments, the processor 10 may be a central processing unit (Central Processing Unit, CPU), a microprocessor or other chips, for running the program codes or processing data stored in the memory 20, such as executing all The front-end and back-end are separated to set the authentication method, etc.

在一实施例中，当处理器10执行所述存储器20中前后端分离设置鉴权程序30时实现以下步骤：In one embodiment, when the processor 10 executes the front-end and back-end separation setting authentication program 30 in the memory 20, the following steps are implemented:

其中，所述根据所述用户ID从后端获取所述用户ID对应的目标资源权限，包括：Wherein, obtaining the target resource authority corresponding to the user ID from the back end according to the user ID includes:

其中，所述用户ID对应的目标资源权限的资源是预先在所述后端创建的，所述目标资源权限中的非一级资源对应有父级资源。The resource of the target resource authority corresponding to the user ID is created in the back end in advance, and the non-primary resource in the target resource authority corresponds to a parent resource.

其中，所述根据所述系统访问命令和所述目标资源权限获取二级模块资源权限、三级页面资源权限和四级接口资源权限以渲染相应页面，包括：Wherein, obtaining the second-level module resource authority, the third-level page resource authority and the fourth-level interface resource authority according to the system access command and the target resource authority to render the corresponding page, including:

其中，所述根据所述关联路由数据和所述用户ID在所述系统ID对应的系统内的四级接口资源权限渲染页面，包括：Wherein, the rendering of the page according to the associated routing data and the user ID in the system corresponding to the system ID's four-level interface resource authority includes:

其中，所述通过所述sso页面进行路由匹配，获取所述二级模块资源和所述三级页面资源的关联路由数据，包括：Wherein, performing route matching through the sso page to obtain the associated routing data of the secondary module resource and the tertiary page resource, including:

其中，所述根据所述目标资源权限中的四级接口资源权限确定所述页面中的按钮的显示方式，包括：Wherein, determining the display mode of the buttons in the page according to the four-level interface resource authority in the target resource authority includes:

实施例四Embodiment 4

本发明还提供一种计算机可读存储介质，其中，存储有一个或者多个程序，所述一个或者多个程序可被一个或者多个处理器执行，以实现如上所述的前后端分离设置鉴权方法的步骤。The present invention also provides a computer-readable storage medium, in which one or more programs are stored, and the one or more programs can be executed by one or more processors to realize the above-mentioned front-end and back-end separation setting authentication Steps of the right method.

最后应说明的是：以上实施例仅用以说明本发明的技术方案，而非对其限制；尽管参照前述实施例对本发明进行了详细的说明，本领域的普通技术人员应当理解：其依然可以对前述各实施例所记载的技术方案进行修改，或者对其中部分技术特征进行等同替换；而这些修改或者替换，并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, but not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand: it can still be Modifications are made to the technical solutions described in the foregoing embodiments, or some technical features thereof are equivalently replaced; and these modifications or replacements do not make the essence of the corresponding technical solutions depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. a front-end and back-end separation setting authentication method, is characterized in that, described method comprises:

Obtain the user ID, and obtain the target resource authority corresponding to the user ID from the back end according to the user ID;

Rendering a first-level system page according to the target resource authority corresponding to the user ID, where the first-level system page includes access links of multiple systems;

A system access command is received, and according to the system access command and the target resource authority, the second-level module resource authority, the third-level page resource authority, and the fourth-level interface resource authority corresponding to the user ID are obtained to render the corresponding page.

2. the front-end and back-end separation setting authentication method according to claim 1, is characterized in that, described obtaining the target resource authority corresponding to described user ID from back end according to described user ID, comprising:

A user role is determined according to the user ID, and the target resource authority is determined according to the user role.

3. The front-end and back-end separation setting authentication method according to claim 2 is characterized in that, the resource of the target resource authority corresponding to the user ID is created in advance in the back-end, and the non-target resource authority in the target resource authority is created in advance. A first-level resource corresponds to a parent resource.

4. The front-end and back-end separation setting authentication method according to claim 1, is characterized in that, according to described system access command and described target resource authority, obtain secondary module resource authority, 3-level page resource authority and 4-level resource authority Interface resource permissions to render corresponding pages, including:

Enter the sso page according to the system ID and token corresponding to the system access command;

Route matching is performed through the sso page, and the associated routing data of the secondary module resource authority and the tertiary page resource authority of the user ID in the system corresponding to the system ID is obtained;

The page is rendered according to the associated routing data and the user ID's level-4 interface resource authority in the system corresponding to the system ID.

5. The front-end and back-end separation setting authentication method according to claim 4, is characterized in that, described according to described associative routing data and described user ID in the system of described system ID corresponding four-level interface resource authority rendering pages, including:

Generate a system page menu according to the associated routing data;

The display mode of the buttons in the system page menu is determined according to the four-level interface resource authority in the target resource authority.

6. The front-end and back-end separation setting authentication method according to claim 4, is characterized in that, described carries out route matching by described sso page, obtains the associated routing data of described secondary module resource and described tertiary page resource ,include:

Through the sso page, the front-end routing object is matched with all the second-level module resources and the third-level page resources corresponding to the system ID pre-cached in the sso page to obtain filtering routing data;

The filtering routing data is added to the front-end routing to obtain the associated routing data.

7. The front-end and back-end separation setting authentication method according to claim 5, wherein, determining the display mode of the button in the page according to the four-level interface resource authority in the target resource authority, comprising:

Through the sso page, match all the level-4 interface resource permissions corresponding to the user ID with all level-4 interface resources in the system corresponding to the system ID by matching API addresses and request methods to determine whether the buttons on the page have operating authority;

When the button has operation authority, the display mode of the OK button is highlighted, and when the button has no operation authority, the display mode of the OK button is hidden or grayed out.

8. A front-end and back-end separation setting authentication system is characterized in that, comprising:

a permission determination module, which is used to obtain a user ID, and obtain a target resource permission corresponding to the user ID from the back end according to the user ID;

a first-level system rendering module, the first-level system rendering module is used to render a first-level system page according to the target resource authority corresponding to the user ID, and the first-level system page includes access links of multiple systems;

A page rendering module, the page rendering module is configured to receive a system access command, and obtain the second-level module resource authority, third-level page resource authority and fourth-level interface corresponding to the user ID according to the system access command and the target resource authority Resource permissions to render the corresponding page.

9. A terminal, characterized in that the terminal comprises: a processor and a computer-readable storage medium communicatively connected to the processor, the computer-readable storage medium being adapted to store a plurality of instructions, and the processor being adapted to The instructions in the computer-readable storage medium are invoked to execute the steps of implementing the authentication method for separate front-end and back-end settings according to any one of the preceding claims 1-7.

10. A computer-readable storage medium, characterized in that, the computer-readable storage medium stores one or more programs, and the one or more programs can be executed by one or more processors to realize the claim The steps of setting the authentication method separately for the front-end and back-end according to any one of requirements 1-7.