CN117978855A - User operation termination method, device, server and storage medium - Google Patents

User operation termination method, device, server and storage medium Download PDF

Info

Publication number
CN117978855A
CN117978855A CN202311719831.XA CN202311719831A CN117978855A CN 117978855 A CN117978855 A CN 117978855A CN 202311719831 A CN202311719831 A CN 202311719831A CN 117978855 A CN117978855 A CN 117978855A
Authority
CN
China
Prior art keywords
identity information
user
interception
service
user identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311719831.XA
Other languages
Chinese (zh)
Inventor
张洺棋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN202311719831.XA priority Critical patent/CN117978855A/en
Publication of CN117978855A publication Critical patent/CN117978855A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/1396Protocols specially adapted for monitoring users' activity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Telephonic Communication Services (AREA)

Abstract

本发明提供一种用户操作终止方法、装置、服务器及存储介质,该方法包括:监听用户在分布式系统中操作触发的服务调用,为服务调用创建调用链上下文对象;将用户身份信息保存在调用链上下文对象中;获取用户身份信息,拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围;在服务被正式调用之前,获取调用链上下文对象,从调用链上下文对象中提取用户身份信息,判断用户身份信息是否在拦截身份信息范围内;若判定用户身份信息不在拦截身份信息范围内,则继续服务调用;若判定用户身份信息在拦截身份信息范围内,则终止服务调用。实现了即时终止分布式系统后台流转中的服务调用。

The present invention provides a user operation termination method, device, server and storage medium, the method comprising: monitoring the service call triggered by the user operation in the distributed system, creating a call chain context object for the service call; saving the user identity information in the call chain context object; obtaining the user identity information, intercepting the service call being executed triggered by the user identity information, and generating the interception identity information range; before the service is formally called, obtaining the call chain context object, extracting the user identity information from the call chain context object, and judging whether the user identity information is within the interception identity information range; if it is judged that the user identity information is not within the interception identity information range, continuing the service call; if it is judged that the user identity information is within the interception identity information range, terminating the service call. The instant termination of the service call in the background flow of the distributed system is realized.

Description

用户操作终止方法、装置、服务器及存储介质User operation termination method, device, server and storage medium

技术领域Technical Field

本发明涉及计算机技术领域,尤其涉及一种用户操作终止方法、装置、服务器及存储介质。The present invention relates to the field of computer technology, and in particular to a user operation termination method, device, server and storage medium.

背景技术Background technique

分布式系统是其组件分布在联通的计算机上,组件之间通过消息传递进行通信和动作协调的系统。分布式系统的定义引出了分布式系统的以下重要特征:组件的并发性、缺乏全局时钟和组件故障的独立性等。A distributed system is a system whose components are distributed across connected computers and communicate and coordinate actions through message passing. The definition of a distributed system introduces the following important characteristics of a distributed system: concurrency of components, lack of a global clock, and independence of component failures.

现有技术中的适用于分布式系统的用户操作终止方法通常是基于Web会话管理框架,对指定用户在分布式系统后台的Web会话实例进行删除或禁用,这样用户下一次操作会因会话验证失败而终止。The user operation termination method applicable to the distributed system in the prior art is usually based on the Web session management framework to delete or disable the Web session instance of the specified user in the distributed system background, so that the user's next operation will be terminated due to session verification failure.

但是,现有技术中的适用于分布式系统的用户操作终止方法存在如下缺点:只能终止用户的下一次操作,不能够立即终止还在分布式系统后台流转中的服务调用。However, the user operation termination method applicable to the distributed system in the prior art has the following disadvantages: it can only terminate the next operation of the user, and cannot immediately terminate the service call that is still circulating in the background of the distributed system.

发明内容Summary of the invention

本发明提供一种用户操作终止方法、装置、服务器及存储介质,以解决现有技术中存在的适用于分布式系统的用户操作终止方法只能终止用户的下一次操作,不能够立即终止还在分布式系统后台流转中的服务调用的问题。The present invention provides a user operation termination method, device, server and storage medium to solve the problem in the prior art that the user operation termination method applicable to a distributed system can only terminate the user's next operation but cannot immediately terminate the service call that is still circulating in the background of the distributed system.

第一方面,本发明提供一种用户操作终止方法,包括:In a first aspect, the present invention provides a user operation termination method, comprising:

监听用户在分布式系统中操作触发的服务调用,为所述服务调用创建调用链上下文对象;Monitor the service calls triggered by user operations in the distributed system, and create a call chain context object for the service calls;

将用户身份信息保存在所述调用链上下文对象中,以使所述用户身份信息在分布式调用链上保持传递;The user identity information is stored in the call chain context object, so that the user identity information is kept transmitted on the distributed call chain;

获取用户身份信息,拦截所述用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围;Obtaining user identity information, intercepting the executing service call triggered by the user identity information, and generating an interception identity information range;

在服务被正式调用之前,获取所述调用链上下文对象,从所述调用链上下文对象中提取所述用户身份信息,判断所述用户身份信息是否在所述拦截身份信息范围内;Before the service is formally called, the call chain context object is obtained, the user identity information is extracted from the call chain context object, and it is determined whether the user identity information is within the scope of the intercepted identity information;

若判定所述用户身份信息不在拦截身份信息范围内,则继续所述服务调用;If it is determined that the user identity information is not within the intercepted identity information range, continue the service call;

若判定所述用户身份信息在所述拦截身份信息范围内,则终止所述服务调用,并生成异常信号和拦截明细;If it is determined that the user identity information is within the interception identity information range, the service call is terminated, and an abnormal signal and interception details are generated;

接收所述异常信号和所述拦截明细,其中,所述拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。The abnormal signal and the interception details are received, wherein the interception details include user identity information, interception time, and terminated service call.

在一种可能的设计中,所述监听用户操作触发的服务调用之前,还包括:接收用户的登录身份认证信息,根据所述登录身份认证信息生成经过加密处理的字符串;根据所述字符串验证用户的身份,若验证通过,则执行所述用户操作触发服务调用;若验证不通过,则发送验证未通过的通知至用户端。In a possible design, before monitoring the service call triggered by the user operation, it also includes: receiving the user's login identity authentication information, generating an encrypted string based on the login identity authentication information; verifying the user's identity based on the string, if the verification passes, executing the user operation to trigger the service call; if the verification fails, sending a notification of verification failure to the user end.

在一种可能的设计中,所述监听用户操作触发的服务调用之后,还包括:获取用户的请求头字段;根据所述请求头字段解密得到用户身份信息。In a possible design, after monitoring the service call triggered by the user operation, it also includes: obtaining the user's request header field; and decrypting the request header field to obtain the user identity information.

在一种可能的设计中,所述获取用户身份信息,拦截所述用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围,包括:获取用户身份信息;发送拦截指令,对所述拦截指令进行广播;根据所述拦截指令拦截所述用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围。In one possible design, the method of obtaining user identity information, intercepting the ongoing service call triggered by the user identity information, and generating an interception identity information range includes: obtaining user identity information; sending an interception instruction, and broadcasting the interception instruction; intercepting the ongoing service call triggered by the user identity information according to the interception instruction, and generating an interception identity information range.

在一种可能的设计中,所述获取用户身份信息,拦截所述用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围之后,还包括:在服务被调用之后,获取所述调用链上下文对象,从所述调用链上下文对象中提取所述用户身份信息,判断所述用户身份信息是否在所述拦截身份信息范围内;若判定所述用户身份信息不在拦截身份信息范围内,则返回服务处理结果;若判定所述用户身份信息在所述拦截身份信息范围内,则终止服务处理结果返回,并生成异常信号和拦截明细;接收所述异常信号和所述拦截明细,其中,所述拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。In one possible design, the method of obtaining user identity information, intercepting the ongoing service call triggered by the user identity information, and generating the interception identity information range further includes: after the service is called, obtaining the call chain context object, extracting the user identity information from the call chain context object, and determining whether the user identity information is within the interception identity information range; if it is determined that the user identity information is not within the interception identity information range, returning the service processing result; if it is determined that the user identity information is within the interception identity information range, terminating the return of the service processing result and generating an abnormal signal and an interception detail; receiving the abnormal signal and the interception detail, wherein the interception detail includes the user identity information, the interception time, and the terminated service call.

在一种可能的设计中,所述服务调用包括以下一种或多种:调用ajax接口、执行本地java方法、执行异步线程、发送异步消息、预定定时任务、调用远程服务、访问数据库。In one possible design, the service call includes one or more of the following: calling an ajax interface, executing a local java method, executing an asynchronous thread, sending an asynchronous message, scheduling a timed task, calling a remote service, and accessing a database.

第二方面,本发明提供一种用户操作终止装置,包括:监听模块,用于监听用户在分布式系统中操作触发的服务调用,为所述服务调用创建调用链上下文对象;保存模块,用于将用户身份信息保存在所述调用链上下文对象中,以使所述用户身份信息在分布式调用链上保持传递;拦截模块,用于获取用户身份信息,拦截所述用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围;提取模块,用于在服务被正式调用之前,获取所述调用链上下文对象,从所述调用链上下文对象中提取所述用户身份信息,判断所述用户身份信息是否在所述拦截身份信息范围内;服务调用模块,用于若判定所述用户身份信息不在拦截身份信息范围内,则继续所述服务调用;终止模块,用于若判定所述用户身份信息在所述拦截身份信息范围内,则终止所述服务调用,并生成异常信号和拦截明细;接收模块,用于接收所述异常信号和所述拦截明细,其中,所述拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。In a second aspect, the present invention provides a user operation termination device, comprising: a monitoring module, which is used to monitor service calls triggered by user operations in a distributed system and create a call chain context object for the service call; a saving module, which is used to save user identity information in the call chain context object so that the user identity information can be kept transmitted on the distributed call chain; an interception module, which is used to obtain user identity information, intercept the service call in execution triggered by the user identity information, and generate an interception identity information range; an extraction module, which is used to obtain the call chain context object before the service is formally called, extract the user identity information from the call chain context object, and determine whether the user identity information is within the interception identity information range; a service calling module, which is used to continue the service call if it is determined that the user identity information is not within the interception identity information range; a termination module, which is used to terminate the service call if it is determined that the user identity information is within the interception identity information range, and generate an abnormal signal and an interception detail; a receiving module, which is used to receive the abnormal signal and the interception detail, wherein the interception detail includes the user identity information, the interception time, and the terminated service call.

在一种可能的设计中,所述用户操作终止装置还包括:验证模块,用于接收用户的登录身份认证信息,根据所述登录身份认证信息生成经过加密处理的字符串;根据所述字符串验证用户的身份,若验证通过,则执行所述用户操作触发服务调用;若验证不通过,则发送验证未通过的通知至用户端。In a possible design, the user operation termination device also includes: a verification module, which is used to receive the user's login identity authentication information, and generate an encrypted string based on the login identity authentication information; verify the user's identity based on the string, and if the verification passes, execute the user operation to trigger the service call; if the verification fails, send a notification of verification failure to the user end.

第三方面,本发明提供一种服务器,包括:至少一个处理器和存储器;In a third aspect, the present invention provides a server, comprising: at least one processor and a memory;

所述存储器存储计算机执行指令;The memory stores computer-executable instructions;

所述至少一个处理器执行所述存储器存储的计算机执行指令,使得所述至少一个处理器执行如上第一方面以及第一方面各种可能的设计所述的用户操作终止方法。The at least one processor executes the computer-executable instructions stored in the memory, so that the at least one processor executes the user operation termination method described in the first aspect and various possible designs of the first aspect.

第四方面,本发明提供一种计算机存储介质,所述计算机存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现如上第一方面以及第一方面各种可能的设计所述的用户操作终止方法。In a fourth aspect, the present invention provides a computer storage medium, wherein the computer storage medium stores computer execution instructions. When a processor executes the computer execution instructions, the user operation termination method described in the first aspect and various possible designs of the first aspect is implemented.

本发明提供的用户操作终止方法、装置、服务器及存储介质,通过监听用户在分布式系统中操作触发的服务调用,为服务调用创建调用链上下文对象;将用户身份信息保存在调用链上下文对象中,以使用户身份信息在分布式调用链上保持传递;获取用户身份信息,拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围;在服务被正式调用之前,获取调用链上下文对象,从调用链上下文对象中提取用户身份信息,若判定用户身份信息不在拦截身份信息范围内,则继续服务调用;若判定用户身份信息在拦截身份信息范围内,则终止服务调用,并生成异常信号和拦截明细;接收异常信号和拦截明细,其中,拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用,实现了可以即时终止分布式系统后台流转中的服务调用。The user operation termination method, device, server and storage medium provided by the present invention monitor the service call triggered by the user operation in the distributed system, create a call chain context object for the service call; save the user identity information in the call chain context object so that the user identity information can be kept transmitted on the distributed call chain; obtain the user identity information, intercept the service call in progress triggered by the user identity information, and generate an interception identity information range; before the service is formally called, obtain the call chain context object, extract the user identity information from the call chain context object, if it is determined that the user identity information is not within the interception identity information range, continue the service call; if it is determined that the user identity information is within the interception identity information range, terminate the service call, and generate an abnormal signal and interception details; receive the abnormal signal and interception details, wherein the interception details include the user identity information, the interception time and the terminated service call, so as to realize the instant termination of the service call in the background flow of the distributed system.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following briefly introduces the drawings required for use in the embodiments or the description of the prior art. Obviously, the drawings described below are some embodiments of the present invention. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative labor.

图1为本发明实施例提供的用户操作终止方法流程示意图一;FIG1 is a schematic diagram of a first flow chart of a method for terminating a user operation provided by an embodiment of the present invention;

图2为本发明实施例提供的用户操作终止方法流程示意图二;FIG2 is a second flow chart of a method for terminating a user operation provided by an embodiment of the present invention;

图3为本发明实施例提供的用户操作终止方法流程示意图三;FIG3 is a schematic diagram of a third flow chart of a method for terminating a user operation provided by an embodiment of the present invention;

图4为本发明实施例提供的用户操作终止装置的结构示意图;FIG4 is a schematic diagram of the structure of a user operation termination device provided by an embodiment of the present invention;

图5为本发明实施例提供的服务器的硬件结构示意图。FIG. 5 is a schematic diagram of the hardware structure of a server provided in an embodiment of the present invention.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solution and advantages of the embodiments of the present invention clearer, the technical solution in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments are part of the embodiments of the present invention, not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by ordinary technicians in this field without creative work are within the scope of protection of the present invention.

需要说明的是,本发明所涉及的用户信息(包括但不限于用户设备信息、用户个人信息等)和数据(包括但不限于用于分析的数据、存储的数据、展示的数据等),均为经用户授权或者经过各方充分授权的信息和数据,并且相关数据的收集、使用和处理需要遵守相关法律法规和标准,并提供有相应的操作入口,供用户选择授权或者拒绝。It should be noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data used for analysis, stored data, displayed data, etc.) involved in the present invention are all information and data authorized by the user or fully authorized by all parties, and the collection, use and processing of relevant data must comply with relevant laws, regulations and standards, and corresponding operation entrances shall be provided for users to choose to authorize or refuse.

分布式系统是其组件分布在联通的计算机上,组件之间通过消息传递进行通信和动作协调的系统。分布式系统的定义引出了分布式系统的以下重要特征:组件的并发性、缺乏全局时钟和组件故障的独立性等。现有技术中的适用于分布式系统的用户操作终止方法通常是基于Web会话管理框架,对指定用户在分布式系统后台的Web会话实例进行删除或禁用,这样用户下一次操作会因会话验证失败而终止。但是,现有技术中的适用于分布式系统的用户操作终止方法存在如下缺点:只能终止用户的下一次操作,不能够立即终止还在分布式系统后台流转中的服务调用。并且现有的方法还有代码入侵性,基于会话管理框架的实现方案需要会话管理框架选型,有针对性的改造代码扩展功能。此外还存在处理层面单一的问题,因为是通过禁用Web会话实现,只适用于网页操作,不适用于异步消息、远程服务调用等场景。A distributed system is a system whose components are distributed on connected computers, and the components communicate and coordinate actions through message passing. The definition of a distributed system introduces the following important features of a distributed system: concurrency of components, lack of global clocks, and independence of component failures. The user operation termination method applicable to a distributed system in the prior art is usually based on a Web session management framework, which deletes or disables the Web session instance of a specified user in the background of the distributed system, so that the user's next operation will be terminated due to session verification failure. However, the user operation termination method applicable to a distributed system in the prior art has the following disadvantages: it can only terminate the user's next operation, and cannot immediately terminate the service call that is still circulating in the background of the distributed system. In addition, the existing method is code-invasive, and the implementation scheme based on the session management framework requires the selection of the session management framework and targeted transformation of the code extension function. In addition, there is also the problem of a single processing level, because it is implemented by disabling the Web session, which is only applicable to web page operations, and is not applicable to scenarios such as asynchronous messages and remote service calls.

为了解决上述技术问题,本发明实施例提出以下发明构思:通过监听用户在分布式系统中操作触发的服务调用,将用户身份信息保存在调用链上下文对象中,获取用户身份信息并判定用户身份信息是否在拦截身份信息范围内,若是则终止服务调用,以实现分布式系统的用户操作终止。In order to solve the above technical problems, an embodiment of the present invention proposes the following inventive concept: by monitoring the service calls triggered by user operations in a distributed system, the user identity information is saved in the call chain context object, the user identity information is obtained and it is determined whether the user identity information is within the intercepted identity information range. If so, the service call is terminated to realize the termination of user operations in the distributed system.

图1为本发明实施例提供的用户操作终止方法流程示意图一,本实施例的执行主体可以为服务器,本实施例此处不做特别限制。如图1所示,该方法包括:FIG1 is a flow chart of a method for terminating a user operation provided by an embodiment of the present invention. The execution subject of this embodiment may be a server, and this embodiment is not particularly limited here. As shown in FIG1 , the method includes:

S101:监听用户在分布式系统中操作触发的服务调用,为服务调用创建调用链上下文对象。S101: Monitor the service call triggered by the user's operation in the distributed system, and create a call chain context object for the service call.

本实施例中,监听用户操作触发的服务调用之前,还包括以下步骤:接收用户的登录身份认证信息,根据登录身份认证信息生成经过加密处理的字符串;根据字符串验证用户的身份,若验证通过,则执行用户操作触发服务调用;若验证不通过,则发送验证未通过的通知至用户端。In this embodiment, before monitoring the service call triggered by the user operation, the following steps are also included: receiving the user's login identity authentication information, and generating an encrypted string based on the login identity authentication information; verifying the user's identity based on the string, and if the verification passes, executing the user operation to trigger the service call; if the verification fails, sending a notification of verification failure to the user end.

具体地,用户访问分布式系统时首先要进行登录身份认证,登录身份认证的方式可以为:接收用户的登录身份认证信息,根据登录身份认证信息生成一个经过加密处理的token字符串,后续用户每次操作都会把该token字符串传递给后台ajax接口,用以表明自己的身份。后台ajax接口接收token字符串后根据该token字符串验证用户的身份,如果验证通过,则用户登录进入分布式系统并通过操作触发服务调用;如果验证不通过,则用户无法登录分布式系统,可以发送验证不通过的通知给用户端,以提醒用户登录失败。Specifically, when a user accesses a distributed system, he or she must first perform login authentication. The login authentication method can be: receiving the user's login authentication information, generating an encrypted token string based on the login authentication information, and then passing the token string to the background ajax interface for each subsequent operation to indicate his or her identity. After receiving the token string, the background ajax interface verifies the user's identity based on the token string. If the verification is successful, the user logs in to the distributed system and triggers a service call through the operation; if the verification fails, the user cannot log in to the distributed system, and a notification of failed verification can be sent to the user end to remind the user of the login failure.

本实施例中,监听用户操作触发的服务调用之后,还包括以下步骤:获取用户的请求头字段;根据请求头字段解密得到用户身份信息。In this embodiment, after monitoring the service call triggered by the user operation, the following steps are also included: obtaining the user's request header field; and decrypting the request header field to obtain the user identity information.

具体地,用户的请求头字段可以为:header.token.staffNo或者service.param.staffNo|service.name=com.xxx.order.Create。监听到用户操作触发的服务调用之后,根据用户的请求头字段解密出用户身份信息。本实施例中用户身份信息可以是工号编码,工号编码的属性名是staffNo。Specifically, the user's request header field may be: header.token.staffNo or service.param.staffNo|service.name=com.xxx.order.Create. After monitoring the service call triggered by the user operation, the user identity information is decrypted according to the user's request header field. In this embodiment, the user identity information may be a staff number code, and the attribute name of the staff number code is staffNo.

本实施例中,服务调用包括以下一种或多种:调用ajax接口、执行本地java方法、执行异步线程、发送异步消息、预定定时任务、调用远程服务、访问数据库。In this embodiment, the service call includes one or more of the following: calling an ajax interface, executing a local java method, executing an asynchronous thread, sending an asynchronous message, scheduling a timed task, calling a remote service, and accessing a database.

本实施例中,监听用户操作触发的服务调用,为服务调用创建调用链上下文对象的具体步骤包括:In this embodiment, the specific steps of monitoring the service call triggered by the user operation and creating a call chain context object for the service call include:

调用链上下文传递模块监听到员工调用ajax接口时,先根据请求头字段token解密出员工身份信息,本实施例员工身份信息是工号编码,属性名是staffNo,调用链上下文传递模块为本次ajax调用创建一个调用链上下文对象,把工号编码保存到上下文对象里,除此之外上下文对象里还保存着调用链的唯一编号、调用链所经历的每个服务节点。本ajax接口里再涉及调用其他服务时会持续传递调用链上下文对象。When the call chain context transfer module monitors the employee calling the ajax interface, it first decrypts the employee identity information according to the request header field token. In this embodiment, the employee identity information is the employee number code, and the attribute name is staffNo. The call chain context transfer module creates a call chain context object for this ajax call and saves the employee number code in the context object. In addition, the context object also saves the unique number of the call chain and each service node that the call chain has passed through. When this ajax interface involves calling other services, the call chain context object will continue to be passed.

S102:将用户身份信息保存在调用链上下文对象中,以使用户身份信息在分布式调用链上保持传递。S102: Save the user identity information in the call chain context object, so that the user identity information can be transmitted on the distributed call chain.

本实施例中,将用户身份信息保存在调用链上下文对象,并且用户身份信息在分布式调用链上保持传递,可以方便后续需要对用户操作触发的服务调用进行是否需要拦截的判断时,从调用链上下文对象中获取用户身份信息。In this embodiment, the user identity information is saved in the call chain context object, and the user identity information is kept transmitted on the distributed call chain, which can facilitate the subsequent determination of whether the service call triggered by the user operation needs to be intercepted, and the user identity information can be obtained from the call chain context object.

具体地,调用链上下文对象中还保存有:分布式调用链的唯一编号、分布式调用链所经历的每个服务节点。分布式调用链的唯一编号可以用来区分和确认不同的分布式系统中不同的调用链,分布式调用链所经历的每个服务节点是用户操作触发的服务调用所包括的所有服务节点。Specifically, the call chain context object also stores: the unique number of the distributed call chain and each service node that the distributed call chain passes through. The unique number of the distributed call chain can be used to distinguish and confirm different call chains in different distributed systems. Each service node that the distributed call chain passes through is all service nodes included in the service call triggered by the user operation.

S103:获取用户身份信息,拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围。S103: Acquire user identity information, intercept the executing service call triggered by the user identity information, and generate an interception identity information range.

本实施例中,获取用户身份信息,拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围的具体步骤包括:In this embodiment, the specific steps of obtaining user identity information, intercepting the executing service call triggered by the user identity information, and generating the interception identity information range include:

获取用户身份信息;发送拦截指令,对拦截指令进行广播;根据拦截指令拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围。Obtain user identity information; send an interception instruction and broadcast the interception instruction; intercept the executing service call triggered by the user identity information according to the interception instruction, and generate an interception identity information range.

具体地,本实施例中获取用户身份信息,拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围的动作可以由拦截指令发送模块完成,拦截指令发送模块可以是一个带有图形化操作界面的Web工程。系统安全管控员进入拦截指令发送模块输入一个用户身份信息,如工号编码,拦截该工号编码触发的正在执行中的服务调用,并展示拦截明细。拦截指令发送模块会向所有拦截指令执行模块提供一个固定的连接端口,例如10.10.10.10:36770,当安全管控员要下发拦截指令时,会先获取与连接端口处于连接状态的拦截指令执行模块,通过连接端口进行广播发送:“KILL STAFF_NO 10010”,代表要拦截10010这个工号正在执行中的服务调用,持续等待拦截指令执行模块返回拦截结果列表并显示在页面上。Specifically, in this embodiment, the actions of obtaining user identity information, intercepting the service call being executed triggered by the user identity information, and generating the interception identity information range can be completed by the interception instruction sending module, and the interception instruction sending module can be a Web project with a graphical operation interface. The system security controller enters the interception instruction sending module and enters a user identity information, such as a work number code, to intercept the service call being executed triggered by the work number code, and display the interception details. The interception instruction sending module will provide a fixed connection port to all interception instruction execution modules, such as 10.10.10.10:36770. When the security controller wants to issue an interception instruction, it will first obtain the interception instruction execution module that is connected to the connection port, and broadcast it through the connection port: "KILL STAFF_NO 10010", which means that the service call being executed by the work number 10010 is to be intercepted, and the interception instruction execution module is continuously waiting to return the interception result list and display it on the page.

其中,Web工程是指基于网络来进行信息的获取和传递的工程。让用户在浏览器端进行信息的输入,然后传输到服务器进行处理得到用户想要的信息然后再返回到用户的浏览器端。Among them, Web engineering refers to engineering that acquires and transmits information based on the network, allowing users to input information on the browser side, which is then transmitted to the server for processing to obtain the information the user wants and then returned to the user's browser side.

S104:在服务被正式调用之前,获取调用链上下文对象,从调用链上下文对象中提取用户身份信息,判断用户身份信息是否在拦截身份信息范围内,若否,则执行步骤S105,若是,则执行步骤S106。S104: Before the service is formally called, obtain the call chain context object, extract the user identity information from the call chain context object, and determine whether the user identity information is within the intercepted identity information range. If not, execute step S105; if so, execute step S106.

本实施例中,该步骤可以由拦截指令执行模块来完成,拦截指令执行模块可以以java探针的形式部署在分布式系统的应用进程里,可以监听每个服务的调用行为。在服务被正式调用之前,由于调用链上下文对象中保存有用户身份信息,获取调用链上下文对象,可以从调用链上下文对象中获得到用户身份信息,通过判断用户身份信息是否在拦截身份信息范围内,可以判定该用户的操作触发的服务调用是否需要被拦截。In this embodiment, this step can be completed by an interception instruction execution module, which can be deployed in the application process of the distributed system in the form of a Java probe, and can monitor the calling behavior of each service. Before the service is formally called, since the call chain context object stores the user identity information, the call chain context object is obtained, and the user identity information can be obtained from the call chain context object. By judging whether the user identity information is within the interception identity information range, it can be determined whether the service call triggered by the user's operation needs to be intercepted.

S105:继续服务调用。S105: Continue service calling.

本实施例中,如果用户身份信息不在拦截身份信息范围内,说明该用户的操作触发的服务调用不需要被拦截,可以继续服务调用。In this embodiment, if the user identity information is not within the interception identity information range, it means that the service call triggered by the user's operation does not need to be intercepted, and the service call can continue.

S106:终止服务调用,并生成异常信号和拦截明细。S106: Terminate the service call and generate an abnormal signal and interception details.

本实施例中,如果用户身份信息在拦截身份信息范围内,说明该用户的操作触发的服务调用需要被拦截,因此终止服务调用,并向上层方法抛出exception异常信号,异常描述为“staff forbidden”,最后使用http协议上报本次拦截明细,包括用户身份信息如工号编码、拦截时间、被终止的服务调用。程序在运行过程中发生的意外情况,称之为异常,异常是一种信号,用于调用者传递信息,表示程序发生了意外情况。程序运行时一旦出现了异常,将会导致程序立即终止,异常之后的代码都无法继续执行,那么为了保持程序有一个健壮的体系,不会因为一点小错误而终止,就需要对异常进行处理,例如可以采用异常处理机制进行处理。In this embodiment, if the user identity information is within the interception identity information range, it means that the service call triggered by the user's operation needs to be intercepted, so the service call is terminated, and an exception signal is thrown to the upper-level method, and the exception is described as "staff forbidden". Finally, the HTTP protocol is used to report the details of this interception, including user identity information such as work number code, interception time, and terminated service call. An unexpected situation that occurs during the operation of a program is called an exception. An exception is a signal used by the caller to convey information, indicating that an unexpected situation has occurred in the program. Once an exception occurs during program operation, the program will terminate immediately, and the code after the exception cannot continue to execute. In order to maintain a robust system for the program and not terminate due to a small error, the exception needs to be handled, for example, an exception handling mechanism can be used to handle it.

具体地,拦截身份信息范围可以在拦截指令执行模块本地内存和磁盘上同步保存的,拦截指令执行模块接收到拦截指令后,先装载至内存里使用,并在后台做异步磁盘写入以防止模块重载时丢失拦截身份信息范围数据。Specifically, the interception identity information range can be saved synchronously in the local memory and disk of the interception instruction execution module. After the interception instruction execution module receives the interception instruction, it is first loaded into the memory for use, and asynchronous disk writing is performed in the background to prevent the loss of the interception identity information range data when the module is reloaded.

S107:接收异常信号和拦截明细,其中,拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。S107: receiving an abnormal signal and interception details, wherein the interception details include user identity information, interception time, and terminated service call.

本实施例中,拦截明细中的用户身份信息、拦截时间以及被终止的服务调用可以用于后续对于用户操作的复盘。In this embodiment, the user identity information, interception time, and terminated service call in the interception details can be used for subsequent review of the user operation.

综上,本实施例提供的用户操作终止方法,通过监听用户在分布式系统中操作触发的服务调用,为服务调用创建调用链上下文对象;将用户身份信息保存在调用链上下文对象中,以使用户身份信息在分布式调用链上保持传递;获取用户身份信息,拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围;在服务被正式调用之前,获取调用链上下文对象,从调用链上下文对象中提取用户身份信息,若判定用户身份信息不在拦截身份信息范围内,则继续服务调用;若判定用户身份信息在拦截身份信息范围内,则终止服务调用,并生成异常信号和拦截明细;接收异常信号和拦截明细,其中,拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用,实现了可以即时终止分布式系统后台流转中的服务调用。In summary, the user operation termination method provided in this embodiment creates a call chain context object for the service call by monitoring the service call triggered by the user's operation in the distributed system; saves the user identity information in the call chain context object to keep the user identity information transmitted on the distributed call chain; obtains the user identity information, intercepts the executing service call triggered by the user identity information, and generates an interception identity information range; before the service is formally called, obtains the call chain context object, extracts the user identity information from the call chain context object, and if it is determined that the user identity information is not within the interception identity information range, continues the service call; if it is determined that the user identity information is within the interception identity information range, terminates the service call, and generates an abnormal signal and interception details; receives the abnormal signal and interception details, wherein the interception details include the user identity information, the interception time, and the terminated service call, thereby realizing the instant termination of the service call in the background flow of the distributed system.

图2为本发明实施例提供的用户操作终止方法流程示意图二。在图1提供的实施例的基础上,本实施例增加了在服务被调用之后如何对服务调用进行终止的方法。如图2所示,该方法包括:FIG2 is a second flow chart of the user operation termination method provided by an embodiment of the present invention. Based on the embodiment provided by FIG1 , this embodiment adds a method for terminating a service call after the service is called. As shown in FIG2 , the method includes:

S201:在服务被调用之后,获取调用链上下文对象,从调用链上下文对象中提取用户身份信息。S201: After the service is called, a call chain context object is obtained, and user identity information is extracted from the call chain context object.

本实施例中,该步骤可以由拦截指令执行模块来完成,拦截指令执行模块可以以java探针的形式部署在分布式系统的应用进程里,可以监听每个服务的调用行为。在服务被调用之后,由于调用链上下文对象中保存有用户身份信息,获取调用链上下文对象,可以从调用链上下文对象中获得到用户身份信息,用户身份信息可以用于判定该用户的操作触发的服务调用是否需要被拦截。In this embodiment, this step can be completed by an interception instruction execution module, which can be deployed in the application process of the distributed system in the form of a Java probe, and can monitor the calling behavior of each service. After the service is called, since the call chain context object stores the user identity information, the call chain context object is obtained, and the user identity information can be obtained from the call chain context object. The user identity information can be used to determine whether the service call triggered by the user's operation needs to be intercepted.

S202:判断用户身份信息是否在拦截身份信息范围内,若否,则执行步骤S202,若是,则执行步骤S203。S202: Determine whether the user identity information is within the intercepted identity information range, if not, execute step S202, if yes, execute step S203.

本实施例中,通过判断用户身份信息是否在拦截身份信息范围内,可以判定该用户的操作触发的服务调用是否需要被拦截。In this embodiment, by determining whether the user identity information is within the interception identity information range, it can be determined whether the service call triggered by the user's operation needs to be intercepted.

S203:返回服务处理结果。S203: Return the service processing result.

本实施例中,如果用户身份信息不在拦截身份信息范围内,说明该用户的操作触发的服务调用不需要被拦截,可以在完成服务调用后返回服务处理结果。In this embodiment, if the user identity information is not within the interception identity information range, it means that the service call triggered by the user's operation does not need to be intercepted, and the service processing result can be returned after the service call is completed.

S204:终止服务处理结果返回,并生成异常信号和拦截明细。S204: The service termination processing result is returned, and an abnormal signal and interception details are generated.

本实施例中,如果用户身份信息在拦截身份信息范围内,说明该用户的操作触发的服务调用需要被拦截,因此终止服务处理结果返回,并向上层方法抛出exception异常信号,异常描述为“staff forbidden”,最后使用http协议上报本次拦截明细,包括用户身份信息如工号编码、拦截时间、被终止的服务调用。In this embodiment, if the user identity information is within the interception identity information range, it means that the service call triggered by the user's operation needs to be intercepted, so the service processing result is terminated and returned, and an exception signal is thrown to the upper-level method. The exception is described as "staff forbidden", and finally the HTTP protocol is used to report the details of this interception, including user identity information such as work number code, interception time, and terminated service call.

S205:接收异常信号和拦截明细,其中,拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。S205: Receive an abnormal signal and interception details, wherein the interception details include user identity information, interception time, and terminated service calls.

本实施例中,拦截明细中的用户身份信息、拦截时间以及被终止的服务调用可以用于后续对于用户操作的复盘。In this embodiment, the user identity information, interception time, and terminated service call in the interception details can be used for subsequent review of the user operation.

综上,本实施例提供的用户操作终止方法,通过在服务被调用之后,获取调用链上下文对象,从调用链上下文对象中提取用户身份信息,判断用户身份信息是否在拦截身份信息范围内;若判定用户身份信息不在拦截身份信息范围内,则返回服务处理结果;若判定用户身份信息在拦截身份信息范围内,则终止服务处理结果返回,并生成异常信号和拦截明细;接收异常信号和拦截明细,实现了分布式系统中被调用的服务的即时终止。In summary, the user operation termination method provided in this embodiment obtains the call chain context object after the service is called, extracts the user identity information from the call chain context object, and determines whether the user identity information is within the interception identity information range; if it is determined that the user identity information is not within the interception identity information range, the service processing result is returned; if it is determined that the user identity information is within the interception identity information range, the service processing result is terminated and returned, and an exception signal and interception details are generated; receiving the exception signal and interception details, the immediate termination of the called service in the distributed system is realized.

图3为本发明实施例提供的用户操作终止方法流程示意图三。本实施例为本发明中用户操作终止方法的落地实施例。如图3所示,该方法包括:FIG3 is a flow chart of the user operation termination method provided by an embodiment of the present invention. This embodiment is a practical implementation of the user operation termination method in the present invention. As shown in FIG3 , the method includes:

S301:接收用户的登录身份认证信息,根据登录身份认证信息生成经过加密处理的字符串。S301: receiving the user's login identity authentication information, and generating an encrypted character string according to the login identity authentication information.

S302:根据字符串验证用户的身份,若验证通过,则执行用户操作触发服务调用;若验证不通过,则发送验证未通过的通知至用户端。S302: Verify the identity of the user according to the character string. If the verification is successful, execute the user operation to trigger the service call; if the verification is not successful, send a notification of verification failure to the user end.

S303:监听用户在分布式系统中操作触发的服务调用,为服务调用创建调用链上下文对象。S303: Monitor the service call triggered by the user's operation in the distributed system, and create a call chain context object for the service call.

S304:获取用户的请求头字段,根据请求头字段解密得到用户身份信息。S304: Obtain the user's request header field, and decrypt the request header field to obtain the user identity information.

S305:获取用户身份信息,拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围。S305: Acquire user identity information, intercept the executing service call triggered by the user identity information, and generate an interception identity information range.

S306:在服务被正式调用之前或在服务被调用之后,获取调用链上下文对象,从调用链上下文对象中提取用户身份信息。S306: Before the service is formally called or after the service is called, obtain the call chain context object, and extract the user identity information from the call chain context object.

S307:判断用户身份信息是否在拦截身份信息范围内,若否,则执行步骤S308,若是,则执行步骤S309。S307: Determine whether the user identity information is within the intercepted identity information range, if not, execute step S308, if yes, execute step S309.

S308:继续服务调用或返回服务处理结果。S308: Continue the service call or return the service processing result.

具体地,在服务被正式调用之前,则继续服务调用;在服务被调用之后,则返回服务处理结果。Specifically, before the service is formally called, the service call continues; after the service is called, the service processing result is returned.

S309:终止服务调用或终止服务处理结果返回,并生成异常信号和拦截明细。S309: Terminate the service call or terminate the service processing result return, and generate an abnormal signal and interception details.

具体地,在服务被正式调用之前,则终止服务调用;在服务被调用之后,则终止服务处理结果返回。Specifically, before the service is formally called, the service call is terminated; after the service is called, the service processing result return is terminated.

S310:接收异常信号和拦截明细,其中,拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。S310: receiving an abnormal signal and interception details, wherein the interception details include user identity information, interception time, and terminated service calls.

综上,本实施例提供的用户操作终止方法,通过接收用户的登录身份认证信息,根据登录身份认证信息生成经过加密处理的字符串,根据字符串验证用户的身份,若验证通过,则执行用户操作触发服务调用;若验证不通过,则发送验证未通过的通知至用户端,监听用户在分布式系统中操作触发的服务调用,为服务调用创建调用链上下文对象;将用户身份信息保存在调用链上下文对象中,以使用户身份信息在分布式调用链上保持传递;获取用户身份信息,拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围;在服务被正式调用之前或在服务被调用之后,获取调用链上下文对象,从调用链上下文对象中提取用户身份信息,若判定用户身份信息不在拦截身份信息范围内,则继续服务调用或返回服务处理结果;若判定用户身份信息在拦截身份信息范围内,则终止服务调用或终止服务处理结果返回,并生成异常信号和拦截明细;接收异常信号和拦截明细,其中,拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用,实现了可以即时终止分布式系统中被正式调用之前的服务和被调用之后的服务。In summary, the user operation termination method provided by the present embodiment receives the user's login identity authentication information, generates an encrypted string according to the login identity authentication information, verifies the user's identity according to the string, and if the verification is successful, executes the user operation to trigger the service call; if the verification fails, sends a notification of verification failure to the user end, monitors the service call triggered by the user's operation in the distributed system, creates a call chain context object for the service call; saves the user identity information in the call chain context object, so that the user identity information is kept transmitted on the distributed call chain; obtains the user identity information, intercepts the service call being executed triggered by the user identity information, and generates an interception intercept identity information range; before the service is formally called or after the service is called, obtain the call chain context object, extract the user identity information from the call chain context object, if it is determined that the user identity information is not within the intercept identity information range, continue the service call or return the service processing result; if it is determined that the user identity information is within the intercept identity information range, terminate the service call or terminate the service processing result return, and generate an abnormal signal and interception details; receive the abnormal signal and interception details, wherein the interception details include the user identity information, the interception time and the terminated service call, so as to realize the instant termination of the service before the formal call and the service after the call in the distributed system.

图4为本发明实施例提供的用户操作终止装置的结构示意图。如图4所示,该用户操作终止装置包括:监听模块401、保存模块402、拦截模块403、提取模块404、服务调用模块405、终止模块405和接收模块407。Fig. 4 is a schematic diagram of the structure of the user operation termination device provided by the embodiment of the present invention. As shown in Fig. 4, the user operation termination device includes: a monitoring module 401, a storage module 402, an interception module 403, an extraction module 404, a service calling module 405, a termination module 406 and a receiving module 407.

监听模块401,用于监听用户在分布式系统中操作触发的服务调用,为服务调用创建调用链上下文对象;A monitoring module 401 is used to monitor the service call triggered by the user's operation in the distributed system and create a call chain context object for the service call;

保存模块402,用于将用户身份信息保存在调用链上下文对象中,以使用户身份信息在分布式调用链上保持传递;A saving module 402 is used to save the user identity information in the call chain context object so that the user identity information can be transmitted on the distributed call chain;

拦截模块403,用于获取用户身份信息,拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围;The interception module 403 is used to obtain user identity information, intercept the executing service call triggered by the user identity information, and generate an interception identity information range;

提取模块404,用于在服务被正式调用之前,获取调用链上下文对象,从调用链上下文对象中提取用户身份信息,判断用户身份信息是否在拦截身份信息范围内;The extraction module 404 is used to obtain the call chain context object before the service is formally called, extract the user identity information from the call chain context object, and determine whether the user identity information is within the interception identity information range;

服务调用模块405,用于若判定用户身份信息不在拦截身份信息范围内,则继续服务调用;The service calling module 405 is used to continue the service calling if it is determined that the user identity information is not within the intercepted identity information range;

终止模块406,用于若判定用户身份信息在拦截身份信息范围内,则终止服务调用,并生成异常信号和拦截明细;The termination module 406 is used to terminate the service call and generate an abnormal signal and interception details if it is determined that the user identity information is within the interception identity information range;

接收模块407,用于接收异常信号和拦截明细,其中,拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。The receiving module 407 is used to receive the abnormal signal and the interception details, wherein the interception details include the user identity information, the interception time and the terminated service call.

在一种可能的实现方式中,用户操作终止装置还包括验证模块408,用于接收用户的登录身份认证信息,根据登录身份认证信息生成经过加密处理的字符串;根据字符串验证用户的身份,若验证通过,则执行用户操作触发服务调用;若验证不通过,则发送验证未通过的通知至用户端。In a possible implementation, the user operation termination device also includes a verification module 408, which is used to receive the user's login identity authentication information, generate an encrypted string based on the login identity authentication information; verify the user's identity based on the string, and if the verification passes, execute the user operation to trigger the service call; if the verification fails, send a notification of verification failure to the user end.

在一种可能的实现方式中,用户操作终止装置还包括解密模块409,用于获取用户的请求头字段;根据请求头字段解密得到用户身份信息。In a possible implementation, the user operation termination device further includes a decryption module 409, which is used to obtain the user's request header field; and obtain the user identity information by decrypting the request header field.

在一种可能的实现方式中,提取模块404具体用于获取用户身份信息;发送拦截指令,对拦截指令进行广播;根据拦截指令拦截用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围。In a possible implementation, the extraction module 404 is specifically used to obtain user identity information; send an interception instruction and broadcast the interception instruction; intercept the executing service call triggered by the user identity information according to the interception instruction, and generate an interception identity information range.

在一种可能的实现方式中,用户操作终止装置还包括返回模块410,用于在服务被调用之后,获取调用链上下文对象,从调用链上下文对象中提取用户身份信息,判断用户身份信息是否在拦截身份信息范围内;若判定用户身份信息不在拦截身份信息范围内,则返回服务处理结果;若判定用户身份信息在拦截身份信息范围内,则终止服务处理结果返回,并生成异常信号和拦截明细;接收异常信号和拦截明细,其中,拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。In one possible implementation, the user operation termination device also includes a return module 410, which is used to obtain a call chain context object after the service is called, extract user identity information from the call chain context object, and determine whether the user identity information is within the interception identity information range; if it is determined that the user identity information is not within the interception identity information range, return the service processing result; if it is determined that the user identity information is within the interception identity information range, terminate the service processing result return, and generate an abnormal signal and interception details; receive the abnormal signal and interception details, wherein the interception details include the user identity information, interception time, and the terminated service call.

在一种可能的实现方式中,服务调用包括以下一种或多种:调用ajax接口、执行本地java方法、执行异步线程、发送异步消息、预定定时任务、调用远程服务、访问数据库。In a possible implementation, the service call includes one or more of the following: calling an ajax interface, executing a local java method, executing an asynchronous thread, sending an asynchronous message, scheduling a timed task, calling a remote service, and accessing a database.

本实施例提供的用户操作终止装置,可用于执行上述用户操作终止方法实施例的技术方案,其实现原理和技术效果类似,本实施例此处不再赘述。The user operation termination device provided in this embodiment can be used to execute the technical solution of the above-mentioned user operation termination method embodiment. Its implementation principle and technical effect are similar, and this embodiment will not be repeated here.

图5为本发明实施例提供的服务器的硬件结构示意图。如图5所示,本实施例的服务器包括:至少一个处理器501以及存储器502;其中FIG5 is a schematic diagram of the hardware structure of a server provided by an embodiment of the present invention. As shown in FIG5 , the server of this embodiment includes: at least one processor 501 and a memory 502;

存储器502,用于存储计算机执行指令;Memory 502, used to store computer-executable instructions;

处理器501,用于执行存储器存储的计算机执行指令,以实现上述实施例中服务器所执行的各个步骤。具体可以参见前述方法实施例中的相关描述。The processor 501 is used to execute the computer-executable instructions stored in the memory to implement the various steps executed by the server in the above embodiment. For details, please refer to the relevant description in the above method embodiment.

可选地,存储器502既可以是独立的,也可以跟处理器501集成在一起。Optionally, the memory 502 may be independent or integrated with the processor 501 .

当存储器502独立设置时,该服务器还包括总线503,用于连接存储器502和处理器501。When the memory 502 is independently configured, the server further includes a bus 503 for connecting the memory 502 and the processor 501 .

本发明实施例还提供一种计算机存储介质,计算机存储介质中存储有计算机执行指令,当处理器执行计算机执行指令时,实现如上述的用户操作终止方法。An embodiment of the present invention further provides a computer storage medium, in which computer execution instructions are stored. When a processor executes the computer execution instructions, the user operation termination method as described above is implemented.

本发明实施例还提供一种计算机程序产品,包括计算机程序,计算机程序被处理器执行时,实现如上述的用户操作终止方法。An embodiment of the present invention further provides a computer program product, including a computer program. When the computer program is executed by a processor, the user operation termination method as described above is implemented.

本发明实施例还提供一种计算机程序产品,包括计算机程序,计算机程序被处理器执行时,实现如上述的用户操作终止方法。An embodiment of the present invention further provides a computer program product, including a computer program. When the computer program is executed by a processor, the user operation termination method as described above is implemented.

在本发明所提供的几个实施例中,应该理解到,所揭露的设备和方法,可以通过其它的方式实现。例如,以上所描述的设备实施例仅仅是示意性的,例如,模块的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个模块可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或模块的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only schematic, for example, the division of modules is only a logical function division, and there may be other division methods in actual implementation, such as multiple modules can be combined or integrated into another system, or some features can be ignored or not executed. Another point, the mutual coupling or direct coupling or communication connection shown or discussed can be an indirect coupling or communication connection through some interfaces, devices or modules, which can be electrical, mechanical or other forms.

作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案。The modules described as separate components may or may not be physically separated, and the components shown as modules may or may not be physical units, that is, they may be located in one place or distributed on multiple network units. Some or all of the modules may be selected according to actual needs to implement the solution of this embodiment.

另外,在本发明各个实施例中的各功能模块可以集成在一个处理单元中,也可以是各个模块单独物理存在,也可以两个或两个以上模块集成在一个单元中。上述模块成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional module in each embodiment of the present invention may be integrated into one processing unit, each module may exist physically separately, or two or more modules may be integrated into one unit. The above-mentioned module-composed unit may be implemented in the form of hardware or in the form of hardware plus software functional units.

上述以软件功能模块的形式实现的集成的模块,可以存储在一个计算机可读取存储介质中。上述软件功能模块存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器执行本申请各个实施例上述方法的部分步骤。The above-mentioned integrated module implemented in the form of a software function module can be stored in a computer-readable storage medium. The above-mentioned software function module is stored in a storage medium, including a number of instructions for enabling a computer device (which can be a personal computer, a server, or a network device, etc.) or a processor to perform some steps of the above-mentioned method in each embodiment of the present application.

应理解,上述处理器可以是中央处理单元(Central Processing Unit,简称CPU),还可以是其他通用处理器、数字信号处理器(Digital Signal Processor,简称DSP)、专用集成电路(Application Specific Integrated Circuit,简称ASIC)等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合发明所公开的方法的步骤可以直接体现为硬件处理器执行完成,或者用处理器中的硬件及软件模块组合执行完成。It should be understood that the processor may be a central processing unit (CPU), or other general-purpose processors, digital signal processors (DSP), application-specific integrated circuits (ASIC), etc. A general-purpose processor may be a microprocessor or any conventional processor. The steps of the method disclosed in the invention may be directly implemented as being executed by a hardware processor, or may be implemented by a combination of hardware and software modules in the processor.

存储器可能包含高速RAM存储器,也可能还包括非易失性存储NVM,例如至少一个磁盘存储器,还可以为U盘、移动硬盘、只读存储器、磁盘或光盘等。The memory may include a high-speed RAM memory, and may also include a non-volatile storage NVM, such as at least one disk memory, and may also be a USB flash drive, a mobile hard disk, a read-only memory, a magnetic disk or an optical disk, etc.

总线可以是工业标准体系结构(Industry Standard Architecture,简称ISA)总线、外部设备互连(Peripheral Component Interconnect,简称PCI)总线或扩展工业标准体系结构(Extended Industry Standard Architecture,简称EISA)总线等。总线可以分为地址总线、数据总线、控制总线等。为便于表示,本申请附图中的总线并不限定仅有一根总线或一种类型的总线。The bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus, etc. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of representation, the bus in the drawings of the present application is not limited to only one bus or one type of bus.

上述存储介质可以是由任何类型的易失性或非易失性存储设备或者它们的组合实现,如静态随机存取存储器(SRAM),电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),可编程只读存储器(PROM),只读存储器(ROM),磁存储器,快闪存储器,磁盘或光盘。存储介质可以是通用或专用计算机能够存取的任何可用介质。The above storage medium can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as static random access memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic disk or optical disk. The storage medium can be any available medium that can be accessed by a general or special purpose computer.

一种示例性的存储介质耦合至处理器,从而使处理器能够从该存储介质读取信息,且可向该存储介质写入信息。当然,存储介质也可以是处理器的组成部分。处理器和存储介质可以位于专用集成电路(Application Specific Integrated Circuits,简称ASIC)中。当然,处理器和存储介质也可以作为分立组件存在于电子设备或主控设备中。An exemplary storage medium is coupled to a processor so that the processor can read information from the storage medium and write information to the storage medium. Of course, the storage medium can also be a component of the processor. The processor and the storage medium can be located in an application specific integrated circuit (ASIC). Of course, the processor and the storage medium can also exist as discrete components in an electronic device or a main control device.

本领域普通技术人员可以理解:实现上述各方法实施例的全部或部分步骤可以通过程序指令相关的硬件来完成。前述的程序可以存储于一计算机可读取存储介质中。该程序在执行时,执行包括上述各方法实施例的步骤;而前述的存储介质包括:ROM、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Those skilled in the art can understand that all or part of the steps of implementing the above-mentioned method embodiments can be completed by hardware related to program instructions. The aforementioned program can be stored in a computer-readable storage medium. When the program is executed, the steps of the above-mentioned method embodiments are executed; and the aforementioned storage medium includes: ROM, RAM, disk or optical disk, etc., various media that can store program codes.

最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, rather than to limit it. Although the present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that they can still modify the technical solutions described in the aforementioned embodiments, or replace some or all of the technical features therein by equivalents. However, these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

1.一种用户操作终止方法,其特征在于,包括:1. A user operation termination method, characterized by comprising: 监听用户在分布式系统中操作触发的服务调用,为所述服务调用创建调用链上下文对象;Monitor service calls triggered by user operations in the distributed system, and create a call chain context object for the service calls; 将用户身份信息保存在所述调用链上下文对象中,以使所述用户身份信息在分布式调用链上保持传递;The user identity information is stored in the call chain context object, so that the user identity information is kept transmitted on the distributed call chain; 获取用户身份信息,拦截所述用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围;Obtaining user identity information, intercepting the executing service call triggered by the user identity information, and generating an interception identity information range; 在服务被正式调用之前,获取所述调用链上下文对象,从所述调用链上下文对象中提取所述用户身份信息,判断所述用户身份信息是否在所述拦截身份信息范围内;Before the service is formally called, the call chain context object is obtained, the user identity information is extracted from the call chain context object, and it is determined whether the user identity information is within the scope of the intercepted identity information; 若判定所述用户身份信息不在拦截身份信息范围内,则继续所述服务调用;If it is determined that the user identity information is not within the intercepted identity information range, continue the service call; 若判定所述用户身份信息在所述拦截身份信息范围内,则终止所述服务调用,并生成异常信号和拦截明细;If it is determined that the user identity information is within the interception identity information range, the service call is terminated, and an abnormal signal and interception details are generated; 接收所述异常信号和所述拦截明细,其中,所述拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。The abnormal signal and the interception details are received, wherein the interception details include user identity information, interception time, and terminated service call. 2.根据权利要求1所述的方法,其特征在于,所述监听用户操作触发的服务调用之前,还包括:2. The method according to claim 1, characterized in that before monitoring the service call triggered by the user operation, it also includes: 接收用户的登录身份认证信息,根据所述登录身份认证信息生成经过加密处理的字符串;Receive the user's login identity authentication information, and generate an encrypted string according to the login identity authentication information; 根据所述字符串验证用户的身份,若验证通过,则执行所述用户操作触发服务调用;若验证不通过,则发送验证未通过的通知至用户端。The user's identity is verified according to the character string. If the verification is successful, the user operation is executed to trigger the service call; if the verification is not successful, a notification of verification failure is sent to the user end. 3.根据权利要求1所述的方法,其特征在于,所述监听用户操作触发的服务调用之后,还包括:3. The method according to claim 1, characterized in that after monitoring the service call triggered by the user operation, it also includes: 获取用户的请求头字段;Get the user's request header field; 根据所述请求头字段解密得到用户身份信息。The user identity information is obtained by decrypting the request header field. 4.根据权利要求1所述的方法,其特征在于,所述获取用户身份信息,拦截所述用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围,包括:4. The method according to claim 1, characterized in that the obtaining of user identity information, intercepting the executing service call triggered by the user identity information, and generating the interception identity information range comprises: 获取用户身份信息;Obtain user identity information; 发送拦截指令,对所述拦截指令进行广播;Sending an interception instruction, and broadcasting the interception instruction; 根据所述拦截指令拦截所述用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围。The executing service call triggered by the user identity information is intercepted according to the interception instruction, and an interception identity information range is generated. 5.根据权利要求1所述的方法,其特征在于,所述获取用户身份信息,拦截所述用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围之后,还包括:5. The method according to claim 1, characterized in that, after obtaining user identity information, intercepting the executing service call triggered by the user identity information, and generating the interception identity information range, it also includes: 在服务被调用之后,获取所述调用链上下文对象,从所述调用链上下文对象中提取所述用户身份信息,判断所述用户身份信息是否在所述拦截身份信息范围内;After the service is called, the call chain context object is obtained, the user identity information is extracted from the call chain context object, and it is determined whether the user identity information is within the scope of the intercepted identity information; 若判定所述用户身份信息不在拦截身份信息范围内,则返回服务处理结果;If it is determined that the user identity information is not within the scope of intercepted identity information, the service processing result is returned; 若判定所述用户身份信息在所述拦截身份信息范围内,则终止服务处理结果返回,并生成异常信号和拦截明细;If it is determined that the user identity information is within the interception identity information range, the service processing result is terminated and returned, and an abnormal signal and interception details are generated; 接收所述异常信号和所述拦截明细,其中,所述拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。The abnormal signal and the interception details are received, wherein the interception details include user identity information, interception time, and terminated service call. 6.根据权利要求1至5任一项所述的方法,其特征在于,所述服务调用包括以下一种或多种:调用ajax接口、执行本地java方法、执行异步线程、发送异步消息、预定定时任务、调用远程服务、访问数据库。6. The method according to any one of claims 1 to 5 is characterized in that the service call includes one or more of the following: calling an ajax interface, executing a local java method, executing an asynchronous thread, sending an asynchronous message, scheduling a timed task, calling a remote service, and accessing a database. 7.一种用户操作终止装置,其特征在于,包括:7. A user operation termination device, characterized in that it comprises: 监听模块,用于监听用户在分布式系统中操作触发的服务调用,为所述服务调用创建调用链上下文对象;A monitoring module, used to monitor the service calls triggered by user operations in the distributed system, and create a call chain context object for the service calls; 保存模块,用于将用户身份信息保存在所述调用链上下文对象中,以使所述用户身份信息在分布式调用链上保持传递;A saving module, used to save the user identity information in the call chain context object, so that the user identity information can be kept transmitted on the distributed call chain; 拦截模块,用于获取用户身份信息,拦截所述用户身份信息触发的正在执行中的服务调用,生成拦截身份信息范围;An interception module, used to obtain user identity information, intercept the executing service call triggered by the user identity information, and generate an interception identity information range; 提取模块,用于在服务被正式调用之前,获取所述调用链上下文对象,从所述调用链上下文对象中提取所述用户身份信息,判断所述用户身份信息是否在所述拦截身份信息范围内;An extraction module, used for obtaining the call chain context object before the service is formally called, extracting the user identity information from the call chain context object, and determining whether the user identity information is within the scope of the intercepted identity information; 服务调用模块,用于若判定所述用户身份信息不在拦截身份信息范围内,则继续所述服务调用;A service calling module, configured to continue the service calling if it is determined that the user identity information is not within the intercepted identity information range; 终止模块,用于若判定所述用户身份信息在所述拦截身份信息范围内,则终止所述服务调用,并生成异常信号和拦截明细;A termination module, configured to terminate the service call and generate an abnormal signal and interception details if it is determined that the user identity information is within the interception identity information range; 接收模块,用于接收所述异常信号和所述拦截明细,其中,所述拦截明细中包括用户身份信息、拦截时间以及被终止的服务调用。The receiving module is used to receive the abnormal signal and the interception details, wherein the interception details include user identity information, interception time and terminated service call. 8.根据权利要求7所述的装置,其特征在于,还包括:验证模块,用于接收用户的登录身份认证信息,根据所述登录身份认证信息生成经过加密处理的字符串;根据所述字符串验证用户的身份,若验证通过,则执行所述用户操作触发服务调用;若验证不通过,则发送验证未通过的通知至用户端。8. The device according to claim 7 is characterized in that it also includes: a verification module, which is used to receive the user's login identity authentication information, and generate an encrypted string based on the login identity authentication information; verify the user's identity based on the string, and if the verification passes, execute the user operation to trigger the service call; if the verification fails, send a notification of verification failure to the user end. 9.一种服务器,其特征在于,包括:处理器和存储器;9. A server, comprising: a processor and a memory; 所述存储器存储计算机执行指令;The memory stores computer-executable instructions; 所述处理器执行所述存储器存储的计算机执行指令,使得所述处理器执行如权利要求1至7任一项所述的用户操作终止方法。The processor executes the computer-executable instructions stored in the memory, so that the processor executes the user operation termination method according to any one of claims 1 to 7. 10.一种计算机存储介质,其特征在于,所述计算机存储介质中存储有计算机执行指令,当处理器执行所述计算机执行指令时,实现如权利要求1至7任一项所述的用户操作终止方法。10. A computer storage medium, characterized in that the computer storage medium stores computer execution instructions, and when a processor executes the computer execution instructions, the user operation termination method according to any one of claims 1 to 7 is implemented.
CN202311719831.XA 2023-12-14 2023-12-14 User operation termination method, device, server and storage medium Pending CN117978855A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311719831.XA CN117978855A (en) 2023-12-14 2023-12-14 User operation termination method, device, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311719831.XA CN117978855A (en) 2023-12-14 2023-12-14 User operation termination method, device, server and storage medium

Publications (1)

Publication Number Publication Date
CN117978855A true CN117978855A (en) 2024-05-03

Family

ID=90846643

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311719831.XA Pending CN117978855A (en) 2023-12-14 2023-12-14 User operation termination method, device, server and storage medium

Country Status (1)

Country Link
CN (1) CN117978855A (en)

Similar Documents

Publication Publication Date Title
US11206451B2 (en) Information interception processing method, terminal, and computer storage medium
CN104113549B (en) A kind of platform authorization method, platform service end and applications client and system
US10158990B2 (en) SMS message reading control method and terminal
CN111539775B (en) Application management method and device
CN111709752A (en) Virtual resource processing method, apparatus, computer readable medium and electronic device
CN111833047A (en) Method, device and computer equipment for generating payment code based on mobile payment
CN111935092B (en) Information interaction method and device based on third-party application and electronic equipment
CN114117482A (en) Database encryption method, device, electronic device and storage medium
CN118842617A (en) Cross-device login method, device and storage medium
CN117978855A (en) User operation termination method, device, server and storage medium
CN108763934B (en) Data processing method and device, storage medium and server
CN117857122A (en) Mobile phone token management method based on iOS platform
CN112464225B (en) Request processing method, request processing device and computer readable storage medium
CN111008345B (en) Method and system for accessing fixed-point access URL
CN114371866A (en) Version reconstruction testing method, device and equipment of business system
CN112765630A (en) Application sharing method, application activation method, electronic device and storage medium
CN110912974A (en) Resource processing method and device, electronic equipment and computer readable storage medium
US20240305621A1 (en) System, method, and information processing apparatus
CN115941204B (en) Data anti-replay method and system based on HSE
CN115706670A (en) Identity verification method and equipment
CN110750808B (en) A bill processing method, device and storage medium device
CN118764474A (en) Image acquisition method, device, system, server, terminal and medium
WO2025010980A1 (en) Link tracing method and device
CN116132067A (en) Cloud platform login method, device, equipment and storage medium
CN118690403A (en) A method, device and electronic equipment for public authentication processing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination