CN117014531A

CN117014531A - Access processing method and device

Info

Publication number: CN117014531A
Application number: CN202310979894.2A
Authority: CN
Inventors: 张震; 李乔; 郑彬; 刘莹皓; 刘志勇; 孔孟; 沈起帆; 王国炎; 朱恒; 陈晨; 刘雨生; 马欢乐; 章鑫辉
Original assignee: Hundsun Technologies Inc
Current assignee: Hundsun Technologies Inc
Priority date: 2023-08-04
Filing date: 2023-08-04
Publication date: 2023-11-07

Abstract

The specification provides an access processing method and device, wherein the access processing method comprises the following steps: receiving a first access request sent by a user terminal; analyzing the first access request, and searching target access information of a second server from the cache space based on the service identifier under the condition that the service identifier of the second server is obtained; constructing a second access request according to the target access information; and sending the second access request to the second server so that the second server responds to the second access request. By the access processing method, the problem that cross-domain access cannot be established due to the homologous strategy can be effectively solved, and resource consumption is reduced.

Description

Access processing method and device

Technical Field

The present disclosure relates to the field of computer technologies, and in particular, to an access processing method. The present specification also relates to an access processing apparatus, a computing device, and a computer-readable storage medium.

Background

In the current software development process, a scenario that a cross-domain access is required is often encountered, and the cross-domain access is usually an action initiated by a user side or a server side to access resources of different domain names, different ports or different protocols. However, due to the restriction of the homologous policy, cross-domain access is blocked by default to prevent the cross-domain access initiator from being attacked maliciously and to protect user privacy.

In order to implement cross-domain access under the limitation of the homologous policy, a proxy server is generally configured by using a nginx (a reverse proxy server), where the domain name of the proxy server is the same as that of the cross-domain access initiator, and the initiator of the cross-domain access accesses the accessed person of the cross-domain access, and finally the cross-domain access is implemented.

However, when cross-domain access involves multiple interviewees, each additional interviewee needs to be configured with the nginx configuration information, and the ginx configuration information is manually maintained, so that the more interviewees, the more additional resource consumption and maintenance cost are increased. Therefore, there is a need for an access processing method capable of solving the problem of reducing the consumption of resources.

Disclosure of Invention

In view of this, the present embodiment provides an access processing method. The present specification also relates to an access processing apparatus, a computing device, and a computer-readable storage medium, which solve the technical drawbacks existing in the prior art.

According to a first aspect of embodiments of the present disclosure, there is provided an access processing method, applied to a processing unit of a first service side, where the processing unit includes a cache space, and access information registered by other service sides is stored in the cache space in advance, and the method includes:

Receiving a first access request sent by a user terminal;

analyzing the first access request, and searching target access information of a second server from the cache space based on the service identifier under the condition that the service identifier of the second server is obtained;

constructing a second access request according to the target access information;

and sending the second access request to the second server so that the second server responds to the second access request.

According to a second aspect of embodiments of the present disclosure, there is provided an access processing device, applied to a processing unit of a first service side, where the processing unit includes a cache space, and access information registered by other service sides is stored in the cache space in advance, where the device includes:

the receiving module is used for receiving a first access request sent by the user side;

the analysis module is used for analyzing the first access request, and searching target access information of the second server from the cache space based on the service identifier under the condition that the service identifier of the second server is obtained;

the construction module is used for constructing a second access request according to the target access information;

And the forwarding module is used for sending the second access request to the second server so that the second server responds to the second access request.

According to a third aspect of embodiments of the present specification, there is provided a computing device comprising:

a memory and a processor;

the memory is configured to store computer-executable instructions and the processor is configured to execute the computer-executable instructions to implement the method of:

receiving a first access request sent by a user terminal;

According to a fourth aspect of embodiments of the present specification, there is provided a computer-readable storage medium storing computer-executable instructions which, when executed by a processor, implement the steps of the access processing method.

The access processing method provided by the specification is applied to a processing unit of a first service end, the processing unit comprises a cache space, access information registered by other service ends is stored in the cache space in advance, and the method comprises the following steps: receiving a first access request sent by a user terminal; analyzing the first access request, and searching target access information of a second server from the cache space based on the service identifier under the condition that the service identifier of the second server is obtained; constructing a second access request according to the target access information; and sending the second access request to the second server so that the second server responds to the second access request.

According to the embodiment of the specification, through the access information registered by the second service end and prestored in the processing unit of the first service end, a second access request is constructed according to the first access request carrying the service identifier of the second service end, and then the second access request is forwarded to the second service end, on one hand, the front end of the first service end only initiates the request to the rear end of the first service end, and because the front end of the first service end and the rear end of the first service end are in the same domain, the cross-domain problem caused by the fact that the front end of the first service end directly initiates the request to the second service end is avoided; on the other hand, in the scene that a plurality of second service ends exist, only the corresponding second access request is constructed aiming at the service identifiers of different second service ends, so that the configuration of each second service end does not need to be subjected to the configuration of a nginx response, and the resource consumption and the maintenance cost of a server are reduced.

Drawings

FIG. 1 is a schematic diagram of an interaction flow for accessing a processing system architecture according to one embodiment of the present disclosure;

FIG. 2 is a flow chart of a method of access processing provided in one embodiment of the present disclosure;

FIG. 3 is a flowchart illustrating a process of displaying an interface of an application B on a front-end page of an application A according to an embodiment of the present disclosure;

FIG. 4 is a schematic diagram of an access processing device according to an embodiment of the present disclosure;

FIG. 5 is a block diagram of a computing device provided in one embodiment of the present description.

Detailed Description

In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present description. This description may be embodied in many other forms than described herein and similarly generalized by those skilled in the art to whom this disclosure pertains without departing from the spirit of the disclosure and, therefore, this disclosure is not limited by the specific implementations disclosed below.

The terminology used in the one or more embodiments of the specification is for the purpose of describing particular embodiments only and is not intended to be limiting of the one or more embodiments of the specification. As used in this specification, one or more embodiments and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used in one or more embodiments of the present specification refers to and encompasses any or all possible combinations of one or more of the associated listed items.

It should be understood that, although the terms first, second, etc. may be used in one or more embodiments of this specification to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, a first may also be referred to as a second, and similarly, a second may also be referred to as a first, without departing from the scope of one or more embodiments of the present description. Depending on the context, the word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination.

First, terms related to one or more embodiments of the present specification will be explained.

cookie: is a small text file stored on the user's computer for storing information collected by the web site when accessed by the user. When a user accesses a web site, the web site transmits a cookie containing information about the user to the user's browser and stores it on the user's computer. Thereafter, when the user accesses the website again, the browser sends the cookie back to the server so that the server can identify the user and provide personalized services.

iframe: i.e., an inline frame, is an HTML (HyperText Markup Language ) tag that can create an inline frame in a current web page for embedding another web page or various contents such as advertisements, maps, video, audio, etc. in the web page.

cookie samesite: i.e., the Cookie's sametite attribute, defines whether the Cookie should be sent with a cross-domain access request, to limit third party cookies, thereby reducing security risks.

Homology strategy: homology policy is a security mechanism that limits a web page to interaction with resources that are homologous (sources refer to protocols, domain names, and port numbers that are completely identical). Because of this limitation, if a web page attempts to access a resource of a different origin, the request may be considered a cross-domain request.

Cross-domain access: the behavior of any resource different from itself among the web access protocol, the port, and the domain name is called cross-domain access.

url (uniform resource locator ): is a string used to locate and identify resources on the internet. url is used for locating resources such as Web pages, pictures, videos, files, etc. in the Web

http (hyper text transfer protocol ): the http protocol is used for transmitting the content in a plaintext manner and does not provide any data encryption, and if an attacker intercepts a transmission message between the Web browser and the Web server, the attacker can directly read the information in the transmission message, so that the http protocol is not suitable for transmitting some sensitive information.

https (hyper text transfer protocol secure, secure hypertext transfer protocol): in order to solve the above-mentioned http protocol problem, a technician encrypts data transmitted by the http protocol by adopting a ssl (Secure Socket Layer ) protocol, and provides security support for data communication.

nginx: is an open source high performance http and reverse proxy server. The method can be used as a lightweight and efficient Web server, and can also be used as a reverse proxy server for load balancing, caching, accelerating static files and the like. nginx is excellent in handling concurrent connections and high-load network environments, and thus is widely used in many large websites and internet companies.

Application clusters: with the rapid development of services, an application server cannot support a large number of user requests. In this regard, many enterprises combine multiple servers to provide a service that appears to the user as a single server, known as an application cluster.

Writing an overlay of a cookie: in the application cluster usage scenario, the cookie information generated by each server needs to be written into the user side, but because a plurality of servers are combined to provide a service, the name and the path of the cookie information generated by each server are the same, and the values are different. Because the user end only stores one cookie value under one cookie path or name, the application cluster usage scenario can cause the cookie information generated by each server to be mutually covered when writing into the user end, and only the last written cookie value is reserved.

In the current software development process, a scenario that a cross-domain access is required is often encountered, and the cross-domain access is usually an action initiated by a user side or a server side to access resources of different domain names, different ports or different protocols. However, due to the limitation of the homologous policy, cookie information is not allowed to be carried in the cross-domain request, and cross-domain access is blocked by default so as to prevent a cross-domain access initiator from being attacked maliciously and protect user privacy.

In order to realize cross-domain access under the limitation of a homologous strategy, in the prior art, the using mode of cookies is firstly adjusted, and url is used for transmitting cookie information, but for many developed applications, the changing of the using mode of cookies can cause great influence, many functions related to cookies need to be redeveloped, and a great amount of manpower and material resources are consumed.

Under the premise of not changing the using mode of the cookie, the prior art adopts a scheme of changing the network modes of both cross-domain access parties to realize the cross-domain access, for example, both cross-domain access parties use https protocol, and set the samesite attribute of the cookie information as none, so that the cross-domain access is converted into the same-domain access, but the change is not allowed for an access end or an accessed end running on an intranet.

The prior art employs a reverse proxy server (e.g., ngix) to configure a proxy to relay cross-domain access requests without changing the cookie usage pattern and the domain access both network modes. In this way, the domain name of the proxy server is the same as the domain name of the cross-domain access initiator, and the proxy server receives the request of cross-domain access and forwards the proxy to the actual interviewee, thereby realizing cross-domain access. However, when cross-domain access involves multiple interviewees, for example, in an application cluster scenario, each interviewee needs to do a nginx response configuration, which results in additional resource consumption. Particularly when the interviewee is an application cluster, the presence of multiple nodes of the same domain name and path can lead to problems with the mutual overlay that occurs when writing cookies.

Based on this, in the present specification, an access processing method is provided, and the present specification relates to an access processing apparatus, a computing device, and a computer-readable storage medium, which are described in detail in the following embodiments one by one.

Referring to fig. 1, fig. 1 is a schematic interaction flow diagram of an access processing system architecture according to an embodiment of the present disclosure, where the access processing system includes a user side and at least two service sides, the user side is configured to initiate a request from a first service side to access a second service side and receive response information, the first service side is configured to convert the request initiated by the user side and forward the request to the second service side, and the second service side is configured to respond to the request. Specifically, the second service end registers the target access information and the service identifier of the second service end into the processing unit of the first service end, then sends the second user login information of the second service end to the first service end, encrypts the second user login information into the first user login information by the processing unit of the first service end, and stores a corresponding conversion table of the first user login information and the second user login information into a cache space of the processing unit. The user terminal sends a first access request to the first service terminal, wherein the first access request comprises first user login information and a service identifier. After receiving the first access request, the processing unit of the first service end analyzes the first access request to obtain a service identifier of the second service end, and obtains target access information of the second service end in the cache space according to the service identifier of the second service end. The processing unit of the first service end analyzes the first access request to obtain first user login information, and the first user login information is converted into second user login information in a conversion relation table of the first user login information and the second user login information stored in the cache space. And constructing a second access request by the processing unit according to the target access information and the second user login information, and sending the second access request to the second server so that the second server responds to the second access request.

The access processing system constructs a second access request according to a first access request carrying a second service identifier through prestored access information registered by a second service end in a processing unit of a first service end, and forwards the second access request to the second service end, so that on one hand, the front end of the first service end only initiates a request to the rear end of the first service end, and because the front end of the first service end and the rear end of the first service end are in the same domain, the cross-domain problem caused by the fact that the front end of the first service end directly initiates the request to the second service end is avoided; on the other hand, in the scene that a plurality of second service ends exist, only the corresponding second access request is constructed aiming at the service identifiers of different second service ends, so that the configuration of a nginx response for each second service end is not needed, and the resource consumption and the server maintenance cost are reduced.

Fig. 2 shows a flowchart of an access processing method according to an embodiment of the present disclosure, which specifically includes the following steps:

step 202, a first access request sent by a user terminal is received.

The first access request may be a request initiated by the user end for accessing a resource of the second server by a front end of the first server, where the first server is different from a domain of the second server, and in this case, the user end adds a service identifier of the second server to the first access request when constructing the first access request. The first access request may also be an access request initiated by the user terminal for the first service terminal to access its own resource, where the first access request is a non-cross-domain access request, and in this case, the user terminal does not need to add service identifiers of other service terminals in the first access request.

In practical application, after the first access request is constructed, the user side sends the first access request to the first service side, and the first access request is received by a processing unit of the first service side, where the processing unit includes a cache space, and access information registered by other service sides is pre-stored in the cache space.

In a specific embodiment of the present disclosure, taking the first service end as an a application, the second service end as a B application, and the processing unit as a proxy gateway as an example, where the first access request carries a service identifier of the B application when the first access request is that the a application accesses the B application. And under the condition that the first access request is that the application A accesses the own resource, the service identification of the application B does not exist in the first access request. The user terminal sends the first access request to the first service terminal and receives the first access request by the proxy gateway of the first service terminal.

Further, in order to construct a second access request containing the target access information, before the first access request sent by the receiving user side, the method further includes: responding to a registration request sent by a second server to obtain target access information and service identification of the second server; and storing the target access information and the service identification in the cache space in association.

The registration request is a request that the second server registers the own route identifier and the target access information to the processing unit of the first server. The route identifier of the second server has a corresponding relation with the target access information of the second server, so that the processing unit needs to store the service identifier of the second server and the target access information of the second server in a self cache space in an associated way.

In practical application, the second server generates a service identifier of the second server and acquires target access information of the second server under the condition that the second server detects that the target access information of the second server is not registered with the processing unit, generates a registration request according to the service identifier of the second server and the target access information of the second server, and sends the registration request to the processing unit of the first server. For the processing unit of the first service end, a registration request sent by other service ends except the second service end may be received, for example, the service identifier of the third service end, the target access information of the third service end, etc., so in order to facilitate the subsequent and accurate query of the corresponding target access information according to the service identifier, the processing unit of the first service end stores the service identifier of each service end and the target access information of each service end in a cache space of the processing unit in an associated manner.

In a specific embodiment of the present disclosure, a first service end is an application a, a second service end is an application B, a processing unit is a proxy gateway, a cache space is an instance manager, a service identifier is a routing identifier, and target access information is a port, an IP address, and a protocol. And under the condition that the B application detects that the port, the IP address and the protocol of the B application are not registered with the proxy gateway of the A application, generating a route identification of the B application, acquiring the port, the IP address and the protocol of the B application, generating a registration request according to the route identification of the B application and the port, the IP address and the protocol of the B application, and sending the registration request to the proxy gateway of the A application. After receiving the registration request, the proxy gateway of the A application analyzes the registration request to obtain the route identification of the B application and the port, IP address and protocol of the B application, and stores the route identification of the B application and the port, IP address and protocol of the B application in an instance manager of the proxy gateway in a correlation manner.

Based on the method, the processing unit of the subsequent first service end can accurately inquire and acquire the target access information of the second service end according to the service identification of the second service end.

Further, the obtaining the target access information and the service identifier of the second server includes: reading target access information and service identification of the second service end from the registration file; or, reading the target access information and the service identifier of the second service end from the registration data table; or receiving the target access information and the service identification input by the second service end through the registration interface.

The registration file is used for recording target access information and service identification written by the second server when the registration request is initiated, and the registration data table is used for recording target access information and service identification written by the second server when the registration request is initiated.

In practical application, when the second server sends the service identifier of the second server and the target access information of the second server, the service identifier of the second server and the target access information of the second server may be written into a specified file, or the service identifier of the second server and the target access information of the second server may be written into a specified data table, or the service identifier of the second server and the target access information of the second server may be directly input through a registration interface. Therefore, the processing unit of the first service end can acquire the service identification of the second service end and the target access information of the second service end through reading and/or receiving the second service end in the designated registration file, reading and/or receiving the second service end in the designated data table through the registration interface input and the like.

In a specific embodiment of the present disclosure, a first service end is an application a, a second service end is an application B, a processing unit is a proxy gateway, a cache space is an instance manager, a service identifier is a routing identifier, and target access information is a port, an IP address, and a protocol. The B application can write the route identification of the B application and the port, the IP address and the protocol of the B application into the designated file in the processing unit, and the corresponding proxy gateway of the A application can read the route identification of the B application and the port, the IP address and the protocol of the B application in the designated file; the B application can write the route identification of the B application and the port, the IP address and the protocol of the B application into a designated data table in the processing unit, and the proxy gateway of the corresponding A application can read the route identification of the B application and the port, the IP address and the protocol of the B application from the designated data table; the proxy gateway of the corresponding A can receive the route identification of the B application and the port, the IP address and the protocol of the B application of the second server through the registration interface.

Based on the above, the second server can register the service identifier of the second server and the target access information of the second server to the processing unit of the first server, so that the processing unit of the subsequent first server can accurately query and acquire the target access information of the second server according to the service identifier of the second server.

And 204, analyzing the first access request, and searching target access information of the second server from the cache space based on the service identifier under the condition that the service identifier of the second server is obtained.

The service identifier is a unique representation of the second service end, the cache space stores the second service end or target access information of the second service end, and the processing unit of the first service end can search the target access information of the second service end in the cache space based on the service identifier of the second service end.

In practical application, after receiving the first access request, the processing unit of the first service end first analyzes the first access request, where the purpose of the analysis is to determine whether the first access request carries service identifiers of other service ends. Under the condition that the processing unit of the first service end analyzes the first access request to obtain the service identification of the second service end, the processing unit searches target access information of the second service end from the self cache space based on the service identification, and the target access information is registered in the cache space of the processing unit in advance by the second service end. In the case that the processing unit of the first service end parses the first access request but does not obtain the service identification of the other service end, the processing unit may access the resource indicated by the first access request based on the first access request.

In a specific embodiment of the present disclosure, the first service end is an application a, the second service end is an application B, the service identifier is a route identifier, the target access information is an IP (Internet Protocol ) address, a port number, and a protocol of the application B, the processing unit is a proxy gateway, and the cache space is an example manager of the proxy gateway. Under the condition that the proxy gateway of the A application analyzes the first access request to obtain the route identification of the B application, the IP address, the port number and the protocol of the B application are searched in the instance manager of the proxy gateway based on the route identification of the B application, and the IP address, the port number and the protocol of the B application are registered in the instance manager of the proxy gateway in advance. Under the condition that the proxy gateway of the application A analyzes the first access request and does not obtain the route identification of the application B or other applications, the first access request is a request of the first service end for accessing the resource of the first service end, and the proxy gateway can access the resource indicated by the first access request based on the first access request.

And 206, constructing a second access request according to the target access information.

The second access request is a request, which is constructed by the processing unit of the first service end, initiated by the user end, of the first service end to access the resource of the second service end. Unlike the first access request, the second access request is constructed according to the target access information of the second server.

In practical application, after the processing unit of the first server obtains the target access information of the second server, a second access request is constructed according to the target access information. It is worth to say that the first access request is an access request sent by the front end of the first service end to the processing unit of the first service end, the second access request is an access request sent by the processing unit of the first service end to the second service end, the first access request does not include target access information of the second service end, and only includes the service identifier of the second service end; and the second access request is constructed by the processing unit in the first server according to the target access information of the second server, and the processing unit can send the second access request to the second access terminal on the premise of ensuring the homology strategy.

In a specific embodiment of the present disclosure, taking the first server as an application a, the second server as an application B, the target access information as an IP address, a port number, and a protocol of the application B, and the processing unit as a proxy gateway as an example. And the proxy gateway in the application A constructs a second access request according to the IP address, the port number and the protocol of the application B.

Further, when the second server is a cluster, the problem of cookie coverage during writing of cookies can be caused, and in order to ensure that the cookie information is carried in a first access request and transmitted to the second server on the premise of ensuring a homologous strategy, the first access request comprises access information of the first server and first user login information; the constructing a second access request according to the target access information includes: reading the first user login information from the first access request; searching second user login information corresponding to the first user login information; and constructing a second access request based on the target access information and the second user login information.

The first user login information and the second user login information have a corresponding conversion relation.

In practical applications, the first access information includes first user login information, so that in order to prevent the first user login information with the same name and the same path from overlapping each other, the first user login information needs to be converted. The corresponding conversion relation between the first user login information and the second user login information is stored in the cache space of the processing unit in advance, after the first access request is received, the first user login information is read in the first access request, then the second user login information is obtained according to the corresponding conversion relation between the first user login information and the second user login information, and finally the second access request is constructed according to the second user login information and the target access information.

In a specific embodiment of the present disclosure, the first server is an application a, the second server is an application B, the target access information is an IP address, a port number, and a protocol of the application B, the processing unit is a proxy gateway, the first user login information is encrypted cookie information, and the second user login information is unencrypted cookie information. The corresponding conversion relation between the unencrypted cookie information and the encrypted cookie information is stored in the example manager of the proxy gateway of the application A in advance, after the first access request is received, the encrypted cookie information is read in the first access request, then the unencrypted cookie information is obtained according to the corresponding conversion relation between the encrypted cookie information and the unencrypted cookie information, and finally a second access request is constructed according to the unencrypted cookie information, the IP address, the port number and the protocol of the application B.

Based on the method, the first user login information is converted, so that the first user login information can be ensured to be sent to the second server side.

Further, the first user login information comprises a first user login name and a first user login value, and the second user login information comprises a second user login name and a second user login value; the searching for the second user login information corresponding to the first user login information includes: searching a second user login name corresponding to the first user login name from a login name relation table based on the first user login name; and searching a second user login value corresponding to the first user login value from a login value relation table based on the first user login value.

The login name relation table is constructed based on conversion of login names accessing the second server side, and the login value relation table is constructed based on conversion of login values accessing the second server side.

In practical application, the buffer space of the processing unit stores in advance the corresponding conversion relation between the first user login information and the second user login information, and the conversion relation further comprises a login name relation table and a login value relation table. The processing unit finds a second login name corresponding to the first login name according to the login name relation table, and finds a second login value corresponding to the first login value according to the login value relation table.

In one embodiment of the present disclosure, the processing unit is taken as a proxy gateway, the first login is denoted by b_route_121314abc, the second login is denoted by 121314abc, the first login value is 50, and the second login value is 101. The proxy gateway finds 121314abc corresponding to b_route_121314abc according to the login name relationship table, and finds 101 corresponding to 50 according to the login value relationship table.

Based on this, conversion of the first login name and the first login value is completed.

Further, the first user login information further comprises a first user login path, and the second user login information further comprises a second user login path; the method further comprises the steps of: and analyzing the first user login path to obtain a second user login path.

The first user login path is obtained by converting a login path for accessing the second server.

In practical application, the first user login path includes a second user login path, and the first login path may be converted into the second user login path. The processing unit analyzes the first login path to obtain a second login path.

In a specific embodiment of the present disclosure, taking the processing unit as a proxy gateway, the first login path is/proxy/b_route/webapp/Test/aa/bb, and the second login path is webapp/Test/aa/bb as an example. The proxy gateway analyzes the proxy/b_route/webapp/Test/aa/bb to obtain a second user login path webapp/Test/aa/bb.

Based on this, the conversion of the first login path is completed.

Further, if the cache space of the processing unit of the first server side does not have the login name relationship table and the login value relationship table, in order for the subsequent processing unit to be able to convert the first user login name and the first user login value, before searching the second user login name corresponding to the first user login name from the login name relationship table based on the first user login name, the method further includes: receiving response information of the second server in response to the third access request; reading a second user login name and a second user login value from the response information; converting the second user login name to obtain a first user login name, and converting the second user login value to obtain a first user login value; and storing the first user login name and the second user login name in a login name relation table correspondingly, and storing the first user login value and the second user login value in a login value relation table correspondingly.

The third access request is a request that the first server actively requests the second server to acquire the second user login name and the second user login value. The response information of the third access request carries the second user login name and the second user login value.

In practical application, the first server sends a third access request to the second server when detecting that the cache space of the processing unit has no login name relation table and login value relation table. The second server responds to the third access request, acquires the second user login name and the second user login value, writes the second user login name and the second user login value into response information, and returns to the first server. After receiving response information containing a second user login name and a second user login value, the first server converts the second login name and the second user login value to obtain a first user login name and a first user login value, stores the first user login name and the second user login name into a login name relation table, and stores the first user login value and the second user login value into a login value relation table.

In a specific embodiment of the present disclosure, taking a first server as an application a, a second server as an application cluster B, a processing unit as a proxy gateway, a cache space as an example manager, a first user login name b_route_121314abc, a second user login name 121314abc, a first user login value of 50, and a second user login value of 101 as examples. And when the application A detects that the example manager of the proxy gateway does not have the login name relation table and the login value relation table, sending a third access request to the application B cluster. And the application B responds to the third access request, acquires the second user login name 121314abc and the second user login value 50, writes 121314abc and 50 into response information, and returns to the application A. After receiving the response information containing the second user login name and the second user login value, the application a converts 121314abc and 50 to obtain b_route_121314abc and 101, stores b_route_121314abc and 121314abc in the login name relation table, and stores 101 and 50 in the login value relation table.

Based on this, the construction of the login name relationship table and the login value relationship table is completed.

Further, the converting the second user login name to obtain a first user login name includes: obtaining a service identifier and target access information of the second server; and splicing the service identifier, the target access information and the second user login name, and carrying out encryption processing on the spliced character string to obtain a first user login name.

In practical application, the service identifier, the target access information and the second user login name can be spliced and encrypted to obtain the first user login name, and other character strings can be obtained to be spliced with the second user login name to obtain the first user login name.

In a specific embodiment of the present disclosure, taking the second user login name 121314abc, the route identifier is b_route, the target access information is 2.2.2.2:8082 as an example, and the first user login name obtained by splicing the processing units is b_route2.2.2.2_8082121314abc.

Based on this, the construction of the login name relationship table is more specifically completed.

Further, the converting the second user login value to obtain a first user login value includes: and encrypting the second user login value to obtain a first user login value.

In practical application, the second user login value may be encrypted by a preset encryption function, or may be encrypted by other manners, which is not limited in the present application.

In one embodiment of the present disclosure, taking a conversion manner of the first login value and the second login value as an example, the processing unit encrypts the first user login value obtained by using MD5 (Message-digest Algorithm 5) as an example.

Based on this, the construction of the login value relation table is more specifically completed. In the scene of cross-domain access between the second server cluster and the first server, the attributes of the user login information such as names and paths are converted, so that the problem that the user login information is mutually covered when the attributes of the user login information of a plurality of second servers such as names and paths are the same is avoided.

Further, the user side needs to use the first user login information when generating the first access request, so that after the second user login name is converted to obtain the first user login name and the second user login value is converted to obtain the first user login value, the method further includes: determining the first user login information according to the first user login name and the first user login value, and writing the first user login information into the response information; and feeding back the response information to the user side so that the user side stores the first user login name and the first user login value required by accessing the second server side.

In practical application, when generating the first access request, the user end needs to add first user login information in the first access request, and the first user login information is generated at the first service end, so that the first service end needs to return the first user login information to the first user end.

In a specific embodiment of the present disclosure, taking the first user side as the application a, the first user login information is exemplified by encrypted cookie information. And determining the encrypted cookie information according to the encrypted cookie name and the encrypted cookie value, writing the encrypted cookie information into the response information, and feeding back the response information to the user side so that the user side stores the encrypted cookie name and the encrypted cookie value required by accessing the B application cluster.

Based on the first user login information, the user side obtains the first user login information, and supports subsequent generation of the first access request.

Further, in order to prevent the writing failure of the user login information caused by different transmission protocols, before the response information is fed back to the user side, the method further includes: acquiring a transmission protocol adopted by the first service end; setting the security attribute of the first user login information to a first state under the condition that the transmission protocol is a secure transmission protocol; and setting the security attribute of the first user login information to a second state in the case that the transmission protocol is an unsecure transmission protocol.

The first state is a state allowing only user login information to be transmitted through a secure transmission protocol, and the second state is a state allowing user login information to be transmitted through an unsecure transmission protocol.

In practical application, the writing failure of the user login information caused by different transmission protocols of each end is mainly because only the user login information is allowed to be transmitted through the secure transmission protocol when the security attribute of the user login information is set to the first state. If the non-secure transmission protocol is adopted at the end for writing the user login information at this time, the first service end cannot carry the login information set to the first state due to the fact that the first service end uses the non-secure transmission protocol when requesting the first service end.

In a specific embodiment of the present disclosure, taking the secure transmission protocol as https, the non-secure transmission protocol as http, the first user login information as cookie information, the security attribute as cookie secure attribute, the first state as true state, and the second state as false state as an example. Acquiring a transmission protocol adopted by a first service end, setting a cookie security attribute of cookie information to true under the condition that the transmission protocol adopted by the first service end is https protocol, and transmitting the cookie through https at the moment or writing the cookie into the first service end; and setting the cookie security attribute of the cookie information to false under the condition that the transmission protocol adopted by the first service end is an http protocol, wherein the cookie can be transmitted through http and can be written into the first service end.

Based on the above, the user login information transmission failure caused by different transmission protocols is prevented.

Step 208, sending the second access request to the second server, so that the second server responds to the second access request.

The processing unit of the first server sends the second access request to the second server after constructing the second access request, and the second server responds after receiving the second access request.

In practical application, after the processing unit of the first service end sends the second access request to the second service end, firstly, the server of the second service end receives the request and analyzes the second access request to extract various information in the request, including a request head, a request body, a request method, url and the like; secondly, the second server side executes a flow corresponding to the request based on various information in the request, wherein the flow may include executing business logic, data processing, accessing a database and the like, and the second server side may need to interact with other systems or other ends according to specific situations; then, the second server side generates response data in the request processing process, wherein the response data comprises a response state code, a response head, a response body and the like, and the response body generally comprises data or other contents generated according to a request processing result; finally, the second server returns the response to the first server.

In a specific embodiment of the present disclosure, the first server is an application a, the processing unit is a proxy gateway, the second server is an application B cluster, and the second access request is a resource request of the application a to access the application B cluster. After the proxy gateway in the A application sends the resource request of the A application for accessing the B application cluster to the B application cluster, firstly, the B application cluster receives the request and analyzes and obtains a request head, a request body, a request method, url and the like in the request; secondly, the B application cluster queries out the resource corresponding to the request based on the content in the request body; then, the B application cluster generates response data in the request processing process, wherein the response data comprises a response state code, a response head, a response body and the like, and the response body comprises resources which are requested to be accessed by the A application; finally, the B application cluster returns a response to the proxy gateway of the A application.

According to the embodiment of the specification, through the access information registered by the second service end and prestored in the processing unit of the first service end, a second access request is constructed according to the first access request carrying the service identifier of the second service end, and then the second access request is forwarded to the second service end, on one hand, the front end of the first service end only initiates the request to the rear end of the first service end, and because the front end of the first service end and the rear end of the first service end are in the same domain, the cross-domain problem caused by the fact that the front end of the first service end directly initiates the request to the second service end is avoided; on the other hand, in the scene that a plurality of second service ends exist, only the corresponding second access request is constructed aiming at the service identifiers of different second service ends, so that the configuration of a nginx response for each second service end is not needed, and the resource consumption and the server maintenance cost are reduced.

The following describes, with reference to fig. 3, an example of displaying an interface of a B application on a front page of the a application by using the access processing method provided in the present specification. Fig. 3 shows a process flow chart of an access processing method applied to an interface showing a B application on a front-end page of an a application according to an embodiment of the present disclosure, specifically including the following steps:

step 302, a first access request is received.

In one implementation, the user side initiates a first access request http:// 1.1.1:8080/proxy/b_route/index.html (i.e., the first access request in the embodiment of fig. 2) that presents an interface of the B application (i.e., the second service side in the embodiment of fig. 2) on a front-end page of the a application (i.e., the first service side in the embodiment of fig. 2), where the first access request includes encrypted cookie information (i.e., the first user login information in the embodiment of fig. 2) and a routing identifier of the B application (i.e., a service identifier of the second service side in the embodiment of fig. 2).

In step 304, the IP address, port and protocol are registered through the file.

In one implementation, the B application registers the IP address, port and protocol (i.e. the target access information in the embodiment of fig. 2) to the instance manager of the proxy gateway (i.e. the cache space in the embodiment of fig. 2) through a registration file, and the proxy gateway of the corresponding a application can read the routing identifier of the B application and the port 8082, IP address 2.2.2.2 and protocol https of the B application in the specified file.

In step 306, the IP address, port and protocol are registered through the data table.

In one implementation, the B application registers the IP address, port and protocol to the instance manager of the proxy gateway through the registration data table, and the proxy gateway of the corresponding a application may read the routing identifier of the B application and the port 8082, IP address 2.2.2.2 and protocol https of the B application in the specified data table.

In step 308, the IP address, port and protocol are registered through the interface.

In one implementation manner, the B application may input, through the registration interface, the routing identifier of the B application and the port, the IP address and the protocol of the B application to the proxy gateway of the a application, and the corresponding proxy gateway of the a may receive, through the registration interface, the routing identifier of the B application and the port 8082, the IP address 2.2.2.2 and the protocol https of the B application of the second service end.

In step 310, the route identifier is obtained by parsing.

In one implementation, the proxy gateway parses the first access request to obtain the route identifier b_route of the B application.

In step 312, the information of the B application is looked up in the instance manager.

In one implementation, the proxy gateway looks up the port, IP address and protocol of the B application registered in step 304, step 306 or step 308 in the instance manager according to the B application's route identification b_route.

In step 314, a second access request is generated.

In one implementation, the proxy gateway constructs a second access request https:// 2.2.2:8082/index.html (i.e., the second access request in the embodiment of fig. 2) from the port, IP address, and protocol of the B application.

Step 316, decrypt the cookie.

In one implementation, the proxy gateway converts the encrypted cookie information into decrypted cookie information according to a correspondence table of the encrypted cookie information and the decrypted cookie information stored in the instance manager, thereby implementing proxy gateway decryption of the cookie information.

Step 318, a second access request is sent.

In one implementation, the proxy gateway sends the second access request to the B application after constructing the second access request.

Step 320, the b application responds to the second access request.

At step 322, the cookie is encrypted.

In one implementation, the proxy gateway receives the response information in step 322, and obtains the original cookie name (i.e., the second user login name in the embodiment of fig. 2) in the response information, the cookie path (i.e., the second user login path in the embodiment of fig. 2), the original cookie value (i.e., the second user login value in the embodiment of fig. 2), and the original cookie information (i.e., the second user login information in the embodiment of fig. 2).

The route identifier b_route, the clip ip and port and the original Cookie name of the B application are encrypted and perturbed to form a string, such as b_route_121314abc, for example, as the converted Cookie name (i.e., the first user login name in the embodiment of fig. 2).

The converted cookie name and the original cookie name are stored in a map corresponding relation table (namely a login name relation table in the embodiment of fig. 2) in a memory for subsequent inquiry.

The original cookie value obtained from the response is encrypted and the encrypted cookie value is used as the translated cookie value (i.e., the first user login value in the embodiment of fig. 2).

The converted cookie value and the original cookie value are stored in a map corresponding relation table (i.e. a login value relation table in the embodiment of fig. 2) in the memory for subsequent inquiry.

The original Cookie path is modified to be a/proxy/+b application route identification + an original Cookie path, such as a/proxy/b_route/+an original Cookie path (i.e., the second user login path in the embodiment of fig. 2).

In the case where the a application uses the http protocol (i.e., the non-secure transport protocol in the embodiment of fig. 2), the secure attribute of the cookie (i.e., the secure attribute in the embodiment of fig. 2) is set, with the secure set to false (i.e., the second state in the embodiment of fig. 2); in the case where the a application uses https protocol (i.e., secure transport protocol in the embodiment of fig. 2), the secure attribute of the cookie is set, and secure is set to true (i.e., first state in the embodiment of fig. 2).

Writing the converted cookie information into the request response.

Step 324 ends.

And returning the response to the user side.

Corresponding to the above method embodiment, the present disclosure further provides an embodiment of an access processing apparatus, and fig. 4 shows a schematic structural diagram of an access processing apparatus according to an embodiment of the present disclosure. As shown in fig. 4, the apparatus includes:

a receiving module 420, configured to receive a first access request sent by a user terminal;

the parsing module 440 is configured to parse the first access request, and in case of obtaining a service identifier of the second server, search, based on the service identifier, target access information of the second server from the cache space;

a construction module 460 configured to construct a second access request according to the target access information;

and a forwarding module 480 configured to send the second access request to the second server, so that the second server responds to the second access request with information.

Optionally, the device further includes a registration module configured to obtain target access information and service identifier of the second server in response to a registration request sent by the second server; and storing the target access information and the service identification in the cache space in association.

Optionally, the registration module is further configured to read the target access information and the service identifier of the second service end from a registration file, where the registration file is used to record the target access information and the service identifier written by the second service end when the registration request is initiated; or, reading the target access information and the service identifier of the second service end from a registration data table, wherein the registration data table is used for recording the target access information and the service identifier written by the second service end when the registration request is initiated; or receiving the target access information and the service identification input by the second service end through the registration interface.

Optionally, the building module 460 is further configured to read the first user login information from the first access request; searching second user login information corresponding to the first user login information, wherein a corresponding conversion relation exists between the first user login information and the second user login information; and constructing a second access request based on the target access information and the second user login information.

Optionally, the building module 460 is further configured to search, based on the first user login name, a second user login name corresponding to the first user login name from a login name relationship table, where the login name relationship table is based on conversion building of login names accessing the second server; and searching a second user login value corresponding to the first user login value from a login value relation table based on the first user login value, wherein the login value relation table is constructed based on conversion of the login value accessing the second server.

Optionally, the building module 460 is further configured to parse the first user login path to obtain a second user login path, where the first user login path is obtained by converting a login path accessing the second server.

Optionally, the building module 460 is further configured to receive response information of the second server in response to the third access request; reading a second user login name and a second user login value from the response information; converting the second user login name to obtain a first user login name, and converting the second user login value to obtain a first user login value; and storing the first user login name and the second user login name in a login name relation table correspondingly, and storing the first user login value and the second user login value in a login value relation table correspondingly.

Optionally, the construction module 460 is further configured to obtain the service identifier and the target access information of the second server; and splicing the service identifier, the target access information and the second user login name, and carrying out encryption processing on the spliced character string to obtain a first user login name.

Optionally, the construction module 460 is further configured to encrypt the second user login value to obtain a first user login value.

Optionally, the building module 460 is further configured to determine the first user login information according to the first user login name and the first user login value, and write the first user login information into the response information; and feeding back the response information to the user side so that the user side stores the first user login name and the first user login value required by accessing the second server side.

Optionally, the constructing module 460 is further configured to obtain a transmission protocol adopted by the first service end; setting the security attribute of the first user login information to a first state under the condition that the transmission protocol is a secure transmission protocol; and setting the security attribute of the first user login information to a second state in the case that the transmission protocol is an unsecure transmission protocol.

The present disclosure provides an access processing device, which is applied to a processing unit of a first service end, where the processing unit includes a cache space, and access information registered by other service ends is pre-stored in the cache space, and the device includes: a receiving module 420, configured to receive a first access request sent by a user terminal; the parsing module 440 is configured to parse the first access request, and, in case that a service identifier of a second server is obtained, search, based on the service identifier, target access information of the second server from the cache space; a construction module 460, configured to construct a second access request according to the target access information; and a forwarding module 480, configured to send the second access request to the second server, so that the second server responds to the second access request with information. The method comprises the steps that through access information registered by a second service end and prestored in a processing unit of a first service end, a second access request is constructed according to a first access request carrying a service identifier of the second service end, and then the second access request is forwarded to the second service end, on one hand, the front end of the first service end only initiates a request to the rear end of the first service end, and as the front end of the first service end and the rear end of the first service end are in the same domain, the problem of cross-domain caused by the fact that the front end of the first service end directly initiates the request to the second service end is avoided; on the other hand, in a scene that a plurality of second service ends exist, only corresponding second access requests are needed to be built aiming at service identifiers of different second service ends, so that the configuration of a nginx response for each second service end is not needed, and the resource consumption and the server maintenance cost are reduced; in a scenario where a plurality of second service ends exist, the attributes such as names and paths of the user login information are converted, so that the problem that the user login information is mutually covered when the attributes such as the names and the paths of the user login information of the plurality of second service ends are the same is avoided.

The above is an exemplary scheme of an access processing apparatus of the present embodiment. It should be noted that, the technical solution of the access processing apparatus and the technical solution of the access processing method belong to the same concept, and details of the technical solution of the access processing apparatus, which are not described in detail, can be referred to the description of the technical solution of the access processing method.

Fig. 5 illustrates a block diagram of a computing device provided in accordance with an embodiment of the present specification. The components of the computing device 500 include, but are not limited to, a memory 510 and a processor 520. Processor 520 is coupled to memory 510 via bus 530 and database 550 is used to hold data.

Computing device 500 also includes access device 540, access device 540 enabling computing device 500 to communicate via one or more networks 560. Examples of such networks include public switched telephone networks (PSTN, public Switched Telephone Network), local area networks (LAN, local Area Network), wide area networks (WAN, wide Area Network), personal area networks (PAN, personal Area Network), or combinations of communication networks such as the internet. The access device 540 may include one or more of any type of network interface, wired or wireless (e.g., network interface card (NIC, network Interface Controller)), such as an IEEE802.11 wireless local area network (WLAN, wireless Local Area Networks) wireless interface, a worldwide interoperability for microwave access (Wi-MAX, worldwide Interoperability for Microwave Access) interface, an ethernet interface, a universal serial bus (USB, universal Serial Bus) interface, a cellular network interface, a bluetooth interface, a near field communication (NFC, near Field Communication) interface, and so forth.

In one embodiment of the present description, the above-described components of computing device 500, as well as other components not shown in FIG. 5, may also be connected to each other, such as by a bus. It should be understood that the block diagram of the computing device shown in FIG. 5 is for exemplary purposes only and is not intended to limit the scope of the present description. Those skilled in the art may add or replace other components as desired.

Computing device 500 may be any type of stationary or mobile computing device, including a mobile computer or mobile computing device (e.g., tablet, personal digital assistant, laptop, notebook, netbook, etc.), mobile phone (e.g., smart phone), wearable computing device (e.g., smart watch, smart glasses, etc.), or other type of mobile device, or a stationary computing device such as a desktop computer or PC. Computing device 500 may also be a mobile or stationary server.

Wherein the processor 520 is configured to execute the following computer executable instructions to implement the following method:

receiving a first access request sent by a user terminal;

The foregoing is a schematic illustration of a computing device of this embodiment. It should be noted that, the technical solution of the computing device and the technical solution of the above access processing method belong to the same concept, and details of the technical solution of the computing device, which are not described in detail, can be referred to the description of the technical solution of the above access processing method.

An embodiment of the present disclosure also provides a computer-readable storage medium storing computer instructions that, when executed by a processor, perform the steps of the above-described access processing method.

The above is an exemplary version of a computer-readable storage medium of the present embodiment. It should be noted that, the technical solution of the storage medium and the technical solution of the above access processing method belong to the same concept, and details of the technical solution of the storage medium which are not described in detail can be referred to the description of the technical solution of the above access processing method.

The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.

The computer instructions include computer program code that may be in source code form, object code form, executable file or some intermediate form, etc. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), an electrical carrier signal, a telecommunications signal, a software distribution medium, and so forth.

It should be noted that, for the sake of simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but it should be understood by those skilled in the art that the present description is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present description. Further, those skilled in the art will appreciate that the embodiments described in the specification are all preferred embodiments, and that the acts and modules referred to are not necessarily all necessary in the specification.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to the related descriptions of other embodiments.

The preferred embodiments of the present specification disclosed above are merely used to help clarify the present specification. Alternative embodiments are not intended to be exhaustive or to limit the invention to the precise form disclosed. Obviously, many modifications and variations are possible in light of the above teaching. The embodiments were chosen and described in order to best explain the principles of the disclosure and the practical application, to thereby enable others skilled in the art to best understand and utilize the disclosure. This specification is to be limited only by the claims and the full scope and equivalents thereof.

Claims

1. The access processing method is characterized by being applied to a processing unit of a first service end, wherein the processing unit comprises a cache space, and access information registered by other service ends is prestored in the cache space, and the method comprises the following steps:

receiving a first access request sent by a user terminal;

2. The access processing method according to claim 1, wherein before the receiving the first access request sent by the user side, the method further comprises:

responding to a registration request sent by a second server to obtain target access information and service identification of the second server;

and storing the target access information and the service identification in the cache space in association.

3. The access processing method according to claim 2, wherein the obtaining the target access information and the service identifier of the second service side includes:

reading target access information and service identification of the second server from a registration file, wherein the registration file is used for recording the target access information and the service identification written by the second server when the registration request is initiated; or,

reading target access information and service identification of the second server from a registration data table, wherein the registration data table is used for recording the target access information and the service identification written by the second server when the registration request is initiated; or,

And receiving the target access information and the service identification which are input by the second service end through the registration interface.

4. The access processing method according to any one of claims 1 to 3, wherein the first access request includes access information of the first server side and first user login information;

the constructing a second access request according to the target access information includes:

reading the first user login information from the first access request;

searching second user login information corresponding to the first user login information, wherein a corresponding conversion relation exists between the first user login information and the second user login information;

and constructing a second access request based on the target access information and the second user login information.

5. The access processing method according to claim 4, wherein the first user login information includes a first user login name and a first user login value, and the second user login information includes a second user login name and a second user login value; the searching for the second user login information corresponding to the first user login information includes:

searching a second user login name corresponding to the first user login name from a login name relation table based on the first user login name, wherein the login name relation table is constructed based on conversion of the login name accessing the second server;

And searching a second user login value corresponding to the first user login value from a login value relation table based on the first user login value, wherein the login value relation table is constructed based on conversion of the login value accessing the second server.

6. The access processing method according to claim 5, wherein the first user login information further includes a first user login path, and the second user login information further includes a second user login path; the method further comprises the steps of:

analyzing the first user login path to obtain a second user login path, wherein the first user login path is obtained by converting a login path accessing the second server.

7. The access processing method according to claim 5, wherein before the searching for the second user login name corresponding to the first user login name from the login name relation table based on the first user login name, the method further comprises:

receiving response information of the second server in response to the third access request;

reading a second user login name and a second user login value from the response information;

Converting the second user login name to obtain a first user login name, and converting the second user login value to obtain a first user login value;

and storing the first user login name and the second user login name in a login name relation table correspondingly, and storing the first user login value and the second user login value in a login value relation table correspondingly.

8. The access processing method according to claim 7, wherein the converting the second user login name to obtain the first user login name includes:

obtaining a service identifier and target access information of the second server;

and splicing the service identifier, the target access information and the second user login name, and carrying out encryption processing on the spliced character string to obtain a first user login name.

9. The access processing method according to claim 7, wherein the converting the second user login value to obtain a first user login value includes:

and encrypting the second user login value to obtain a first user login value.

10. The access processing method according to any one of claims 7 to 9, wherein after said converting the second user login name to obtain a first user login name and converting the second user login value to obtain a first user login value, the method further comprises:

Determining the first user login information according to the first user login name and the first user login value, and writing the first user login information into the response information;

and feeding back the response information to the user side so that the user side stores the first user login name and the first user login value required by accessing the second server side.

11. The access processing method according to claim 10, wherein before the feeding back the response information to the user side, the method further comprises:

acquiring a transmission protocol adopted by the first service end;

setting the security attribute of the first user login information to a first state under the condition that the transmission protocol is a secure transmission protocol;

and setting the security attribute of the first user login information to a second state in the case that the transmission protocol is an unsecure transmission protocol.

12. An access processing device, characterized by a processing unit applied to a first service end, where the processing unit includes a cache space, where access information registered by other service ends is pre-stored in the cache space, and the device includes:

13. A computing device, comprising:

a memory and a processor;

the memory is configured to store computer executable instructions and the processor is configured to execute the computer executable instructions to implement the access processing method of any one of claims 1 to 11.

14. A computer-readable storage medium, characterized in that it stores computer instructions that, when executed by a processor, implement the access processing method of any one of claims 1 to 11.