CN117744046A - Rights management method, device, equipment and storage medium - Google Patents
Rights management method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117744046A CN117744046A CN202311340382.8A CN202311340382A CN117744046A CN 117744046 A CN117744046 A CN 117744046A CN 202311340382 A CN202311340382 A CN 202311340382A CN 117744046 A CN117744046 A CN 117744046A
- Authority
- CN
- China
- Prior art keywords
- sub
- application
- login information
- interface
- password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000007726 management method Methods 0.000 title claims abstract description 23
- 238000000034 method Methods 0.000 claims abstract description 44
- 238000004590 computer program Methods 0.000 claims description 20
- 230000009191 jumping Effects 0.000 claims description 6
- 238000012795 verification Methods 0.000 description 64
- 238000012545 processing Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000006870 function Effects 0.000 description 4
- 230000010354 integration Effects 0.000 description 3
- 230000001360 synchronised effect Effects 0.000 description 3
- 230000002452 interceptive effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The application provides a right management method, a device, equipment and a storage medium, wherein the method comprises the following steps: acquiring sub-application login information, and storing the sub-application login information into a storage area; accessing a target interface in the sub-application according to a preset instruction; obtaining an interface password, wherein the target interface successfully verifies the interface password and obtains the sub-application login information; and taking the sub-application login information as the permission judgment of the sub-application jump request. The method solves the problems of poor expansibility and low safety of some authentication modes in the prior art.
Description
Technical Field
The embodiment of the application relates to an information processing technology in the technical field of computers, in particular to a method, a device, equipment and a storage medium for managing rights.
Background
In the prior art, when the platform performs authority verification, the authority verification mode is single, the security is not high, the authority verification mode is associated with the operating system, the application range of the operating system is limited, and because the single authority verification mode cannot meet the specific authority verification in addition, a user with the specific authority verification requirement cannot use the platform, and the expandability of the platform is poor.
Disclosure of Invention
The application provides a permission management method, a device, equipment and a storage medium, and a preset instruction is executed, so that a sub-application accesses a target interface verification mode, an interface password of a target interface is acquired, the interface password is successfully used for verifying the target interface, login information of the permission verification of the sub-application is acquired, the login information of the permission verification is truly hidden by inserting the target interface verification mode, the target interface intercepts error login information and other malicious login information, the security of authentication verification is improved, the sub-application can access a designated verification mode, the expandability of the sub-application is improved, the sub-application realizes the target verification mode by accessing the target interface, and not only the original authentication mode of the sub-application is reserved, but also the sub-application can be used in various environments.
In a first aspect, a rights management method is provided, including: acquiring sub-application login information, and storing the sub-application login information into a storage area; accessing a target interface in the sub-application according to a preset instruction; obtaining an interface password, wherein the target interface successfully verifies the interface password and obtains the sub-application login information; and taking the sub-application login information as the permission judgment of the sub-application jump request.
In a possible implementation manner of the first aspect, the saving the sub-application login information to a storage area includes: encrypting the sub-application login information, and storing the encrypted sub-application login information into a storage area; the obtaining the sub-application login information includes: and acquiring the encrypted sub-application login information, decrypting the encrypted sub-application login information, and acquiring the sub-application login information.
In a possible implementation manner of the first aspect, the determining the authority of the sub-application jump request using the sub-application login information includes: if the sub-application login information passes through a sub-application jump request, obtaining sub-application permission corresponding to the sub-application jump request, and jumping to the sub-application; and if the sub-application login information does not pass the sub-application jump request, executing to acquire an interface password, wherein the target interface successfully verifies the interface password, acquiring the sub-application login information, and the sub-application login information is used as the permission judgment of the sub-application jump request.
In a possible implementation manner of the first aspect, the obtaining the interface password, the target interface verifies the interface password successfully, and obtains the sub-application login information includes: generating a character string through a character device, and forming an interface password by the character string and a user identification code; the target interface successfully verifies the interface password and obtains a user identity identification code in the interface password; and successfully acquiring the sub-application login information by using the user identity identification code.
In a possible implementation manner of the first aspect, the accessing, in the sub-application, the target interface according to a preset instruction includes: modifying the sub-application source code according to a preset instruction to obtain a sub-application interception program; and accessing a target interface in the sub-application by utilizing the sub-application interception program.
In a possible implementation manner of the first aspect, the method further includes: and the target interface fails to verify the interface password, executes the acquisition of the interface password, successfully verifies the interface password, acquires the sub-application login information and uses the sub-application login information as the permission judgment of the sub-application jump request.
In a possible implementation manner of the first aspect, the obtaining sub-application login information includes: and acquiring the sub-application login information containing the authentication account number and the authentication password.
In a second aspect, there is provided a rights management unit comprising: the storage module is used for acquiring the sub-application login information and storing the sub-application login information into a storage area; the access module is used for accessing a target interface in the sub-application according to a preset instruction; the acquisition module is used for acquiring an interface password, the target interface successfully verifies the interface password and acquires the sub-application login information; and the judging module is used for judging the authority of the sub-application jump request by utilizing the sub-application login information.
In a possible implementation manner of the second aspect, the storing module is specifically configured to encrypt the sub-application login information, and store the encrypted sub-application login information in a storage area.
In a possible implementation manner of the second aspect, the obtaining module is specifically configured to obtain the encrypted sub-application login information, decrypt the encrypted sub-application login information, and obtain the sub-application login information.
In a possible implementation manner of the second aspect, the determining module is specifically configured to obtain, if the sub-application login information passes through a sub-application jump request, a sub-application permission corresponding to the sub-application jump request, and jump to the sub-application; and if the sub-application login information does not pass the sub-application jump request, executing to acquire an interface password, wherein the target interface successfully verifies the interface password, acquiring the sub-application login information, and the sub-application login information is used as the permission judgment of the sub-application jump request.
In a possible implementation manner of the second aspect, the obtaining module is specifically configured to generate a character string through a character device, and code the character string and a user identification code into an interface password; the target interface successfully verifies the interface password and obtains a user identity identification code in the interface password; and successfully acquiring the sub-application login information by using the user identity identification code.
In a possible implementation manner of the second aspect, the access module is specifically configured to modify the sub-application source code according to a preset instruction to obtain a sub-application interception program; and accessing a target interface in the sub-application by utilizing the sub-application interception program.
In a possible implementation manner of the second aspect, the apparatus further includes a login failure module, specifically configured to perform obtaining an interface password when the target interface fails to verify the interface password, and the target interface successfully verifies the interface password, and obtains the sub-application login information, and uses the sub-application login information as the permission judgment of the sub-application jump request.
In a possible implementation manner of the second aspect, the storing module is specifically configured to obtain sub-application login information including an authentication account number and an authentication password.
In a third aspect, there is provided an electronic device comprising: a processor and a memory for storing a computer program, the processor being for invoking and running the computer program stored in the memory for performing the method as in the first aspect or in various implementations thereof.
In a fourth aspect, a computer-readable storage medium is provided for storing a computer program for causing a computer to perform the method as in the first aspect or in various implementations thereof.
In a fifth aspect, a computer program product is provided comprising computer program instructions for causing a computer to perform the method as in the first aspect or in various implementations thereof.
In a sixth aspect, a computer program is provided, the computer program causing a computer to perform the method as in the first aspect or in various implementations thereof.
According to the authority management method provided by the embodiment of the application, the login information of the login sub-platform is generated through the management platform of the integrated sub-platform, the login information is stored in the storage area, the preset instruction is executed, the target interface verification mode is inserted into the sub-application, the interface password is obtained, the interface password is successfully verified through the target interface, the sub-application login information stored in the storage area is obtained, and the sub-application authority judgment is carried out through the sub-application login information. The security of the sub-application for authority verification is improved by accessing the target interface, the original authentication mode is reserved for the sub-application, the authentication mode required by the user is accessed, the sub-application expansibility is good, and the application range of the sub-application is improved. The method for acquiring the login information of the automatic verification sub-application through the verification target interface further performs multiple verification, so that the real login information of the sub-application is not exposed, the data security is improved, and the security of authority verification is enhanced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a rights management method according to an embodiment of the present application;
FIG. 2 is a flowchart of authority authentication according to an embodiment of the present application;
FIG. 3 is a flowchart of an application login according to an embodiment of the present application;
FIG. 4 is a flowchart of authority authentication according to an embodiment of the present application;
fig. 5 is a schematic diagram of a rights management device 500 according to an embodiment of the present application;
fig. 6 is a schematic block diagram of an electronic device 600 provided by an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or server that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed or inherent to such process, method, article, or apparatus, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For multi-user environment manager, in order to guarantee system security, authentication and authentication are needed, for example JupyterHub is a multi-user interactive document editor and collaboration platform environment manager, which allows multiple users to access the interactive document editor and collaboration platform server through Web (network) interface. In a multi-user environment, user authentication and authorization are required to ensure system security. The authentication mode of JupyterHub defaults is PAM (Pluggable Authentication Modules, pluggable authentication module), which is a universal authentication framework and can manage user authentication and authentication modes.
Because JupyterHub uses PAM to perform login permission verification, the PAM authentication mode is mainly applicable to Unix/Linux (multi-user operation) systems, and cannot be directly applied to other operating systems, such as Windows (Windows operating system), the application range is limited, and PAM uses the user name and the user password of the multi-user operating system to perform verification login, so that security is poor, and for companies with specific security requirements, such as companies needing authentication through an authentication mode realized inside the company, PAM cannot meet the requirement, and expansibility is poor.
Therefore, in order to solve the above technical problems, a rights management method is proposed in the present application.
Optionally, in the present application, an example of a JupyterHub application scenario is described by taking an integration of a management platform as an example, after a management platform is logged in, login information of JupyterHub is generated, the login information is stored in a storage area, a preset instruction is executed, so that a source code of a sub-application is modified, a target interface is accessed in the sub-application for verification, an interface password is obtained, the target interface is verified through the interface password, the login information stored in the storage area is obtained, and the JupyterHub is logged in through the login information. The security of the Jupyterhub authority verification is improved, so that Jupyterhub is applicable to various operating systems, and the expandability of Jupyterhub is improved.
The technical scheme of the application can be executed by electronic equipment, and the electronic equipment can be terminal equipment capable of sending and/or receiving the message, can also be a server and the like, and is not limited in this application.
It should be understood that the terminal device may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a wearable device, etc. The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing cloud computing service, but is not limited thereto.
The technical scheme of the application will be described in detail as follows:
fig. 1 is a flowchart of a rights management method provided in an embodiment of the present application, where an execution subject of the method may be the electronic device, but is not limited thereto, and as shown in fig. 1, the method includes the following steps:
s110: and acquiring the sub-application login information, and storing the sub-application login information into a storage area.
S120: and accessing a target interface in the sub-application according to a preset instruction.
S130: and obtaining an interface password, wherein the target interface successfully verifies the interface password, and obtains the sub-application login information.
S140: and taking the sub-application login information as the permission judgment of the sub-application jump request.
Specifically, the sub-application login information refers to identity information for logging in the sub-application and checking the authority of the sub-application, such as information for verifying identities, such as account numbers, passwords and the like; the storage area refers to an area or warehouse for storing data; the preset instruction refers to a preset command for modifying the source code of the sub-application and accessing the target function. The target interface refers to a verification mode which is specified by a user and is not supported by the sub-application; the interface password refers to a password for verifying the target interface.
It should be understood that the technical scheme of the application aims to insert the target interface verification mode into the sub-application, so that the sub-application performs multiple permission verification, login information of the sub-application is not exposed, the security of the sub-application verification is improved, the original permission verification is hidden and protected by using the target interface, other verification modes can be accessed on the basis of not changing the original permission verification of the sub-application, the sub-application is applied to various environments, and the security, the expandability and the application range of the permission verification of the sub-application are improved.
It should be understood that, in the embodiment of the present application, in order to ensure the security of the login information of the sub-application, an encryption processing manner is provided.
Optionally, the security of the data can be ensured by the following implementation manner:
the method can be realized in a first mode: encrypting the sub-application login information, and storing the encrypted sub-application login information into a storage area; the obtaining the sub-application login information includes: and acquiring the encrypted sub-application login information, decrypting the encrypted sub-application login information, and acquiring the sub-application login information.
Description is made for the first realizable mode:
illustratively, for example, the sub-application W is integrated in the management platform A, and the user A is based on the user account AW1_24 and the user password: 1325-7, and automatically generating sub-application login information G for logging in the sub-application, encrypting the sub-application login information G through encryption processing, and storing the encrypted sub-application login information G in the storage area. When the encrypted sub-application login information G is acquired, decryption processing is needed, the original sub-application login information is acquired, and sub-application permission verification is performed.
It should be noted that, the encryption modes of the generated authentication account number and the generated authentication password may be a single encryption mode, a symmetric encryption mode, an asymmetric encryption mode, or other multiple encryption modes, which is not limited in this application.
In conclusion, the generated sub-application login information is encrypted and saved, so that the authority verification data is safer, the safety of the authority verification is improved, the original authority verification information of the sub-application is safer by automatically generating the sub-application login information through the login management platform, the risk of leakage of verification information is reduced, the safety of the authority verification is improved, and the authority verification efficiency is improved.
It should be understood that, in order to secure data, the data stored in the storage area is encrypted data, so that in order to acquire the original data, the data acquired from the storage area needs to be decrypted, and the decryption of the data fails, so that there is a way to decrypt the data in order to solve the above-mentioned problem. Based on this, the present application provides two realizations for obtaining the target touch time of the target user based on the message sample information, but is not limited thereto:
the method can be realized in a first mode: acquiring encrypted sub-application login information; and calling a decryption interface to decrypt the encrypted sub-application login information, and successfully obtaining the sub-application login information.
The second implementation mode is: acquiring encrypted sub-application login information; invoking a decryption interface to decrypt the encrypted sub-application login information, and failing to acquire the sub-application login information; and re-acquiring an interface password, wherein the target interface successfully verifies the interface password, acquires encrypted sub-application login information, calls a decryption interface to decrypt the encrypted sub-application login information, and judges whether the sub-application login information is successfully decrypted.
Specifically, the decryption interface is an interface that can decrypt the encrypted data in the storage area, so that the data before encryption is acquired.
It should be understood that, in the present application, the decryption interface corresponds to an encryption manner, and the decryption interface specifically adopted is selected according to the encryption manner, which is not limited in this application.
Referring to fig. 2, fig. 2 is a flowchart of authority authentication provided in the embodiment of the present application, taking login JupyterHub as an example for illustration, the acquired interface password, that is, pin+token, is used for login JupyterHub, a dual-factor authentication interface is called for interface password authentication, after authentication is passed, an http interface is called for acquiring encrypted sub-application login information from a storage area, and a decryption interface is called for decryption. The pin is personal identification information and is used for identifying users, protecting personal property safety, information safety and the like, the token is a dynamic character string generated by a character device, timeliness is achieved, and the safety of passwords is enhanced.
For the second realizable mode:
the method includes the steps that an interface password is AW1_24123456, after the interface password passes verification, encrypted sub-application login information is obtained, decryption is conducted on the encrypted sub-application login information through a decryption home, decryption fails or wrong sub-application login information is obtained, the interface password is obtained again, interface password verification is conducted, and therefore the encrypted sub-application login information is obtained again to conduct decryption until original sub-application login information is obtained successfully.
In conclusion, data decryption is carried out according to the decryption interface, and the decrypted data is obtained, so that the data can be used, the data safety storage is realized, the correct data is obtained, and the safety and the effectiveness of the permission verification data are improved.
It should be understood that, in order to make the security of the target interface verification higher, the interface password may be generated by combining the unique user identifier with a random number string generated by a tool for randomly generating characters, such as a character device, where the number of bits of the random number string is not specifically limited and may be 3 bits, 6 bits, 8 bits, etc., and the unique user identifier may not be specifically limited and may be a user identity number, a user account number, a user password, etc., so that, in order to successfully obtain the sub-application login information related to the user, the sub-application login information related to the user needs to be obtained according to the user information. Thus, to solve the above-mentioned problems, the present application provides a way of combining passwords.
Optionally, generating a character string by a character device, and forming an interface password by the character string and the user identification code; the target interface successfully verifies the interface password and obtains a user identity identification code in the interface password; and successfully acquiring the sub-application login information by using the user identity identification code.
Specifically, the character device refers to a tool, a platform or an application capable of automatically and randomly generating character strings; the character string refers to a multi-bit number or character generated by a character generator, wherein the multi-bit may be 3 bits, 4 bits, 5 bits, 6 bits, which is not particularly limited in this application; the user identity identification code refers to a character string capable of identifying the user identity, and can be a user identity card number, a user account number or other character strings capable of identifying the user identity.
Illustratively, the character generator 23451 is configured with the user id aw1_24 to generate aw1_2423451, and the aw1_2423451 generated is parsed to obtain the user id aw1_24 through the aw1_2423451 successfully passing through the target interface verification, so as to obtain the sub-application login information corresponding to the aw1_24 in the storage area.
In sum, the authentication password is formed by the user identification code and the random characters, so that the security of the permission checking data is ensured, the identification can be performed, the sub-application login information related to the user is automatically acquired in the storage area by the user identification code, the sub-application permission checking is automatically performed, the permission checking security is improved, and better login experience is provided for the user.
It should be understood that, in order to make the target interface smoothly access the sub-application, the sub-application needs to be modified, in order to keep the original verification mode of the sub-application through less modification, increase the security of authority verification, and simultaneously realize that the user-specified mode is met, and improve the expandability and application range of the sub-application, an instruction modification mode is set in the embodiment of the present application.
Optionally, modifying the sub-application source code according to a preset instruction to obtain a sub-application interception program; and accessing a target interface in the sub-application by utilizing the sub-application interception program.
Specifically, the sub-application source code is a program code that constitutes a sub-application, so that the sub-application can run the used program, and the sub-application interception program is an application program that can intercept the specified information.
By way of example, modifying the sub-application source code by a preset code instruction, intercepting the appointed information at an appointed time, and processing the appointed information through the target interface to obtain target information.
In summary, the preset instruction can be accessed to the target interface at the appointed time, so that the appointed information can be acquired at the appointed time according to the actual requirement, the information is processed, the sub-application permission verification is helped to exclude most unsafe information, the interference factors and the dangerous factors of the sub-application permission verification are reduced, the appointed information is intercepted and sent to the target interface for processing, the sub-application can meet the appointed verification requirement of a user, the original verification of the sub-application is reserved, and the safety, the expandability and the application range of the sub-application verification are improved.
It should be understood that when the interface password is obtained to perform target interface verification, there is a verification failure, and in order to improve the login efficiency of the user, in this embodiment of the present application, a mode of re-obtaining the interface password is set.
Optionally, the target interface fails to verify the interface password, obtains the interface password, and the target interface successfully verifies the interface password, obtains the sub-application login information, and uses the sub-application login information as the permission judgment of the sub-application jump request.
In summary, according to the mode of re-acquiring the interface password, under the condition that the target interface is verified differently, sub-application information acquisition is not performed, sub-application permission verification is not performed, malicious sub-application permission login is avoided, the problem that the sub-application is successfully logged in by continuously performing wrong login through a program or other modes under the condition that sub-application login information is not known is avoided, and the sub-application permission verification is safer and more reliable.
It should be understood that under the condition of successfully acquiring the sub-application login information, the problems of acquiring the password by account errors, acquiring the account by password errors and the like may also occur, and in order to avoid the problems of poor authority verification efficiency, resource waste and the like caused by program stop when verification errors occur, a jump mode is set in the embodiment of the application.
Optionally, if the sub-application login information passes through a sub-application jump request, obtaining a sub-application authority corresponding to the sub-application jump request, and jumping to the sub-application; and if the sub-application login information does not pass the sub-application jump request, executing to acquire an interface password, wherein the target interface successfully verifies the interface password, acquiring the sub-application login information, and the sub-application login information is used as the permission judgment of the sub-application jump request.
Specifically, the sub-application permission refers to a permission level of using the sub-application corresponding to the user; the sub-application jump request refers to a request or check for operating or using a sub-application, for example, a request for logging in the sub-application a and editing, etc., which is not particularly limited herein, and may be set according to actual requirements.
Fig. 3 is a flowchart of application login provided in this embodiment, as shown in fig. 3, after the obtained authentication account number and the obtained authentication password are failed to log in the sub-application, the interface password is obtained again, the two-factor authentication is performed again, the sub-application login information is obtained after the authentication, if the sub-application permission verification is passed, the permission corresponding to the sub-application is obtained, the sub-application can be used in the permission range by jumping to the sub-application, if the sub-application permission verification is failed, the interface password is obtained again, and the sub-application permission verification is obtained again until the sub-application permission verification is passed.
In conclusion, through the jump mode, the authority verification efficiency is improved, and the resource waste is reduced.
It should be understood that the sub-application login information may be set as combined information of an account number and a password.
Optionally, sub-application login information including an authentication account number and an authentication password is obtained.
Specifically, the authentication account refers to an account for logging in a sub-platform or a sub-application, and the account can be used for identifying the identity of a user and has uniqueness; the authentication password refers to a password for logging into the sub-platform or the sub-application.
Illustratively, the management platform A integrates the sub-applications W, and the user A uses AW1_24 and the user password according to the user account: 1325-7 log in the management platform a, automatically generate the authentication account 123 and the authentication password 456 for logging in the sub-application W, and combine the authentication account and the authentication password into sub-application login information to be stored in the storage area. The authentication account number may be the same as the user account number, or may be generated according to user identity information to identify a unique user.
In addition, the authentication account number and the authentication password can form sub-application login information in a specified combination mode, and the sub-application login information is stored as one piece of information, so that the data information is safer and not easy to crack, and the data information can be stored as independent information, is not particularly limited, and can be set according to the security requirement level.
In summary, in the present application, through a management platform of a login integration sub-platform, sub-application login information of the login sub-platform is generated, the sub-application login information is stored in a storage area, a preset instruction is executed, a target interface verification mode is inserted, an interface password is obtained, the interface password is successfully verified through a target interface, the sub-application login information stored in the storage area is obtained, and the sub-platform is logged in through the obtained sub-application login information. The interface password is randomly acquired through the character device, the generated interface password is successfully verified through the target interface, the security of verification of the permission of the sub-platform is improved, the specific verification requirement is met through access to the target interface, the sub-application expansibility is good, the application range is wide, and the security of logging in the sub-platform is ensured through automatically generating the authentication account number and the authentication password and automatically acquiring the authentication account number and the authentication password.
Fig. 4 is a flowchart of another rights management provided in the embodiment of the present application, where the execution subject of the method may be the electronic device described above, but is not limited thereto, and as shown in fig. 4, the method includes the following steps:
s401: and acquiring the sub-application login information containing the authentication account number and the authentication password, encrypting the sub-application login information, and storing the encrypted sub-application login information into a storage area.
S402: modifying the sub-application source code according to a preset instruction to obtain a sub-application interception program, and accessing a target interface in the sub-application by using the sub-application interception program.
S403: and generating a character string by a character device, and combining the character string and the user identification code into an interface password.
S404: and the target interface successfully verifies the interface password and acquires the user identity identification code in the interface password.
S405: and successfully acquiring the sub-application login information by using the user identity identification code, and decrypting the encrypted sub-application login information.
S406: and if the sub-application login information passes through the sub-application jump request, acquiring sub-application permission corresponding to the sub-application jump request, and jumping to the sub-application.
S407: and if the sub-application login information does not pass the sub-application jump request, executing to acquire the interface password, and successfully verifying the interface password by the target interface to acquire the sub-application login information, wherein the sub-application login information is used as the authority judgment of the sub-application jump request.
It should be noted that, in this embodiment, all the embodiments are combined, and the explanation of each step may refer to the above, which is not repeated in this application.
Fig. 5 is a schematic diagram of a rights management apparatus 500 according to an embodiment of the present application, as shown in fig. 5, the apparatus 500 includes:
a saving module 501, configured to obtain sub-application login information, and save the sub-application login information to a storage area;
an access module 503, for accessing a target interface in the sub-application according to a preset instruction;
the obtaining module 505 is configured to obtain an interface password, and the target interface verifies the interface password successfully, and obtains the sub-application login information;
and the judging module 507 is configured to use the sub-application login information as permission judgment of the sub-application jump request.
Optionally, the saving module 501 is specifically configured to: encrypting the sub-application login information, and storing the encrypted sub-application login information into a storage area; the obtaining the sub-application login information includes: and acquiring the encrypted sub-application login information, decrypting the encrypted sub-application login information, and acquiring the sub-application login information.
Optionally, the saving module 501 is specifically configured to: and acquiring the sub-application login information containing the authentication account number and the authentication password.
Optionally, the access module 503 is specifically configured to: modifying the sub-application source code according to a preset instruction to obtain a sub-application interception program; and accessing a target interface in the sub-application by utilizing the sub-application interception program.
Optionally, the obtaining module 505 is specifically configured to: generating a character string through a character device, and forming an interface password by the character string and a user identification code; the target interface successfully verifies the interface password and obtains a user identity identification code in the interface password; and successfully acquiring the sub-application login information by using the user identity identification code.
Optionally, the judging module 507 is specifically configured to: if the sub-application login information passes through a sub-application jump request, obtaining sub-application permission corresponding to the sub-application jump request, and jumping to the sub-application; and if the sub-application login information does not pass the sub-application jump request, executing to acquire an interface password, wherein the target interface successfully verifies the interface password, acquiring the sub-application login information, and the sub-application login information is used as the permission judgment of the sub-application jump request.
The login failure module 509 is specifically configured to perform obtaining an interface password when the target interface fails to verify the interface password, and the target interface successfully verifies the interface password, obtain the sub-application login information, and use the sub-application login information as permission judgment of a sub-application skip request.
It should be understood that apparatus embodiments and method embodiments may correspond with each other and that similar descriptions may refer to the method embodiments. To avoid repetition, no further description is provided here. Specifically, the apparatus 500 shown in fig. 5 may perform the above-described method embodiments, and the foregoing and other operations and/or functions of each module in the apparatus 500 are respectively for implementing corresponding flows in each method, which are not repeated herein for brevity.
The apparatus 500 of the embodiments of the present application is described above in terms of functional modules in connection with the accompanying drawings. It should be understood that the functional module may be implemented in hardware, or may be implemented by instructions in software, or may be implemented by a combination of hardware and software modules. Specifically, each step of the method embodiments in the embodiments of the present application may be implemented by an integrated logic circuit of hardware in a processor and/or an instruction in software form, and the steps of the method disclosed in connection with the embodiments of the present application may be directly implemented as a hardware decoding processor or implemented by a combination of hardware and software modules in the decoding processor. Alternatively, the software modules may be located in a well-established storage medium in the art such as random access memory, flash memory, read-only memory, programmable read-only memory, electrically erasable programmable memory, registers, and the like. The storage medium is located in a memory, and the processor reads information in the memory, and in combination with hardware, performs the steps in the above method embodiments.
Fig. 6 is a schematic block diagram of an electronic device 600 provided by an embodiment of the present application.
As shown in fig. 6, the electronic device 600 may include:
a memory 610 and a processor 620, the memory 610 being adapted to store a computer program and to transfer the program code to the processor 620. In other words, the processor 620 may call and run a computer program from the memory 610 to implement the methods in embodiments of the present application.
For example, the processor 620 may be configured to perform the method embodiments described above in accordance with instructions in the computer program.
In some embodiments of the present application, the processor 620 may include, but is not limited to:
a general purpose processor, digital signal processor (Digital Signal Processor, DSP), application specific integrated circuit (Application Specific Integrated Circuit, ASIC), field programmable gate array (Field Programmable Gate Array, FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components, or the like.
In some embodiments of the present application, the memory 610 includes, but is not limited to:
volatile memory and/or nonvolatile memory. The nonvolatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable EPROM (EEPROM), or a flash Memory. The volatile memory may be random access memory (Random Access Memory, RAM) which acts as an external cache. By way of example, and not limitation, many forms of RAM are available, such as Static RAM (SRAM), external RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate Synchronous DRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), and Direct memory bus RAM (DR RAM).
In some embodiments of the present application, the computer program may be partitioned into one or more modules that are stored in the memory 610 and executed by the processor 620 to perform the methods provided herein. The one or more modules may be a series of computer program instruction segments capable of performing the specified functions, which are used to describe the execution of the computer program in the electronic device.
As shown in fig. 6, the electronic device may further include:
a transceiver 630, the transceiver 630 being connectable to the processor 620 or the memory 610.
The processor 620 may control the transceiver 630 to communicate with other devices, and in particular, may send information or data to other devices or receive information or data sent by other devices. Transceiver 630 may include a transmitter and a receiver. Transceiver 630 may further include antennas, the number of which may be one or more.
It will be appreciated that the various components in the electronic device are connected by a bus system that includes, in addition to a data bus, a power bus, a control bus, and a status signal bus.
The present application also provides a computer storage medium having stored thereon a computer program which, when executed by a computer, enables the computer to perform the method of the above-described method embodiments. Alternatively, embodiments of the present application also provide a computer program product comprising instructions which, when executed by a computer, cause the computer to perform the method of the method embodiments described above.
When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, produces, in whole or in part, a flow or function consistent with embodiments of the present application. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital subscriber line (digital subscriber line, DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., a floppy disk, a hard disk, a magnetic tape), an optical medium (e.g., a digital video disc (digital video disc, DVD)), or a semiconductor medium (e.g., a Solid State Disk (SSD)), or the like.
Those of ordinary skill in the art will appreciate that the various illustrative modules and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
Claims (10)
1. A rights management method, comprising:
acquiring sub-application login information, and storing the sub-application login information into a storage area;
accessing a target interface in the sub-application according to a preset instruction;
obtaining an interface password, wherein the target interface successfully verifies the interface password and obtains the sub-application login information;
and taking the sub-application login information as the permission judgment of the sub-application jump request.
2. The method of claim 1, wherein the saving the child application login information to a storage area comprises:
encrypting the sub-application login information, and storing the encrypted sub-application login information into a storage area;
the obtaining the sub-application login information includes:
and acquiring the encrypted sub-application login information, decrypting the encrypted sub-application login information, and acquiring the sub-application login information.
3. The method according to claim 1, wherein said utilizing the sub-application login information as a permission judgment of a sub-application jump request comprises:
if the sub-application login information passes through a sub-application jump request, obtaining sub-application permission corresponding to the sub-application jump request, and jumping to the sub-application;
and if the sub-application login information does not pass the sub-application jump request, executing to acquire an interface password, wherein the target interface successfully verifies the interface password, acquiring the sub-application login information, and the sub-application login information is used as the permission judgment of the sub-application jump request.
4. The method of claim 1, wherein the obtaining the interface password, the target interface successfully verifies the interface password, and the obtaining the sub-application login information comprises:
generating a character string through a character device, and forming an interface password by the character string and a user identification code;
the target interface successfully verifies the interface password and obtains a user identity identification code in the interface password;
and successfully acquiring the sub-application login information by using the user identity identification code.
5. The method according to any one of claims 1 to 4, wherein accessing a target interface in the sub-application according to a preset instruction comprises:
modifying the sub-application source code according to a preset instruction to obtain a sub-application interception program;
and accessing a target interface in the sub-application by utilizing the sub-application interception program.
6. The method as recited in claim 1, further comprising:
and the target interface fails to verify the interface password, executes the acquisition of the interface password, successfully verifies the interface password, acquires the sub-application login information and uses the sub-application login information as the permission judgment of the sub-application jump request.
7. The method according to any one of claims 1 to 4 or 6, wherein the obtaining sub-application login information comprises:
and acquiring the sub-application login information containing the authentication account number and the authentication password.
8. A rights management unit, comprising:
the storage module is used for acquiring the sub-application login information and storing the sub-application login information into a storage area;
the access module is used for accessing a target interface in the sub-application according to a preset instruction;
the acquisition module is used for acquiring an interface password, the target interface successfully verifies the interface password and acquires the sub-application login information;
and the judging module is used for judging the authority of the sub-application jump request by utilizing the sub-application login information.
9. An electronic device, comprising:
a processor and a memory for storing a computer program, the processor being for invoking and running the computer program stored in the memory to perform the method of any of claims 1 to 8.
10. A computer readable storage medium storing a computer program for causing a computer to perform the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311340382.8A CN117744046A (en) | 2023-10-16 | 2023-10-16 | Rights management method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311340382.8A CN117744046A (en) | 2023-10-16 | 2023-10-16 | Rights management method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117744046A true CN117744046A (en) | 2024-03-22 |
Family
ID=90276482
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311340382.8A Pending CN117744046A (en) | 2023-10-16 | 2023-10-16 | Rights management method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117744046A (en) |
-
2023
- 2023-10-16 CN CN202311340382.8A patent/CN117744046A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11689516B2 (en) | Application program as key for authorizing access to resources | |
| US10462121B2 (en) | Technologies for authentication and single-sign-on using device security assertions | |
| US10949526B2 (en) | User device authentication | |
| AU2016238935B2 (en) | Secondary device as key for authorizing access to resources | |
| CN107122674B (en) | Access method of oracle database applied to operation and maintenance auditing system | |
| CN103843303A (en) | Management control method, device and system for virtual machine | |
| CN114553540B (en) | Zero trust-based Internet of things system, data access method, device and medium | |
| KR20200013764A (en) | Method for mutual symmetric authentication between first application and second application | |
| CN107040501B (en) | Authentication method and device based on platform as a service | |
| CN105187369A (en) | Data access method and data access device | |
| CN114844644A (en) | Resource request method, device, electronic equipment and storage medium | |
| CN114125027A (en) | Communication establishing method and device, electronic equipment and storage medium | |
| CN109474431B (en) | Client authentication method and computer readable storage medium | |
| CN112637167A (en) | System login method and device, computer equipment and storage medium | |
| CN116996305A (en) | Multi-level security authentication method, system, equipment, storage medium and entry gateway | |
| CN103559430A (en) | Application account management method and device based on android system | |
| CN108600266B (en) | Statement filtering authentication method and system | |
| CN112312392B (en) | Data acquisition method, system and storage medium suitable for mobile equipment | |
| CN117744046A (en) | Rights management method, device, equipment and storage medium | |
| US11977620B2 (en) | Attestation of application identity for inter-app communications | |
| CN115190483B (en) | Method and device for accessing network | |
| CN114398625A (en) | Terminal authentication method and device, terminal equipment and storage medium | |
| CN115834234A (en) | Network access method, network connection system and storage medium | |
| CN116886432A (en) | Intranet access method and terminal equipment | |
| CN116743460A (en) | Data exchange isolation method, system, equipment and storage medium for internal and external network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |