CN114978696A

CN114978696A - Application access method and mobile office system

Info

Publication number: CN114978696A
Application number: CN202210568705.8A
Authority: CN
Inventors: 吕晓昱; 张亮
Original assignee: Agricultural Bank of China
Current assignee: Agricultural Bank of China
Priority date: 2022-05-24
Filing date: 2022-05-24
Publication date: 2022-08-30
Anticipated expiration: 2042-05-24
Also published as: CN114978696B

Abstract

The invention provides an application access method and a mobile office system, wherein the mobile office system comprises a client and a server which are provided with an APP, the APP comprises one or more types of application channels accessed in a channel mode, the APP is utilized to obtain an application channel access request, VPN configuration information of a first application channel which is currently requested to be accessed is inquired, and if the VPN access mode in the VPN configuration information is negative, the mobile office system is accessed in an https mode; if the first application channel is accessed through the VPN mode, if the APP runs a communication link of a second application channel accessed to the corresponding background server through the https gateway at the same time, the normal running of the second application channel is maintained while the access request of the first application channel is responded. In the scheme, the access requirements of a plurality of application channels are met through one APP, the access modes of VPN and https are provided as required, and the user experience is improved on the premise of ensuring the communication safety.

Description

Application access method and mobile office system

Technical Field

The invention relates to the technical field of network communication, in particular to an application access method and a mobile office system.

Background

With the development of the internet, more and more applications are developed on the internet in the remote office class. Teleworking class application need operate on the internet, and all kinds of office application adopt the mode of independently establishing corresponding APP more, and in the long run, along with office application's demand is increasing day by day, can produce a large amount of APPs.

In the prior art, an entry convergence principle may be employed to establish a unified APP and provide common security measures for multiple applications loaded in the APP. After the unified APP is established, communication is uniformly carried out in a vpn mode, and security control is carried out by pulling up vpn. However, by adopting the communication mode, the flow of the whole mobile terminal is guided to the VPN gateway, when the unified APP runs, other mobile terminal APPs cannot access the internet, all the applications (including non-supervisory applications) loaded by the unified APP need to be controlled according to the same strategy, and user experience is greatly influenced.

Therefore, after the application access is carried out by adopting the existing mode, the problem that the user experience is reduced on the premise of ensuring the safety exists.

Disclosure of Invention

In view of this, embodiments of the present invention provide an application access method and a mobile office system, so as to achieve the purpose of improving user experience on the premise of ensuring communication security.

In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:

the first aspect of the embodiment of the invention discloses an application access method, which is suitable for a mobile office system, wherein the mobile office system comprises a client and a server, the client is provided with an application program APP, the application program APP comprises one or more types of application channels accessed in a channel mode, the server is provided with a VPN gateway and an https gateway, and the method comprises the following steps:

acquiring an application channel access request initiated by the application program APP;

based on the application channel access request, inquiring VPN configuration information of a first application channel which is currently requested to be accessed, wherein the VPN configuration information is preset when the first application channel is accessed into the application program APP in a channel mode;

if the VPN access mode in the VPN configuration information is negative, accessing the access request of the first application channel to a corresponding background server through the https gateway;

if the VPN access mode in the VPN configuration information is yes, accessing the access request of the first application channel to a corresponding background server through the VPN gateway;

and if the application program APP runs a communication link of a second application channel accessed to the corresponding background server through the https gateway at the same time, responding to the access request of the first application channel and maintaining the normal running of the second application channel.

Optionally, the accessing, by the https gateway, the access request of the first application channel to the corresponding background server includes:

if the first application channel is the H5 application channel, inquiring the access mode of the H5 application channel:

if the mode of accessing the H5 application channel is an offline packet mode, accessing a background server corresponding to the H5 application channel by using an offline packet gateway of a mobile office system;

if the access mode of the H5 application channel is a non-offline packet mode, pre-accessing a background server corresponding to the H5 application channel based on a mobile office system application, or pre-accessing a background server corresponding to the H5 application channel based on an application built by the H5 application channel;

if the first application channel is a non-H5 application channel, pre-accessing a background server corresponding to the non-H5 application channel based on a mobile office system application, or pre-accessing a background server corresponding to the non-H5 application channel based on an application built by the non-H5 application channel.

Optionally, the accessing, by the VPN gateway, the access request of the first application channel to the corresponding background server includes:

if the first application channel is an H5 application channel, based on the VPN gateway, a background server corresponding to the H5 application channel is accessed by using a mobile office system application front end;

or, based on the VPN gateway, accessing a background server corresponding to the H5 application channel through an application pre-established by the H5 application channel;

if the first application channel is a non-H5 application channel, pre-accessing a background service end corresponding to the non-H5 application channel based on the VPN gateway and the application of the mobile office system, or pre-accessing a background service end corresponding to the non-H5 application channel based on the application built by the VPN gateway and the non-H5 application channel.

Optionally, the method further includes:

and providing public services in a pre-constructed public service component library to an application channel accessed to the application program APP based on the unified public service component inlet of the application program APP.

Optionally, the method further includes:

when a new application channel is accessed into the application program APP, acquiring VPN configuration information configured for the new application channel in advance, and storing the VPN configuration information, wherein the VPN configuration information comprises configuration contents of whether to use VPN or not;

alternatively, the first and second electrodes may be,

when a channel access mode change request of any application channel accessed to the application program APP is received;

and acquiring the changed VPN configuration information, and replacing the VPN configuration information before the change by using the changed VPN configuration information.

The second aspect of the embodiment of the invention discloses a mobile office system, which comprises a client and a server, wherein the client is provided with an application program APP, the application program APP comprises one or more types of application channels accessed in a channel mode, and the server is provided with a VPN gateway and an https gateway;

the client is used for acquiring an application channel access request initiated by the application program APP, and requesting the server to query VPN configuration information of a first application channel which is currently requested to be accessed based on the application channel access request, wherein the VPN configuration information is preset when the first application channel is accessed into the application APP in a channel mode;

the server is used for accessing the access request of the first application channel to a corresponding background server through the https gateway if the VPN access mode in the VPN configuration information is negative; if the access mode of the VPN in the VPN configuration information is yes, accessing the access request of the first application channel to the corresponding background server through the VPN gateway, and if a communication link of a second application channel accessing the corresponding background server through the https gateway is running in the application APP at the same time, maintaining the normal running of the second application channel while responding to the access request of the first application channel.

Optionally, the https gateway accesses the access request of the first application channel to the corresponding background server, which is specifically configured to:

if the application channel is the H5 application channel, inquiring the access mode of the H5 application channel: if the mode of accessing the H5 application channel is an offline packet mode, accessing a background server corresponding to the H5 application channel by using an offline packet gateway of a mobile office system; if the access mode of the H5 application channel is a non-offline packet mode, pre-accessing a background server corresponding to the H5 application channel based on a mobile office system application, or pre-accessing a background server corresponding to the H5 application channel based on an application built by the H5 application channel;

Optionally, the accessing, by the VPN gateway, the request for accessing the first application channel to the corresponding background server is specifically configured to:

if the first application channel is the H5 application channel, based on the VPN gateway, a background server corresponding to the H5 application channel is accessed by using a mobile office system application in a front-end mode; or based on the VPN gateway, accessing a background server of the H5 application channel through an application built by the H5 application channel;

Optionally, the client is further configured to provide a public service in a pre-constructed public service component library to an application channel accessed to the application program APP based on the unified public service component entry of the application program APP.

Optionally, the client is further configured to, when a new application channel accesses the application APP, obtain VPN configuration information configured for the new application channel in advance, and store the VPN configuration information, where the VPN configuration information includes configuration content of whether to use a VPN;

alternatively, the first and second electrodes may be,

the client is further used for receiving a channel access mode change request which is accessed to any application channel in the application program APP; and acquiring the changed VPN configuration information, and replacing the VPN configuration information before the change by using the changed VPN configuration information.

Based on the application access method and the mobile office system provided by the embodiment of the invention, the method comprises the following steps: acquiring an application channel access request; based on the application channel access request, inquiring VPN configuration information of a first application channel which is currently requested to be accessed, wherein the VPN configuration information is preset when the first application channel is accessed into the application APP in a channel mode; if the VPN access mode in the VPN configuration information is negative, accessing the access request of the first application channel to a background server of the first application channel through the https gateway; if the access mode of the VPN in the VPN configuration information is that the access request of the first application channel is accessed to the background server of the first application channel through the VPN gateway, if the APP runs a communication link of a second application channel accessed to the corresponding background server through the https gateway at the same time, the normal running of the second application channel is maintained while the access request of the first application channel is responded. In the scheme, the convergence entry unifies the mobile applications with different security policy requirements into an APP in a mode of an application channel, provides different access modes of VPN and https according to the access requirements of the application channel, builds a plurality of communication links, and achieves the purpose of improving user experience on the premise of guaranteeing communication security.

Drawings

In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

Fig. 1 is a schematic flowchart of an application access method according to an embodiment of the present invention;

fig. 2 is a schematic diagram of an application example of an application access method according to an embodiment of the present invention;

fig. 3 is a schematic flowchart of a process of accessing a first application channel request service to a corresponding background server through an https gateway according to an embodiment of the present invention;

fig. 4 is an application scenario diagram of accessing a background server corresponding to an H5 application channel by using an offline packet gateway in an https communication link according to an embodiment of the present invention;

fig. 5 is an application scene diagram of a background server corresponding to an application channel based on a mobile office system application pre-access H5 in an https communication link according to an embodiment of the present invention;

fig. 6 is a schematic flowchart of a process of accessing a first application channel request to a background server corresponding to the first application channel through a VPN gateway according to an embodiment of the present invention;

fig. 7 is an application scenario diagram of a background server corresponding to an application channel H5 accessed through a VPN gateway according to an embodiment of the present invention;

fig. 8 is a flowchart illustrating another application access method according to an embodiment of the present invention.

Detailed Description

The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

In this application, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

The terms "first" and "second" in the description and claims of the present application and the above-described drawings are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein.

In order to facilitate understanding of the technical solution of the present invention, technical terms appearing in the present invention are explained:

https (hyper Text Transfer Protocol over secure socket layer), adding SSL layer or TLS layer under http Protocol to ensure transmission encryption.

VPN (virtual Private network): i.e., a virtual private network, that establishes an information tunnel between the enterprise remote user and the enterprise VPN server across the public network through which data can be securely transported in the public network.

VPN gateway: the method provides a VPN communication mechanism for an external application channel, guarantees the information transmission safety, realizes the isolation of two networks, establishes the reliable connection between the internet terminal and the internal system of a company through an encrypted communication tunnel, provides the isolation service of the internet and an office network, and improves the safety and the reliability of network transmission.

Channel: the method refers to various application services accessed to a mobile office system, including self-contained application channels and external application channels.

The application center comprises: refers to a management center and a unified management interface of all application channels provided by a mobile office system. All the applications (managed in a channel mode) which are authorized to be used by the user are displayed in the application center, and the user can edit the sequence of all the applications in the application center.

H5 channel self-build app prefix: the application channel accessed by using the H5 URL architecture is built by itself, and the gateway service of the background server of the channel for safely accessing the internet terminal transaction request to the internal network area of the company is realized.

The mobile office system is applied in the front: the mobile office system is provided with a front-mounted application, so that the internet terminal transaction request is safely accessed to the gateway service of the internal network area of the company, and the structured data transmission service is provided for each application channel.

The multimedia gateway: and the gateway service for safely transmitting the unstructured data between the Internet mobile terminal and the company intranet service terminal is provided. Unstructured data transmission services are provided for each application channel.

Offline packet gateway (UMAP): the gateway service for accessing the internal network area of the company is provided for the internet external application channel accessed by using the H5 offline package architecture, and the service is provided for the offline package updating. The mobile client-server-side communication module is a component product for connecting the mobile client and the server side, simplifies data protocols and communication protocols of the mobile client and the server side, and obviously improves development efficiency and network communication efficiency.

H5 uses: and the front end uses WEB applications developed by HTML5, Javascript and CSS.

WEBVIEW: the browser display method is a mobile terminal control which is based on a webkit engine, can analyze DOM elements and display HTML pages, has the same principle as a browser display page, and can be regarded as an application built-in browser.

Primary development: the method is characterized in that APP development is carried out on the iOS and the Android system by using development languages, development class libraries and development tools provided by the authorities. For example, iOS is developed by using Objective-C or Swift language, and Android is developed by using Java or Kotlin language.

Applying a sandbox: is a security mechanism that provides an isolated environment for the program under execution. By strictly controlling the resources accessed by the executing program, it is ensured that data between applications cannot be accessed at will. And adopting Android and iOS sandbox mechanisms, simultaneously adding sensitive data encryption, and regularly cleaning the cache data of the APP.

It can be known from the background art that after application access is performed by adopting the existing mode, the problem of reducing user experience on the premise of ensuring safety exists.

Therefore, the embodiment of the invention provides an application access method and a mobile office system, a convergence entry unifies mobile applications with different security policy requirements into an APP in an application channel mode, different access modes of a VPN and an https are provided according to the access requirements of the application channels, and a plurality of communication links are established, so that the purpose of improving user experience is achieved on the premise of ensuring communication security. The details are explained in the following examples.

As shown in fig. 1, a flowchart of an application access method provided in an embodiment of the present invention is shown, where the application access method is applicable to a mobile office system, where the mobile office system includes a client and a server, where an application APP is installed, the application APP includes one or more types of application channels accessed in a channel manner, and the client provides a uniform access portal service for the one or more types of application channels through the application APP.

The server side is provided with a VPN gateway and an https gateway. The server is specifically a background server.

The method mainly comprises the following steps:

step S101: and acquiring an application channel access request initiated by the application program APP.

In step S101, the application channel access request includes, but is not limited to, a service application request, a user login authentication request, a user logout login request, an account switching request, and an office authorization request.

In the process of implementing step S101 specifically, after the user logs in the unified mobile office APP (on which one or more types of mobile applications are loaded), an arbitrary application channel in the APP is selected to initiate an application channel access request. It should be noted that the APP channel types loaded on the unified APP include, but are not limited to, mobile office applications.

It should be noted that, except for the external application channels corresponding to the application programs loaded into the APP in a channel manner, some self-contained application channels exist in the APP originally. Whether the application channel is an external application channel or a self-contained application channel, the corresponding application program can be an H5 application or a native developed application.

Step S102: based on the application channel access request, querying VPN configuration information of a first application channel currently requesting access.

In step S102, the VPN configuration information is preset when the APP is accessed by the application channel in a channel manner.

The VPN configuration information includes whether a VPN mode is selected.

The VPN configuration information is stored in a database of the server side, and the VPN configuration information can be added or modified through maintenance transaction.

In the process of implementing step S102 specifically, based on the application channel access request, the client requests the background server to query VPN configuration information of the first application channel accessed by the current application channel access request.

Specifically, when the obtained application channel access request is a user mailbox service request, the VPN configuration information of the mailbox application accessed by the current user mailbox service request is inquired.

And when the obtained application channel access request is a user information reading request, inquiring VPN configuration information of the information application accessed by the current user information reading request.

Other application channel access requests are similar and are not described in detail herein.

In an embodiment, when a new application channel accesses the application program APP, VPN configuration information configured for the new application channel in advance is obtained and stored, so as to facilitate subsequent query.

In an embodiment, when a request for changing a channel mode access mode of any application channel accessed to the APP is received;

Step S103: and judging whether the VPN access mode in the VPN configuration information is 'yes', if the VPN access mode in the VPN configuration information is 'no', executing step S104, and if the VPN access mode in the VPN configuration information is 'yes', executing step S105.

The VPN configuration information includes whether or not to select a VPN scheme (in other words, whether or not the VPN configuration information is required), and if so, the VPN access scheme in the VPN configuration information is "yes", and if not, the VPN access scheme in the VPN configuration information is "no".

Step S104: and accessing the access request of the first application channel to the corresponding background server through the https gateway.

In step S104, the background server is a server providing corresponding services for the first application channel.

In the process of implementing step S104 specifically, it is determined that the VPN access mode in the VPN configuration information is "no", the server does not pull up the VPN, and a communication link is established through the https gateway, so that the access request of the first application channel can access the corresponding background server through the established communication link, and respond to the service. That is, the application channel backend service is accessed through the https mode.

Optionally, in the process that the application channel (channel 1) accessed through the https gateway accesses the corresponding service, the user may also access the corresponding service through another application channel (channel 2) accessed through the https gateway again, and the channel 1 and the channel 2 may be parallel.

Step S105: and accessing the access request of the first application channel to the corresponding background server through the VPN gateway.

In step S105, the background server is a server providing corresponding services for the first application channel.

In the process of implementing step S105 specifically, it is determined that the VPN access mode in the VPN configuration information is that the server pulls up the VPN, establishes a communication link through the VPN gateway, implements application-level connection, enables the access request of the application channel to access the corresponding background server through the established communication link, and responds to the service.

Optionally, in the process that the application channel (channel 3) accessed through the VPN gateway accesses the corresponding service, the user may also access the corresponding service through another application channel (channel 4) accessed through the VPN gateway again, and channel 3 and channel 4 may be in parallel.

Optionally, if a communication link of a second application channel corresponding to the background server is simultaneously running in the APP at this time through the https gateway, the server maintains a communication link connection established by the second application channel based on the https gateway while responding to the access request of the first application channel, so that the second application channel runs normally.

That is to say, based on various types of application channels accessed to the application program APP in a channel manner, when an application channel accesses the application channel backend service through a communication link established by the VPN gateway, the application channel that has been accessed to the corresponding backend service through the https gateway can still maintain normal operation. For a plurality of application channels running simultaneously, the client and the server simultaneously maintain VPN and https connection, and application level connection is achieved by using VPN SDK. Therefore, after the application channel is started, the application channels of other access application programs APP can also access corresponding services.

It should be noted that, in the embodiment of the present invention, only the application channels accessing the application APP exist in the case of running simultaneously. And mobile terminals APP except the application program APP can not run simultaneously.

Optionally, after the application program APP is entered, after the default application channel (channel a) accessed through the https gateway is started, in the process of running the application channel, when the user accesses the corresponding service through another application channel (channel B) in the application program APP, the default application channel (channel a) runs normally.

It should be noted that, in the process of simultaneously maintaining VPN and https connections at the client and the server, multiple application channels accessed through the https gateway may also be parallel.

For example, the application channels for accessing the application program APP in a channel mode include, but are not limited to: application channels such as mail, instant chat, my schedule, information, official document, etc.

Fig. 2 is a schematic diagram of an application example of an application access method according to an embodiment of the present invention, where an instant chat application channel is equivalent to a second application channel in the embodiment of the present invention, and an email application channel is equivalent to a first application channel in the embodiment of the present invention.

S21: and entering an application program APP.

S22: an instant chat application channel in the application program APP is started and operated by default.

S23: and in the process that the user communicates through the instant chat application channel, when the user sends and receives mails through the mail application channel in the application program APP, the instant chat application channel normally operates in the background.

The diagonal line shown in fig. 2 indicates that the instant chat application channel normally operates in the background, and returns to the instant chat application channel after exiting the email application channel.

Optionally, in the aspect of security protection, the APP provides functions or services such as application access control, user behavior statistics, log management, screen capture restriction, copy and paste, application of a sandbox, jail crossing detection, and the like.

Based on the application access method provided by the embodiment of the invention, mobile applications with different security policy requirements are unified into an APP through a convergence entrance in an application channel mode, different access modes of VPN and https are provided according to the access requirements of the application channel, and a plurality of communication links are established, so that the purpose of improving user experience is realized on the premise of ensuring communication security.

Based on the application access method provided by the embodiment of the present invention, a process of accessing the access request of the first application channel to the corresponding background server through the https gateway in step S104 is executed. As shown in fig. 3, the method mainly comprises the following steps:

step S301: inquiring whether the application channel is an H5 application channel, if so, executing step S302; if not, step S305 or step S306 is executed.

In step S301, the H5 app channel does not distinguish whether it belongs to the self-contained app channel or the external app channel, but only distinguishes whether it corresponds to the H5 app.

In the process of implementing step S301 specifically, the client queries whether the app channel is an H5 app channel through the server.

Step S302: the method of accessing the H5 app channel is queried to determine whether the access mode is the offline package mode, if so, step S303 is performed, and if not, step S304 is performed.

In the process of implementing step S302, the client further queries, through the server, whether the H5 application channel is preconfigured with the corresponding offline package, and the offline package is stored in the server. If the off-line package exists, the off-line package mode is adopted, and if the off-line package does not exist, the non-off-line package mode is adopted.

Step S303: and accessing a background server corresponding to the H5 application channel by using the mobile office system offline packet gateway.

In the process of implementing step S303, it is determined that the H5 application channel is configured with the corresponding offline package in advance, and at this time, the H5 application channel accesses the corresponding background server through the mobile office system offline package gateway in an https manner.

It should be noted that the application channel accessed by the H5 offline package calls the H5 support capability of the application APP in the JSBridge manner, and uses the native development function provided by the application channel.

For example, as shown in fig. 4, an application scenario diagram for accessing a background server corresponding to an H5 application channel by using an offline packet gateway under an https communication link is provided in an embodiment of the present invention. The integrated mobile office platform APP is equal to the application program APP disclosed in the embodiment of the invention, the integrated mobile office platform application front-end is equal to the mobile office system application front-end disclosed in the embodiment of the invention, and the integrated mobile office platform background service and each gateway are all contained in the service end of the embodiment of the invention. The specific process is as follows:

1. and clicking an application channel on the APP by the user.

2. The integrated mobile office platform APP initiates an application request for an ST (login authentication credential).

3. And sending the request for applying ST to the authentication service through the comprehensive mobile office platform application preposition and the comprehensive mobile office platform background service.

And 4-5, after receiving the request of the application ST, the authentication service returns the authentication information to the integrated mobile office platform APP through the background service of the integrated mobile office platform and the application preposition of the integrated mobile office platform.

6. The integrated mobile office platform APP takes information such as ST as starting parameters of an H5 container, and the H5 container is pulled up, namely the integrated mobile office platform APP runs in an H5 running framework in the figure 4.

7. And the integrated mobile office platform APP sends a request for checking the update of the offline packet to the offline packet gateway.

8. And if the offline packet is updated, the offline packet gateway returns the offline packet to the integrated mobile office platform APP.

9. And the integrated mobile office platform APP initiates a single sign-on request.

10. The offline wrapper gateway forwards the single sign-on request to the H5 application channel background service.

11. H5 applies the channel backend service to send a single sign-on check request to the authentication service.

12. The authentication service returns a single point check result to the H5 application channel background.

13-14, H5 application channel background service sends the single point check result to the integrated mobile office platform APP through the off-line packet gateway.

15. And the comprehensive mobile office platform APP skips to the corresponding service of the application channel according to the single-point verification result.

16-18, the user initiates a structured data request through the integrated mobile office platform APP and sends the request to the H5 application channel background service through the offline packet gateway.

19-21, H5, assembling the structured response data by using the channel background service, returning the response information to the APP through the offline packet gateway, and displaying the response information.

22-24, the user initiates an unstructured data request through the integrated mobile office platform APP and sends the unstructured data request to the H5 application channel background service through the multimedia gateway.

25-27, H5, assembling unstructured response data by using the background service of the application channel, returning unstructured response information to the APP of the integrated mobile office platform through the multimedia gateway, and displaying the response information.

28. The integrated mobile office platform APP calls the native SDK (software development kit) of H5 through JSAPI.

After calling the native SDK on the APP of the integrated mobile office platform through the JSAPI, on the premise that an offline package corresponding to the H5 application channel is stored, the H5 application channel accesses the background server corresponding to the H5 application channel by using an offline package gateway in an https manner.

Step S304: the application preposition access H5 application channel corresponding background server based on the mobile office system, or the application preposition access external application channel corresponding background server based on the H5 application channel self-built.

In the process of implementing step S304, if the H5 application channel is not configured with the corresponding offline package in advance, the H5 application channel may use https mode to access the background server of the H5 application channel through the mobile office application of the mobile office system itself.

Or, at this time, the H5 application channel may access the background server of the H5 application channel in an https manner through the application pre-established by the H5 application channel.

It should be noted that the application channel accessed by the H5 URL uses the postmessage mode to call the H5 support capability of the application APP, and uses the native H5 function provided by the application channel.

For example, as shown in fig. 5, an application scenario diagram of a background server corresponding to an application channel of H5 is accessed based on a mobile office system application front end in an https communication link according to an embodiment of the present invention. The integrated mobile office platform APP is equal to the application program APP disclosed in the embodiment of the invention, the integrated mobile office platform application front-end is equal to the mobile office system application front-end disclosed in the embodiment of the invention, and the integrated mobile office platform background service and each gateway are all contained in the service end of the embodiment of the invention. The specific process is as follows:

1. and clicking an application channel on the APP by the user.

3. And sending the ST application request to an authentication service through the mobile office platform application preposition and the comprehensive mobile office platform background service.

6. The integrated mobile office platform APP takes information such as ST as URL (uniform resource locator) parameters and loads the information through webview. I.e., run within the webview framework of fig. 5.

7-8, initiating a single sign-on request by the integrated mobile office platform APP, and forwarding the single sign-on request to H5 application channel background service through the integrated mobile office platform APP in a front-end manner.

9. H5 applies the channel backend service to forward the single sign-on request to the authentication service for single sign-on verification.

10. The authentication service returns a single point of check result to the H5 application channel background service.

11-12, H5 application channel background service receives the single-point check result returned by the authentication service, and sends out redirection service, and the redirection service is fed back to the integrated mobile office platform APP through the integrated mobile office platform application front.

13-14, the integrated mobile office platform APP requests front-end service resources from H5 application channel background service through the integrated mobile office platform APP.

15-17, H5 application channel background service returns front-end service resources to the integrated mobile office platform APP through the integrated mobile office platform application front end for page display.

18-20, the user initiates an application request (structured data format) through the integrated mobile office platform APP, and sends the application request to the H5 application channel background service through the integrated mobile office platform APP in a front-end mode.

21-23, H5 application channel background service returns response information (structured data format) to the integrated mobile office platform APP through the integrated mobile office platform APP for page display.

24-26, the user makes an application request of unstructured data through the integrated mobile office platform APP, and the request is sent to the H5 application channel background service through the multimedia gateway.

27-29 and H5 return unstructured response data to the APP through the multimedia gateway by using the background service of the application channel, and the page display is carried out.

Step S305: and accessing a background server corresponding to the non-H5 application channel based on the application of the mobile office system.

Step S306: and the application built based on the non-H5 application channel is used for accessing the background server corresponding to the non-H5 application channel in a front-end mode.

Step S306 is indicated by a dashed line in fig. 3, with the limitation that either step S305 or step S306 is performed.

Based on the application access method provided by the embodiment of the invention, the https access mode is provided according to the type of the inquired currently accessed application channel and the access requirement of the application channel, and various communication links are built, so that the purpose of improving the user experience is realized on the premise of ensuring the communication safety.

Based on the application access method provided in the embodiment of the present invention, a process of accessing the first application channel to the background server corresponding to the first application channel through the VPN gateway in step S105 is executed.

As shown in fig. 6, the method mainly comprises the following steps:

step S601: inquiring whether the application channel is an H5 application channel, if so, executing step S602 or step S603; if not, step S604 or step S605 is executed.

In the process of implementing step S601 specifically, it can be known from the foregoing that, when the VPN configuration information VPN access mode is yes, the background server corresponding to the first application channel needs to be accessed through the VPN gateway, and according to different types of application channels, the subsequent mode of accessing the background server corresponding to the first application channel based on the VPN gateway also differs.

Step S602: and based on the VPN gateway, the background server corresponding to the H5 application channel is accessed through the application front end of the mobile office system.

Step S603: based on the VPN gateway, the application built by the H5 application channel is used for accessing the background server corresponding to the H5 application channel in a front-end mode.

Step S603 is indicated by a dotted line in fig. 6, with the restriction that either step S602 or step S603 is performed.

Step S604: and based on the VPN gateway, the application of the mobile office system is used for accessing a background server corresponding to the non-H5 application channel in a front-end mode.

Step S605: based on the VPN gateway, the application built by the non-H5 application channel is used for accessing the background server corresponding to the non-H5 application channel in a front-end mode.

Likewise, step S605 is indicated by a dotted line in fig. 6, so that either step S604 or step S605 is executed.

As shown in fig. 7, an application scenario diagram for accessing a background server corresponding to an H5 application channel through a VPN gateway is provided in the embodiment of the present invention. The integrated mobile office platform APP is equal to the application program APP disclosed in the embodiment of the invention, the integrated mobile office platform application front-end is equal to the mobile office system application front-end disclosed in the embodiment of the invention, and the integrated mobile office platform background service and each gateway are all contained in the service end of the embodiment of the invention. The specific process is as follows:

1. and clicking an application channel on the APP by the user.

2. The APP terminal of the integrated mobile office platform initiates a request for ST (login authentication voucher).

3. And sending the request ST to the authentication service through the preposition of the comprehensive mobile office platform application and the background service of the comprehensive mobile office platform.

And 4-5, after receiving the request of the application ST, the authentication service returns authentication information to the integrated mobile office platform APP through the background service of the integrated mobile office platform and the application preposition of the integrated mobile office platform.

6. The integrated mobile office platform APP takes information such as ST as URL (uniform resource locator) parameters and loads the information through webview. I.e., run within the webview framework of fig. 7.

7-9, initiating a single sign-on request by the integrated mobile office platform APP, and forwarding the single sign-on request to H5 application channel background service through the integrated mobile office platform VPN gateway and the integrated mobile office platform application.

10. H5 applies the channel backend service to forward the single sign-on request to the authentication service for single sign-on verification.

11. The authentication service returns a single point of check result to the H5 application channel background service.

12-14, H5 application channel background service receives the single-point check result returned by the authentication service, and sends out the redirection service, and the redirection service is fed back to the integrated mobile office platform APP through the integrated mobile office platform application front-end and the VPN gateway.

15-17, the integrated mobile office platform APP requests front-end service resources from H5 application channel background service through the VPN gateway and the integrated mobile office platform application front.

18-21, H5 application channel background service returns front-end service resources to the integrated mobile office platform APP through the VPN gateway and the integrated mobile office platform application front end for page display.

22-25, the user initiates a structured data request through the integrated mobile office platform APP, and sends the structured data request to the H5 application channel background service through the VPN gateway and the integrated mobile office platform APP in a front-end mode.

26-29 and H5 application channel background services return structured response data to the integrated mobile office platform APP through the VPN gateway and the integrated mobile office platform application front-end, and page display is carried out.

30-33, the user initiates an unstructured data request through the integrated mobile office platform APP, and the unstructured data request is sent to the H5 application channel background service through the VPN gateway and the multimedia gateway.

34-37, H5 returning unstructured response data to the integrated mobile office platform APP through the multimedia gateway and the integrated mobile office platform VPN gateway for page display.

According to the application access method provided by the embodiment of the invention, a VPN access mode is provided according to the type of the currently accessed application channel and the access requirement of the application channel, and a plurality of communication links are built, so that the purpose of improving the user experience is realized on the premise of ensuring the communication safety.

Based on the application access method provided by the embodiment of the present invention, as shown in fig. 8, a flow diagram of another application access method provided by the embodiment of the present invention is shown, and the method mainly includes the following steps:

step S801: and acquiring an application channel access request initiated by the application program APP.

Step S802: and inquiring VPN configuration information of a first application channel which is requested to be accessed currently based on the application channel access request, wherein the VPN configuration information is preset when the first application channel is accessed into the application program APP in a channel mode.

Step S803: determining whether the VPN access method in the VPN configuration information is "yes", if the VPN access method in the VPN configuration information is "no", executing step S804, and if the VPN access method in the VPN configuration information is "yes", executing step S805.

Step S804: and accessing the access request of the first application channel to the corresponding background server through the https gateway.

Step S805: and accessing the access request of the first application channel to the corresponding background server through the VPN gateway.

It should be noted that the execution principle and the process of steps S801 to S805 are the same as those of steps S101 to S105 disclosed in fig. 1, and thus, the description thereof is omitted here.

Step S806: and providing public services in a pre-constructed public service component library to an application channel accessed to the application program APP based on the unified public service component inlet of the application program APP.

In step S806, the public service provided by the public service component in the public service component library includes: the system comprises a two-dimensional code scanning service, an OCR (optical character recognition) service, a face recognition service, a fingerprint recognition service, a palm banking payment order service, a PDF (portable document format) file online annotation service, a message pushing service, a WPS (Windows presentation System) file previewing service, a to-do center message service, a calendar service, a geographic position information service and the like.

In step S806, the process of acquiring the public service information includes:

the application channel accessing the application program APP can use the required public service through the unified public service component portal. The public service can be provided by a public service component local to the application program APP, and the public service component which is packaged in the application program APP in advance and needs to remotely call the background server to realize functions.

Specifically, if the public service provided by the public service component can be locally provided by the application program APP, the mobile office system provides the locally provided public service to the application channel for use through a unified public service component portal. Such as a geographic location information public service or a calendar public service.

If the public service provided by the public service component needs to be remotely called to be realized, the mobile office system provides the packaged public service which needs to be remotely called to be realized by the background service end for the application channel to use through the uniform public service component inlet. Such as a proxy messaging service or a face recognition service, etc.

Based on the application access method provided by the embodiment of the invention, the convergence entry unifies mobile applications with different security policy requirements into an APP through an application channel mode and a public component service entry, provides different access modes of VPN and https according to the access requirements of the application channels, and builds a plurality of communication links, thereby achieving the purpose of improving user experience on the premise of ensuring communication security.

Corresponding to the application access method shown in fig. 1 in the embodiment of the present invention, the embodiment of the present invention further provides a mobile office system, where the mobile office system includes a client and a server, where the client is installed with an application APP, the application APP includes one or more types of application channels accessed in a channel manner, and the server is provided with a VPN gateway and an https gateway. The mobile office system includes: client and server.

The client is configured to acquire an application channel access request initiated by the application APP, and request the server to query VPN configuration information of a first application channel currently requested to be accessed based on the application channel access request, where the VPN configuration information is preset when the first application channel is accessed to the application APP in a channel manner.

The server is used for accessing the request of the first application channel to a background server corresponding to the first application channel through the https gateway if the VPN access mode of the VPN configuration information is negative; if the VPN access mode of the VPN configuration information is that the request of a first application channel is accessed to a background server corresponding to the first application channel through the VPN gateway, if the APP of the application program runs a communication link of a second application channel accessed to the corresponding background server through the https gateway at the same time, the normal running of the second application channel is maintained.

In an embodiment, the https gateway accesses a request of a first application channel to a server of a background service corresponding to the first application channel, and is specifically configured to:

if the application channel is an H5 application channel, inquiring the access mode of the H5 application channel; if the mode of accessing the H5 application channel is an offline packet mode, accessing a background server corresponding to the H5 application channel by using an offline packet gateway of a mobile office system; and if the access mode of the H5 application channel is a non-offline packet mode, accessing the background server corresponding to the H5 application channel based on the application front of a mobile office system, or accessing the background server corresponding to the H5 application channel based on the application front built by the H5 application channel.

In an embodiment, accessing, by the VPN gateway, the request of the first application channel to a corresponding background server is specifically configured to:

if the first application channel is an H5 application channel, based on the VPN gateway, a mobile office system application is used for accessing background services corresponding to the H5 application channel in a front-end mode; or based on the VPN gateway, accessing a background server of the H5 application channel through an application built by the H5 application channel.

In an embodiment, the client is further configured to provide a public service in a pre-constructed public service component library to an application channel accessing the application program APP based on the unified public service component entry of the application program APP.

In an embodiment, the client is further configured to, when a new application channel accesses the APP, obtain VPN configuration information configured for the new application channel in advance, and store the VPN configuration information; the VPN configuration information includes whether to use a VPN or not.

Alternatively, the first and second electrodes may be,

the client is further used for receiving a channel mode access mode change request of any application channel accessed in the application program APP; and acquiring the changed VPN configuration information, and replacing the VPN configuration information before change stored in the server by using the changed VPN configuration information.

Optionally, in terms of security protection, the client further provides functions or services such as application access control, user behavior statistics, log management, screen capture restriction, copy and paste, application of a sandbox, jail crossing detection and the like.

It should be noted that, the specific principle and the implementation process of the client and the server in the mobile office system disclosed in the above embodiment of the present invention are the same as the application access method implemented in the above embodiment of the present invention, and reference may be made to corresponding parts in the application access method disclosed in the above embodiment of the present invention, which are not described herein again.

Based on the mobile office system provided by the embodiment of the invention, the convergence entry unifies mobile applications with different security policy requirements into one APP in a way of an application channel, provides different access ways of VPN and https according to the access requirements of the application channel, and builds a plurality of communication links, thereby achieving the purpose of improving user experience on the premise of ensuring communication security.

All the embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement without inventive effort.

Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.

The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims

1. An application access method is characterized by being applicable to a mobile office system, wherein the mobile office system comprises a client and a server, the client is provided with an application program APP, the application program APP comprises one or more types of application channels accessed in a channel mode, the server is provided with a VPN gateway and an https gateway, and the method comprises the following steps:

2. The method according to claim 1, wherein the accessing the access request of the first application channel to the corresponding background server through the https gateway includes:

if the first application channel is the H5 application channel, inquiring the access mode of the H5 application channel;

3. The method according to claim 1, wherein said accessing the access request of the first application channel to the corresponding background server through the VPN gateway comprises:

if the first application channel is the H5 application channel, based on the VPN gateway, a background server corresponding to the H5 application channel is accessed by using a mobile office system application in a front-end mode;

4. The method of any of claims 1 to 3, further comprising:

5. The method of any of claims 1 to 3, further comprising:

alternatively, the first and second electrodes may be,

6. A mobile office system is characterized by comprising a client and a server, wherein the client is provided with an application program APP, the application program APP comprises one or more types of application channels accessed in a channel mode, and the server is provided with a VPN gateway and an https gateway;

the server is used for accessing the access request of the first application channel to a corresponding background server through the https gateway if the VPN access mode in the VPN configuration information is negative; if the access mode of the VPN in the VPN configuration information is yes, the access request of the first application channel is accessed to the corresponding background server through the VPN gateway, if the communication link of the second application channel accessed to the corresponding background server through the https gateway is operated in the application APP at the same time, the normal operation of the second application channel is maintained while the access request of the first application channel is responded.

7. The system according to claim 6, wherein the https gateway accesses the access request of the first application channel to the corresponding background server, and is specifically configured to:

if the application channel is an H5 application channel, inquiring the access mode of the H5 application channel; if the mode of accessing the H5 application channel is an offline packet mode, accessing a background server corresponding to the H5 application channel by using an offline packet gateway of a mobile office system; if the access mode of the H5 application channel is a non-offline packet mode, pre-accessing a background server corresponding to the H5 application channel based on a mobile office system application, or pre-accessing a background server corresponding to the H5 application channel based on an application built by the H5 application channel;

8. The system according to claim 6, wherein the accessing of the access request of the first application channel to the corresponding background server through the VPN gateway is specifically configured to:

if the first application channel is an H5 application channel, based on the VPN gateway, a background server corresponding to the H5 application channel is accessed by using a mobile office system application front end; or, based on the VPN gateway, accessing a background server of the H5 application channel through an application front of the H5 application channel;

9. The system according to any one of claims 6 to 8,

the client is further configured to provide a public service in a pre-constructed public service component library to an application channel accessed to the application program APP based on the unified public service component entry of the application program APP.

10. The system according to any one of claims 6 to 8,

the client is further configured to, when a new application channel is accessed to the APP, acquire and store VPN configuration information configured for the new application channel in advance, where the VPN configuration information includes configuration content of whether to use a VPN;

alternatively, the first and second electrodes may be,