CN116846628A - Resource access method and related equipment thereof - Google Patents

Resource access method and related equipment thereof Download PDF

Info

Publication number
CN116846628A
CN116846628A CN202310783092.4A CN202310783092A CN116846628A CN 116846628 A CN116846628 A CN 116846628A CN 202310783092 A CN202310783092 A CN 202310783092A CN 116846628 A CN116846628 A CN 116846628A
Authority
CN
China
Prior art keywords
target
subsystem
resource
resource request
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310783092.4A
Other languages
Chinese (zh)
Inventor
侯丽
刘翔
张国辉
王磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202310783092.4A priority Critical patent/CN116846628A/en
Publication of CN116846628A publication Critical patent/CN116846628A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the application belongs to the fields of artificial intelligence and financial science and technology, and relates to a resource access method, which comprises the steps of obtaining a target rule and sending the target rule to at least one subsystem; each of the at least one subsystem has stored therein an accessible resource; the target rule is used for generating a login-free token; when a target resource request is received, determining a target subsystem according to the target resource request; the target subsystem belongs to at least one subsystem; the target resource request is used for requesting the target subsystem to generate a login-free token according to the target rule; and sending a target resource request to the target subsystem, and receiving the login-free token from the target subsystem so as to facilitate the login-free token to access the target resource requested by the target resource request. The application also provides a resource access device, computer equipment and a storage medium. The method solves the problems of complicated steps and long time consumption in the current resource access process.

Description

Resource access method and related equipment thereof
Technical Field
The application relates to the field of artificial intelligence technology and financial science and technology, in particular to a resource access method and related equipment thereof.
Background
In the field of financial technology, there are a large number of protected resources, such as transactions, insurance, tax, credit, etc., and there are a large number of customer data that need privacy protection. When a conventional third party application accesses a protected resource on a resource server (the resource originates from a resource owner), it is common for the third party application to use credentials of the resource owner to authenticate on the resource server to obtain the resource. Thus, in order to provide the third party application with the rights of the protected resource, the resource owner needs to share the credentials with the third party application, which results in the third party application having too large rights for the protected resource, and even the resource owner losing control over the use time limit or the use range of the protected resource, and there is a higher financial risk.
The open authorization (Open Authorization, OAuth) can control rights such as the time limit and scope of access to the protected resource by the third party application by issuing an access token for the third party application. However, when accessing resources in a plurality of resource servers, each resource server needs to perform identity verification on an account corresponding to the third party application, and grant an access token according to an identity verification result and a temporary token, which is complicated in steps, takes longer time and has poor user experience.
Disclosure of Invention
The embodiment of the application aims to provide a resource access method and related equipment thereof, which are used for solving the problems of complicated steps and long time consumption in the current resource access process.
In order to solve the above technical problems, the embodiment of the present application provides a resource access method, which adopts the following technical scheme:
acquiring a target rule and sending the target rule to at least one subsystem; each subsystem of the at least one subsystem has stored therein accessible resources; the target rule is used for generating a login-free token; when a target resource request is received, determining a target subsystem according to the target resource request; the target subsystem belongs to the at least one subsystem; the target resource request is used for requesting a target subsystem to generate a login-free token according to the target rule; and sending the target resource request to the target subsystem, and receiving an login-free token from the target subsystem so as to facilitate the login-free token to access the target resource requested by the target resource request.
Further, the target resource request comprises a target callback address; the target callback address is the callback address of the subsystem to which the requested target resource belongs; the determining the target subsystem according to the target resource request comprises the following steps: obtaining a callback address corresponding to the at least one subsystem; and determining a target subsystem in the at least one subsystem according to the target callback address and the callback address corresponding to the at least one subsystem.
Further, the sending the target resource request to the target subsystem includes: and calling the target callback address by using a callback function, and sending the target resource request to the target subsystem.
Further, before sending the target rule to at least one subsystem, the method further comprises: and sending an authorization request to the at least one subsystem to obtain the access rights of the at least one subsystem.
Further, before sending the target resource request to the target subsystem, the method further includes: and acquiring login information of the user, and determining that the user is a resource authorized user according to the login information.
In order to solve the above technical problems, the embodiment of the present application further provides a resource access device, which adopts the following technical scheme:
the sending module is used for acquiring the target rule and sending the target rule to at least one subsystem; each subsystem of the at least one subsystem has stored therein accessible resources; the target rule is used for generating a login-free token; the determining module is used for determining a target subsystem according to the target resource request when the target resource request is received; the target subsystem belongs to the at least one subsystem; the target resource request is used for requesting a target subsystem to generate a login-free token according to the target rule; and the receiving module is used for sending the target resource request to the target subsystem and receiving an login-free token from the target subsystem so as to conveniently carry the login-free token to access the target resource requested by the target resource request.
Further, the determining module comprises an obtaining sub-module and a determining sub-module; the target resource request comprises a target callback address; the target callback address is the callback address of the subsystem to which the requested target resource belongs; the obtaining sub-module is used for obtaining the callback address corresponding to the at least one sub-system; the determining submodule is used for determining the target subsystem in the at least one subsystem according to the target callback address and the callback address corresponding to the at least one subsystem.
Further, the receiving module is further configured to call the target callback address by using a callback function, and send the target resource request to the target subsystem.
Further, the sending module is further configured to send an authorization request to the at least one subsystem to obtain an access right of the at least one subsystem.
Further, the determining module is further configured to obtain login information of a user, and determine that the user is a resource authorized user according to the login information.
In order to solve the above technical problem, an embodiment of the present application further provides a computer device, including a memory and a processor, where the memory stores a computer program, and the processor implements the steps of the resource access method when executing the computer program.
In order to solve the above technical problem, an embodiment of the present application further provides a computer readable storage medium, where a computer program is stored, where the computer program implements the steps of the resource access method when executed by a processor.
Compared with the prior art, the embodiment of the application has the following main beneficial effects: and acquiring the target rule and transmitting the target rule to at least one subsystem. And then, when the target resource request is received, determining a target subsystem according to the target resource request. And finally, sending a target resource request to the target subsystem, and receiving the login-free token from the target subsystem so as to facilitate the access of the login-free token to the target resource requested by the target resource request. The target resource request is used for requesting the target subsystem to generate the login-free token according to the target rule. Therefore, the target subsystem can directly generate the login-free token according to the target rule sent by the resource access device, so that the problems that the steps are complicated and the time consumption is long are solved, and the user experience is improved because each resource server needs to carry out identity verification on the account corresponding to the third party application when accessing the resources in the plurality of resource servers.
Drawings
In order to more clearly illustrate the solution of the present application, a brief description will be given below of the drawings required for the description of the embodiments of the present application, it being apparent that the drawings in the following description are some embodiments of the present application, and that other drawings may be obtained from these drawings without the exercise of inventive effort for a person of ordinary skill in the art.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow chart of one embodiment of a method of resource access according to the present application;
FIG. 3 is a flow chart of one embodiment of step S22 of FIG. 2;
FIG. 4 is a schematic diagram of an embodiment of a resource access device in accordance with the present application;
FIG. 5 is a schematic diagram of one embodiment of the determination module shown in FIG. 4;
FIG. 6 is a schematic structural diagram of one embodiment of a computer device in accordance with the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the applications herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "comprising" and "having" and any variations thereof in the description of the application and the claims and the description of the drawings above are intended to cover a non-exclusive inclusion. The terms first, second and the like in the description and in the claims or in the above-described figures, are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
In order to make the person skilled in the art better understand the solution of the present application, the technical solution of the embodiment of the present application will be clearly and completely described below with reference to the accompanying drawings.
As shown in fig. 1, a system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as a web browser application, a shopping class application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc., may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablet computers, electronic book readers, MP3 players (Moving Picture Experts Group Audio Layer III, dynamic video expert compression standard audio plane 3), MP4 (Moving Picture Experts Group Audio Layer IV, dynamic video expert compression standard audio plane 4) players, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that, the resource access method provided in the embodiment of the present application may be applied to the server device 105, or may be applied to the terminal devices 101, 102, 103. The server device 105 and the terminal devices 101, 102, 103 may be collectively referred to as electronic devices. That is, the execution body of the resource access method provided in the embodiment of the present application may be a resource access device, and the resource access device may be the above-mentioned electronic device (such as the server device 105 or the terminal devices 101, 102, 103).
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to FIG. 2, a flow chart of one embodiment of a method of resource access according to the present application is shown. The resource access method comprises the following steps:
step S21, obtaining the target rule and sending the target rule to at least one subsystem.
Wherein each of the at least one subsystem has stored therein an accessible resource, and the target rule is used to generate the logon-free token. For example, the target rule may be an OAuth authentication rule.
Specifically, the resource access device firstly obtains callback addresses corresponding to at least one subsystem storing accessible resources, and then sends target rules to at least one subsystem according to the callback addresses, so that the subsystem can generate a login-free token when receiving a resource request.
Step S22, when the target resource request is received, determining a target subsystem according to the target resource request.
The target subsystem belongs to at least one subsystem, and the target resource request is used for requesting the target subsystem to generate the login-free token according to the target rule.
Specifically, the target resource request includes a target callback address, where the target callback address is a callback address of a subsystem to which the target resource requested belongs, and fig. 3 is a manner of determining the target subsystem according to the target resource request according to the embodiment of the present application, and includes the following steps:
step S221, obtaining a callback address corresponding to at least one subsystem.
Step S222, determining a target subsystem in at least one subsystem according to the target callback address and the callback address corresponding to the at least one subsystem.
Specifically, the callback address of the target is used for matching in the callback address corresponding to at least one subsystem, and the subsystem corresponding to the matched callback address is determined to be the target subsystem.
In this embodiment, the target subsystem is determined according to the target callback address in the target resource request, so that the login-free token generated by the target subsystem according to the target rule is acquired later, and the login-free token is used to access the target resource requested by the target resource request, so that the problem that when accessing the resources in a plurality of resource servers, each resource server needs to perform identity verification on the account corresponding to the third party application, which is complicated in steps and takes longer time is avoided, and the user experience is improved.
Step S23, a target resource request is sent to the target subsystem, and a login-free token from the target subsystem is received, so that the login-free token is carried to access the target resource requested by the target resource request.
Specifically, a callback function is used for calling a target callback address, and a target resource request is sent to a target subsystem. In this embodiment, the callback function can be used to call the target callback address, and a target resource request is sent to the target subsystem, so that the login-free token is obtained, the problem that when accessing resources in a plurality of resource servers, each resource server needs to perform identity verification on an account corresponding to a third party application, the steps are complicated and the time consumption is long is avoided, and the user experience is improved.
When the target subsystem receives the target resource request, the login-free token is generated according to the target rule received from the resource access device before and returned to the resource access device. When receiving the login-free token from the target subsystem, the resource access device returns the login-free token to the front end so that the front end carries the login-free token to access the target resource requested by the target resource request.
In this embodiment, the target rule is obtained and sent to at least one subsystem. And then, when the target resource request is received, determining a target subsystem according to the target resource request. And finally, sending a target resource request to the target subsystem, and receiving the login-free token from the target subsystem so as to facilitate the access of the login-free token to the target resource requested by the target resource request. The target resource request is used for requesting the target subsystem to generate the login-free token according to the target rule. Therefore, the target subsystem can directly generate the login-free token according to the target rule sent by the resource access device, so that the problems that the steps are complicated and the time consumption is long are solved, and the user experience is improved because each resource server needs to carry out identity verification on the account corresponding to the third party application when accessing the resources in the plurality of resource servers.
Optionally, before sending the target rule to the at least one subsystem, the resource access method further includes: an authorization request is sent to at least one subsystem to obtain access rights of the at least one subsystem. In this embodiment, the resource access device acquires the access right of at least one subsystem in advance, so that access failure caused by no access right of the subsystem is avoided, and user experience is improved.
Optionally, before sending the target resource request to the target subsystem, the resource access method further includes: and acquiring login information of the user, and determining that the user is a resource authorized user according to the login information.
In this embodiment, whether the user is a resource authorized user can be determined according to the login information of the user, and once the resource access device determines that the user is the resource authorized user, the subsystem does not verify the user identity any more, so that the problem that when accessing the resources in a plurality of resource servers, each resource server needs to verify the identity of an account corresponding to a third party application, which is complicated in steps and takes longer time is avoided, and user experience is improved.
The target resource in the application can be a data resource which needs to be protected in the field of financial science and technology, and a large amount of client data and transaction data have higher privacy in the fields of transaction, insurance, tax, credit and the like, and the data leakage can bring great financial risks. The resource access method of the application can realize the security of the target resource, and simultaneously avoid the problem of lower efficiency caused by the fact that each resource server needs to carry out identity verification on the account corresponding to the third party application when accessing the resources in a plurality of resource servers, thereby improving the user experience and verification efficiency and having better application prospect in the field of financial science and technology.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Artificial intelligence infrastructure technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a robot technology, a biological recognition technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and other directions.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by computer readable instructions stored in a computer readable storage medium that, when executed, may comprise the steps of the embodiments of the methods described above. The storage medium may be a nonvolatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a random access Memory (Random Access Memory, RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
With further reference to fig. 4, as an implementation of the method shown in fig. 2, the present application provides an embodiment of a resource access device, where the embodiment of the device corresponds to the embodiment of the method shown in fig. 2, and the device is particularly applicable to various electronic devices.
As shown in fig. 4, the resource access device 400 according to the present embodiment includes: a transmitting module 401, a determining module 402 and a receiving module 403. Wherein:
a sending module 401, configured to obtain a target rule, and send the target rule to at least one subsystem; each subsystem of the at least one subsystem has stored therein accessible resources; the target rule is used for generating a login-free token; a determining module 402, configured to determine, when a target resource request is received, a target subsystem according to the target resource request; the target subsystem belongs to the at least one subsystem; the target resource request is used for requesting a target subsystem to generate a login-free token according to the target rule; a receiving module 403, configured to send the target resource request to the target subsystem, and receive an login-free token from the target subsystem, so as to carry the login-free token to access the target resource requested by the target resource request.
In this embodiment, the target rule is obtained and sent to at least one subsystem. And then, when the target resource request is received, determining a target subsystem according to the target resource request. And finally, sending a target resource request to the target subsystem, and receiving the login-free token from the target subsystem so as to facilitate the access of the login-free token to the target resource requested by the target resource request. The target resource request is used for requesting the target subsystem to generate the login-free token according to the target rule. Therefore, the target subsystem can directly generate the login-free token according to the target rule sent by the resource access device, so that the problems that the steps are complicated and the time consumption is long are solved, and the user experience is improved because each resource server needs to carry out identity verification on the account corresponding to the third party application when accessing the resources in the plurality of resource servers.
In some alternative implementations of the present embodiment, referring to fig. 5, for a schematic structural diagram of one specific implementation of the determining module 402, the determining module 402 includes an obtaining submodule 4021 and a determining submodule 4022; the target resource request comprises a target callback address; the target callback address is the callback address of the subsystem to which the requested target resource belongs; the obtaining submodule 4021 is configured to obtain a callback address corresponding to the at least one subsystem; the determining submodule 4022 is configured to determine a target subsystem in the at least one subsystem according to the target callback address and a callback address corresponding to the at least one subsystem.
In this embodiment, the target subsystem is determined according to the target callback address in the target resource request, so that the login-free token generated by the target subsystem according to the target rule is acquired later, and the login-free token is used to access the target resource requested by the target resource request, so that the problem that when accessing the resources in a plurality of resource servers, each resource server needs to perform identity verification on the account corresponding to the third party application, which is complicated in steps and takes longer time is avoided, and the user experience is improved.
In some optional implementations of this embodiment, the receiving module 403 is further configured to call the target callback address using a callback function, and send the target resource request to the target subsystem.
In this embodiment, the callback function can be used to call the target callback address, and a target resource request is sent to the target subsystem, so that the login-free token is obtained, the problem that when accessing resources in a plurality of resource servers, each resource server needs to perform identity verification on an account corresponding to a third party application, the steps are complicated and the time consumption is long is avoided, and the user experience is improved.
In some optional implementations of this embodiment, the sending module 401 is further configured to send an authorization request to the at least one subsystem to obtain access rights of the at least one subsystem.
In this embodiment, the resource access device acquires the access right of at least one subsystem in advance, so that access failure caused by no access right of the subsystem is avoided, and user experience is improved.
In some optional implementations of this embodiment, the determining module 402 is further configured to obtain login information of a user, and determine that the user is a resource authorized user according to the login information.
In this embodiment, whether the user is a resource authorized user can be determined according to the login information of the user, and once the resource access device determines that the user is the resource authorized user, the subsystem does not verify the user identity any more, so that the problem that when accessing the resources in a plurality of resource servers, each resource server needs to verify the identity of an account corresponding to a third party application, which is complicated in steps and takes longer time is avoided, and user experience is improved.
In order to solve the technical problems, the embodiment of the application also provides computer equipment. Referring specifically to fig. 6, fig. 6 is a basic structural block diagram of a computer device according to the present embodiment.
The computer device 60 comprises a memory 61, a processor 62, a network interface 63 communicatively connected to each other via a system bus. It should be noted that only computer device 60 having components 61-63 is shown in the figures, but it should be understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead. It will be appreciated by those skilled in the art that the computer device herein is a device capable of automatically performing numerical calculations and/or information processing in accordance with predetermined or stored instructions, the hardware of which includes, but is not limited to, microprocessors, application specific integrated circuits (Application Specific Integrated Circuit, ASICs), programmable gate arrays (fields-Programmable Gate Array, FPGAs), digital processors (Digital Signal Processor, DSPs), embedded devices, etc.
The computer equipment can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing equipment. The computer equipment can perform man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch pad or voice control equipment and the like.
The memory 61 includes at least one type of readable storage media including flash memory, hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random Access Memory (RAM), static Random Access Memory (SRAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), programmable Read Only Memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the storage 61 may be an internal storage unit of the computer device 60, such as a hard disk or a memory of the computer device 60. In other embodiments, the memory 61 may also be an external storage device of the computer device 60, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card) or the like, which are provided on the computer device 60. Of course, the memory 61 may also include both internal storage units of the computer device 60 and external storage devices. In this embodiment, the memory 61 is typically used to store an operating system and various application software installed on the computer device 60, such as computer readable instructions of a resource access method. Further, the memory 61 may be used to temporarily store various types of data that have been output or are to be output.
The processor 62 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 62 is generally used to control the overall operation of the computer device 60. In this embodiment, the processor 62 is configured to execute computer readable instructions stored in the memory 61 or process data, such as computer readable instructions for executing the resource access method.
The network interface 63 may comprise a wireless network interface or a wired network interface, which network interface 63 is typically used to establish communication connections between the computer device 60 and other electronic devices.
In this embodiment, the target rule is obtained and sent to at least one subsystem. And then, when the target resource request is received, determining a target subsystem according to the target resource request. And finally, sending a target resource request to the target subsystem, and receiving the login-free token from the target subsystem so as to facilitate the access of the login-free token to the target resource requested by the target resource request. The target resource request is used for requesting the target subsystem to generate the login-free token according to the target rule. Therefore, the target subsystem can directly generate the login-free token according to the target rule sent by the resource access device, so that the problems that the steps are complicated and the time consumption is long are solved, and the user experience is improved because each resource server needs to carry out identity verification on the account corresponding to the third party application when accessing the resources in the plurality of resource servers.
The present application also provides another embodiment, namely, a computer-readable storage medium storing computer-readable instructions executable by at least one processor to cause the at least one processor to perform the steps of a resource access method as described above.
In this embodiment, the target rule is obtained and sent to at least one subsystem. And then, when the target resource request is received, determining a target subsystem according to the target resource request. And finally, sending a target resource request to the target subsystem, and receiving the login-free token from the target subsystem so as to facilitate the access of the login-free token to the target resource requested by the target resource request. The target resource request is used for requesting the target subsystem to generate the login-free token according to the target rule. Therefore, the target subsystem can directly generate the login-free token according to the target rule sent by the resource access device, so that the problems that the steps are complicated and the time consumption is long are solved, and the user experience is improved because each resource server needs to carry out identity verification on the account corresponding to the third party application when accessing the resources in the plurality of resource servers.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method according to the embodiments of the present application.
It is apparent that the above-described embodiments are only some embodiments of the present application, but not all embodiments, and the preferred embodiments of the present application are shown in the drawings, which do not limit the scope of the patent claims. This application may be embodied in many different forms, but rather, embodiments are provided in order to provide a thorough and complete understanding of the present disclosure. Although the application has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing description, or equivalents may be substituted for elements thereof. All equivalent structures made by the content of the specification and the drawings of the application are directly or indirectly applied to other related technical fields, and are also within the scope of the application.

Claims (10)

1. A method of resource access, comprising the steps of:
acquiring a target rule and sending the target rule to at least one subsystem; each subsystem of the at least one subsystem has stored therein accessible resources; the target rule is used for generating a login-free token;
when a target resource request is received, determining a target subsystem according to the target resource request; the target subsystem belongs to the at least one subsystem; the target resource request is used for requesting a target subsystem to generate a login-free token according to the target rule;
and sending the target resource request to the target subsystem, and receiving an login-free token from the target subsystem so as to facilitate the login-free token to access the target resource requested by the target resource request.
2. The resource access method of claim 1, wherein the target resource request includes a target callback address; the target callback address is the callback address of the subsystem to which the requested target resource belongs; the determining the target subsystem according to the target resource request comprises the following steps:
obtaining a callback address corresponding to the at least one subsystem;
and determining a target subsystem in the at least one subsystem according to the target callback address and the callback address corresponding to the at least one subsystem.
3. The resource access method of claim 2, wherein the sending the target resource request to the target subsystem comprises:
and calling the target callback address by using a callback function, and sending the target resource request to the target subsystem.
4. The resource access method of claim 1, wherein prior to transmitting the target rule to at least one subsystem, the method further comprises:
and sending an authorization request to the at least one subsystem to obtain the access rights of the at least one subsystem.
5. The resource access method of claim 1, wherein prior to sending the target resource request to the target subsystem, the method further comprises:
and acquiring login information of the user, and determining that the user is a resource authorized user according to the login information.
6. A resource access device, comprising the steps of:
the sending module is used for acquiring the target rule and sending the target rule to at least one subsystem; each subsystem of the at least one subsystem has stored therein accessible resources; the target rule is used for generating a login-free token;
the determining module is used for determining a target subsystem according to the target resource request when the target resource request is received; the target subsystem belongs to the at least one subsystem; the target resource request is used for requesting a target subsystem to generate a login-free token according to the target rule;
and the receiving module is used for sending the target resource request to the target subsystem and receiving an login-free token from the target subsystem so as to conveniently carry the login-free token to access the target resource requested by the target resource request.
7. The resource access device of claim 6, wherein the determination module comprises an acquisition sub-module and a determination sub-module;
the target resource request comprises a target callback address; the target callback address is the callback address of the subsystem to which the requested target resource belongs;
the obtaining sub-module is used for obtaining the callback address corresponding to the at least one sub-system;
the determining submodule is used for determining the target subsystem in the at least one subsystem according to the target callback address and the callback address corresponding to the at least one subsystem.
8. The resource access device of claim 7, wherein the resource access device,
and the receiving module is further used for calling the target callback address by using a callback function and sending the target resource request to the target subsystem.
9. A computer device comprising a memory having stored therein computer readable instructions which when executed by a processor implement the steps of the resource access method of any of claims 1 to 5.
10. A computer readable storage medium having stored thereon computer readable instructions which when executed by a processor implement the steps of the resource access method of any of claims 1 to 5.
CN202310783092.4A 2023-06-29 2023-06-29 Resource access method and related equipment thereof Pending CN116846628A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310783092.4A CN116846628A (en) 2023-06-29 2023-06-29 Resource access method and related equipment thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310783092.4A CN116846628A (en) 2023-06-29 2023-06-29 Resource access method and related equipment thereof

Publications (1)

Publication Number Publication Date
CN116846628A true CN116846628A (en) 2023-10-03

Family

ID=88162825

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310783092.4A Pending CN116846628A (en) 2023-06-29 2023-06-29 Resource access method and related equipment thereof

Country Status (1)

Country Link
CN (1) CN116846628A (en)

Similar Documents

Publication Publication Date Title
US9894053B2 (en) Method and system for authenticating service
CN114070583B (en) Information access control method, device, computer equipment and medium
CN109359449B (en) Authentication method, device, server and storage medium based on micro service
CN113259342A (en) Login verification method, device, computer equipment and medium
CN114996675A (en) Data query method and device, computer equipment and storage medium
CN117094729A (en) Request processing method, device, computer equipment and storage medium
US8910260B2 (en) System and method for real time secure image based key generation using partial polygons assembled into a master composite image
CN116911572A (en) Page automation assembly method, system, computer equipment and storage medium
CN116383787A (en) Page creation method, page creation device, computer equipment and storage medium
CN115330396A (en) Payment state acquisition method and device, computer equipment and storage medium
CN116846628A (en) Resource access method and related equipment thereof
CN114444047A (en) Identity authentication method, device, equipment and storage medium based on virtual reality
WO2015060950A1 (en) Method and system for authenticating service
CN114221964A (en) Access request processing method and device, computer equipment and storage medium
CN112905990A (en) Access method, client, server and access system
CN115250200B (en) Service authorization authentication method and related equipment thereof
CN117853163A (en) Rights resource acquisition control method, device, equipment and storage medium thereof
CN115022308B (en) Login method of remote system and related equipment thereof
CN117278263A (en) Authentication processing method, authentication processing device, computer equipment and storage medium
CN117390241A (en) Data display method, device, computer equipment and storage medium
CN116795511A (en) Unique identifier generation method, device, computer equipment and storage medium
CN117278510A (en) Message sending method, device, computer equipment and storage medium
CN117853246A (en) Policy processing method, policy processing device, computer equipment and storage medium
CN117422523A (en) Product online method and device, computer equipment and storage medium
CN117853241A (en) Risk service provider identification method, apparatus, device and storage medium thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination