CN116738479A - Access control method, device, equipment and medium for rail traffic service - Google Patents

Access control method, device, equipment and medium for rail traffic service Download PDF

Info

Publication number
CN116738479A
CN116738479A CN202310642956.0A CN202310642956A CN116738479A CN 116738479 A CN116738479 A CN 116738479A CN 202310642956 A CN202310642956 A CN 202310642956A CN 116738479 A CN116738479 A CN 116738479A
Authority
CN
China
Prior art keywords
service
information
gray scale
access
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310642956.0A
Other languages
Chinese (zh)
Inventor
伊尚丰
史会强
黄斌海
邵风
蒋羽婷
宗招君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Baweitong Technology Co ltd
Original Assignee
Baweitong Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Baweitong Technology Co ltd filed Critical Baweitong Technology Co ltd
Priority to CN202310642956.0A priority Critical patent/CN116738479A/en
Publication of CN116738479A publication Critical patent/CN116738479A/en
Pending legal-status Critical Current

Links

Landscapes

  • Train Traffic Observation, Control, And Security (AREA)

Abstract

The embodiment of the application discloses an access control method, device, equipment and medium for rail transit service. The method relates to computer technology, and specifically comprises the following steps: receiving an access request for a specified gray scale rail traffic service sent by a user; acquiring verification information corresponding to the appointed gray scale rail traffic service from a plurality of preset authority strategy information; detecting the authority access condition of a user aiming at the appointed gray scale rail traffic service based on the verification information and the label information to obtain a detection result; if the detection result indicates that the user has the access right of the appointed gray scale rail transit service, the access request is forwarded to the appointed gray scale rail transit service so as to realize the access of the appointed gray scale rail transit service. By the method, access of multiple gray scale rail traffic services can be controlled simultaneously, and flexibility of access control of the gray scale rail traffic services is improved.

Description

Access control method, device, equipment and medium for rail traffic service
Technical Field
The present application relates to the field of computers, and in particular, to a method, an apparatus, a device, and a computer readable storage medium for controlling access to an intersection service.
Background
Gray Release is a software Release strategy, also known as progressive Release or canary Release. Its purpose is to gradually bring new versions of software into the production environment to reduce risks and ensure stability.
Currently, when gray level release is performed for some functions of software, whether a user has permission to use the functions is often queried based on a white list manner. However, this approach has low flexibility and cannot meet the differentiated service requirements of different user groups.
Therefore, how to improve the flexibility of gray scale service access control is a problem to be solved.
Disclosure of Invention
In order to solve the technical problems, embodiments of the present application provide a method, an apparatus, a device, and a computer readable storage medium for controlling access to a track traffic service, which can improve flexibility of access control to a gray scale service.
The technical scheme adopted by the application is as follows:
an access control method for an intersection service, the method comprising:
receiving an access request for a specified gray scale rail traffic service sent by a user; wherein the access request includes tag information of the user;
acquiring verification information corresponding to the specified gray scale rail traffic service from a plurality of preset authority strategy information;
Detecting the authority access condition of the user for the appointed gray scale rail traffic service based on the verification information and the label information to obtain a detection result;
and if the detection result indicates that the user has the access authority of the appointed gray scale rail transit service, forwarding the access request to the appointed gray scale rail transit service so as to realize the access of the appointed gray scale rail transit service.
In one embodiment of the present application, the verification information is matched with the tag information based on the foregoing scheme; if the verification information is successfully matched with the tag information, a detection result for representing that the user has the access right of the appointed gray scale rail transit service is obtained; and if the verification information is failed to be matched with the tag information, obtaining a detection result used for representing that the user does not have the access right of the appointed gray scale rail traffic service.
In one embodiment of the present application, based on the foregoing scheme, the check information includes a plurality of types of syndrome information including at least two of region type information, object type information, terminal type information, and track type information; the tag information comprises a plurality of types of tag sub-information, wherein the plurality of types of tag sub-information comprises at least two of region type information, object type information, terminal type information and track traffic type information; matching the same type of syndrome information with the tag sub information; if each type of sub-information is successfully matched with the tag sub-information, determining that the matching of the check information and the tag information is successful; if at least one type of sub-information of the check fails to match with the sub-information of the label, determining that the check fails to match with the information of the label.
In one embodiment of the present application, based on the foregoing scheme, before the verification information corresponding to the specified gray scale track cross service is obtained from the preset plurality of authority policy information, an input operation of the verification information corresponding to each gray scale track cross service is detected in an authority setting interface; and responding to the detected input operation, and associating the identification information of each gray scale track crossing service with the verification information corresponding to each track crossing service to obtain the plurality of authority strategy information.
In one embodiment of the present application, based on the foregoing scheme, the access request further includes identification information of the specified gray scale rail traffic service; searching the verification information matched with the identification information from a plurality of preset authority strategy information to obtain the verification information corresponding to the appointed gray scale rail traffic service; and forwarding the access request to the appointed gray scale rail traffic service based on the identification information.
In one embodiment of the present application, based on the foregoing scheme, if it is detected that the designated gray scale rail traffic service exists in an upper gray scale rail traffic service, the access request is forwarded to the upper gray scale rail traffic service, so that the access request is forwarded to the designated gray scale rail traffic service through the upper gray scale rail traffic service.
In one embodiment of the present application, based on the foregoing solution, if the detection result indicates that the user does not have the access right of the designated gray scale rail traffic service, the access request is forwarded to a non-gray scale rail traffic service, so as to implement access of the non-gray scale rail traffic service.
An access control apparatus for a track crossing service, the apparatus comprising:
the receiving and transmitting unit is used for receiving an access request aiming at the appointed gray scale rail traffic service, which is sent by a user; wherein the access request includes tag information of the user;
the acquisition unit is used for acquiring verification information corresponding to the specified gray scale rail traffic service from a plurality of preset authority strategy information;
the processing unit is used for detecting the authority access condition of the user for the appointed gray scale rail traffic service based on the verification information and the label information to obtain a detection result;
and the forwarding unit is used for forwarding the access request to the appointed gray scale rail traffic service if the detection result indicates that the user has the access right of the appointed gray scale rail traffic service so as to realize the access of the appointed gray scale rail traffic service.
An access control device for track traffic service comprises a processor and a memory, wherein the memory stores computer readable instructions which when executed by the processor implement the access control method for track traffic service as above.
A computer readable storage medium having stored thereon computer readable instructions which, when executed by a processor of a computer, cause the computer to perform the method of access control for an track cross service as above.
A computer program product comprising computer readable instructions which, when executed by a processor, implement an access control method for an track crossing service as above.
In the above technical solution, the service system includes a plurality of authority policy information, and the verification information corresponding to the specified gray scale rail traffic service may be obtained based on the access request sent by the user for the specified gray scale rail traffic service, and the verification information may be matched with the label information of the user to verify whether the user has the authority of using the rail traffic service. Therefore, different authority policy information is mutually independent and does not affect each other, so that a service system can simultaneously operate various gray scale service access control policies, a more flexible gray scale service access control function is provided, and the flexibility of gray scale service access control is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the application and together with the description, serve to explain the principles of the application. It is evident that the drawings in the following description are only some embodiments of the present application and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art. In the drawings:
FIG. 1 is a schematic illustration of an implementation environment in which the present application is directed;
FIG. 2 is a schematic diagram illustrating a simplified service access control flow according to an exemplary embodiment;
FIG. 3 is a flow chart illustrating a method of access control for an rail transit service in accordance with an exemplary embodiment;
FIG. 4 is a flow chart illustrating a method of access control for an rail transit service according to another exemplary embodiment;
FIG. 5 is a flow chart illustrating a method of access control for an rail transit service according to another exemplary embodiment;
FIG. 6 is an interface diagram of a gray scale policy management table according to an example embodiment;
FIG. 7 is a flow chart illustrating a method of access control for an rail transit service according to another exemplary embodiment;
FIG. 8 is a flow chart illustrating a method of access control for an rail transit service according to another exemplary embodiment;
fig. 9 is a schematic view of an access control method of a multi-gradation service scene according to another exemplary embodiment;
FIG. 10 is a schematic diagram showing calendar view updates to a calendar table undergoing deletion updates, according to another exemplary embodiment;
FIG. 11 is a flowchart illustrating a method of access control for an rail transit service, according to another exemplary embodiment;
FIG. 12 is a block diagram of an access control device for an rail transit service, according to an exemplary embodiment;
fig. 13 is a schematic hardware configuration diagram of an access control device of an track cross service according to an exemplary embodiment.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The embodiments described in the following exemplary examples do not represent all embodiments identical to the present application. Rather, they are merely examples of apparatus and methods that are identical to some aspects of the present application as detailed in the appended claims.
The block diagrams depicted in the figures are merely functional entities and do not necessarily correspond to physically separate entities. That is, the functional entities may be implemented in software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
The flow diagrams depicted in the figures are exemplary only, and do not necessarily include all of the elements and operations/steps, nor must they be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the order of actual execution may be changed according to actual situations.
In the present application, the term "plurality" means two or more. "and/or" describes an association relationship of an association object, meaning that there may be three relationships, e.g., a and/or B may represent: a exists alone, A and B exist together, and B exists alone. The character "/" generally indicates that the context-dependent object is an "or" relationship.
It should be noted that, in the specific embodiment of the present application, related data of a user is referred to, when the embodiment of the present application is applied to a specific product or technology, permission or consent of the user needs to be obtained, and collection, use and processing of related data need to comply with related laws and regulations and standards of related countries and regions.
Before describing the technical scheme of the embodiment of the present application, technical terms related to the embodiment of the present application are described herein.
In software on a terminal device, rail traffic services (i.e. track traffic services) generally refer to applications or services that provide rail-related functions and information. These services may include, but are not limited to, the following:
real-time train number inquiry: through the rail transit service software, the user can acquire real-time train number information including train arrival time, departure time, vehicle running state and the like, and the user is helped to accurately arrange a travel plan.
Route planning: the rail transit service software can provide an optimal route planning scheme according to the starting point and the ending point input by the user, and the optimal route planning scheme comprises information such as a transfer guide, expected arrival time and the like, so that the user is helped to select the most convenient travel route.
Station navigation: the rail transit service software can provide functions such as station map, entrance and exit guidance and the like, helps a user to quickly find a required station or a specific entrance and exit, and provides convenient navigation service.
Ticket service: some rail transit service software also provides an online ticket purchasing function, and a user can purchase tickets or recharge traffic cards through an application program, so that the user can take a bus conveniently and rapidly.
Real-time bulletin and notification: the rail transit service software can send real-time rail transit system notices, operation adjustment, delay information and the like to the user, and help the user to acquire important information in time and make corresponding adjustment.
The rail transit service software on the terminal equipment aims at providing convenient and practical functions, helping users to travel by using the rail transit system better, and improving travel efficiency and user experience.
An application programming interface (Application Programming Interface, API) gateway is a middle tier service located between a service and a client that manages and controls access to the API. It sends the client's request to the appropriate grey scale service or back-end service through the request routing and forwarding functions. Meanwhile, the API gateway is also responsible for authentication and authorization, verifying the identity and authority of the request, and ensuring that only authorized users can access the API. In addition, it can also perform flow control to ensure the stability and reliability of the system. By centrally managing and controlling API access, the API gateway provides flexibility and security to meet the needs in gray scale publishing.
Gray scale policies refer to policies that are progressively released or tested for a particular user or group of users during a software development or release process. By means of gray scale policies, it is possible to control the gradual pushing of new functions, updates or versions to a part of users to evaluate their stability, performance and user experience while reducing the potential impact scope. Common grayscales strategies include percentage grayscales (randomly selecting users on a scale), white list grayscales (designating a specific user or group of users), and area grayscales (specific geographical areas), etc. Through the gray level strategy, risks can be effectively controlled, user experience is optimized, and product quality is enhanced.
Ribbon routing is an algorithm for load balancing that selects appropriate service instances in a micro-service architecture to handle client requests. Ribbon is one of the load balancing components that distributes requests to multiple available service instances by load balancing at the clients to improve system performance, availability, and fault tolerance. The fabric routing algorithm selects a target service instance according to certain rules and policies, and common algorithms include a random algorithm, a polling algorithm, a weighted polling algorithm, a least connection algorithm, and the like. These algorithms determine, depending on the actual situation and the requirements, to which service instance the request should be forwarded to achieve the goals of load balancing and resource optimization. Through the fabric route, the requests can be effectively distributed to different service instances, the system load is balanced, and the expandability and fault tolerance of the service are improved, so that better user experience and system performance are realized.
In the related art, gray scale service control is mainly performed in a white list mode, and the method lacks flexibility and cannot meet personalized requirements of different user groups. When it is necessary to adjust the rights of a user or grant rights to a new user, the whitelist must be manually updated, which increases the workload of operation and maintenance and is liable to cause omission or errors, and there is a great limitation in flexibility in gray scale service access control.
Based on this, embodiments of the present application respectively propose an access control method for an intersection service, an access control apparatus for an intersection service, an access control device for an intersection service, a computer-readable storage medium, and a computer program product. In these embodiments, the service system includes a plurality of authority policy information, so that the verification information corresponding to the specified gray scale track traffic service can be matched with the label information of the user to verify whether the user has the authority of using the track traffic service. Therefore, different authority policy information is mutually independent and does not affect each other, and the service system can simultaneously operate various gray scale service access control policies so as to provide more flexible gray scale access control functions.
Referring to fig. 1, fig. 1 is a schematic diagram of an implementation environment according to the present application.
The implementation environment shown in fig. 1 specifically includes a client 110 and a service system 170.
The client 110 may be a terminal device of a user, and the user may be a tester, that is, a person possibly assigned to use the gray service rights, and the person may be an internal person or an external person. The embodiment of the application is not limited to the test personnel.
At least API gateway 120, caching module 130, routing module 140, grey scale policy management station 150, and service registry 160 may be included in service system 170.
The gray scale policy management table 150 is a management table used by a manager to set and issue a gray scale service policy. The manager may define information such as access rules, target users, access rights, etc. for the gray scale service in the gray scale policy management table 150 and issue these policies into the system for use. The gray scale policy management station 150 may interact with the caching module 130 to send gray scale service policies to the caching module 130 for storage and management. Also, the gray scale policy management station 150 may generate one authority service policy for each gray scale service policy. The rights service policy may also be referred to as a grey scale service tag, and a rights service policy may be bound to a grey scale service policy to reflect the access policy of the grey scale service. In the embodiment of the application, the authority service strategy can be contained in the gray service strategy, and the authority service strategy and the gray service strategy can be two information which are bound.
The service registry 160 is configured to store a rights access policy for each service, and records the rights configuration information for each service, including which users or groups of users have rights to access the service, the level of access rights, and so on. The service registry 160 serves as a center for rights management and other components may perform rights verification and access control based on registry information. In the embodiment of the present application, both gray scale service and normal service may register corresponding service in the service registration center 160, so that the service may be used by the user.
The caching module 130 is a component for saving the gray scale service policy transmitted from the gray scale policy management station 150. The gray level strategy can be stored in the memory by adopting a combination mode of a remote dictionary server (Remote Dictionary Server, redis) and a local cache, so that the access efficiency is improved. The caching module 130 may periodically obtain the latest gray scale service policies from the gray scale policy management station 150 and maintain synchronization with the management station.
The API gateway 120 is responsible for receiving external requests sent by the client 110, such as access requests for grey scale services. The API gateway 120 may read the access request to match the policy corresponding to the service that the client 110 needs to access, and then send the corresponding gray service policy and the authority service policy to the routing module 140.
The routing module 140 may determine whether the request is forwarded to the corresponding service and whether the user has access rights according to the gray scale service policy and the rights service policy. That is, the API gateway 120, upon receiving the request, performs service selection and forwarding through the routing module 140.
The above-mentioned different components cooperate together to set and issue a gray scale service policy through the gray scale policy management table 150, and to implement access control and rights management for the gray scale service through the API gateway 120, the cache module 130, the routing module 140, and the service registry 160.
Referring to fig. 2, fig. 2 is a schematic diagram of a simplified service access control procedure according to the present application. In fig. 2, the flow includes a client 210, a gateway device 220, and a management station 230, where the client 210 may send an access request for a service to the gateway device 220, and the management station 230 may send a gray scale service policy to the gateway device 220.
The client 210 is the service's request initiator, i.e. a tester, which sends a request for access to the service to the gateway device 220. The client 210 may be an end user, mobile application, or other service consumer. It sends its own request to the gateway device 220 to obtain the required service functions.
Gateway device 220 is a component for processing data sent by clients 210 and management stations 230. It receives service access requests from clients 210 and assumes a number of important responsibilities. First, gateway device 220 is responsible for authentication and security checks, ensuring that only authorized users can access the service. Second, it performs the functions of load balancing and routing, distributing requests to different instances or nodes of the backend services to achieve high availability and performance optimization. In addition, the gateway device 220 communicates with the management station 230, receives the gray scale service policy from the management station, and performs gray scale control on the request according to the policy, thereby realizing the requirements of gray scale test and function release.
The management station 230 may be a gray scale policy management station or a service policy management station, and is a component for transmitting a gray scale service policy to the gateway device 220. When the gray scale strategy management platform is used by a manager, the gray scale strategy management platform can set and release gray scale service strategy and authority strategy information; when acting as a service policy management station, it can set and issue policies and rights for grey scale services and normal services. Through the management station 230, a manager can define which users or groups of users can access a particular grey scale service and send these policies to the gateway device 220. In this way, the gateway device 220 can perform gray level distribution and gray level control according to the received policy, so as to realize access control of authority of different users.
Referring to fig. 3, fig. 3 is a flowchart illustrating an access control method of an track cross service according to an exemplary embodiment. The method may be adapted to the implementation environment shown in fig. 1 and is specifically performed by a service system. Of course, the method may be applied to other implementation environments, and the implementation subject of the method is not limited herein.
The access control method of the track traffic service will be described in detail below using a service system as an exemplary execution body.
As shown in fig. 3, in an exemplary embodiment, the method includes at least the steps of:
s310, receiving an access request for the specified gray scale rail traffic service sent by a user.
Wherein the access request includes tag information of the user.
An API gateway in the service system may receive an access request for a specified gray scale rail transit service from a user sent through a client. The access request carries label information of the user and is used for identifying the characteristics and attributes of the user.
When a user sends an access request, the service system may receive the request and parse the tag information therein. The tag information may include a description of the identity, preferences, rights, etc. of the user. By acquiring these tag information, the user's needs and access rights can be better understood.
Upon receipt of the access request, the request may be forwarded to other modules or components. These modules will decide whether to allow the access request and how to handle the request based on the user's tag information and the gray scale policies defined in the system.
S320, acquiring verification information corresponding to the specified gray scale rail traffic service from a plurality of preset authority strategy information.
In the service system, a plurality of authority policy information is preset for defining and managing access authorities of different gray scale rail traffic services. The gray scale service policies in the service system and the authority policy information corresponding to each gray scale service policy may be input configured by a manager on the gray scale policy management platform.
When an access request of a user is received, the service system needs to acquire verification information corresponding to the designated gray scale track traffic service from the preset authority policy information.
The service system predefines a plurality of entitlement policies, each policy associated with a particular rail service. The permission policy may include rules and conditions regarding access permissions, authentication requirements, access frequency restrictions, and the like. The service system can find the authority policy information corresponding to the service according to the appointed gray level rail traffic service in the user access request. For example, this may be accomplished by matching a service name, service identifier, or other identification.
After determining the authority policy information corresponding to the specified gray scale track traffic service, the service system extracts corresponding verification information from the authority policy information. The check information includes at least two of area type information, object type information, terminal type information, and track type information. Optionally, the verification information may further include other related information for verification, such as an access key, a token, an access address, and the like, for verifying and authorizing the access request of the user.
By acquiring the verification information corresponding to the specified gray scale track traffic service, the service system can perform subsequent access right detection and access control. This ensures that only users with the corresponding rights can successfully access the designated grey scale rail traffic service.
S330, based on the verification information and the label information, detecting the authority access condition of the user aiming at the appointed gray scale rail transit service, and obtaining a detection result.
In the process of detecting the authority access condition of the user for the appointed gray scale rail traffic service according to the verification information and the label information, the service system can verify and evaluate the access authority by combining the information of the two aspects so as to obtain a final detection result.
The service system can detect the access rights according to the verification information and the tag information and in combination with a preset rights policy. This includes comparing the user's tag information to the entitlement requirements defined in the grey scale service policy, verifying the validity of the verification information, and executing other access control rules.
And S340, if the detection result indicates that the user has the access authority of the appointed gray scale rail transit service, forwarding the access request to the appointed gray scale rail transit service so as to realize the access of the appointed gray scale rail transit service.
After the service system obtains the detection result, the authority access condition of the user for the appointed gray scale rail traffic service can be obtained according to the detection result. If the detection result shows that the matching is successful, the user is determined to have the access right, and the access request can be forwarded to the corresponding appointed gray scale rail traffic service for processing.
If the detection result shows that the matching is unsuccessful, the user is determined to have insufficient authority, the access request can be refused or other corresponding refusal measures can be taken, for example, the access request can be forwarded to normal rail traffic service, and the normal rail traffic service does not belong to gray level rail traffic service, namely, the service which can be accessed without authority detection.
According to the method, on one hand, the service system can perform authority access detection based on the verification information and the label information, so that only users with legal authorities can access the appointed gray scale rail traffic service, and the safety of the system and the accuracy of gray scale control are improved. On the other hand, the service system comprises a plurality of authority strategy information, and different authority strategy information are mutually independent and do not affect each other, so that the service system can simultaneously operate a plurality of gray scale service access control strategies, a more flexible gray scale service access control function is provided, and the flexibility of gray scale service access control is improved.
In one embodiment of the present application, another access control method for an intersection service is provided, which may be performed by a service system. As shown in fig. 4, the access control method of the track cross service may include S310 to S320, S410 to S430, and S340. That is, S410 to S430 are specific implementation methods of 330 shown in fig. 3.
S410 to S420 are described below:
s410, matching the verification information with the tag information.
The service system compares and matches the verification information with the tag information to determine whether the user has access to the specified gray scale rail transit service.
First, the service system extracts at least two kinds of syndrome information, such as region type information, object type information, terminal type information, and track type information, among the syndrome information. And then acquiring at least two kinds of corresponding label sub-information such as area type information, object type information, terminal type information, track traffic type information and the like from the label information of the user.
For example, if the verification information includes the region type information and the object type information, the region type information and the object type information are also extracted from the tag information of the user accordingly.
Further, the service system performs item-by-item comparison of the verification information and the tag information. If each piece of sub information in the verification information is completely matched with the sub information in the label information of the user, the matching is successful, and the user is determined to have the access right of the appointed gray scale track traffic service.
Illustratively, it is assumed that the check information and the tag information each include region type information, object type information, and terminal type information. The area type information in the check information indicates that the specified gray scale track traffic service needs to be used in the area A, the object type information indicates that the specified gray scale track traffic service is usable by users of type B, and the terminal type information indicates that the specified gray scale track traffic service is usable by applications of the latest version. The service system can respectively match the three information, if the three information are the same, the matching is successful, and the check information and the tag information are determined to be matched. If any one of the three information is not matched, the two information are determined to be not matched.
And S420, if the verification information is successfully matched with the tag information, obtaining a detection result for representing that the user has the access right of the appointed gray scale rail transit service.
If the verification information is successfully matched with the tag information, the service system obtains a detection result, and the user is characterized by having the access right of the appointed gray scale rail transit service. The detection results characterize that the user meets the requirement of accessing the service, and can continue to perform subsequent operations or access to the specified gray scale rail traffic service.
And S430, if the matching of the verification information and the label information fails, obtaining a detection result for representing that the user does not have the access right of the appointed gray scale rail traffic service.
If the verification information and the label information are failed to be matched, the service system obtains another detection result, and the user is characterized as not having the access right of the appointed gray scale track traffic service. The detection result indicates that the user does not meet the requirement of accessing the service, and the related operation or access to the specified gray scale rail traffic service may not be performed.
Wherein S410 may include S411 to S413, S411 to S413 are described below:
s411, matching the same type of syndrome information with the tag sub information.
The check information includes a plurality of types of syndrome information including at least two of region type information, object type information, terminal type information, and track type information. The tag information includes a plurality of types of tag sub-information including at least two of area type information, object type information, terminal type information, and track type information.
Wherein the region type information may indicate in which region the specified gray scale rail traffic service needs to be used. This information can be used to limit the scope of service usage, ensuring that only users in a given area can access the gray scale track traffic service.
The object type information may indicate what type of user the specified grayscale rail service is applicable to, and the merchant served by the specified grayscale rail service. For example, the service may be specified to be usable only by a particular user type (e.g., class B users), thereby limiting the targeted user population of the service. For another example, the access may be specified to only serve a particular type of merchant (e.g., class C merchant), thereby limiting the range of merchants that may be accessed.
The terminal type information is used to indicate which type of terminal the specified gray scale rail traffic service is available on. In general, the service may only be applicable to the latest version of an application or to a specific type of terminal device, and this information may ensure that only users meeting the requirements of a specific terminal may access the service.
The track crossing type information is used for indicating the track crossing type to which the specified gray track crossing service belongs. The track crossing type may be a type of track traffic served by the specified gray scale track crossing service, for example, a light rail, a subway, etc., and may also define a name of the served track traffic. In this way, different types of rail traffic services can be classified and managed for better access control and grey scale distribution.
It should be noted that, the sub-information included in the verification information and the tag information may further include other key information, which may be specifically configured by those skilled in the art, and the embodiment of the present application is not limited.
And S412, if each type of sub-information is successfully matched with the tag sub-information, determining that the matching of the check information and the tag information is successful.
If each type of sub-information is successfully matched with the corresponding type of sub-information, i.e. all sub-information is successfully matched, the successful matching of the check information with the tag information can be determined.
S413, if at least one type of check sub-information fails to match with the label sub-information, determining that the check information fails to match with the label information.
If there is a failure in matching at least one type of the check sub-information with the corresponding type of the tag sub-information, i.e., if any one of the sub-information fails in matching, it may be determined that the check information fails in matching with the tag information.
By the method, the service system can perform authority access detection based on the verification information and the label information, so that only users with legal authorities can access the appointed gray scale rail traffic service, unauthorized users are effectively prevented from accessing the gray scale rail traffic service, and the safety of the system and the accuracy of gray scale control are improved.
In one embodiment of the present application, another access control method for an intersection service is provided, which may be performed by a service system. As shown in fig. 5, the access control method of the track cross service may include S510, S310, S520, and S320 to S340. That is, S510 to S520 are steps performed before S320 shown in fig. 3, and the order of execution of S510 to S520 and S310 is not sequential, i.e., S310 may be performed after S510 to S520, or S510 to S520 may be performed after S310.
In the embodiment of the application, the target display object comprises a plurality of calendar objects.
S510 to S520 are described below:
s510, detecting the input operation of the verification information corresponding to each gray scale rail traffic service in the authority setting interface.
Wherein the rights settings interface may be contained in a grey scale policy management station.
The authority setting interface is used for detecting an input operation of verification information for each gray scale track crossing service. The manager may input verification information such as region type information, object type information, terminal type information, etc. related to each gray scale track cross service on the authority setting interface. Thus, the service system can acquire the verification information set by the manager for each gray scale rail transit service.
Alternatively, the administrator may configure the gray scale service policies through the gray scale policy management console. Fig. 6 is a schematic diagram of an interface of a gray scale policy management table. In this interface, the manager may also fill in policy names, policy data, such as User ID (User ID), application ID (App ID), IP address, city ID (City ID), etc., and information on the status and description of the service policies. After modifying the state of the gray scale service strategy to be enabled, the manager clicks and submits the gray scale service strategy to be effective.
S520, in response to the detected input operation, the identification information of each gray scale track crossing service is associated with the verification information corresponding to each track crossing service, so as to obtain a plurality of authority strategy information.
And the service system responds to the detected input operation and associates the identification information of each gray scale track crossing service with the verification information corresponding to each track crossing service. The service system associates the unique identification (such as service name, service ID, etc.) of each gray scale track traffic service with the corresponding verification information, and establishes authority policy information. Thus, each gray scale track traffic service has a corresponding authority policy information, which includes verification information related to the service.
If S310 is executed first and S510 to S520 are executed next, it is explained that after the service system receives the access request first, the service system finds that there is no service corresponding to the access request, so that the configuration of the manager for the access can be obtained, and S320 to S340 are executed again.
By the method, the service system can establish a plurality of authority strategy information according to the input verification information and the identification information of the gray scale track traffic service. These rights policy information can be used for subsequent gray scale service control to determine whether the user has rights to access the corresponding gray scale rail traffic service.
In one embodiment of the present application, another access control method for an intersection service is provided, which may be performed by a service system. As shown in fig. 7, the access control method of the track cross service may include S310, S710, S330, and S720. That is, S710 is a specific implementation method of S320 shown in fig. 3, and S720 is a specific implementation method for S340 based on S710.
S710 and S720 are described below:
s710, checking information matched with the identification information is searched from a plurality of preset authority strategy information to acquire the checking information corresponding to the appointed gray scale rail traffic service.
The service system may find the corresponding verification information according to a unique identifier (e.g., service name, service ID, etc.) of the specified grayscale rail traffic service. The service system can traverse a plurality of preset authority strategy information to find out the verification information matched with the identification information so as to obtain the verification information corresponding to the appointed gray scale rail traffic service.
And S720, if the detection result indicates that the user has the access authority of the appointed gray scale rail transit service, forwarding the access request to the appointed gray scale rail transit service based on the identification information so as to realize the access of the appointed gray scale rail transit service.
If the service system detects that the user has the access right of the appointed gray scale rail transit service, the access request of the user can be forwarded to the appointed gray scale rail transit service. The access request may include information about parameters requested by the user, such as a request time, a request amount, a request location, etc., so that after the request is forwarded to the specified gray scale rail traffic service, feedback information may be output to the user, so as to complete access to the service.
Optionally, the service system may perform some processing on the access request, such as data conversion, according to different scene requirements, so as to ensure that the gray scale track traffic service accessed by the user can be processed as expected.
By the method, the service system acquires the verification information corresponding to the specified gray scale track traffic service by searching the verification information matched with the identification information, so that the access right of the user is accurately determined. And the service system also forwards the access request of the user to the appointed gray scale rail traffic service with the authority according to the verification result, thereby realizing the dynamic forwarding and flexible control of the user access. The security and the expandability of the service system are guaranteed, better user experience is provided, a user can conveniently and efficiently access the required gray level rail traffic service, and accurate control and flexible forwarding of the user access authority are realized.
In one embodiment of the present application, another access control method for an intersection service is provided, which may be performed by a service system. As shown in fig. 8, the access control method of the track cross service may include S310 to S330 and S810. Wherein S810 is a specific implementation method of S340 shown in fig. 3.
S810 is described below:
and S810, if the detection result indicates that the user has the access authority of the appointed gray scale rail traffic service and the appointed gray scale rail traffic service is detected to exist in the upper gray scale rail traffic service, forwarding the access request to the upper gray scale rail traffic service so as to forward the access request to the appointed gray scale rail traffic service through the upper gray scale rail traffic service.
Wherein the number of the upper gray scale rail traffic services may be one or more.
Alternatively, when the number of the upper-level gray scale track traffic services is one, it is indicated that the designated gray scale track traffic service is only one-level service, and then the designated gray scale track traffic service can be directly provided to the user for use in the case that the user has the use authority.
Alternatively, when the number of the upper-level gray scale track traffic services is plural, it is described that the designated gray scale track traffic service has a plurality of levels of services, and then it is necessary to determine whether the user has authority for each level of service. Specifically, for one gray scale track crossing service, there are a first level gray scale track crossing service, a second level gray scale track crossing service, a third level track crossing service, and the like. The second level gray scale rail crossing service may be referred to as a next level link of the first level gray scale rail crossing service, the third level gray scale rail crossing service may be referred to as a next level link of the second level gray scale rail crossing service, and the like.
For example, a user needs to use a commodity payment service (a gray scale service), and first needs to enter a commodity display service and then enter a commodity purchase service, before entering the commodity payment service. Accordingly, the goods presentation service, the goods purchase service, and the goods payment service may be sequentially regarded as a first-level gray scale rail transit service, a second-level gray scale rail transit service, and a third-level rail transit service.
A scenario in which the number of upper-level gray scale rail traffic services is plural is described below with reference to fig. 9.
After the service system receives the access request for the third gray scale track traffic service, the service system can acquire the verification information of the first gray scale track traffic service, and match the verification information with the label information of the user through the first routing module so as to determine whether the user has the right to use the first gray scale track traffic service. If the user has the authority (namely, the matching is successful), forwarding the access request of the user to the first gray scale rail traffic service; if the user does not have the right (i.e. the matching fails), the access request of the user is forwarded to the first normal rail transit service. The normal track traffic service is non-gray track traffic service.
Further, the first gray scale track traffic service may input the access request of the user to the second routing module, and the second routing module determines whether the user has the right to use the second gray scale track traffic service according to the verification information of the second gray scale track traffic service and the label information of the user. If the authority is provided, forwarding the access request of the user to a second gray scale rail traffic service; if the user does not have the authority, the access request of the user is forwarded to a second normal rail transit service, wherein the second normal rail transit service is the next link of the first normal rail transit service.
Similarly, the second gray scale track traffic service may input the access request of the user to the third routing module, and the third routing module determines whether the user has the right to use the second gray scale track traffic service according to the verification information of the third gray scale track traffic service and the label information of the user. If the user has the authority, forwarding the access request of the user to a third gray scale rail traffic service so that the user can use the third gray scale rail traffic service; if the user does not have the authority, the access request of the user is forwarded to a third normal rail transit service, wherein the third normal rail transit service is the next link of the second normal rail transit service.
By the method, the authority control and forwarding of each level of gray scale rail traffic service are ensured, the next level of service can be accessed only when the user has the authority, and otherwise, the service can be forwarded to the corresponding non-gray scale service. Through the control of the multi-level gray scale rail traffic service, the service system can provide accurate and orderly service access experience for the user according to the authority level of the user and the hierarchical structure of the service link.
In one embodiment of the present application, another access control method for an intersection service is provided, which may be performed by a service system. As shown in fig. 10, the access control method of the track cross service may include S310 to S330 and S1010. This S1010 is another embodiment in parallel with S340 shown in fig. 3.
S1010 is described below:
s1010, if the detection result indicates that the user does not have the access authority of the appointed gray scale rail traffic service, forwarding the access request to the non-gray scale rail traffic service so as to realize the access of the non-gray scale rail traffic service.
The non-gray scale rail traffic service may also be called a normal service, which is a service that has been released in a public manner and can be used without detecting the use authority of the user.
It should be noted that, the manager may create and set the non-gray scale rail traffic service through the service management platform, and input the non-gray scale rail traffic service into the service registration center, so that the non-gray scale rail traffic service is registered, and a corresponding service is provided for the required user.
After the service system receives the access request for the non-gray scale track traffic service, the access request can be forwarded to the corresponding non-gray scale track traffic service through the routing module.
For a multi-level non-gray scale rail transit service scenario, as shown in fig. 8, assuming that the user sends an access request for a third normal rail transit service, the first routing module is required to forward the access request to the first normal rail transit service, then forward the access request to the second normal rail transit service through the second routing module, and finally forward the access request to the third reference rail transit service through the third routing module.
By the method, the service system can correctly forward the access request of the user to the corresponding non-gray track traffic service according to the access request of the user, so that the user can smoothly access the required normal service. Therefore, the service system has flexible management and control capability for gray scale rail transit service and non-gray scale rail transit service, and provides comprehensive service selection and access experience for users.
In one embodiment of the present application, another access control method for an intersection service is provided, which may be performed by a service system. As shown in fig. 11, the access control method of the track traffic service may include S1101 to S1113. Here, S1101 to S1113 are described by taking the case where the user requests the fifth gray scale track cross service as an example.
S1101 to S1113 are described below:
s1101, the service system acquires configuration information of the service policy and the authority policy information.
The configuration information may be configured by an administrator. The manager can configure the service policy of the gray service and also can configure the service policy of the normal service.
S1102, the service system adds the rights policy information to the service registry.
S1103, the service system registers the gray scale rail traffic service and the normal rail traffic service in the service registration center.
In this way, the gradation track traffic service and the normal track traffic service are validated.
S1104, the service system stores the service policy and the authority policy information in the cache module.
S1105, the service system receives an access request for the fifth grayscale rail transit service through the API gateway.
Wherein, the access request comprises label information of the user.
S1106, the service system reads the service policy and the check information in the cache module through the API gateway.
S1107, the service system matches the gray scale service strategy to the access request through the API gateway.
S1108, the service system performs matching based on the verification information and the label information corresponding to the fourth gray scale rail traffic service.
The fifth gray scale rail crossing service is the next-stage link of the fourth gray scale rail crossing service.
If the match is successful, then S1109 is performed; if the match fails, S1110 is performed.
S1109, the service system forwards the access request to the fourth gray scale track traffic service.
S1110, the service system forwards the access request to the fourth normal rail transit service.
S1111, the service system performs matching based on the verification information and the tag information corresponding to the fifth track traffic service.
If the matching is successful, then S1112 is performed; if the match fails, S1113 is executed.
S1112, the access request is forwarded to the fifth grayscale rail transit service.
S1113, the access request is forwarded to the fifth normal rail transit service.
It should be noted that, the specific implementation steps of S1101 to S1113 are described in detail in the foregoing embodiments, and are not described herein.
By the method, the service system can correctly forward the access request of the user to the corresponding non-gray track traffic service according to the access request of the user, so that the user can smoothly access the required normal service. In addition, in the service system, different service strategies respectively correspond to the respective authority strategy information, are mutually independent and do not influence each other, so that the service system can simultaneously operate the service strategies of a plurality of gray-scale services, and the flexibility is improved. In addition, the manager can carry out self-defined configuration on each gray scale service strategy through the gray scale strategy management platform, so that different service strategies can cope with different use scenes. Therefore, the service system can simultaneously operate various gray scale service access control strategies, and the flexibility of gray scale service access control is improved.
Fig. 12 is a block diagram of an access control apparatus for an intersection service according to an embodiment of the present application.
As shown in fig. 12, the access control device for track traffic service is applied to a service system, and the device includes:
a transceiver 1210, configured to receive an access request for a specified gray scale rail traffic service sent by a user; wherein the access request includes tag information of the user;
an obtaining unit 1220, configured to obtain verification information corresponding to the specified gray scale rail traffic service from a plurality of preset authority policy information;
the processing unit 1230 is configured to detect, based on the verification information and the tag information, an access condition of the user to the authority of the specified gray level rail traffic service, and obtain a detection result;
and the forwarding unit 1240 is configured to forward the access request to the specified gray scale track traffic service to implement the access of the specified gray scale track traffic service if the detection result indicates that the user has the access right of the specified gray scale track traffic service.
In one embodiment of the present application, based on the foregoing scheme, the processing unit 1230 is further configured to match the verification information with the tag information; if the verification information is successfully matched with the tag information, a detection result for representing that the user has the access right of the appointed gray scale rail traffic service is obtained; if the matching of the verification information and the label information fails, a detection result for representing that the user does not have the access right of the appointed gray scale track traffic service is obtained.
In one embodiment of the present application, based on the foregoing scheme, the check information includes a plurality of types of syndrome information including at least two of region type information, object type information, terminal type information, and track type information; the tag information includes a plurality of types of tag sub-information including at least two of region type information, object type information, terminal type information, and track type information; the processing unit 1230 is further configured to match the same type of syndrome information with tag sub information; if each type of the check sub-information and the label sub-information are successfully matched, the check information and the label information are determined to be successfully matched; if at least one type of sub-information of the check and the sub-information of the label fail to match, the check information and the label information are determined to fail to match.
In one embodiment of the present application, based on the foregoing solution, before acquiring the verification information corresponding to the specified gray scale rail traffic service from the preset plurality of authority policy information, the processing unit 1230 is further configured to detect, in the authority setting interface, an input operation of the verification information corresponding to each gray scale rail traffic service; and responding to the detected input operation, and associating the identification information of each gray scale track crossing service with the verification information corresponding to each track crossing service to obtain a plurality of authority strategy information.
In one embodiment of the present application, based on the foregoing scheme, the access request further includes identification information specifying a gray scale rail traffic service; the obtaining unit 1220 is further configured to search for verification information matched with the identification information from a plurality of preset authority policy information, so as to obtain verification information corresponding to the specified gray scale track traffic service; the access request is forwarded to a specified grayscale rail transit service based on the identification information.
In one embodiment of the present application, based on the foregoing solution, the forwarding unit 1240 is further configured to forward the access request to the upper level grayscale rail traffic service if it is detected that the specified grayscale rail traffic service exists in the upper level grayscale rail traffic service, so as to forward the access request to the specified grayscale rail traffic service through the upper level grayscale rail traffic service.
In an embodiment of the present application, based on the foregoing solution, the forwarding unit 1240 is further configured to forward the access request to the non-gray scale rail traffic service to implement the access of the non-gray scale rail traffic service if the detection result indicates that the user does not have the access right of the designated gray scale rail traffic service.
It should be noted that the apparatus provided in the foregoing embodiment and the method provided in the foregoing embodiment belong to the same concept, and the specific manner in which the respective modules and units perform the operations have been described in detail in the method embodiment.
The embodiment of the application also provides an access control device of the track traffic service, which comprises: one or more processors; and a memory for storing one or more programs that, when executed by the one or more processors, cause the electronic device to implement an access control method for the rail transit service as before.
Fig. 13 is a schematic diagram of a computer system of an access control device suitable for use in implementing the track crossing service of an embodiment of the present application.
It should be noted that, the computer system 1300 of the electronic device shown in fig. 13 is only an example, and should not impose any limitation on the functions and the application scope of the embodiments of the present application.
As shown in fig. 13, the computer system 1300 includes a central processing unit (Central Processing Unit, CPU) 1301, which can perform various appropriate actions and processes, such as performing the methods in the above-described embodiments, according to a program stored in a Read-Only Memory (ROM) 1302 or a program loaded from a storage portion 1308 into a random access Memory (Random Access Memory, RAM) 1303. In the RAM 1303, various programs and data required for the system operation are also stored. The CPU 1301, ROM 1302, and RAM 1303 are connected to each other through a bus 1304. An Input/Output (I/O) interface 1305 is also connected to bus 1304.
The following components are connected to the I/O interface 1305: an input section 1306 including a keyboard, a mouse, and the like; an output portion 1307 including a Cathode Ray Tube (CRT), a liquid crystal display (Liquid Crystal Display, LCD), and the like, a speaker, and the like; a storage portion 1308 including a hard disk or the like; and a communication section 1309 including a network interface card such as a LAN (Local Area Network ) card, a modem, or the like. The communication section 1309 performs a communication process via a network such as the internet. The drive 1310 is also connected to the I/O interface 1305 as needed. Removable media 1311, such as magnetic disks, optical disks, magneto-optical disks, semiconductor memory, and the like, is installed as needed on drive 1310 so that a computer program read therefrom is installed as needed into storage portion 1308.
In particular, according to embodiments of the present application, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising a computer program for performing the method shown in the flowchart. In such embodiments, the computer program may be downloaded and installed from a network via the communication portion 1309 and/or installed from the removable medium 1311. When executed by a Central Processing Unit (CPU) 1301, performs various functions defined in the system of the present application.
It should be noted that, the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable medium can be, for example, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-Only Memory (ROM), an erasable programmable read-Only Memory (Erasable Programmable Read Only Memory, EPROM), flash Memory, an optical fiber, a portable compact disc read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, a computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with a computer-readable computer program embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. A computer program embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Where each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be provided in a processor. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.
Another aspect of the application also provides a computer readable medium having stored thereon a computer program which, when executed by a processor, implements a method of access control for a rail transit service as before. The computer-readable medium may be included in the electronic device described in the above embodiment or may exist alone without being incorporated in the electronic device.
Yet another aspect of the application provides a computer program product or computer program comprising computer instructions stored in a computer readable medium. The processor of the computer device reads the computer instructions from the computer-readable medium, and the processor executes the computer instructions, so that the computer device performs the access control method of the track cross service provided in the above embodiments.
The foregoing is merely illustrative of the preferred embodiments of the present application and is not intended to limit the embodiments of the present application, and those skilled in the art can easily make corresponding variations or modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be defined by the claims.

Claims (10)

1. An access control method for a track traffic service, comprising:
receiving an access request for a specified gray scale rail traffic service sent by a user; wherein the access request includes tag information of the user;
acquiring verification information corresponding to the specified gray scale rail traffic service from a plurality of preset authority strategy information;
detecting the authority access condition of the user for the appointed gray scale rail traffic service based on the verification information and the label information to obtain a detection result;
and if the detection result indicates that the user has the access authority of the appointed gray scale rail transit service, forwarding the access request to the appointed gray scale rail transit service so as to realize the access of the appointed gray scale rail transit service.
2. The method according to claim 1, wherein detecting the user's right access to the specified gray scale rail traffic service based on the verification information and the tag information, to obtain a detection result, includes:
matching the verification information with the tag information;
if the verification information is successfully matched with the tag information, a detection result for representing that the user has the access right of the appointed gray scale rail transit service is obtained;
And if the verification information is failed to be matched with the tag information, obtaining a detection result used for representing that the user does not have the access right of the appointed gray scale rail traffic service.
3. The method of claim 2, wherein the check information includes a plurality of types of syndrome information including at least two of region type information, object type information, terminal type information, and track type information;
the tag information comprises a plurality of types of tag sub-information, wherein the plurality of types of tag sub-information comprises at least two of region type information, object type information, terminal type information and track traffic type information;
the matching the verification information with the tag information includes:
matching the same type of syndrome information with the tag sub information;
if each type of sub-information is successfully matched with the tag sub-information, determining that the matching of the check information and the tag information is successful;
if at least one type of sub-information of the check fails to match with the sub-information of the label, determining that the check fails to match with the information of the label.
4. The method according to claim 1, wherein before the acquiring the verification information corresponding to the specified gray scale track traffic service from the preset plurality of authority policy information, the method further comprises:
detecting the input operation of verification information corresponding to each gray scale rail traffic service in a permission setting interface;
and responding to the detected input operation, and associating the identification information of each gray scale track crossing service with the verification information corresponding to each track crossing service to obtain the plurality of authority strategy information.
5. The method according to any one of claims 1 to 4, wherein the access request further includes identification information of the specified gray scale rail traffic service;
the obtaining the verification information corresponding to the specified gray scale rail traffic service from the preset plurality of authority policy information comprises the following steps:
searching the verification information matched with the identification information from a plurality of preset authority strategy information to obtain the verification information corresponding to the appointed gray scale rail traffic service;
the forwarding the access request to the specified gray scale rail traffic service includes:
and forwarding the access request to the appointed gray scale rail traffic service based on the identification information.
6. The method of any of claims 1 to 4, wherein the forwarding the access request to the specified grayscale rail service comprises:
and if the appointed gray scale rail transit service is detected to have the upper gray scale rail transit service, forwarding the access request to the upper gray scale rail transit service so as to forward the access request to the appointed gray scale rail transit service through the upper gray scale rail transit service.
7. The method according to any one of claims 1 to 4, further comprising:
and if the detection result indicates that the user does not have the access authority of the appointed gray level rail traffic service, forwarding the access request to a non-gray level rail traffic service so as to realize the access of the non-gray level rail traffic service.
8. An access control device for an intersection service, comprising:
the receiving and transmitting unit is used for receiving an access request aiming at the appointed gray scale rail traffic service, which is sent by a user; wherein the access request includes tag information of the user;
the acquisition unit is used for acquiring verification information corresponding to the specified gray scale rail traffic service from a plurality of preset authority strategy information;
The detection unit is used for detecting the authority access condition of the user for the appointed gray scale rail traffic service based on the verification information and the label information to obtain a detection result;
and the forwarding unit is used for forwarding the access request to the appointed gray scale rail traffic service if the detection result indicates that the user has the access right of the appointed gray scale rail traffic service so as to realize the access of the appointed gray scale rail traffic service.
9. An access control device for an intersection service, comprising:
a memory storing computer readable instructions;
a processor reading computer readable instructions stored in a memory to perform the method of any one of claims 1 to 7.
10. A computer readable storage medium having stored thereon computer readable instructions which, when executed by a processor of a computer, cause the computer to perform the method of any of claims 1 to 7.
CN202310642956.0A 2023-06-01 2023-06-01 Access control method, device, equipment and medium for rail traffic service Pending CN116738479A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310642956.0A CN116738479A (en) 2023-06-01 2023-06-01 Access control method, device, equipment and medium for rail traffic service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310642956.0A CN116738479A (en) 2023-06-01 2023-06-01 Access control method, device, equipment and medium for rail traffic service

Publications (1)

Publication Number Publication Date
CN116738479A true CN116738479A (en) 2023-09-12

Family

ID=87903721

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310642956.0A Pending CN116738479A (en) 2023-06-01 2023-06-01 Access control method, device, equipment and medium for rail traffic service

Country Status (1)

Country Link
CN (1) CN116738479A (en)

Similar Documents

Publication Publication Date Title
US11573976B2 (en) Method and apparatus for managing a service request in a blockchain network
US11669832B2 (en) Blockchain-implemented method and system for access control on remote internet-enabled resources
CN1227538C (en) System and method for liming transmitting information based on geographic location on communicaltion network
US10749679B2 (en) Authentication and authorization using tokens with action identification
CN109669986A (en) Blacklist sharing method, device, equipment and storage medium based on block chain
CN106899570A (en) The processing method of Quick Response Code, apparatus and system
CN110414268A (en) Access control method, device, equipment and storage medium
CN103428179B (en) A kind of log in the method for many domain names website, system and device
KR20170113481A (en) Method and server for recording data with regard to the usage of the product and verifying the same in order to manage genuine products
CN105897663A (en) Method for determining access authority, device and equipment
KR101202295B1 (en) Method of paying with unique key value and apparatus thereof
US9769159B2 (en) Cookie optimization
CN109255619A (en) A kind of identity identifying method and equipment based on block chain
CN101594232A (en) The authentication method of dynamic password, system and corresponding authenticating device
CN110008690A (en) Right management method, device, equipment and the medium of terminal applies
KR101795697B1 (en) Method and server for generating address and index by product and detecting counterfeit products in order to manage genuine products
CN112543169A (en) Authentication method, device, terminal and computer readable storage medium
CN104836777B (en) Identity verification method and system
CN112311779A (en) Data access control method and device applied to block chain system
CN109088890A (en) A kind of identity identifying method, relevant apparatus and system
CN114385995B (en) Method for accessing micro-service to industrial Internet through identification analysis based on Handle and identification service system
CN112132576B (en) Payment information processing method based on block chain communication and block chain information platform
CN110301127A (en) Device and method for predictive token authentication
US10938862B1 (en) Method and system for managing mobile assets using a decentralized network
CN104637093A (en) Information management apparatus, terminal, and information management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination