CN114697131A - Data calling method and device, storage medium and electronic equipment - Google Patents
Data calling method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN114697131A CN114697131A CN202210451697.9A CN202210451697A CN114697131A CN 114697131 A CN114697131 A CN 114697131A CN 202210451697 A CN202210451697 A CN 202210451697A CN 114697131 A CN114697131 A CN 114697131A
- Authority
- CN
- China
- Prior art keywords
- request
- data
- data calling
- calling
- determining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 73
- 238000012545 processing Methods 0.000 claims abstract description 60
- 238000012795 verification Methods 0.000 claims description 43
- 235000014510 cooky Nutrition 0.000 claims description 18
- 238000012423 maintenance Methods 0.000 abstract description 9
- 230000008569 process Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 239000000243 solution Substances 0.000 description 4
- 238000010276 construction Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012544 monitoring process Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
Abstract
The invention provides a data calling method and device, a storage medium and electronic equipment, which are applied to a universal gateway, wherein the method comprises the following steps: generating a request calling chain corresponding to a data calling request sent by a front end; judging whether the front end has data calling authority; if so, configuring an assembly request parameter based on a gateway corresponding to the front end; based on interface information in gateway configuration, calling request parameters to a service server corresponding to the data calling request; triggering a service server to perform service logic processing to generate a service processing result; and the service processing result and the request call chain are assembled and then fed back to the front end. The method and the system can call the request parameters to the corresponding service server side for service logic processing without setting service logic codes in the universal gateway, ensure the independence of the gateway codes of the universal gateway and reduce the maintenance workload and the maintenance cost of the gateway.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data calling method and apparatus, a storage medium, and an electronic device.
Background
The gateway is also called an internetwork connector, protocol converter. The gateway realizes network interconnection on a network layer and is a complex network interconnection device. A gateway is a computer system or device that acts as a switch-master, used between two systems of different communication protocols, data formats or languages, and even completely different architectures.
Based on the characteristics of the gateway, the gateway is one of indispensable devices in the construction process of various systems and platforms, and the service logic codes of the systems or the platforms are usually doped in the application process of the current gateway to ensure the calling of data in the systems or the platforms, which causes the gateway codes of the gateway to be not independent, increases the workload of maintaining the gateway, and causes the cost of maintenance to be increased.
Disclosure of Invention
In view of this, the present invention provides a data calling method and apparatus, a storage medium, and an electronic device, where the request parameter is called by using interface information, and the request parameter can be called to a corresponding service server, so that the service server performs corresponding service logic processing, and further obtains corresponding data, and thus, calling of corresponding data can be achieved without doping a service logic code in a gateway, and independence of a gateway code in the gateway is achieved, thereby reducing workload for maintaining the gateway and reducing maintenance cost.
In order to achieve the purpose, the invention provides the following technical scheme:
the invention discloses a data calling method applied to a universal gateway in a first aspect, which comprises the following steps:
receiving a data calling request sent by a front end;
generating a request calling chain corresponding to the data calling request;
judging whether the front end has a data calling authority or not;
when the front end is determined to have the data calling right, assembling request parameters based on a pre-configured gateway corresponding to the front end;
based on interface information in the gateway configuration, calling the request parameters to a service server corresponding to the data calling request;
triggering the service server to perform service logic processing and generating a service processing result;
and assembling the service processing result and the request call chain, and feeding back the assembled data to the front end.
Optionally, the method for determining whether the front end has the data call authority includes:
performing security verification on the data calling request, and determining data calling permission when the data calling request passes the security verification;
determining authority information of the data calling authority;
judging whether the preset authority information corresponding to the front end exists or not;
if the authority information exists in the preset authority information corresponding to the front end, determining that the front end has the data calling authority;
and if the preset authority information corresponding to the front end does not have the authority information, determining that the front end does not have the data calling authority.
Optionally, the performing security check on the data call request includes:
judging whether the data calling request is a legal request or not;
when the data calling request is determined to be a legal request, acquiring cookie information in the data calling request;
and performing login verification on the front end based on the cookie information, and determining that the data call request passes the security verification when the login of the front end is determined to be legal.
Optionally, the method for determining whether the data call request is a legal request includes:
performing cross-domain processing on the data call request;
performing vulnerability verification on the data call request processed through the cross-domain processing, and judging whether the data call request has a vulnerability or not;
and when no loophole exists in the data calling request, determining that the data calling request is a legal request.
The above method, optionally, further includes:
and intercepting the data calling request when the data calling request does not pass the security check.
The second aspect of the present invention discloses a data calling device, which is applied to a universal gateway, and includes:
the receiving unit is used for receiving a data calling request sent by the front end;
the generating unit is used for generating a request calling chain corresponding to the data calling request;
the judging unit is used for judging whether the front end has data calling authority or not;
the assembling unit is used for configuring an assembling request parameter based on a pre-configured gateway corresponding to the front end when the front end is determined to have the data calling right;
the calling unit is used for calling the request parameter to a service server corresponding to the data calling request based on the interface information in the gateway configuration;
the triggering unit is used for triggering the service server to perform service logic processing and generate a service processing result;
and the assembling unit is used for assembling the service processing result and the request call chain and feeding back the assembled data to the front end.
The above apparatus, optionally, the determining unit includes:
the verification module is used for carrying out safety verification on the data calling request and determining data calling permission when the data calling request passes the safety verification;
the first determining module is used for determining the authority information of the data calling authority;
the first judgment module is used for judging whether the authority information exists in the preset authority information corresponding to the front end;
the second determining module is used for determining that the front end has the data calling authority if the authority information exists in the preset authority information corresponding to the front end;
and the third determining module is used for determining that the front end does not have the data calling authority if the authority information does not exist in the preset authority information corresponding to the front end.
The above apparatus, optionally, the verification module includes:
the judging subunit is used for judging whether the data calling request is a legal request or not;
the obtaining subunit is configured to obtain cookie information in the data call request when it is determined that the data call request is a legal request;
and the determining subunit is configured to perform login verification on the front end based on the cookie information, and determine that the data call request passes the security verification when the login of the front end is determined to be legal.
The above apparatus, optionally, the judging subunit includes:
the processing submodule is used for performing cross-domain processing on the data calling request;
the judging submodule is used for carrying out vulnerability verification on the data calling request subjected to the cross-domain processing and judging whether the data calling request has a vulnerability or not;
and the determining submodule is used for determining that the data calling request is a legal request when no bug exists in the data calling request.
The above apparatus, optionally, further comprises:
and the interception unit is used for intercepting the data calling request when the data calling request does not pass the security check.
The third aspect of the present invention discloses a storage medium, which includes stored instructions, wherein when the instructions are executed, the apparatus on which the storage medium is located is controlled to execute the data call method described above.
In a fourth aspect, the present invention discloses an electronic device comprising a memory, and one or more instructions, wherein the one or more instructions are stored in the memory and configured to be executed by the one or more processors to perform the data call method as described above.
Compared with the prior art, the invention has the following advantages:
the invention provides a data calling method and device, a storage medium and electronic equipment, which are applied to a universal gateway, wherein the method comprises the following steps: generating a request calling chain corresponding to a data calling request sent by a front end; judging whether the front end has data calling authority; if so, configuring an assembly request parameter based on a gateway corresponding to the front end; based on interface information in gateway configuration, calling request parameters to a service server corresponding to the data calling request; triggering a service server to perform service logic processing to generate a service processing result; and the service processing result and the request call chain are assembled and then fed back to the front end. The method and the system can call the request parameters to the corresponding service server side for service logic processing without setting service logic codes in the universal gateway, ensure the independence of the gateway codes of the universal gateway and reduce the maintenance workload and the maintenance cost of the gateway.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for data call according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for performing security check on a data call request according to an embodiment of the present invention;
fig. 3 is a flowchart of a method for determining whether a front end has a data call permission according to an embodiment of the present invention;
fig. 4 is an application example diagram of a data calling method according to an embodiment of the present invention;
FIG. 5 is a flowchart of another method of a data call method according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a data call apparatus according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Interpretation of terms:
generalization and calling: the method can call the service without depending on a jar packet of the service, and can complete the call only by specifying an interface, a method, a parameter type and a parameter value.
SF: abbreviation of Service Framework for supporting generalized invocation.
SGM: service Governance And administration (Service Governance And Monitoring) is a set of comprehensive Service administration solution dedicated to distributed Service Monitoring, tracking And early warning, And is used for realizing full-link Monitoring.
xss: xss attacks generally refer to the injection of malicious instruction codes into a web page by a smart method by exploiting a vulnerability left when the web page is developed, so that a user loads and executes a web page program maliciously manufactured by an attacker.
cookie: sometimes in their complex form. The type is "cookie", which is data (usually encrypted) that some websites store on the user's local terminal for Session tracking purposes to identify the user's identity, and is information that is temporarily or permanently stored by the user's client computer.
HTTP: the hypertext Transfer Protocol (HTTP) is a simple request-response Protocol that typically runs on top of TCP.
The invention is operational with numerous general purpose or special purpose computing device environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multi-processor apparatus, distributed computing environments that include any of the above devices or equipment, and the like.
The method provided by the embodiment of the invention is applied to the universal gateway, and the universal gateway can be a merchant universal gateway.
Referring to fig. 1, a flowchart of a method for invoking data according to an embodiment of the present invention is specifically described as follows:
s101: and receiving a data calling request sent by a front end.
The user sends a data call request through a front end, which may be a web browser, or a computer terminal or a mobile terminal that displays a browser page.
The data call request may be a request for obtaining detailed information of the commodity from the user, or a request for purchasing the commodity from the user.
Preferably, the data call request may be an HTTP request.
S102: and generating a request calling chain corresponding to the data calling request.
The gateway generates a request call chain of the data call request through the SGM, the request call chain is globally unique, the call process of the whole data call request can be traced completely according to the request call chain, and the problems of searching and positioning are facilitated.
S103: judging whether the front end has data calling authority; if the front end has the data calling authority, executing S104; if the front end does not have the data call authority, S108 is executed.
Referring to fig. 2, a flowchart of a method for determining whether a front end has a data call permission according to an embodiment of the present invention is specifically described as follows:
s201: and carrying out security verification on the data calling request, and determining the data calling authority when the data calling request passes the security verification.
The data call request is safely checked, so that malicious requests of illegal users can be effectively prevented, and the illegal users are prevented from attacking background services of the universal gateway. The data calling authority is the authority required by the data requested to be called by the front end.
S202: and determining authority information of the data calling authority.
The authority information includes descriptions of data call authority, such as authority name, authority level, authority applicable range, and the like.
S203: judging whether the preset authority information corresponding to the front end has authority information or not; if the preset authority information corresponding to the front end has authority information, executing S204; if the preset authority information corresponding to the front end does not have authority information, S205 is executed.
The preset authority information corresponding to the front end includes authority description of data that can be called by the front end, specifically, a service server that can be called by the front end, a service type, a specific authority level, and the like.
S204: and determining that the front end has the data calling authority.
S205: and determining that the front end does not have the data calling authority.
The invention can effectively avoid the situation that the front end has no full limit to call data and ensure the safety of the back end data by judging whether the front end has the data call authority.
By determining whether the front end has the data calling authority, the front end without the authority can be effectively prevented from calling data, and the safety of the data is ensured.
Referring to fig. 3, a flowchart of a method for performing security check on a data call request according to the present invention is specifically described as follows:
s301: judging whether the data calling request is a legal request or not; when the data calling request is determined to be a legal request, executing S302; when it is determined that the data call request is an illegal request, S304 is performed.
For example, the process of determining whether the data call request is a legal request is as follows:
performing cross-domain processing on the data call request;
performing vulnerability verification on the data calling request subjected to cross-domain processing, and judging whether the data calling request has a vulnerability or not;
when no loophole exists in the data calling request, determining the data calling request as a legal request;
and when the data calling request has a bug, determining that the data calling request is an illegal request.
Furthermore, when the data call request is subjected to cross-domain processing, cross-domain verification, cross-domain adjustment and other operations can be performed on the data call request, preferably, whether the data call request is a cross-domain request can be judged, when the data call request is determined to be a cross-domain request, whether the data call request meets a cross-domain rule of the universal gateway can be determined, when the cross-domain of the data call request is determined to be illegal, the data call request can be directly determined to be an illegal request, or the data call request is adjusted, so that the data call request meets the cross-domain rule of the universal gateway, and further, when the data call request does not meet the cross-domain rule after being adjusted, the data call request can be determined to be an illegal request.
When performing vulnerability verification on a data call request processed across domains, it may be specifically determined whether a high-risk vulnerability exists in the data call request, specifically, for example, a xss vulnerability, a Cross-site request forgery (CSRF) vulnerability, and the like.
S302: and acquiring cookie information in the data calling request.
Preferably, the pick information is a small text data with a length not exceeding 4kb and is composed of a plurality of optional attributes, and the pick information includes, but is not limited to, information of a user using the front end, specifically, login information of the user, and the like.
S303: and performing login verification on the front end based on the cookie information, and determining that the data call request passes the safety verification when the login of the front end is determined to be legal.
When the front end is logged in and checked, the front end can be logged in an Enterprise Resource Planning (ERP) by using cookie information, after the ERP is successfully logged in, the front end can be logged in legally by using the cookie information and an Enterprise station using the universal gateway, and after the front end is successfully logged in; furthermore, when the ERP or the enterprise station is not successfully logged in, the login of the front end is determined to be illegal, and then the data calling request is determined not to pass the safety verification.
Further, when the front end is checked for login based on the cookie information, it can be understood that whether the identity of the user using the front end is legal or not is checked, when the front end passes the login check, it can be determined that the identity of the user using the front end is legal, and when the front end does not pass the login check, it can be determined that the identity of the user using the front end is illegal.
S304: determining that the data call request fails the security check.
By judging whether the data calling request is a legal request or not and performing login verification on the front end, the malicious request can be effectively prevented, a malicious user is prevented from attacking the general gateway and the background, and the safety of the gateway and the background is ensured.
S104: the assembly request parameter is configured based on a preconfigured gateway corresponding to the front end.
It should be noted that, the process of configuring the gateway for the front end in advance is as follows:
acquiring gateway configuration sent by a user through a front end; showing a gateway configuration page to a user; and determining data of the user in the gateway configuration page, and storing the data as the gateway configuration of the front end.
Preferably, the gateway configuration includes, but is not limited to, interface information, method information, parameter types, parameter values, and the like.
Illustratively, the request parameters include, but are not limited to, merchant, store, etc. information.
S105: and calling the request parameters to a service server corresponding to the data calling request based on the interface information in the gateway configuration.
Based on interface information in gateway configuration, generalized calling is carried out on the request parameters so as to call the request parameters to a service server corresponding to the data calling request; further, a generalized call may be implemented using a high performance service framework.
Based on interface information in gateway configuration, rpc middleware can be used to perform SF generalization call on request parameters, and then the request parameters are called to a service server, and the whole process does not need class or jar packet of the service server, wherein the service server can be a downstream service party, and can determine the service server according to the service request type in the data call request.
S106: and triggering the service server to perform service logic processing to generate a service processing result.
The service server can call the service logic code to perform service logic processing, so as to obtain a service processing result, and further, the service processing result is data requested by the front end.
S107: and assembling the service processing result and the request call chain, and feeding back the assembled data to the front end.
And assembling the service request result and the request call chain, and feeding back the assembled data to the front end, so that the whole request call process can be completely tracked through the request call chain, and the problem searching and positioning are facilitated.
S108: and intercepting the data call request.
The data call request is intercepted, the illegal requests are effectively filtered, the malicious requests are prevented from being processed, the illegal users are effectively prevented from attacking the universal gateway and the background, and the safety of data is protected.
In the method provided by the embodiment of the invention, a data call request sent by a front end is received, and a request call chain corresponding to the data call request is generated; performing security verification on the data calling request, and determining data calling permission when the data calling request passes the security verification; judging whether the front end has data calling authority; when the front end is determined to have the data calling right, configuring an assembly request parameter based on a pre-configured gateway corresponding to the front end; based on interface information in gateway configuration, generalized calling is carried out on the request parameters, and the request parameters are called to a service server corresponding to the data calling request; triggering a service server to perform service logic processing to generate a service processing result; and assembling the service processing result and the request call chain, and feeding back the assembled data to the front end. When the invention calls data, the universal gateway does not need to configure service logic codes, processes the data calling request, and uses the generalization calling technology to call the request parameters of the front end to the service server after determining that the front end has the data calling authority, so that the service server performs the service processing result, and finally feeds back the data processed by the service processing result to the front end; in the process of calling data, the universal gateway calls the service server by using a generalized calling technology without using class or jar packets of the service server, so that the universal gateway does not need to configure service logic codes, the independence of gateway codes in the universal gateway is kept, the workload of maintaining the universal gateway is reduced, and the maintenance cost is reduced.
Referring to fig. 4, an application example diagram of the data call method provided in the embodiment of the present invention is shown, as shown in the figure, the method provided in the present invention may have an excessive period during application, and in order to ensure normal operation of the universal gateway when the service logic code is not stripped in the previous stage of the universal gateway, the method may refer to part a in the figure for data processing, and after the service logic code in the universal gateway is completely stripped, part B in the figure may be used for data processing.
Referring to fig. 5, a flowchart of another method of the data invoking method according to the embodiment of the present invention is shown, where the diagram includes contents such as a front end, a merchant universal gateway, ERP, an enterprise site, and a service server, where the front end may also be referred to as an invoking party, and the front end configures, in advance, gateway configuration including information such as an invoked interface and parameters in the merchant universal gateway through a gateway management page; the front end initiates an http request (which can be understood as a data call request in the foregoing) to the merchant end, and a request address is obtained through gateway configuration pre-configured by a gateway management page; the universal gateway generates a globally unique request calling chain for the request through the SGM, and the request calling chain can completely track the whole calling process of the request, so that the problem is conveniently searched and positioned; the universal gateway performs a cross domain (cross) check on the request, xss check; therefore, malicious requests of illegal users can be prevented from attacking the gateway and background services; after the pre-cross-domain check sum xss is checked, cookie information in the request is taken to judge whether the user is a legal user for logging in, gateway logging support, merchant ERP logging, enterprise station logging, and user basic information is obtained after logging in is successful; comparing the calling request with the calling authority (authority of merchants, service line operation, super management, ERP operation and the like) owned by the user through the acquired basic information of the user, intercepting the request if the user has no authority, and preferably, the basic information of the user comprises user login information; after determining that the user has the right, assembling caller request parameters, such as: assembling information such as assembling merchants, shops and the like according to gateway configuration; carrying out SF generalization calling on the assembled parameters through corresponding interface information, calling the assembled parameters to a downstream service party (which can be understood as a service server), and carrying out service logic processing by the downstream service party; and acquiring a processing result fed back by a downstream service party, splicing the processing result and the request call chain, and feeding back the spliced processing result to the front end.
According to the method, the front end initiates an http request to a merchant gateway by persisting information such as an interface and a method of a server, the gateway acquires corresponding method configuration information and authority after receiving the request, maps parameters transmitted by the front end and basic information such as merchants and shops into SF generalized call, and initiates the call to the server; therefore, business logic codes do not need to be doped in the gateway, the gateway codes are kept independent and tidy, and the maintenance cost of the gateway is reduced.
The data calling method provided by the invention can be applied to the construction of a commodity transaction platform, and after the method provided by the invention is applied to a universal gateway, so that the universal gateway supports the commodity requirement of the internal business, and the external channel trader has the same commodity, rights and interests, service and diversified supply chain requirements, therefore, river and lake platformization construction is carried out, the commodity supply chain capacity of an enterprise is established through a universal gateway, the customization capacity of the standard products and the supply chain of the enterprise mall is combined with the technical and data capacity of the enterprise science and technology to construct the platformization output capacity, the flow operation capacity and the business change capability of the consumer goods according to the requirements of financial users and cooperation partners on physical commodities, virtual rights and interests, financial services and exclusive commodity capacity, and the marketing efficiency is improved by assisting brand parties and cooperation partners to obtain better economic benefits.
Corresponding to the method shown in fig. 1, the present invention provides a data invoking device, which is disposed in a universal gateway, and is configured to support the implementation of the method shown in fig. 1 in real life, where a schematic structural diagram of the device is shown in fig. 6, and specifically described as follows:
a receiving unit 601, configured to receive a data call request sent by a front end;
a generating unit 602, configured to generate a request call chain corresponding to the data call request;
a determining unit 603, configured to determine whether the front end has the data call permission;
an assembling unit 604, configured to configure, when it is determined that the front end has the data call right, an assembling request parameter based on a preconfigured gateway corresponding to the front end;
a calling unit 605, configured to call the request parameter to a service server corresponding to the data call request based on the interface information in the gateway configuration;
a triggering unit 606, configured to trigger the service server to perform service logic processing, and generate a service processing result;
and an assembling unit 607, configured to assemble the service processing result and the request call chain, and feed back assembled data to the front end.
In the device provided by the embodiment of the invention, a data call request sent by a front end is received, and a request call chain corresponding to the data call request is generated; performing security verification on the data calling request, and determining data calling permission when the data calling request passes the security verification; judging whether the front end has data calling authority; when the front end is determined to have the data calling right, assembling request parameters are configured on the basis of a gateway which is configured in advance and corresponds to the front end; based on interface information in gateway configuration, generalized calling is carried out on the request parameters, and the request parameters are called to a service server corresponding to the data calling request; triggering a service server to perform service logic processing to generate a service processing result; and assembling the service processing result and the request call chain, and feeding back the assembled data to the front end. When the invention calls data, the universal gateway does not need to configure a service logic code, processes a data calling request, and calls a request parameter of the front end to a service server by using a generalized calling technology after determining that the front end has a data calling authority so that the service server performs a service processing result, and finally feeds back the data processed by the service processing result to the front end; in the process of calling data, the universal gateway calls the service server by using a generalized calling technology without using class or jar packets of the service server, so that the universal gateway does not need to configure service logic codes, the independence of gateway codes in the universal gateway is kept, the workload of maintaining the universal gateway is reduced, and the maintenance cost is reduced.
In another example provided by the present invention, the determining unit 603 of the apparatus may be configured to:
the verification module is used for carrying out safety verification on the data calling request and determining data calling permission when the data calling request passes the safety verification;
the first determining module is used for determining the authority information of the data calling authority;
the first judgment module is used for judging whether the authority information exists in the preset authority information corresponding to the front end or not;
the second determining module is used for determining that the front end has the data calling authority if the authority information exists in the preset authority information corresponding to the front end;
and the third determining module is used for determining that the front end does not have the data calling authority if the authority information does not exist in the preset authority information corresponding to the front end.
In another example provided by the present invention, the verification module of the apparatus may be configured to:
the judging subunit is used for judging whether the data calling request is a legal request or not;
the obtaining subunit is configured to obtain cookie information in the data call request when it is determined that the data call request is a legal request;
and the determining subunit is configured to perform login verification on the front end based on the cookie information, and determine that the data call request passes the security verification when the login of the front end is determined to be legal.
In another example provided by the present invention, the determining subunit of the apparatus may be configured to:
the processing submodule is used for performing cross-domain processing on the data calling request;
the judging submodule is used for carrying out vulnerability verification on the data calling request processed by the cross-domain processing and judging whether the data calling request has a vulnerability or not;
and the determining submodule is used for determining that the data calling request is a legal request when no bug exists in the data calling request.
In another example provided by the present invention, the apparatus may be further configured to:
and the interception unit is used for intercepting the data calling request when the data calling request does not pass the security check.
The embodiment of the invention also provides a storage medium, which comprises a stored instruction, wherein when the instruction runs, the device where the storage medium is located is controlled to execute the data calling method.
The present invention further provides an electronic device, which has a schematic structural diagram as shown in fig. 7, and specifically includes a memory 701 and one or more instructions 702, where the one or more instructions 702 are stored in the memory 701, and are configured to be executed by the one or more processors 703 to execute the one or more instructions 702 to perform the data call method.
The specific implementation procedures and derivatives thereof of the above embodiments are within the scope of the present invention.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments, which are substantially similar to the method embodiments, are described in a relatively simple manner, and reference may be made to some descriptions of the method embodiments for relevant points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A data calling method is applied to a general gateway and comprises the following steps:
receiving a data calling request sent by a front end;
generating a request calling chain corresponding to the data calling request;
judging whether the front end has a data calling authority or not;
when the front end is determined to have the data calling right, assembling request parameters based on a pre-configured gateway corresponding to the front end;
based on interface information in the gateway configuration, calling the request parameters to a service server corresponding to the data calling request;
triggering the service server to perform service logic processing and generating a service processing result;
and assembling the service processing result and the request call chain, and feeding back the assembled data to the front end.
2. The method of claim 1, wherein the determining whether the front end has data call authority comprises:
performing security verification on the data calling request, and determining data calling permission when the data calling request passes the security verification;
determining authority information of the data calling authority;
judging whether the preset authority information corresponding to the front end exists or not;
if the authority information exists in the preset authority information corresponding to the front end, determining that the front end has the data calling authority;
and if the authority information does not exist in the preset authority information corresponding to the front end, determining that the front end does not have the data calling authority.
3. The method of claim 2, wherein the securely checking the data call request comprises:
judging whether the data calling request is a legal request or not;
when the data calling request is determined to be a legal request, acquiring cookie information in the data calling request;
and performing login verification on the front end based on the cookie information, and determining that the data call request passes the security verification when the login of the front end is determined to be legal.
4. The method of claim 3, wherein said determining whether the data call request is a legitimate request comprises:
performing cross-domain processing on the data call request;
performing vulnerability verification on the data call request processed through the cross-domain processing, and judging whether the data call request has a vulnerability or not;
and when no loophole exists in the data calling request, determining that the data calling request is a legal request.
5. The method of claim 1, further comprising:
and intercepting the data calling request when the data calling request does not pass the security check.
6. A data calling device is applied to a general gateway and comprises:
the receiving unit is used for receiving a data calling request sent by the front end;
the generating unit is used for generating a request calling chain corresponding to the data calling request;
the judging unit is used for judging whether the front end has data calling authority or not;
the assembling unit is used for configuring an assembling request parameter based on a pre-configured gateway corresponding to the front end when the front end is determined to have the data calling right;
the calling unit is used for calling the request parameter to a service server corresponding to the data calling request based on the interface information in the gateway configuration;
the triggering unit is used for triggering the service server to perform service logic processing and generate a service processing result;
and the assembling unit is used for assembling the service processing result and the request call chain and feeding back the assembled data to the front end.
7. The apparatus according to claim 6, wherein the determining unit comprises:
the verification module is used for carrying out safety verification on the data calling request and determining data calling permission when the data calling request passes the safety verification;
the first determining module is used for determining authority information of the data calling authority;
the first judgment module is used for judging whether the authority information exists in the preset authority information corresponding to the front end;
the second determining module is used for determining that the front end has the data calling authority if the authority information exists in the preset authority information corresponding to the front end;
and the third determining module is used for determining that the front end does not have the data calling authority if the authority information does not exist in the preset authority information corresponding to the front end.
8. The apparatus of claim 7, wherein the verification module comprises:
the judging subunit is used for judging whether the data calling request is a legal request or not;
the obtaining subunit is configured to obtain cookie information in the data call request when it is determined that the data call request is a legal request;
and the determining subunit is configured to perform login verification on the front end based on the cookie information, and determine that the data call request passes the security verification when the login of the front end is determined to be legal.
9. A storage medium comprising stored instructions, wherein when executed, the instructions control a device on which the storage medium is located to execute the data call method according to any one of claims 1 to 5.
10. An electronic device comprising a memory and one or more instructions, wherein the one or more instructions are stored in the memory and configured to be executed by the one or more processors to perform the data call method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210451697.9A CN114697131A (en) | 2022-04-27 | 2022-04-27 | Data calling method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210451697.9A CN114697131A (en) | 2022-04-27 | 2022-04-27 | Data calling method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114697131A true CN114697131A (en) | 2022-07-01 |
Family
ID=82144789
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210451697.9A Pending CN114697131A (en) | 2022-04-27 | 2022-04-27 | Data calling method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114697131A (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020161907A1 (en) * | 2001-04-25 | 2002-10-31 | Avery Moon | Adaptive multi-protocol communications system |
| CN111212075A (en) * | 2020-01-02 | 2020-05-29 | 腾讯云计算(北京)有限责任公司 | Service request processing method and device, electronic equipment and computer storage medium |
| CN112910770A (en) * | 2021-03-23 | 2021-06-04 | 深圳前海联动云软件科技有限公司 | Distributed service gateway design method and system based on generalization call |
| CN113037831A (en) * | 2021-03-04 | 2021-06-25 | 中国农业银行股份有限公司 | Service gateway message processing method and device |
| CN113055393A (en) * | 2021-03-26 | 2021-06-29 | 支付宝(杭州)信息技术有限公司 | Security service method, device and equipment |
| CN113381866A (en) * | 2020-02-25 | 2021-09-10 | 北京同邦卓益科技有限公司 | Service calling method, device, equipment and storage medium based on gateway |
| CN113765982A (en) * | 2020-12-17 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Request response method, device, system, server and storage medium |
| CN114070583A (en) * | 2021-10-12 | 2022-02-18 | 鸬鹚科技(深圳)有限公司 | Information access control method, information access control device, computer equipment and medium |
-
2022
- 2022-04-27 CN CN202210451697.9A patent/CN114697131A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020161907A1 (en) * | 2001-04-25 | 2002-10-31 | Avery Moon | Adaptive multi-protocol communications system |
| CN111212075A (en) * | 2020-01-02 | 2020-05-29 | 腾讯云计算(北京)有限责任公司 | Service request processing method and device, electronic equipment and computer storage medium |
| CN113381866A (en) * | 2020-02-25 | 2021-09-10 | 北京同邦卓益科技有限公司 | Service calling method, device, equipment and storage medium based on gateway |
| CN113765982A (en) * | 2020-12-17 | 2021-12-07 | 北京沃东天骏信息技术有限公司 | Request response method, device, system, server and storage medium |
| CN113037831A (en) * | 2021-03-04 | 2021-06-25 | 中国农业银行股份有限公司 | Service gateway message processing method and device |
| CN112910770A (en) * | 2021-03-23 | 2021-06-04 | 深圳前海联动云软件科技有限公司 | Distributed service gateway design method and system based on generalization call |
| CN113055393A (en) * | 2021-03-26 | 2021-06-29 | 支付宝(杭州)信息技术有限公司 | Security service method, device and equipment |
| CN114070583A (en) * | 2021-10-12 | 2022-02-18 | 鸬鹚科技(深圳)有限公司 | Information access control method, information access control device, computer equipment and medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107135073B (en) | Interface calling method and device | |
| US10826872B2 (en) | Security policy for browser extensions | |
| US9900346B2 (en) | Identification of and countermeasures against forged websites | |
| US10382434B2 (en) | Actively federated mobile authentication | |
| US8881223B2 (en) | Enterprise security assessment sharing for off-premise users using globally distributed infrastructure | |
| US8181246B2 (en) | System and method for preventing web frauds committed using client-scripting attacks | |
| US9071600B2 (en) | Phishing and online fraud prevention | |
| US9021586B2 (en) | Apparatus and methods for preventing cross-site request forgery | |
| EP2611106A1 (en) | System for automated prevention of fraud | |
| US9544317B2 (en) | Identification of potential fraudulent website activity | |
| CN109660504A (en) | System and method for controlling the access to enterprise network | |
| CN107547524A (en) | A kind of page detection method, device and equipment | |
| CN114422139B (en) | API gateway request security verification method, device, electronic equipment and computer readable medium | |
| Chouhan et al. | Software as a service: Understanding security issues | |
| CN109819033A (en) | A kind of resource file loading method and system | |
| WO2011127373A1 (en) | System and method for processing user information | |
| US9888034B2 (en) | Pluggable API firewall filter | |
| US9904791B1 (en) | Processing device having secure container for accessing enterprise data over a network | |
| CN114697131A (en) | Data calling method and device, storage medium and electronic equipment | |
| CN113709136B (en) | Access request verification method and device | |
| CN106470237A (en) | A kind of asynchronous method for down loading and system | |
| US20230394151A1 (en) | Protected qr code scanner using operational system override | |
| Rautila et al. | Secure inspection of web transactions | |
| US20220038468A1 (en) | Passive detection of digital skimming attacks | |
| WO2022003547A1 (en) | Fraud protection in subscription flows for mobile application services |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |