CN114881469A - Performance assessment and management system and method for enterprise workers - Google Patents

Performance assessment and management system and method for enterprise workers Download PDF

Info

Publication number
CN114881469A
CN114881469A CN202210493129.5A CN202210493129A CN114881469A CN 114881469 A CN114881469 A CN 114881469A CN 202210493129 A CN202210493129 A CN 202210493129A CN 114881469 A CN114881469 A CN 114881469A
Authority
CN
China
Prior art keywords
assessment
management
module
user
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210493129.5A
Other languages
Chinese (zh)
Inventor
宋国娟
钱敏
阎克栋
荣洪成
卫冉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Suzhou Aerospace Information Research Institute
Original Assignee
Suzhou Aerospace Information Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Suzhou Aerospace Information Research Institute filed Critical Suzhou Aerospace Information Research Institute
Priority to CN202210493129.5A priority Critical patent/CN114881469A/en
Publication of CN114881469A publication Critical patent/CN114881469A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1415Saving, restoring, recovering or retrying at system level
    • G06F11/1438Restarting or rejuvenating
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2246Trees, e.g. B+trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/23Updating
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24552Database cache management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/26Visual data mining; Browsing structured data

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • Human Resources & Organizations (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Development Economics (AREA)
  • Strategic Management (AREA)
  • Educational Administration (AREA)
  • Economics (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Quality & Reliability (AREA)
  • Marketing (AREA)
  • Software Systems (AREA)
  • Operations Research (AREA)
  • Game Theory and Decision Science (AREA)
  • Tourism & Hospitality (AREA)
  • General Business, Economics & Management (AREA)
  • Computational Linguistics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention provides a performance assessment and management system and method for enterprise employees, which provide comprehensive organization architecture management, employee management and system user, role and authority management for managers through a system management module; the performance assessment module provides assessment project management and assessment data integrated display service for managers and provides evaluation and assessment data integrated display service for daily work and various project work for workers; and the security authentication module provides the user with the services of key security encryption and storage, user identity authentication in the whole life cycle and network security attack protection. The invention integrates internal management, digital assessment, assessment data visualization and safety authentication, and improves the efficiency of enterprise management and performance assessment work.

Description

Performance assessment and management system and method for enterprise workers
Technical Field
The invention relates to the technical field of staff assessment and management, in particular to a performance assessment and management system and method for enterprise staff.
Background
With the continuous popularization of modern enterprise management in domestic enterprises, the performance assessment and management of workers already become an indispensable important part of enterprise management, however, the performance assessment of domestic enterprises still has a plurality of problems at present, on one hand, the performance assessment of domestic enterprises is limited by the deficiency of enterprise informatization construction, on the other hand, many enterprises still do not establish a set of enterprise comprehensive management platform integrating enterprise architecture management, worker management and performance assessment, and the problems of complicated assessment and management processes and low efficiency exist; on the other hand, in the existing worker assessment and management informatization system, the assessment condition of workers cannot be intuitively understood due to the lack of transverse and longitudinal comparison and graphical display of assessment results. In addition, most of the current enterprise information management platforms still have a plurality of problems in terms of system security.
Disclosure of Invention
The invention aims to overcome the defects in the prior art and provides a performance assessment and management system and method for enterprise workers.
The technical solution for realizing the purpose of the invention is as follows: an enterprise employee oriented performance assessment and management system comprising:
the system management module is used for providing all-round organization architecture management, employee management and system user, role and authority management for managers;
the performance assessment module is used for providing assessment project management and assessment data integrated display service for managers and providing evaluation and assessment data integrated display service for daily work and various project work for workers;
and the safety authentication module is used for providing the user with the services of secret key safety encryption and storage, user identity authentication in the whole life cycle and network safety attack protection.
Further, the system management module comprises an organization architecture management module, an employee management module and a system user, role and authority management module, wherein:
the organization architecture management module is used for informatization access and management of enterprise administrative organization architectures, forms an organization architecture tree by inputting the enterprise administrative organization architectures step by step, provides the functions of addition, deletion, modification and condition query of the organization architectures, and realizes informatization display and management of the enterprise organization architectures;
the employee management module is used for informatization input and management of employee information, provides functions of addition, deletion, modification and condition query of the employee and personal information thereof, supports two input modes of manual input of the employee information and intelligent batch import, and realizes personalized display and management of the employee information;
and the system user, role and authority management module is used for adding, deleting, modifying and inquiring conditions of system users, roles and authorities, and realizes fine-grained system authority control by establishing a user-role-authority three-layer model.
Furthermore, the performance assessment module comprises an assessment setting module, an assessment to-be-handled module and a data billboard module, wherein:
the examination setting module is used for providing examination item and examination time management for managers and comprises an examination item management sub-function module and an examination time management sub-function module; the assessment item management sub-function module provides the functions of adding, deleting, modifying and condition inquiring of assessment items and assessment key points and supports flexible weight distribution of the assessment key points; the assessment time management sub-function module realizes the periodic initialization function of assessment data and the disaster tolerance strategy of assessment service by carrying out database persistence on assessment intervals and assessment time; meanwhile, a method for dynamically adjusting the examination work interval and the examination open time period is provided, and the method is suitable for the characteristics of examination and evaluation work period and variable frequency;
the examination pending module is used for providing the user with an evaluation scoring function for daily work of the direct staff and various project works, and in an examination open time period, the user performs scoring, modification and submission operations on the work performance of the staff in an examination interval according to the examination projects and examination requirements of the examination projects;
the data billboard module is used for providing the functions of indirect grading batch adjustment of subordinate workers, assessment details of all subordinate workers and assessment data statistics for users, and providing assessment detail data integration display service and data export service of all the workers of the system for assessment managers.
Furthermore, the performance assessment module also provides a diagrammatizing service of assessment data, and the assessment data are visualized through grouping statistics and transverse and longitudinal comparison of the assessment data.
Further, the security authentication module comprises a user information security protection module, a user identity authentication module, and a network security protection module, wherein:
the user information security protection module is used for ensuring the personal information security of system users, and the user information protection of the whole life cycle is realized by using a set of complex and reliable ciphertext storage mechanism for the server database and encrypting and decrypting the user information in the communication process between the client and the server;
the user identity authentication module is used for verifying the identity of a user in the communication process from the client to the server, adding a token containing user information into the communication data from the client to the server through a token technology, encrypting and decrypting the data by adopting an asymmetric encryption algorithm, and finally verifying the authenticity and the legality of the user information at the server and determining whether the system executes service return data or rejects a service request;
the network security protection module is used for protecting network security attack, and the storage strategy of the user token at the client is matched with the CSRF token generated by the server, so that cross-site scripting attack and illegal site stealing of the user certificate at the client are completely eradicated, and the condition that a browser is deceived to send an illegal request to the server under the name of a user is avoided.
Furthermore, the performance assessment and management system comprises a PC (personal computer) end and an applet end, wherein the functions of the PC end comprise organization architecture management, worker management, system user, role and authority management, assessment project management, assessment evaluation service and assessment data integration display service. The functions of the small program end comprise assessment evaluation service and assessment data integration display service.
A performance assessment and management method for enterprise workers is based on the performance assessment and management system for the enterprise workers, and the performance assessment and management for the enterprise workers are achieved.
Compared with the prior art, the invention has the following remarkable advantages: (1) a method for rapidly traversing descendant nodes of a tree structure is provided in an organization architecture management module, and the data searching efficiency of the organization architecture tree is improved. (2) The authority management of system fine granularity is realized, the authority control service logic is isolated from other part of service logic, the coupling degree between the service logic is reduced, and the reusability of a program is improved. (3) The self-reset starting of the examination service is realized when the system fault is recovered through the examination setting persistence and the timing task, and the high reliability of the examination service is ensured. (4) The dynamic updating method for the timed task can solve the problems that the traditional timed task cannot be updated during running, the service must be restarted to update, a new task cannot be immediately effective after updating and the like, and realizes the dynamic adjustment of parameters such as the task period, the execution frequency and the like under the condition of no shutdown. (5) The visual assessment data is provided, the overall assessment condition of the staff can be intuitively known from multiple angles, the assessment conditions of various functional departments and groups can be transversely compared, and the macroscopic control of enterprise managers on the work of the staff is facilitated. (6) The method starts from three aspects of a client, a server and a communication process from the client to the server respectively, and effectively solves the information safety problem commonly existing in the similar system. (7) The client performs a certain caching strategy on the data, so that the pressure of the server is reduced.
Drawings
FIG. 1 is a system architecture diagram of the employee assessment and management system of the present invention.
Fig. 2 is a schematic flow chart of employee batch import according to an embodiment of the present invention.
FIG. 3 is a flow chart of system privilege control in the present invention.
FIG. 4 is an effect diagram of an assessment item setting page in the present invention.
FIG. 5 is a diagram of the effect of the assessment item modification page in the invention.
FIG. 6 is a diagram illustrating the initialization of assessment data according to the present invention.
FIG. 7 is a flowchart illustrating assessment and scoring according to the present invention.
FIG. 8 is a diagram illustrating the effect of examining pages to be handled in the present invention.
FIG. 9 is a schematic view of a data billboard assessment details page in the invention.
FIG. 10 is a schematic view of a data billboard assessment statistics page in the present invention.
FIG. 11 is a flowchart illustrating user authentication according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a performance assessment and management system for enterprise workers by integrating three modules of system management, performance assessment and safety authentication, wherein the system architecture is shown in figure 1 and comprises a system management module, a performance assessment module and a safety authentication module, and the specific implementation mode is as follows:
first, system management module
The system management module is used for providing all-round organization architecture management, employee management, system user, role and authority management for managers and comprises an organization architecture management module, an employee management module, a system user, a role and authority management module.
(1) Organization architecture management module
The organization architecture management module is used for informatization access and management of enterprise administrative organization architectures, forms an organization architecture tree by inputting the enterprise administrative organization architectures step by step, provides functions of adding, deleting, modifying, condition query and the like of the organization architectures, and realizes informatization display and management of the enterprise organization architectures.
When the organizational data management of an enterprise is carried out, the tree structure of the kind mostly adopts the multi-branch tree storage, but the multi-branch tree structure has the following problems in the concrete business implementation: the traversal of the tree is recursive traversal, and each recursion needs to open up a corresponding memory space (recursive stack), so that certain memory consumption exists. In the system, the relationship of the parent node and the child node in the tree is expressed into a level field in a table, the field records the path from the root node to the node in the architectural tree, for example, the organization id of a certain top level organization is ' 001 ', the level field is ' 001- ', the top level organization has a child organization with the organization id of ' 002 ', the level field is ' 001-. Therefore, when searching for the descendant nodes of a certain group of organization, all the descendant nodes of the organization can be quickly searched out only by using the indexes on the column level and then using SQL 'like XX%' matching, so that multiple recursions of the tree structure when searching for the descendant nodes are avoided, and particularly, when the organization tree structure is complex, the searching efficiency is greatly improved.
(2) Staff management module
The employee management module is used for information input and management of employee information, functions of adding, deleting, modifying, inquiring conditions and the like of the employees and personal information of the employees are provided, two input modes of manual input of the employee information and intelligent batch import are supported, and personalized display and management are efficiently and reliably carried out on the employee information.
As shown in fig. 2, the system provides a worker information import excel template file, logs in the system to download the template and fill in worker information according to requirements, and uploads the template to the system for batch import, wherein if the system identifies that the worker information in a certain column of the excel file is abnormal (for example, the organization information to which the worker belongs has a department which is not entered in the system), the batch import abnormality is thrown out, and the position of abnormal data in an excel form is fed back to a user, so that what kind of error occurs in the information in a certain row and a certain column of the excel. In addition, the batch import transaction adopts a non-rollback strategy, the employee information before the abnormal data is successfully imported, and the data after the abnormal data is failed to be imported. Therefore, when the batch import of the employee information with large data volume is carried out, the large affair rollback caused by the abnormal row is avoided, and the batch import of the data of the latter half is carried out again only from the abnormal row.
(3) System user, role and authority management module
The system user, role and authority management module provides functions of adding, deleting, modifying, condition inquiring and the like for the system user, the role and the authority. In addition, by establishing a user-role-authority three-layer model, fine-grained system authority control is realized.
In the system, users with different roles have access rights to different levels of system services, based on the idea of AOP, through designing a rights control section (Aspect), writing related logic codes for rights judgment in the section, then appointing an @ Around notification type in the section and using an @ association cut point indicator to limit and match a connection point (join point) with appointed annotation, and finally adding the appointed annotation on a service code interface method corresponding to the rights as a connection point, when the system requests to execute a corresponding service method, the flow is as shown in figure 3, firstly judging whether the role owned by the user has the calling rights of the service method in the section, and if so, normally executing the service method. If not, the service is refused, and a notice that the service interface is not called is returned to the client. The scheme realizes the isolation of the authority control service logic from other part of service logic, reduces the coupling degree between each part of service logic and improves the reusability of programs.
Second, performance assessment module
The performance assessment module is used for providing assessment project management and assessment data integrated display service for managers and providing assessment and assessment data integrated display service for daily work and various project work for workers, and comprises an assessment setting module, an assessment to-be-handled module and a data billboard module.
(1) Examination setting module
The assessment setting module is used for providing assessment items and assessment time management for managers, and comprises two sub-modules of assessment item management and assessment time management, wherein the assessment item management sub-function module provides functions of addition, deletion, modification, condition query and the like of assessment items and assessment key points, and supports flexible weight distribution of the assessment key points. The assessment time management sub-function module realizes the periodic initialization function of assessment data and the disaster tolerance strategy of assessment service by carrying out database persistence on assessment intervals and assessment time; meanwhile, a method for dynamically adjusting the assessment work interval and the assessment open time period is provided, and the method can be well adapted to the characteristics of assessment work period and variable frequency.
The management of assessment items and assessment key points, the initialization of assessment data and the dynamic adjustment of assessment intervals and assessment time periods are specifically introduced as follows:
(a) the assessment items and the assessment points are in one-to-many relationship, one assessment item corresponds to one to a plurality of assessment points, and meanwhile, each assessment point corresponds to one score interval. On the basis, the functions of increasing, deleting, modifying and checking the assessment points and assessment items are realized, as shown in fig. 4 and 5.
(b) The initialization of the assessment data is realized by using a timing task, as shown in fig. 6, when the system is started, the assessment open time and the assessment interval in the database are read, the initialization task of the assessment data is executed at each assessment open time, whether the assessment needs to generate the initial data of the employee is judged according to the time of the employee entering the job and leaving the job and the assessment interval, if the interval where the time of the employee entering the job and leaving the job is located and the assessment interval have an intersection, the initial (unscored) assessment data is inserted into the assessment interval, and if the interval where the time of the employee entering the job and leaving the assessment interval have no intersection, the initial assessment data does not need to be inserted into the assessment interval. In addition, the examination interval and the examination time period in the database are periodically delayed by setting the timing task (namely, after one examination is finished, the examination interval and the examination actual period are set as the next examination), so that the automatic management of the examination interval and the examination time period is realized.
(c) The dynamic adjustment of the assessment interval and the assessment time period needs to realize the updating of a single task and enable the single task to take effect immediately under the condition of not influencing other services and other timing tasks, and the specific implementation mode is as follows: maintaining two ConcurrentHashMaps of static final types, "FUTURE _ MAP" and "SERVICE _ MAP" and a task handle object, storing the Future object of the task into the FUTURE _ MAP and storing the task body into the SERVICE _ MAP each time the task is newly built, when modifying the task, only needing to obtain the Future object of the task from the FUTURE _ MAP and call the cancel method to cancel the task in the current task queue in the running state, then taking out the task body from the SERVICE _ MAP for updating, then re-adding the task body into the task queue through the task handle, and finally updating the FUTURE _ MAP and the SERVICE _ MAP to ensure that the latest task object is obtained in the next updating.
According to the scheme, the assessment setting information is persisted in the database, and even if the system is down, the system can automatically read the relevant information from the database and update the timing task after being restarted, so that the normal operation of the assessment process after the system fault is recovered is ensured. By the dynamic updating method of the timing task, the problems that the traditional timing task cannot be updated during operation, the service must be restarted to update, a new task cannot be immediately effective after updating and the like are solved, and the dynamic adjustment of parameters such as the task period, the execution frequency and the like under the condition of no shutdown is realized.
(2) Examination pending and data billboard module
The examination pending and data billboard module relates to evaluation scoring and data display of daily work and various project work of workers. In the examination opening time period, the user scores, modifies and submits the working performance of the employee in the examination interval according to the examination items and the examination important points thereof, and the flow is shown in fig. 7. Each organization responsible person directly scores the direct staff in the assessment to-be-done page (figure 8), clicks a submission button after the scoring is finished, submits the data to a superior leader for auditing, the superior leader needs to audit assessment details of indirect subordinate staff in a data billboard page (figure 9) in addition to the assessment to-be-done page for scoring the direct staff, and the assessment score of the indirect subordinate staff can be improved or reduced on the basis of the original score by adjusting an additional score mode.
In the business process, the upper and lower hierarchical relation of an organization and the job level of a job are combined, the submission state is _ committed is set as the job level of the job when the assessment data of the job is initialized, only the assessment records with the submission state field more than or equal to the leader job level-1 in the assessment records of the job under the leader (including direct subordinate and indirect subordinate) are returned on a data billboard page, and the submission state is _ committed is set as the job level of the leader when the assessment records of the job are submitted by the leader under the leader.
The advantages of this design are: for the directly subordinate, the initial submitting state of the assessment record meets the visibility requirement and can be directly displayed in the data billboard of the leader; for indirect subordinates, only after the examination records are submitted by the direct subordinates, the examination records are visible to leadership in the data billboard, so that the indirect subordinates are closer to real examination services, scientific data visibility is guaranteed, and the problem of dirty reading in the isolation level Read unommitted database is avoided.
The data billboard module realizes the visualization of the assessment data through the grouping statistics and the transverse and longitudinal comparison of the assessment data. As shown in fig. 10, the information of the registered staff is obtained according to the user information of the login user, and then the information of the organization structure is associated through the staff information, so that the excellent staff, the overall assessment situation and the assessment situation of each organization staff in all the managed staff are subjected to multi-angle and visual chart display, and the macro control of the enterprise managers on the staff work is facilitated.
Third, safety authentication module
The security authentication module provides services such as key security encryption and storage, user identity authentication in a full life cycle, common network security attack protection and the like for a user, and comprises a user information security protection module, a user identity authentication module and a network security protection module.
(1) User information safety protection module
The user information security protection module is used for ensuring the security of personal information of a system user, and the specific implementation mode is as follows:
(a) a high security user password generation mechanism is proposed and applied:
first, a salt is generated at the client using a cryptographically secure random number (SecureRandom).
Secondly, the password character string is converted into a byte array in a UTF-8 encoding format, and the byte array is encrypted by a SHA256 algorithm (or other encryption algorithms which cannot be recovered reversely) once.
And thirdly, the encrypted byte array is converted into a hexadecimal character string.
And fourthly, splicing the character string in the third step with the salinity value in the third step to form a new character string, and performing the third step and the fourth step again by taking the character string as a password character string, wherein the character string at the moment is the ciphertext after final encryption.
(b) The salt value and the ciphertext are stored on different servers separately, and the risk that the password and the salt value are acquired by an attacker at the same time is reduced.
(2) User identity authentication module
The user identity authentication module is used for verifying the identity of a user in the process of communicating from the client to the server, and the specific implementation mode is as follows:
(a) the HTTPS protocol is used for communication, the problems of insufficient plaintext transmission and data integrity verification of the HTTP protocol are solved, on the basis, the AES encryption algorithm is adopted at the client side for encrypting the password during login of the user, and the correctness of the password is verified after decryption is carried out at the server side.
(b) The token containing the user information is added to the server communication data at the client through the token technology, in order to ensure that the user information is not stolen in the communication process, an RSA algorithm is used for generating a public key and a private key of a certain secret key, a private key signature is adopted when the token is generated, the public key is adopted for verifying the signature when the signature is decrypted, the signature of the user cannot be forged under the condition that the private key cannot be obtained, the user identity can be uniquely confirmed, and the process is shown in figure 11.
(3) Network safety protection module
The network security protection module is used for protecting common network security attacks (XSS, CSRF), and the storage strategy of the user token at the client is matched with the CSRF token generated at the server, so that cross-site scripting attacks and illegal site stealing of user credentials at the client are completely eradicated, and the situation that a browser is deceived by a user name to send an illegal request to the server is avoided. The specific implementation mode is as follows:
(a) protection against XSS (cross site scripting attack):
when using token technology for identity authentication, the client needs to store the token. If the token is stored in the LocalStorage and the SessionsStorage of the client, the token is easily and directly acquired by malicious JavaScript, and generally, a plurality of Javascript class libraries of third parties are used in projects, so the method is easily attacked by XSS. Therefore, the token should be stored in the Cookie of the browser, and the generated token is directly Set in the Set-Cookie field of the HTTP Response Header (Response Header) after the user successfully logs in, so that the client reads the Set-Cookie field in the Response Header and sets the Set-Cookie field as the Cookie after receiving the Response of the server, and the Cookie is automatically taken in each subsequent request of the client to the server. Therefore, the Cookie can make the Javascript unable to access the Cookie by specifying the HttpOnly, and XSS attack is avoided.
(b) Prevention of CSRF (cross-site request forgery):
the use of cookies brings other problems, the most serious of which is CSRF attack, in which an attacker holds a trusted user Cookie, and since the browser is authenticated once, the visited website can be regarded as a real user operation, so that the attacker can perform illegal operation on the system by using the identity of the user. In order to avoid the risk of CSRF attack, the system adopts the following measures:
checking whether a Host and a Host in a Referer in a Request header (Request Headers) are the same or not, if the Host and the Host are different, searching in a domain name white list, and if the Host and the Host are not found in the white list, determining that the Host is a CSRF attack and directly intercepting by using an Interceptor (Interceptor).
When a sensitive request (POST, PUT, DELETE) is carried out each time, a client side requests a server side for a randomly generated CSRF-token, the client side takes the CSRF-token and then PUTs the CSRF-token into a request head of the sensitive request and sends the CSRF-token to the server, the server side verifies the CSRF-token in an interceptor, if the CSRF-token is matched with the CSRF-token, the CSRF attack is released, and otherwise, the CSRF attack is considered to be intercepted. As an attacker cannot forge the CSRF-token and the random CSRF-tokens generated by each sensitive request are different, the method can effectively inhibit the CSRF attack.
Finally, it should be noted that the above embodiments are described in detail and specific examples, but only for illustrating the technical solutions of the present invention and not for limiting the same, and those skilled in the art should understand that several variations and modifications can be made without departing from the concept of the present invention, and these embodiments are included in the protection scope of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (8)

1. A performance assessment and management system for enterprise employees, comprising:
the system management module is used for providing all-round organization architecture management, employee management and system user, role and authority management for managers;
the performance assessment module is used for providing assessment project management and assessment data integrated display service for managers and providing evaluation and assessment data integrated display service for daily work and various project work for workers;
and the safety authentication module is used for providing the user with the services of secret key safety encryption and storage, user identity authentication in the whole life cycle and network safety attack protection.
2. The enterprise employee oriented performance assessment and management system according to claim 1, wherein said system management module comprises an organizational framework management module, an employee management module, and a system user, role and privilege management module, wherein:
the organization architecture management module is used for informatization access and management of enterprise administrative organization architectures, forms an organization architecture tree by inputting the enterprise administrative organization architectures step by step, visualizes the parent-child node relationship in the tree into a level field in a table, records the path from a root node in the architecture tree to the node, and when searching for descendant nodes of a certain group of organizations, only needs to use indexes on column level and then uses SQL 'like XX%' matching to quickly find out all descendant nodes of the organization;
the system comprises a staff management module, a data processing module and a data processing module, wherein the staff management module is used for informationized input and management of staff information, providing functions of addition, deletion, modification and condition query of staff and personal information thereof, and supporting two input modes of manual input of the staff information and intelligent batch input, wherein the batch input is realized by inputting an excel template file based on the staff information, the staff information is filled according to the requirement of the template, and then the staff information is uploaded to the system for batch input; in addition, the batch import adopts a non-rollback strategy, the employee information before the abnormal data is successfully imported, and the data after the abnormal data is failed to be imported;
the system user, role and authority management module is used for adding, deleting, modifying and inquiring the conditions of the system user, the role and the authority, by establishing a user-role-authority three-layer model, fine-grained system authority control is realized, and based on AOP idea, authority control section is designed, first relevant logic code for authority judgment is written in the section, then appointing @ Around notice type in the section and using @ annotation point indicator to limit and match the connection point with appointed annotation, finally adding appointed annotation on the service code interface method of correspondent authority as connection point, whether the role owned by the user has the calling authority of the service method or not is judged in the section, if the client side has the authority, the service method is normally executed, if the client side does not have the authority, the service is refused, and a notice that the client side does not have the authority to call the service interface is returned to the client side.
3. The enterprise-employee-oriented performance assessment and management system according to claim 1, wherein said performance assessment module comprises three parts, an assessment setup module, an assessment to-do module and a data billboard module, wherein:
the assessment setting module is used for providing assessment items and assessment time management for managers and comprises an assessment item management sub-function module and an assessment time management sub-function module, wherein the assessment item management sub-function module establishes a one-to-many data model for the assessment items and assessment key points, one assessment item corresponds to one to a plurality of assessment key points, each assessment key point corresponds to a fraction interval, on the basis, the functions of adding, deleting, modifying and inquiring conditions of the assessment items and the assessment key points are realized, and the flexible weight distribution of the assessment key points is supported; the assessment time management sub-function module realizes the periodical initialization function of assessment data and the disaster recovery strategy of assessment service by carrying out database persistence on assessment intervals and assessment time, executes the initialization task of the assessment data at each assessment open time, judges whether the assessment needs to generate the initial data of a worker according to the time of the worker entering and leaving and the assessment intervals, inserts the initial assessment data into the interval of the time of the worker entering and leaving and the assessment intervals if the interval of the time of the worker entering and leaving and the assessment intervals have an intersection, and does not need to insert the initial assessment data into the interval of the time of the worker entering and leaving and the assessment intervals if the interval of the time of the worker entering and the assessment intervals do not have an intersection;
the examination pending module is used for providing the user with an evaluation scoring function for daily work of the direct staff and various project works, and in an examination open time period, the user performs scoring, modification and submission operations on the work performance of the staff in an examination interval according to the examination projects and examination requirements of the examination projects;
the data billboard module is used for providing the functions of indirect grading batch adjustment of subordinate workers, assessment details of all subordinate workers and assessment data statistics for users, and providing assessment detail data integration display service and data export service of all the workers of the system for assessment managers.
4. The enterprise employee oriented performance assessment and management system of claim 1 wherein said dynamic adjustment of assessment intervals and assessment time periods requires single task updates and immediate validation without affecting other business and other timing tasks by:
maintaining two ConcurrentHashMaps of static final types, "FUTURE _ MAP" and "SERVICE _ MAP" and a task handle object, storing the Future object of the task into the FUTURE _ MAP and storing the task body into the SERVICE _ MAP each time the task is newly built, when modifying the task, only needing to obtain the Future object of the task from the FUTURE _ MAP and call the cancel method to cancel the task in the current task queue in the running state, then taking out the task body from the SERVICE _ MAP for updating, then re-adding the task body into the task queue through the task handle, and finally updating the FUTURE _ MAP and the SERVICE _ MAP to ensure that the latest task object is obtained in the next updating.
5. The enterprise-employee-oriented performance assessment and management system according to claim 1, wherein said performance assessment module further provides a diagrammatizing service of assessment data, which is visualized by grouping statistics and transverse-longitudinal comparisons of assessment data.
6. The enterprise employee oriented performance assessment and management system according to claim 1, wherein said security authentication module comprises three parts of a user information security protection module, a user identity authentication module, and a network security protection module, wherein:
the user information security protection module is used for ensuring the personal information security of system users, and encrypting and decrypting the user information in the communication process of a client and a server to realize the user information protection in the whole life cycle.
The user identity authentication module is used for verifying the identity of a user in the communication process from the client to the server, adding a token containing user information into the communication data from the client to the server through a token technology, encrypting and decrypting the data by adopting an asymmetric encryption algorithm, and finally verifying the authenticity and the legality of the user information at the server and determining whether the system executes service return data or rejects a service request;
and the network security protection module is used for protecting against network security attacks, and storing the user token into the Cookie of the client browser to be matched with the CSRF token generated by the server, so that cross-site scripting attacks and illegal site stealing of client user credentials are completely eradicated, and the situation that the browser is deceived to send an illegal request to the server under the name of a user is avoided.
7. The enterprise employee oriented performance assessment and management system according to claim 1, comprising a PC side and an applet side, wherein the PC side functions include organization architecture management, employee management, system user, role and authority management, assessment project management, assessment evaluation service, assessment data integration display service. The functions of the small program end comprise assessment evaluation service and assessment data integration display service.
8. An enterprise-worker-oriented performance assessment and management method, characterized in that the enterprise-worker-oriented performance assessment and management is realized based on the enterprise-worker-oriented performance assessment and management system of any one of claims 1 to 7.
CN202210493129.5A 2022-05-07 2022-05-07 Performance assessment and management system and method for enterprise workers Pending CN114881469A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210493129.5A CN114881469A (en) 2022-05-07 2022-05-07 Performance assessment and management system and method for enterprise workers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210493129.5A CN114881469A (en) 2022-05-07 2022-05-07 Performance assessment and management system and method for enterprise workers

Publications (1)

Publication Number Publication Date
CN114881469A true CN114881469A (en) 2022-08-09

Family

ID=82673707

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210493129.5A Pending CN114881469A (en) 2022-05-07 2022-05-07 Performance assessment and management system and method for enterprise workers

Country Status (1)

Country Link
CN (1) CN114881469A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116757542A (en) * 2023-06-26 2023-09-15 朱东 Performance management improvement system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116757542A (en) * 2023-06-26 2023-09-15 朱东 Performance management improvement system and method

Similar Documents

Publication Publication Date Title
CN111488598B (en) Access control method, device, computer equipment and storage medium
US10055561B2 (en) Identity risk score generation and implementation
CN110516474B (en) User information processing method and device in blockchain network, electronic equipment and storage medium
US20200119904A1 (en) Tamper-proof privileged user access system logs
CN110597832A (en) Government affair information processing method and device based on block chain network, electronic equipment and storage medium
CN110569658B (en) User information processing method and device based on blockchain network, electronic equipment and storage medium
CN110941668B (en) Block chain-based unified identity management and authentication method
Zhong et al. Distributed blockchain‐based authentication and authorization protocol for smart grid
CN111164948A (en) Managing network security vulnerabilities using blockchain networks
US20070199050A1 (en) Web application security frame
CN103312675A (en) Attribute-oriented protection digital identity service method and system thereof
US20230308459A1 (en) Authentication attack detection and mitigation with embedded authentication and delegation
Osman et al. Proposed security model for web based applications and services
Zhao et al. TrustCA: achieving certificate transparency through smart contract in blockchain platforms
US20190303935A1 (en) System and methods for preventing reverse transactions in a distributed environment
Xu et al. Blockchain-based transparency framework for privacy preserving third-party services
CN114881469A (en) Performance assessment and management system and method for enterprise workers
Lepofsky The manager's guide to web application security: a concise guide to the weaker side of the web
US20230334140A1 (en) Management of applications’ access to data resources
US11362806B2 (en) System and methods for recording codes in a distributed environment
Shahin et al. Big data platform privacy and security, a review
Zhili et al. Environmental monitoring data storage system based on consortium blockchains
Feng et al. BDPM: A secure batch dynamic password management scheme in industrial internet environments
Ramirez A Framework to Build Secure Microservice Architecture
Yang et al. Shifting inference control to user side: Architecture and protocol

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination