CN115603962A - Data resource access method, gateway and storage medium - Google Patents

Data resource access method, gateway and storage medium Download PDF

Info

Publication number
CN115603962A
CN115603962A CN202211197434.6A CN202211197434A CN115603962A CN 115603962 A CN115603962 A CN 115603962A CN 202211197434 A CN202211197434 A CN 202211197434A CN 115603962 A CN115603962 A CN 115603962A
Authority
CN
China
Prior art keywords
target
access
user
request
user information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211197434.6A
Other languages
Chinese (zh)
Inventor
李波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202211197434.6A priority Critical patent/CN115603962A/en
Publication of CN115603962A publication Critical patent/CN115603962A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The embodiment of the invention provides a data resource access method, a gateway and a storage medium, and relates to the field of communication. The data resource access method is applied to a gateway and comprises the following steps: receiving an access request sent by a user side, and extracting request user information and access target resources from the access request; redirecting the access request to a background server of the user side; receiving a target user list returned by the background server, wherein the target user list comprises target user information allowing access to the target resource; and if the request user information is the same as any one of the target user information in the target user list, sending the access target resource to the user side. Compared with the prior art, the data resource access method, the background server, the gateway and the storage medium provided by the embodiment of the invention have the advantage of improving the data security in the data resource access process.

Description

Data resource access method, gateway and storage medium
Technical Field
The present invention relates to the field of communications, and in particular, to a data resource access method, a gateway, and a storage medium.
Background
In the prior art, SSL (Secure Sockets Layer protocol) offloading is implemented by transferring an SSL encryption/decryption link during an application access process to a corresponding device providing encryption/decryption capabilities. The mode can reduce the performance pressure of the background server and improve the access speed of the website while meeting the requirement of high concurrent access, and can reduce the requirement on hardware resources of the background server and save the operation cost under certain conditions. The gateway with the SSL unloading function can serve as an SSL agent background server, establishes SSL connection with the client, performs encryption communication with the client, performs plaintext communication with the background server, completely unloads load of SSL data processing, and does not occupy hardware resources of the background server.
At present, for the needs of rapidly realizing that enterprises connect inside, connect ecological partners, connect consumers, professional cooperation, safety management, people are the service, all use mobile office services such as similar enterprise WeChat, government WeChat, nailing, and the user needs frequent visit to other data resource pages in the process of using these APPs to work. Although the existing data resource access method improves the data security performance in the data resource access process to a certain extent through the gateway supporting the SSL uninstallation, the data security in the data resource access process still has a space for improvement.
Disclosure of Invention
The invention aims to provide a data resource access method, a gateway and a storage medium, which can improve the data security in the data resource access process.
Embodiments of the invention may be implemented as follows: in a first aspect, the present invention provides a data resource access method, applied to a gateway, including: receiving an access request sent by a user side, and extracting request user information and access target resources from the access request; redirecting the access request to a background server of the user side; receiving a target user list returned by the background server, wherein the target user list comprises target user information allowing to access the target resource; and if the request user information is the same as any target user information in the target user list, sending the access target resource to the user side.
In a second aspect, the present invention provides a backend server, including: receiving an access request sent by a user side, and extracting an access target resource from the access request; and returning a target user list according to the access target resource, wherein the target user list comprises target user information allowing access to the access target resource.
In a third aspect, the present invention provides a gateway, comprising: the communication module is used for receiving an access request sent by a user side and receiving a target user list returned by a background server, wherein the target user list comprises target user information allowing access to the target resource; the redirection module is used for redirecting the access request to a background server of the user side; and the data processing module is used for extracting request user information and access target resources from the access request, and sending the access target resources to the user side when the request user information is the same as any one of the target user information in the target user list.
In a fourth aspect, the present invention provides a gateway, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a data resource access method as described in any one of the preceding embodiments.
In a fifth aspect, the present invention provides a storage medium storing a computer program executed by a processor to implement the data resource access method according to any one of the preceding embodiments.
Compared with the prior art, in the data resource access method, the background server, the gateway and the storage medium provided by the embodiment of the invention, the access request is redirected to the background server of the user side, a large number of data which can be accessed by the user side and target users allowed to access the data are stored in the background server, the background server can acquire a target user list allowed to access the target resource according to the access target resource which the user side wants to access and is extracted from the access request after receiving the redirected access request, and feed back the target user information of the target users in the target user list and the target user list to the gateway, after receiving the target user list returned by the background server, the gateway can compare the request user information extracted from the access request with the target user information of the target users in the target user list, if the request user information is the same as any target user information in the target user list, the request user sending the current access request belongs to the user allowed to access the target resource, and the user connected with the access target resource can avoid the data from being accessed by the user, so that the data security in the data resource access process is improved.
In an optional embodiment, before redirecting the access request to the background server at the user end, the method further includes: judging whether the gateway stores the request user information; if the gateway stores the request user information, the access target resource is sent to the user side; and if the information of the requesting user is not stored in the gateway, redirecting the access request to a background server of the user side.
In an alternative embodiment of the method of the present invention, the extracting request user information and accessing target resources from the access request comprises: and extracting the user cookie of the user side and the access target resource from the access request.
In an optional embodiment, after extracting the request user information and the access target resource from the access request, the method further includes: and creating user sessions corresponding to the request user information one by one according to the request user information, and setting user cookies corresponding to the user sessions.
In an alternative embodiment, the method further comprises: creating target sessions corresponding to the target user information one by one according to the target user information, and setting target cookies corresponding to the target sessions one by one; and if the user cookie is the same as any target cookie, representing that the request user information is the same as any target user information in the target user list.
In an optional embodiment, the receiving the target user list returned by the background server includes: receiving an interface calling credential requirement returned by the background server according to the access target resource, wherein the interface calling credential requirement comprises an interface calling credential returning to the target user list requirement; sending an interface calling credential to the background server according to the interface calling credential requirement; and receiving the target user list returned by the background server.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of a data resource access method according to an embodiment of the present invention;
fig. 2 is a schematic flowchart of a data resource access method according to a second embodiment of the present invention;
fig. 3 is a schematic flowchart of a data resource access method according to a third embodiment of the present invention;
fig. 4 is a schematic flowchart of a data resource access method according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of a gateway according to a fifth embodiment of the present invention;
fig. 6 is a schematic structural diagram of a gateway according to a sixth embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined or explained in subsequent figures.
In the description of the present invention, it should be noted that if the terms "upper", "lower", "inside", "outside", etc. indicate an orientation or a positional relationship based on that shown in the drawings or that the product of the present invention is used as it is, this is only for convenience of description and simplification of the description, and it does not indicate or imply that the device or the element referred to must have a specific orientation, be constructed in a specific orientation, and be operated, and thus should not be construed as limiting the present invention.
Furthermore, the appearances of the terms "first," "second," and the like, if any, are used solely to distinguish one from another and are not to be construed as indicating or implying relative importance.
It should be noted that the features of the embodiments of the present invention may be combined with each other without conflict.
An embodiment of the present invention provides a data resource access method, which is applied to a gateway, and the specific steps are shown in fig. 1, and include the following steps.
Step S101: and receiving an access request sent by a user side, and extracting request user information and access target resources from the access request.
Specifically, in this step, the user side may be a client side of various social, office, and entertainment applications, and when the user uses the client side, the user first logs in the client side according to the self-authentication mode of the application, and the logged-in client side is the user side in this step. The method comprises the steps that a user can initiate an access request for accessing a target resource through a user side after logging in, the user side constructs the access request according to the target resource and user information after receiving a click command of the user for accessing the target resource, then the access request is sent to a gateway, the gateway conducts deconstruction and data processing on the access request after receiving the access request, and request user information and the target resource are extracted from the access request according to deconstruction and data processing results.
Specifically, in this embodiment, the request user information is stored in the user cookie at the user side, and the extraction of the request user information from the access request is to extract the user cookie at the user side from the access request. A cookie is a data segment that identifies user information, and during data interaction, the access request is stateless. That is, even if the user side has been connected to the gateway for the first time and the login is successful, the second time the gateway still cannot know which user the current request is. The cookie appears to solve the problem, after logging in for the first time, the gateway returns some data (i.e. cookie) for identifying user information to the user side, and then the user side is stored locally, when the user side sends an access request again, the stored cookie data can be automatically carried in the access request and sent to the gateway, and the gateway can identify the current user side through the user cookie data carried by the user side.
Further, in this step, when the user side sends the access request to the gateway for the first time, the access request does not have the user cookie, that is, the gateway fails to extract the user cookie from the access request, at this time, complete request user information may be directly extracted from the access request, then user sessions corresponding to the request user information one to one are created according to the request user information, and the user cookie corresponding to the user session is set.
Step S102: and redirecting the access request to a background server of the user side.
Specifically, in this step, the access request is redirected to the backend server of the client application according to the access target resource extracted from the access request in step S101.
Step S103: and receiving a target user list returned by the background server, wherein the target user list comprises target user information allowing access to the target resource.
The background server stores various resources which can be accessed by the user terminal, and stores a user white list which is allowed to access each resource corresponding to each resource. For example, for resource a stored in the backend server, the backend server stores user information of users such as users A1, A2, A3, A4, A5, and A6, which are allowed to access resource a. And after receiving the redirected access request, the background server acquires the access target resource contained in the access request, determines a target user white list allowing access to the access target resource according to the access target resource, integrates the user information of the target user in the target user white list to form a target user list, and sends the target user list to the gateway.
After receiving the target user list sent by the background server, the gateway can extract the target user information in the target user list.
Step S104: and if the request user information is the same as any target user information in the target user list, sending the access target resource to the user side.
Specifically, in this step, the requesting user information extracted from the access request in step S101 is compared with the target user information received from the backend server in step S103, and if the requesting user information is the same as any one of the target user information in the target user list, it indicates that the requesting user who sent the access request is a user who is allowed to access the target resource, and at this time, the access target resource is sent to the user side.
Specifically, in this step, after receiving the target user list, the gateway may create sessions according to target user information in the target user list, and set target cookies in one-to-one correspondence with each target session. Specifically, target sessions corresponding to target users one to one are created by using target user information of each target user, and a target cookie is set for each target session. And comparing the target cookie with the user cookie extracted in step S101, wherein since the method for setting the cookie by the gateway is not changed, when the target cookie is the same as the user cookie, it indicates that the target user information corresponding to the target cookie is the same as the requested user information corresponding to the user cookie. The user cookie is compared with the target cookie, and the data volume of the cookie is far less than that of the user information, so that the verification efficiency of the user side can be effectively improved, and the data resource access rate is further improved on the whole. It should be understood that the foregoing is only an illustration of a specific implementation example in this embodiment, and is not limited thereto, and in other embodiments of the present invention, other methods may also be used, for example, a method of comparing each target user information with the access user information one by one, and the like, and may be used flexibly according to actual needs.
Compared with the prior art, in the data resource access method provided by the embodiment of the invention, the access request is redirected to the background server of the user side, a large number of data which can be accessed by the user side and target users allowed to access the data are stored in the background server, after the redirected access request is received by the background server, the target user list allowed to access the target resource can be obtained according to the access target resource which is extracted from the access request and is desired to be accessed by the user side, the target user information of the target users in the target user list and the target user information of the target users in the target user list are fed back to the gateway, after the target user list returned by the background server is received by the gateway, the request user information extracted from the access request can be compared with the target user information of the target users in the target user list, if the request user information is the same as any target user information in the target user list, the request user sending the current access request belongs to the user allowed to access the target resource, and at this time, the connection of the user side and the access target resource can avoid the data from being accessed by the users which are not allowed, so as to improve the data security in the data resource access process.
The second embodiment of the present invention provides a data resource access method, which is applied to a gateway, and the specific steps are shown in fig. 2, including the following steps.
Step S201: and receiving an access request sent by a user side, and extracting request user information and access target resources from the access request.
Step S202: and redirecting the access request to a background server of the user side.
It is to be understood that steps S201 to S202 in this embodiment are substantially the same as steps S101 to S102 in the first embodiment, and specific reference may be made to the specific description of the foregoing embodiment, which is not repeated herein.
Step S203: and receiving an interface calling credential requirement returned by the background server according to the access target resource, wherein the interface calling credential requirement comprises an interface calling credential for returning a target user list requirement.
According to the specific description in step S103 of the first embodiment of the present invention, the background server stores various data resources and user white lists allowing access to the various resources, and the background server also stores interface invocation credentials required for invoking the user white lists corresponding to the user white lists. And after receiving the redirected access request, the background server acquires an access target resource contained in the access request, determines a target user white list allowing access to the access target resource according to the access target resource, acquires an interface calling credential required for calling the target user white list according to the target user white list, and sends the acquired interface calling credential requirement to the gateway.
Step S204: and sending the interface calling credential to the background server according to the requirement of the interface calling credential.
After receiving an interface calling credential requirement sent by the background server, acquiring the interface calling credential according to the interface calling credential requirement, and sending the acquired interface calling credential to the background server. It can be understood that, in this step, the interface calling credential pre-stored in the gateway may be directly called and then sent to the background server, the interface calling credential that does not exist in the gateway sends the interface calling credential requirement to the user side, and the interface calling credential fed back by the user side is received and then forwarded to the background server.
Step S205: and receiving a target user list returned by the background server, wherein the target user list comprises target user information allowing access to the target resource.
After receiving the interface calling credential sent by the gateway, the background server checks the received interface calling credential, that is, compares the received interface calling credential with the interface calling credential required for calling the white list of the target user obtained in step S203, if the received interface calling credential and the interface calling credential are the same, the interface calling credential sent by the gateway passes the check, and the background server sends the target user list to the gateway; if the two are different, the interface calling credential sent by the gateway fails to pass the verification, and the background server does not send the target user list to the gateway.
Step S206: and if the request user information is the same as any target user information in the target user list, sending the access target resource to the user side.
It is to be understood that step S206 in the present embodiment is substantially the same as step S106 in the first embodiment, and specific reference may be made to the detailed description of the foregoing embodiment, which is not repeated herein.
Compared with the prior art, the data resource access method provided by the second embodiment of the invention reserves all the technical steps in the first embodiment, so that the technical effect same as that of the first embodiment is achieved. In addition, in the second embodiment of the present invention, the interface call credential requirement sent by the background server is further received, and the corresponding interface call credential is sent to the background server according to the interface call credential requirement, and only after the background server passes the interface call credential verification, the target user list returned by the background server can be received, so as to send the access target resource to the user side, and further, the interface call credential of the gateway is verified, so that the security performance of the data resource access method can be further improved.
An embodiment three of the present invention provides a data resource access method, which is applied to a gateway, and the specific steps are as shown in fig. 3, including the following steps.
Step S301: and receiving an access request sent by a user side, and extracting request user information and access target resources from the access request.
Step S302: and judging whether the gateway stores the request user information, if so, executing step S306, and if not, executing step S303.
Specifically, in this step, after receiving the target user list returned by the background server, the gateway stores the target user information in the target user list, and if the request user information is already stored in the gateway, it indicates that the access user sending the access request has accessed the access target resource through the gateway before, so step S306 may be directly executed to send the access target resource to the user side, and if the request user information is already stored in the gateway, it indicates that the access user sending the access request has not accessed the access target resource through the gateway before, so step S303 is executed to redirect the access request to the background server of the user side.
Step S303: and redirecting the access request to a background server of the user side.
Step S304: and receiving a target user list returned by the background server, wherein the target user list comprises target user information allowing access to the target resource.
Step S305: if the requesting user information is the same as any target user information in the target user list, step S306 is executed.
Step S306: and sending the access target resource to the user side.
It is to be understood that steps S301 and S303 to S306 in this embodiment are substantially the same as steps S101 to S104 in the first embodiment, and specific reference may be made to the specific description of the foregoing embodiment, which is not repeated herein.
Compared with the prior art, the data resource access method provided by the third embodiment of the invention reserves all the technical steps in the first embodiment, so that the data resource access method has the same technical effect as the first embodiment. In addition, in the third embodiment of the present invention, when it is determined that the gateway has stored the request user information, the access target resource is directly sent to the user side, that is, the access user sending the access request directly sends the access target resource to the user side when the access user has accessed the access target resource through the gateway before, thereby avoiding repeated verification of the request user information and improving the efficiency of data resource access.
The fourth embodiment of the invention provides a data resource access method, which is applied to a background server, and the specific steps are shown in fig. 4, and the method comprises the following steps.
Step S401: and receiving an access request sent by the user side, and extracting an access target resource from the access request.
Specifically, in this step, the access request sent by the user end is the access request redirected by the gateway in the foregoing embodiment, and the access request includes request user information and access target resources of the user end. In this embodiment, the background server directly extracts the access target resource from the received access request.
Step S402: and returning a target user list according to the access target resource, wherein the target user list comprises target user information allowing access to the access target resource.
The background server stores various resources which can be accessed by the user terminal, and stores a user white list which is allowed to access each resource corresponding to each resource. After the access target resource contained in the access request is extracted, a target user white list allowing access to the access target resource can be determined according to the access target resource, user information of the target user in the target user white list is integrated to form a target user list, and the target user list is sent to the gateway.
Compared with the prior art, the data resource access method provided by the fourth embodiment of the present invention is a data resource access method executed on the backend server corresponding to the foregoing embodiment, and therefore has the same technical effects as the foregoing embodiment, and specific reference may be made to the specific description of the foregoing embodiment, which is not described herein again.
The fifth embodiment of the present invention relates to a gateway, and the specific structure is shown in fig. 5, and the gateway includes a communication module 501, where the communication module 501 is configured to receive an access request sent by a user side and receive a target user list returned by a background server, where the target user list includes target user information allowing access to a target resource; a redirection module 502, wherein the redirection module 502 is used for redirecting the access request to a background server of the user side; and the data processing module 503 is configured to extract the request user information and the access target resource from the access request, and send the access target resource to the user side when the request user information is the same as any one of the target user information in the target user list. Further, the gateway provided in the fifth embodiment is an SSL offload gateway. It is understood that the foregoing gateway is an SSL offload gateway, which is only a specific example in this embodiment, and in other embodiments of the present invention, other types of gateways may also be used, and the configuration may be flexibly configured according to actual needs.
Compared with the prior art, in the gateway provided by the fifth embodiment of the present invention, the redirection module 502 redirects the access request to the backend server of the user side, a large amount of data that the user side can access and target users that are allowed to access the data are stored in the backend server, after the backend server receives the redirected access request, the backend server can obtain the target user list of the target resources that are allowed to be accessed according to the access target resources that the user side wants to access, which are extracted from the access request, and feed back the target user information of the target users in the target user list and the target user list to the gateway, after the communication module 501 receives the target user list returned by the backend server, the data processing module 503 can compare the request user information extracted from the access request with the target user information of the target users in the target user list, and if the request user information is the same as any target user information in the target user list, it is indicated that the request user sending the current access request belongs to a user that is allowed to access the target resources, at this time, the user side and the access target resources that are connected can avoid data being accessed by users that are not allowed, thereby improving the security of data resources in the data access process.
An embodiment of the present invention relates to an electronic device, as shown in fig. 6, including: at least one processor 601; and a memory 602 communicatively coupled to the at least one processor 601; the memory 602 stores instructions executable by the at least one processor 601, and the instructions are executed by the at least one processor 601 to enable the at least one processor 601 to execute the data resource access method in the above embodiments.
Where the memory and processor are connected by a bus, the bus may comprise any number of interconnected buses and bridges, the buses connecting together one or more of the various circuits of the processor and the memory. The bus may also connect various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface provides an interface between the bus and the transceiver. The transceiver may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor is transmitted over a wireless medium via an antenna, which further receives the data and transmits the data to the processor.
The processor is responsible for managing the bus and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And the memory may be used to store data used by the processor in performing operations.
The seventh embodiment of the present invention relates to a storage medium storing a computer program. The computer program realizes the above-described method embodiments when executed by a processor.
That is, as can be understood by those skilled in the art, all or part of the steps in the method according to the above embodiments may be implemented by a program instructing related hardware, where the program is stored in a storage medium and includes several instructions to enable a device (which may be a single chip, a chip, or the like) or a processor (processor) to execute all or part of the steps in the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; and the modifications or the substitutions do not make the essence of the corresponding technical solutions depart from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1. A data resource access method is applied to a gateway and comprises the following steps:
receiving an access request sent by a user side, and extracting request user information and access target resources from the access request;
redirecting the access request to a background server of the user side;
receiving a target user list returned by the background server, wherein the target user list comprises target user information allowing access to the target resource;
and if the request user information is the same as any one of the target user information in the target user list, sending the access target resource to the user side.
2. The method of claim 1, wherein before redirecting the access request to a backend server at the user end, the method further comprises:
judging whether the gateway stores the request user information;
if the gateway stores the request user information, the access target resource is sent to the user side;
if the request user information is not stored in the gateway, executing the following steps: and redirecting the access request to a background server of the user side.
3. The method of claim 1, wherein the extracting the requesting user information and the access target resource from the access request comprises:
and extracting the user cookie of the user side and the access target resource from the access request.
4. The method of claim 1, wherein after extracting the requested user information and the access target resource from the access request, the method further comprises:
and creating user sessions corresponding to the request user information one by one according to the request user information, and setting user cookies corresponding to the user sessions.
5. The method according to claim 3 or 4, characterized in that the method further comprises:
creating target sessions corresponding to the target user information one by one according to the target user information, and setting target cookies corresponding to the target sessions one by one;
and if the user cookie is the same as any target cookie, representing that the request user information is the same as any target user information in the target user list.
6. The method of claim 1, wherein the receiving the list of target users returned by the background server comprises:
receiving an interface calling credential requirement returned by the background server according to the access target resource, wherein the interface calling credential requirement comprises an interface calling credential returning to the target user list requirement;
sending an interface calling credential to the background server according to the interface calling credential requirement;
and receiving the target user list returned by the background server.
7. A data resource access method is applied to a background server, and is characterized by comprising the following steps:
receiving an access request sent by a user side, and extracting an access target resource from the access request;
and returning a target user list according to the access target resource, wherein the target user list comprises target user information allowing the access of the access target resource.
8. A gateway, comprising:
the communication module is used for receiving an access request sent by a user side and receiving a target user list returned by a background server, wherein the target user list comprises target user information allowing access to the target resource;
the redirection module is used for redirecting the access request to a background server of the user side;
and the data processing module is used for extracting request user information and access target resources from the access request, and sending the access target resources to the user side when the request user information is the same as any one of the target user information in the target user list.
9. A gateway, comprising:
at least one processor; and a memory communicatively coupled to the at least one processor;
wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a data resource access method as claimed in any one of claims 1 to 6.
10. A storage medium storing a computer program for execution by a processor to implement the data resource access method of any one of claims 1 to 6.
CN202211197434.6A 2022-09-29 2022-09-29 Data resource access method, gateway and storage medium Pending CN115603962A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211197434.6A CN115603962A (en) 2022-09-29 2022-09-29 Data resource access method, gateway and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211197434.6A CN115603962A (en) 2022-09-29 2022-09-29 Data resource access method, gateway and storage medium

Publications (1)

Publication Number Publication Date
CN115603962A true CN115603962A (en) 2023-01-13

Family

ID=84844820

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211197434.6A Pending CN115603962A (en) 2022-09-29 2022-09-29 Data resource access method, gateway and storage medium

Country Status (1)

Country Link
CN (1) CN115603962A (en)

Similar Documents

Publication Publication Date Title
US7594018B2 (en) Methods and apparatus for providing access to persistent application sessions
CN102571756B (en) Multichannel in file system session connects
CN100463469C (en) Method, device and system for sharing applied program conversation information on multichannels
EP2633667B1 (en) System and method for on the fly protocol conversion in obtaining policy enforcement information
EP3133767B1 (en) Authorization control method, client and server
CN101394371B (en) Method and system for implementing a chat application proxy server
EP2888868B1 (en) Calling an unready terminal
US7746824B2 (en) Method and apparatus for establishing multiple bandwidth-limited connections for a communication device
CN100505734C (en) Method for realizing external device mapping of network computer
US20070136471A1 (en) Systems and methods for negotiating and enforcing access to network resources
CN110808948B (en) Remote procedure calling method, device and system
US10367894B2 (en) Information processing apparatus, method for controlling the same, non-transitory computer-readable storage medium, and information processing system
CN105162802A (en) Portal authentication method and Portal authentication server
US20070136301A1 (en) Systems and methods for enforcing protocol in a network using natural language messaging
CN112202744A (en) Multi-system data communication method and device
CN107181802A (en) Intelligent hardware control method and device, server, storage medium
US8825832B2 (en) Method and system for managing connections
CN110673970B (en) Cross-process calling system and method based on web application
CN103138961B (en) server control method, controlled server and central control server
CN115603962A (en) Data resource access method, gateway and storage medium
CN106385516A (en) Business transfer setting method, device and terminal
EP2916514A2 (en) A method for processing URL and an associated server and a non-transitory computer readable storage medium
CN109981725A (en) A kind of communication means across security domain, server and readable storage medium storing program for executing
US20070136472A1 (en) Systems and methods for requesting protocol in a network using natural language messaging
CN114124935A (en) Method, system, equipment and storage medium for realizing FTP service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination