CN116305032B - Method and system for accessing system permission in sharing page application - Google Patents
Method and system for accessing system permission in sharing page application Download PDFInfo
- Publication number
- CN116305032B CN116305032B CN202310157793.7A CN202310157793A CN116305032B CN 116305032 B CN116305032 B CN 116305032B CN 202310157793 A CN202310157793 A CN 202310157793A CN 116305032 B CN116305032 B CN 116305032B
- Authority
- CN
- China
- Prior art keywords
- access address
- page application
- service
- login
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 41
- 238000001914 filtration Methods 0.000 claims abstract description 15
- 238000004590 computer program Methods 0.000 claims description 14
- 238000012795 verification Methods 0.000 claims description 7
- 230000009191 jumping Effects 0.000 claims description 3
- 230000006870 function Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000004048 modification Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 5
- 238000009877 rendering Methods 0.000 description 3
- 238000007792 addition Methods 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000015572 biosynthetic process Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000013144 data compression Methods 0.000 description 1
- 230000006837 decompression Effects 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of page application access, in particular to a method and a system for accessing system permission in sharing page application. The method and the system for accessing the system permission in the sharing page application comprise the following steps: creating a shared page application and a first access address corresponding to the page application, and adding the first access address into a white list of a database, wherein the first access address of the white list represents an address allowing access to the database; adding a mark to the first access address to form a second access address, wherein the second access address represents the access address with the mark; presetting a service corresponding to the mark in a database; filtering the request of the second access address according to a filter preset in the database; if the filter intercepts the second access address request, giving a service corresponding to the page application of the second access address; content operating in the shared page application is cached at a specified location based on the service to which the tag corresponds.
Description
Technical Field
The application relates to the technical field of page application access, in particular to a method and a system for accessing system permission in sharing page application.
Background
There is a need in the conventional Web system to share a page without logging in to a foreground (the Web system is divided into a foreground and a background) visitor, for example, a knowledge graph page of an enterprise is shared to staff inside the enterprise or external staff to view, it is obvious that the staff inside and the staff outside can share different rights in the shared knowledge graph, and for different staff, visible data and executable function menus need to be controlled by different rights. In this case, an administrator is used to configure a sharing page in the background, and then share the links to related personnel. When the related personnel are used as visitors and receive the shared knowledge graph page, the application on the page and the use page can be checked without logging in and authority. At this time, if the visitor wants to modify some parameters on the page or use related functions that the visitor does not have permission, a permission access scheme needs to be provided for each page visitor without affecting the original permission functions.
Therefore, it is necessary to create a login-free page application that can be shared for multiple visitors, and an administrator needs to set the permissions of the visitors on the shared page application for different visitors, so that the visitors can perform corresponding operations on the page application according to the owned permissions, and the actions not only increase the workload of the administrator, but also are not easy to manage the subsequent modification of the page application.
In view of the foregoing, there is a need for a method that can share pages for multiple visitors, and that does not affect the background when the visitor performs a modification operation on the pages.
Disclosure of Invention
The application aims to provide a method for accessing system permission in a page sharing application, which can share pages for a plurality of visitors and does not influence a background database when the visitors modify the pages;
the first aspect of the present application provides a method for accessing system permissions in a sharing page application, the method comprising:
creating a shared page application and a first access address corresponding to the page application, and adding the first access address into a white list of a database, wherein the first access address of the white list represents an address allowing access to the database;
adding a mark to the first access address to form a second access address, wherein the second access address represents the access address with the mark;
presetting a service corresponding to a mark in the database;
filtering the request of the second access address according to a preset filter in the database;
if the filter intercepts the second access address request, giving the service corresponding to the page application of the second access address;
and based on the service corresponding to the mark, the content operated in the shared page application is cached in a specified position.
In one implementation manner, the step of creating the shared page application and the first access address corresponding to the page application, and adding the first access address to the white list of the database includes:
and creating a page application with unrestricted access to the service, and configuring the first access address for the page application.
In one manner of implementation, the step of adding a tag to the first access address to form a second access address includes:
adding a request header to the first access address, wherein the request header represents a tag added at the first access address;
and combining the first access address and the request head to form the second access address.
In one implementation manner, the step of presetting the service corresponding to the tag in the database includes:
and creating services by the marking operation of the database according to different marks.
In one implementation manner, the step of filtering the request of the second access address according to a filter preset in the database includes:
creating the filter capable of intercepting the mark;
according to the established filter, intercepting the request with the marked second access address.
In one implementation manner, if the filter intercepts the second access address request, the step of applying a corresponding service to the page with the second access address includes:
if the filter intercepts the second access address request, according to the mark of the second access address, giving the service corresponding to the page application of the second access address;
and giving the service operated by the page application according to the service corresponding to the page application.
In one implementation manner, the step of caching the content operated in the shared page application at a specified location based on the service corresponding to the tag includes:
establishing a cache space and associating the cache space with the shared page application with the tag;
and caching the operation of the shared page application in the cache space.
The second aspect of the present application provides a knowledge graph data compression and decompression system, including the aforementioned method for accessing system rights in a sharing page application, where the system includes:
the system comprises a creation unit, a storage unit and a storage unit, wherein the creation unit is used for creating a shared page application and a first access address corresponding to the page application, and adding the first access address into a white list of a database, wherein the first access address of the white list represents an address allowing access to the database;
a marking unit, configured to add a mark to the first access address to form a second access address, where the second access address represents an access address with a mark;
the marking service unit is used for presetting a service corresponding to the marking in the database;
the filtering unit is used for filtering the request of the second access address according to a filter preset in the database;
a corresponding unit, configured to, if the filter intercepts the second access address request, assign a service corresponding to the page application of the second access address;
and the caching unit is used for caching the content operated in the shared page application at a specified position based on the service corresponding to the mark.
A third aspect of the present application provides a computer device comprising a memory storing a computer program and a processor implementing the steps of the aforementioned method of accessing system permissions in a shared page application when the computer program is executed.
A fourth aspect of the present application is to provide a computer storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the aforementioned method of accessing system permissions in a sharing page application.
The application has the beneficial effects that:
and creating a shared page application and a first access address corresponding to the page application, and adding the first access address into a white list of the database, wherein the database can be accessed through the white list. And adding a mark to the first access address to form a second access address, presetting a service corresponding to the specific mark access address in a database, filtering a request of the second access address according to a filter preset in the database, endowing the page application with the corresponding service according to the mark of the second access address when the second access address is obtained, operating the page application after receiving the page application with the service by a visitor, and caching the operation content at a designated position. The method has the advantages that the original system is slightly changed, the invasiveness is lower, various access permission modes are supported, the security is ensured by limiting the used role permission, and the respective operations of different page visitors for accessing the same page application are not mutually influenced, so that the complete isolation is realized.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are needed in the description of the embodiments or the prior art will be briefly described, and it is obvious that the drawings in the description below are some embodiments of the present application, and other drawings can be obtained according to the drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for accessing system permissions in a shared page application in accordance with the present application;
FIG. 2 is a flow chart of steps of a method for accessing system permissions in a shared page application according to the present application;
FIG. 3 is a flowchart illustrating steps for a visitor to access a service page application in a method for sharing system permissions in the page application according to the present application;
FIG. 4 is a flowchart illustrating a second access address forming step of a method for accessing system permissions in a sharing page application according to the present application;
FIG. 5 is a flowchart showing steps for marking a service authority of a database in a method for accessing system authorities in a shared page application;
FIG. 6 is a flowchart showing the steps of finding a corresponding service through a request parameter of a request service code in a method for accessing system permissions in a sharing page application according to the present application;
FIG. 7 is a flowchart illustrating a method for accessing system permissions in a shared page application for providing services corresponding to a page application with a second access address;
fig. 8 is a flowchart illustrating steps of a method for accessing system permissions in a sharing page application according to the present application, where operation results are stored in different positions according to different permissions.
Detailed Description
In the description of the embodiments of the present application, those skilled in the art will appreciate that the embodiments of the present application may be implemented as a method, an apparatus, an electronic device, and a computer-readable storage medium. Thus, embodiments of the present application may be embodied in the following forms: complete hardware, complete software (including firmware, resident software, micro-code, etc.), a combination of hardware and software. Furthermore, in some embodiments, embodiments of the application may also be implemented in the form of a computer program product in one or more computer-readable storage media having computer program code embodied therein.
Any combination of one or more computer-readable storage media may be employed by the computer-readable storage media described above. The computer-readable storage medium includes: an electrical, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination thereof. More specific examples of the computer readable storage medium include the following: portable computer diskette, hard disk, random Access Memory (RAM), read-only Memory (ROM), erasable programmable read-only Memory (EPROM), flash Memory (Flash Memory), optical fiber, compact disc read-only Memory (CD-ROM), optical storage device, magnetic storage device, or any combination thereof. In embodiments of the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, device.
The computer program code embodied in the computer readable storage medium may be transmitted using any appropriate medium, including: wireless, wire, fiber optic cable, radio Frequency (RF), or any suitable combination thereof.
Computer program code for carrying out operations of embodiments of the present application may be written in assembly instructions, instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, integrated circuit configuration data, or in one or more programming languages, or combinations thereof, including an object oriented programming language such as: java, smalltalk, C ++, also include conventional procedural programming languages, such as: c language or similar programming language. The computer program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of remote computers, the remote computers may be connected via any sort of network, including: a Local Area Network (LAN) or a Wide Area Network (WAN), which may be connected to the user's computer or to an external computer.
The embodiment of the application describes a method, a device and electronic equipment through flowcharts and/or block diagrams.
It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions. These computer-readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer readable program instructions may also be stored in a computer readable storage medium that can cause a computer or other programmable data processing apparatus to function in a particular manner. Thus, instructions stored in a computer-readable storage medium produce an instruction means which implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The terms first and second and the like in the description and in the claims of embodiments of the application, are used for distinguishing between different objects and not necessarily for describing a particular sequential order of objects. For example, the first target object and the second target object, etc., are used to distinguish between different target objects, and are not used to describe a particular order of target objects.
In embodiments of the application, words such as "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "e.g." in an embodiment should not be taken as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the description of the embodiments of the present application, unless otherwise indicated, the meaning of "a plurality" means two or more. For example, the plurality of processing units refers to two or more processing units; the plurality of systems means two or more systems.
The terms are explained below.
The foreground and the background are related contents displayed on a webpage opened by a user through a browser. The background is a matched display page developed for managing the display content of the foreground, is usually used by a manager, comprises identity recognition means such as an account, a password and the like, and can be correspondingly called as a front end and a back end.
Code, the Code is to replace one word or phrase with another word, number or sign to hide the original word or phrase, which mainly plays the role of replacement.
As shown in fig. 1 and fig. 2, a first aspect of the present application provides a method for accessing system permissions in a sharing page application, including:
s100: and creating a shared page application and a first access address corresponding to the page application, and adding the first access address into a white list of a database.
Wherein the first access address of the white list represents an address where access to the database is allowed.
Specifically, when a visitor wants to access a page application, such as a Web system, in the foreground, an administrator creates the page application to be accessed by the visitor in the background, and configures a first access address for the page application so as to access the page application through the first access address. And adding the first access address into a white list of the database so as to enable the first access address to smoothly access the database and obtain information in the database.
Incidentally, the page application of the visitor access service includes step S101.
As shown in fig. 3, S101: a page application for unrestricted access to a service is created and a first access address is configured for the page application.
When the number of visitors is plural, since the service content of each visitor is different, a page application of access service which is not limited can be created in advance, for example, a knowledge graph of a query is published as a page application which can be directly accessed, so that the page application of the knowledge graph can be accessed by all visitors, and in addition, a first access address is configured for the page application. The first access address can be smoothly accessed into the database, and data in the database can be acquired.
S200: a tag is added to the first access address to form a second access address.
Wherein the second access address represents an access address with a tag.
Specifically, the second access address is marked on the basis of the first access address, and the mark can be added at the address head of the first access address or at the address tail. When the database is accessed through the second access address, the first access address is utilized for access, and the authority corresponding to the mark is checked.
The formation of the second access address includes steps S201 and S202.
As shown in fig. 4, S201: a request header is added for the first access address.
Wherein the request header represents a tag added at the first access address.
Specifically, the request header adds a header at the first access address, e.g., the request header at the first access address carries an application code. The application page code is imported into the front-end request header so that the application code is attached to the front-end request header and the visitor can open the page application with the request header.
The request header carries corresponding parameters for parsing and checking according to the parameters of the request header. The parameters may represent service content.
S202: the first access address and the request header are combined to form a second access address.
Wherein the request header and the first access address are combined to form a new access address, forming a second access address. The page application is accessed using the second access address. When the page application is accessed using the second access address, the background splits the second access address into the first access address plus the request header and accesses the database in that manner.
S300: and presetting the service corresponding to the mark in the database.
When the mark is filtered, the service corresponding to the mark can be presented to the visitor so that the visitor can realize the corresponding inquiry and other operations.
Specifically, the service authority of the flag setting database includes step S301.
As shown in fig. 5, S301: and creating services by the marking operation of the database according to different marks.
The present application is not limited thereto, and several kinds of marks may be set according to the authority, and each of the marks corresponds to one access address.
For example, two login modes can be set in the page application, wherein one login mode needs to be clicked to log in, namely, the page application can be logged in only by verification; the other way is to log in without authentication, i.e. the page application can be logged in. Different login modes represent different rights, and a manager creates different data services and functional rights for the different login modes in the background and binds different roles to the user or the created services. That is, different roles through login and no-login are bound into the user or created service. So as to purposefully manage and release rights for different roles of login and login-free.
The two different login modes can be realized by configuring a request head, for example, the access connection with the code of the corresponding service is generated by different roles of corresponding login and no-login. The access connection through different codes has different authorities.
S400: and filtering the request of the second access address according to a filter preset in the database.
Wherein a filter is built in the database for filtering the request header in order to determine the rights that the second access address should have.
Specifically, finding a corresponding service through a request parameter of a request service code includes steps S401 and S402.
As shown in fig. 6, S401: a filter is created that is capable of intercepting the mark.
Wherein, an address filter for accessing the database is created for the database, and the access address can be filtered through the filter so as to perform subsequent operations according to the filtering result.
S402: according to the established filter, a request with a marked second access address is intercepted.
When the database is accessed by the second access address, the operation such as query is performed, the operation is filtered by the created filter, and when the database is accessed by the second access address with the request head, the operation is intercepted by the filter. The filter gives different rights to the second access address having the request header according to a predetermined program.
When the first access address is input in the browser, the filter filters the first access address, analyzes whether the request contains an application code, and when the code is not set in the first access address, the first access address is a white list and directly accesses the database.
S500: and if the filter intercepts the second access address request, applying the corresponding service to the page with the second access address.
When the filter intercepts the second access address, the corresponding service is given according to the service of the request head given the second access address.
Specifically, the service corresponding to the page application given the second access address includes the steps of: s501 to S502.
As shown in fig. 7, S501: if the filter intercepts the second access address request, the service corresponding to the page application of the second access address is given according to the mark of the second access address.
When the filter intercepts the second access address request, the parameter carried by the request head of the second access address is analyzed and checked. So as to access single sign-on or login-free according to the analysis and verification results.
S502: and giving the service operated by the page application according to the service corresponding to the page application.
When the filter intercepts different access address requests, the filter is configured to the service of different page application operations in the database according to the analysis and verification results of different request heads.
Illustratively, when the visitor enters the second access address into the browser, the second access address is first filtered by the filter.
If the request header of the second access address is login-free, acquiring the authority of the login-free role according to the request header, jumping to a corresponding page, simulating user login in the foreground through a user built in the background, and giving corresponding operation service.
If the second access address has the request head which is logged in, the authority of the login role is obtained according to the request head, namely, the visitor single-point login jumps to the single-point login page, and after verification is successful in logging in, the visitor single-point login jumps to the service page so as to execute corresponding operation service through the service page.
The data and function menu of the visitor are filtered according to the role filter, wherein the service used by the login-free party is a service of a pre-bound role (the service content is preset in the background and can be understood as having a certain service limit); single sign-on uses roles owned by the registrar.
S600: content operating in the shared page application is cached at a specified location based on the service to which the tag corresponds.
According to different login modes of login-free and single-point login, rendering pages, rendering corresponding page applications according to different authorities obtained by different login modes, for example, rendering corresponding knowledge-graph pages, and storing operation results at different positions according to different authorities.
Specifically, storing the operation result in different locations according to different rights includes steps S601 and S602.
As shown in fig. 8, S601: a cache space is established and associated with the shared page application having the tag.
Wherein, a buffer space is established in the foreground or the background, and the buffer space is associated with the shared page application, so that the operation performed in the page application can be buffered in the buffer space. If the number of visitors is large in the case of establishing the buffer space in the background, it is necessary to establish a large number of corresponding buffer spaces, and therefore, it is preferable to establish the buffer space in the foreground and store the operation of the visitors in the buffer space in the foreground.
S602: the operation of the shared page application is cached in the cache space.
The visitor without login and single sign-on represents two types of users, and the visitor without login represents anonymous users, namely, unnamed users. The single sign-on user represents a system registered user.
Secondly, aiming at two different visitors, when the shared page application is operated, the login-free user can perform addition, deletion and modification operations on the page application, and the addition, deletion and modification operations are cached at the front end. In this way, the operations among a plurality of login-free visitors are not affected, but the corresponding login user is stateless for the background, i.e. the background does not provide services for the login-free operation. In contrast, the single sign-on visitor is a system registration user, and can add, delete and modify the shared page application, and correspondingly adjust the data in the database of the background.
In summary, according to the method for sharing the access system permission in the page application, when a visitor issues any page application without login, the function that the permission is needed to be used can be realized in a page without login. Meanwhile, the original system is less in change and lower in invasiveness, various access permission modes are supported, safety is guaranteed by limiting the used role permission, and the respective operations of different page visitors for accessing the same page application cannot be mutually influenced, so that complete isolation is realized.
In addition, the access address is marked, so that the access address can be used as single sign-on or as login-free, and the marking is used for distinguishing the single sign-on from the login-free. Specifically, the service authority in the database may be set according to the tag, and the service content corresponding to the visitor, such as the data and the function menu, is returned according to the analysis and the verification of the tag, which is not limited by the present application.
The second aspect of the present application provides a method for accessing system permissions in a sharing page application, including the foregoing method for accessing system permissions in a sharing page application, where the system includes:
the system comprises a creation unit, a storage unit and a storage unit, wherein the creation unit is used for creating a shared page application and a first access address corresponding to the page application, and adding the first access address into a white list of a database, wherein the first access address of the white list represents an address allowing access to the database;
a marking unit, configured to add a mark to the first access address to form a second access address, where the second access address represents an access address with a mark;
the marking service unit is used for presetting a service corresponding to the marking in the database;
the filtering unit is used for filtering the request of the second access address according to a filter preset in the database;
a corresponding unit, configured to, if the filter intercepts the second access address request, assign a service corresponding to the page application of the second access address;
and the caching unit is used for caching the content operated in the shared page application at a specified position based on the service corresponding to the mark.
A third aspect of the present application provides a computer device comprising a memory storing a computer program and a processor implementing the steps of the aforementioned method of accessing system permissions in a shared page application when the computer program is executed.
A fourth aspect of the present application provides a computer storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the aforementioned method of accessing system permissions in a sharing page application.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and not for limiting the same; although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the application.
Claims (10)
1. A method for accessing system permissions in a sharing page application, comprising:
creating a shared page application and a first access address corresponding to the page application, and adding the first access address into a white list of a database, wherein the first access address of the white list represents an address allowing access to the database;
adding a mark to the first access address to form a second access address, wherein the second access address represents the access address with the mark;
presetting a service corresponding to a mark in the database;
filtering the request of the second access address according to a preset filter in the database;
if the filter intercepts the second access address request, giving the service corresponding to the page application of the second access address;
based on the service corresponding to the mark, the content operated in the shared page application is cached in a designated position;
if the request header of the second access address is login-free, acquiring the authority of a login-free role according to the request header, jumping to a corresponding page, simulating user login in the foreground through a user built in the background, and giving corresponding operation service;
if the second access address has the request header which is login, the authority of the login role is obtained according to the request header, namely, the visitor single-point login jumps to the single-point login page, and after verification is successful in login, the visitor single-point login jumps to the service page so as to execute corresponding operation service through the service page.
2. The method for accessing system permissions in a shared page application according to claim 1, wherein the creating the shared page application and a first access address corresponding to the page application, and adding the first access address to a white list of a database, includes:
and creating a page application with unrestricted access to the service, and configuring the first access address for the page application.
3. The method for accessing system permissions in a sharing page application of claim 1, wherein the step of adding a tag to the first access address to form a second access address comprises:
adding a request header to the first access address, wherein the request header represents a tag added at the first access address;
and combining the first access address and the request head to form the second access address.
4. The method for accessing system permissions in a sharing page application according to claim 1, wherein the step of presetting a service corresponding to a tag in the database includes:
and creating services by the marking operation of the database according to different marks.
5. The method for accessing system permissions in a sharing page application according to claim 1, wherein the step of filtering the request of the second access address according to a filter preset in the database includes:
creating the filter capable of intercepting the mark;
according to the established filter, intercepting the request with the marked second access address.
6. The method for accessing system permissions in a shared page application according to claim 1, wherein the step of assigning a service corresponding to the page application of the second access address if the filter intercepts the second access address request includes:
if the filter intercepts the second access address request, according to the mark of the second access address, giving the service corresponding to the page application of the second access address;
and giving the service operated by the page application according to the service corresponding to the page application.
7. The method for accessing system permissions in a shared page application according to claim 1, wherein the step of caching content operating in the shared page application at a specified location based on the service corresponding to the tag comprises:
establishing a cache space and associating the cache space with the shared page application with the tag;
and caching the operation of the shared page application in the cache space.
8. A system for sharing access system permissions in a page application, comprising the method for accessing system permissions in a shared page application according to any of claims 1-7, the system comprising:
the system comprises a creation unit, a storage unit and a storage unit, wherein the creation unit is used for creating a shared page application and a first access address corresponding to the page application, and adding the first access address into a white list of a database, wherein the first access address of the white list represents an address allowing access to the database;
a marking unit, configured to add a mark to the first access address to form a second access address, where the second access address represents an access address with a mark;
the marking service unit is used for presetting a service corresponding to the marking in the database;
the filtering unit is used for filtering the request of the second access address according to a filter preset in the database;
a corresponding unit, configured to, if the filter intercepts the second access address request, assign a service corresponding to the page application of the second access address;
the caching unit is configured to cache, at a specified location, content operated in the shared page application based on the service corresponding to the tag, where the corresponding unit is specifically configured to:
if the request head of the second access address is login-free, acquiring the authority of a login-free role according to the request head, jumping to a corresponding page, simulating user login in the foreground through a user arranged in the background, and giving corresponding operation service;
if the second access address has the request header which is login, the authority of the login role is obtained according to the request header, namely, the visitor single-point login jumps to the single-point login page, and after verification is successful in login, the visitor single-point login jumps to the service page so as to execute corresponding operation service through the service page.
9. A computer device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor, when executing the computer program, implements the steps of the method of accessing system permissions in a shared page application of any of claims 1 to 7.
10. A computer storage medium having stored thereon a computer program, which when executed by a processor implements the steps of the method of accessing system permissions in a shared page application of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310157793.7A CN116305032B (en) | 2023-02-14 | 2023-02-14 | Method and system for accessing system permission in sharing page application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310157793.7A CN116305032B (en) | 2023-02-14 | 2023-02-14 | Method and system for accessing system permission in sharing page application |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116305032A CN116305032A (en) | 2023-06-23 |
| CN116305032B true CN116305032B (en) | 2023-11-14 |
Family
ID=86837167
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310157793.7A Active CN116305032B (en) | 2023-02-14 | 2023-02-14 | Method and system for accessing system permission in sharing page application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116305032B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109409043A (en) * | 2018-09-03 | 2019-03-01 | 中国平安人寿保险股份有限公司 | Login method, terminal device and the medium of application system |
| CN110287709A (en) * | 2019-05-22 | 2019-09-27 | 深圳壹账通智能科技有限公司 | User's operation authority control method, device, equipment and medium |
| CN114139190A (en) * | 2021-12-08 | 2022-03-04 | 兴业银行股份有限公司 | Dynamic authority control method and system based on filter |
| CN114666140A (en) * | 2022-03-25 | 2022-06-24 | 金蝶软件(中国)有限公司 | Method, device, computer equipment and medium for accessing form |
-
2023
- 2023-02-14 CN CN202310157793.7A patent/CN116305032B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109409043A (en) * | 2018-09-03 | 2019-03-01 | 中国平安人寿保险股份有限公司 | Login method, terminal device and the medium of application system |
| CN110287709A (en) * | 2019-05-22 | 2019-09-27 | 深圳壹账通智能科技有限公司 | User's operation authority control method, device, equipment and medium |
| CN114139190A (en) * | 2021-12-08 | 2022-03-04 | 兴业银行股份有限公司 | Dynamic authority control method and system based on filter |
| CN114666140A (en) * | 2022-03-25 | 2022-06-24 | 金蝶软件(中国)有限公司 | Method, device, computer equipment and medium for accessing form |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116305032A (en) | 2023-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8955037B2 (en) | Access management architecture | |
| US10701053B2 (en) | Authentication and approval control system for distributed ledger platform | |
| US10560435B2 (en) | Enforcing restrictions on third-party accounts | |
| US11303645B2 (en) | Online diagnostic platform, and permission management method and permission management system thereof | |
| CN109922030B (en) | Global network access control method based on Android equipment | |
| WO2011142996A2 (en) | Methods and systems for forcing an application to store data in a secure storage location | |
| CN107480509A (en) | O&M safety auditing system logs in vessel process, system, equipment and storage medium | |
| US8826388B2 (en) | Mobile device identify factor for access control policies | |
| US20180173886A1 (en) | Collaborative Database to Promote Data Sharing, Synchronization, and Access Control | |
| CN111352737A (en) | Container cloud computing service platform based on resource pool | |
| US20200233699A1 (en) | Platform-based change management | |
| US10841342B2 (en) | Data driven user interfaces for device management | |
| US8819814B1 (en) | Secure access infrastructure | |
| US20190215380A1 (en) | Data driven user interfaces for device management | |
| CN116305032B (en) | Method and system for accessing system permission in sharing page application | |
| US11711360B2 (en) | Expedited authorization and access management | |
| CN115564438B (en) | Block chain-based digital resource processing method, device, equipment and storage medium | |
| WO2021255425A1 (en) | Data management platform | |
| JP7396205B2 (en) | Medical information storage program and medical information storage management device | |
| US11711373B2 (en) | Platform-based authentication for external services | |
| US11741213B2 (en) | Systems for enhanced bilateral machine security | |
| WO2018128605A1 (en) | Enhanced online computer access cyber security system | |
| US20240004891A1 (en) | System and Method for Generating an Improved User Interface for Data Analytics | |
| Jensen et al. | Policy expression and enforcement for handheld devices | |
| JP2006092039A (en) | Service utilization system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |