CN117978855A - User operation termination method, device, server and storage medium - Google Patents
User operation termination method, device, server and storage medium Download PDFInfo
- Publication number
- CN117978855A CN117978855A CN202311719831.XA CN202311719831A CN117978855A CN 117978855 A CN117978855 A CN 117978855A CN 202311719831 A CN202311719831 A CN 202311719831A CN 117978855 A CN117978855 A CN 117978855A
- Authority
- CN
- China
- Prior art keywords
- identity information
- interception
- user
- user identity
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 67
- 230000001960 triggered effect Effects 0.000 claims abstract description 50
- 238000012544 monitoring process Methods 0.000 claims abstract description 20
- 238000012795 verification Methods 0.000 claims description 32
- 230000002159 abnormal effect Effects 0.000 claims description 31
- 238000012545 processing Methods 0.000 claims description 26
- 238000000605 extraction Methods 0.000 claims description 2
- 238000013461 design Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 6
- 230000005856 abnormality Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 239000000523 sample Substances 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/51—Discovery or management thereof, e.g. service location protocol [SLP] or web services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/1396—Protocols specially adapted for monitoring users' activity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/535—Tracking the activity of the user
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention provides a user operation termination method, a device, a server and a storage medium, wherein the method comprises the following steps: monitoring service call triggered by user operation in the distributed system, and creating a call chain context object for the service call; storing the user identity information in a call chain context object; acquiring user identity information, intercepting service call in execution triggered by the user identity information, and generating an interception identity information range; before the service is formally called, acquiring a calling chain context object, extracting user identity information from the calling chain context object, and judging whether the user identity information is in the range of intercepting the identity information; if the user identity information is judged not to be in the interception identity information range, continuing to call the service; if the user identity information is determined to be in the interception identity information range, terminating the service call. Service call in the background circulation of the distributed system is terminated immediately.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for terminating user operations, a server, and a storage medium.
Background
A distributed system is a system in which components are distributed on communicating computers, and communication and action coordination are performed between the components through message passing. The definition of a distributed system leads to the following important features of the distributed system: concurrency of components, lack of independence of global clocks and component failures, etc.
In the prior art, a user operation termination method suitable for a distributed system is generally based on a Web session management framework, and a specified user deletes or disables a Web session instance in the background of the distributed system, so that the next operation of the user can be terminated due to a session verification failure.
However, the user operation termination method applicable to the distributed system in the prior art has the following disadvantages: only the next operation of the user can be terminated, and service calls still in the distributed system background circulation cannot be immediately terminated.
Disclosure of Invention
The invention provides a user operation termination method, a device, a server and a storage medium, which are used for solving the problems that the user operation termination method applicable to a distributed system in the prior art can only terminate the next operation of a user and can not immediately terminate service call in the background circulation of the distributed system.
In a first aspect, the present invention provides a user operation termination method, including:
monitoring service call triggered by user operation in a distributed system, and creating a call chain context object for the service call;
storing user identity information in the call chain context object so that the user identity information is kept transferred on a distributed call chain;
Acquiring user identity information, intercepting service call in execution triggered by the user identity information, and generating an interception identity information range;
Before a service is formally called, acquiring the calling chain context object, extracting the user identity information from the calling chain context object, and judging whether the user identity information is in the interception identity information range or not;
If the user identity information is judged not to be in the interception identity information range, continuing to call the service;
If the user identity information is judged to be in the interception identity information range, terminating the service call, and generating an abnormal signal and interception details;
And receiving the abnormal signal and the interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call.
In one possible design, before the monitoring the service call triggered by the user operation, the method further includes: receiving login identity authentication information of a user, and generating an encrypted character string according to the login identity authentication information; verifying the identity of the user according to the character string, and executing the user operation to trigger service call if the verification is passed; if the verification is not passed, sending a notification of the failed verification to the user side.
In one possible design, after the monitoring the service call triggered by the user operation, the method further includes: acquiring a request header field of a user; and decrypting according to the request header field to obtain user identity information.
In one possible design, the obtaining the user identity information, intercepting the service call in execution triggered by the user identity information, and generating the interception identity information range includes: acquiring user identity information; an interception instruction is sent, and broadcast is carried out on the interception instruction; and intercepting the service call in execution triggered by the user identity information according to the interception instruction to generate an interception identity information range.
In one possible design, the acquiring the user identity information, intercepting the service call in execution triggered by the user identity information, and after generating the range of intercepting the identity information, further includes: after the service is called, acquiring the calling chain context object, extracting the user identity information from the calling chain context object, and judging whether the user identity information is in the interception identity information range; if the user identity information is judged not to be in the interception identity information range, returning a service processing result; if the user identity information is judged to be in the interception identity information range, the service processing result is stopped, and an abnormal signal and interception details are generated; and receiving the abnormal signal and the interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call.
In one possible design, the service call includes one or more of the following: calling an ajax interface, executing a local java method, executing an asynchronous thread, sending an asynchronous message, presetting a timing task, calling a remote service and accessing a database.
In a second aspect, the present invention provides a user operation termination device comprising: the monitoring module is used for monitoring service call triggered by the operation of a user in the distributed system and creating a call chain context object for the service call; the storage module is used for storing the user identity information in the context object of the call chain so as to enable the user identity information to be transferred on the distributed call chain; the interception module is used for acquiring user identity information, intercepting service call in execution triggered by the user identity information and generating an interception identity information range; the extraction module is used for acquiring the calling chain context object before the service is formally called, extracting the user identity information from the calling chain context object and judging whether the user identity information is in the interception identity information range or not; a service calling module, configured to continue the service call if it is determined that the user identity information is not within the interception identity information range; the termination module is used for terminating the service call and generating an abnormal signal and interception details if the user identity information is judged to be in the interception identity information range; the receiving module is used for receiving the abnormal signal and the interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call.
In one possible design, the user operation termination device further includes: the verification module is used for receiving login identity authentication information of a user and generating an encrypted character string according to the login identity authentication information; verifying the identity of the user according to the character string, and executing the user operation to trigger service call if the verification is passed; if the verification is not passed, sending a notification of the failed verification to the user side.
In a third aspect, the present invention provides a server comprising: at least one processor and memory;
the memory stores computer-executable instructions;
the at least one processor executes the computer-executable instructions stored in the memory, causing the at least one processor to perform the user operation termination method as described above in the first aspect and the various possible designs of the first aspect.
In a fourth aspect, the present invention provides a computer storage medium having stored therein computer-executable instructions which, when executed by a processor, implement the user operation termination method according to the first aspect and the various possible designs of the first aspect.
According to the user operation termination method, the device, the server and the storage medium, the call chain context object is created for the service call by monitoring the service call triggered by the user operation in the distributed system; storing the user identity information in a call chain context object so that the user identity information is kept transferred on a distributed call chain; acquiring user identity information, intercepting service call in execution triggered by the user identity information, and generating an interception identity information range; before the service is formally called, acquiring a calling chain context object, extracting user identity information from the calling chain context object, and if the user identity information is judged not to be in the range of intercepting the identity information, continuing to call the service; if the user identity information is judged to be in the interception identity information range, terminating the service call, and generating an abnormal signal and interception details; the method comprises the steps of receiving an abnormal signal and an interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call, so that the service call in the background circulation of the distributed system can be terminated immediately.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments or the description of the prior art will be briefly described below, it will be obvious that the drawings in the following description are some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flowchart of a user operation termination method according to an embodiment of the present invention;
FIG. 2 is a second flowchart of a user operation termination method according to an embodiment of the present invention;
FIG. 3 is a flowchart of a user operation termination method according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a user operation termination device according to an embodiment of the present invention;
fig. 5 is a schematic hardware structure of a server according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that, the user information (including but not limited to user equipment information, user personal information, etc.) and the data (including but not limited to data for analysis, stored data, presented data, etc.) related to the present invention are information and data authorized by the user or fully authorized by each party, and the collection, use and processing of the related data need to comply with related laws and regulations and standards, and provide corresponding operation entries for the user to select authorization or rejection.
A distributed system is a system in which components are distributed on communicating computers, and communication and action coordination are performed between the components through message passing. The definition of a distributed system leads to the following important features of the distributed system: concurrency of components, lack of independence of global clocks and component failures, etc. In the prior art, a user operation termination method suitable for a distributed system is generally based on a Web session management framework, and a specified user deletes or disables a Web session instance in the background of the distributed system, so that the next operation of the user can be terminated due to a session verification failure. However, the user operation termination method applicable to the distributed system in the prior art has the following disadvantages: only the next operation of the user can be terminated, and service calls still in the distributed system background circulation cannot be immediately terminated. The existing method is also code invasive, the implementation scheme based on the session management framework needs the session management framework to select the model, and the code expansion function is modified in a targeted manner. In addition, the method has the problem of single processing level, and is realized by disabling the Web session, so that the method is only suitable for webpage operation and is not suitable for scenes such as asynchronous message, remote service call and the like.
In order to solve the above technical problems, the embodiments of the present invention provide the following inventive concepts: and storing the user identity information in a call chain context object by monitoring service call triggered by the operation of a user in the distributed system, acquiring the user identity information, judging whether the user identity information is in the interception identity information range, and if so, terminating the service call to terminate the user operation of the distributed system.
Fig. 1 is a schematic flow chart of a user operation termination method according to an embodiment of the present invention, where an execution subject of the embodiment may be a server, and the embodiment is not particularly limited herein. As shown in fig. 1, the method includes:
s101: monitoring service call triggered by user operation in the distributed system, and creating a call chain context object for the service call.
In this embodiment, before monitoring the service call triggered by the user operation, the method further includes the following steps: receiving login identity authentication information of a user, and generating an encrypted character string according to the login identity authentication information; verifying the identity of the user according to the character string, and executing user operation to trigger service call if the verification is passed; if the verification is not passed, sending a notification of the failed verification to the user side.
Specifically, when a user accesses the distributed system, login identity authentication is performed first, and the login identity authentication may be performed in the following manner: receiving login identity authentication information of a user, generating a token character string which is encrypted according to the login identity authentication information, and transmitting the token character string to a background ajax interface for indicating the identity of the user every time the user operates. The background ajax interface receives the token character string and then verifies the identity of the user according to the token character string, if the verification is passed, the user logs in to the distributed system and triggers service call through operation; if the verification is not passed, the user cannot log in the distributed system, and a notification of the failed verification can be sent to the user side so as to remind the user of login failure.
In this embodiment, after monitoring the service call triggered by the user operation, the method further includes the following steps: acquiring a request header field of a user; and decrypting according to the request header field to obtain the user identity information.
Specifically, the request header field of the user may be: header.token.staffno or service.param.staffno|service.name=com.xxx.order.create. After monitoring the service call triggered by the user operation, decrypting the user identity information according to the request header field of the user. In this embodiment, the user identity information may be a job number code, and the attribute name of the job number code is staffNo.
In this embodiment, the service call includes one or more of the following: calling an ajax interface, executing a local java method, executing an asynchronous thread, sending an asynchronous message, presetting a timing task, calling a remote service and accessing a database.
In this embodiment, the specific steps of monitoring a service call triggered by a user operation and creating a call chain context object for the service call include:
When the call chain context transfer module monitors that the employee calls the ajax interface, the employee identity information is decrypted according to a request header field token, the employee identity information is a job number code, the attribute name is staffNo, the call chain context transfer module creates a call chain context object for the ajax call, the job number code is stored in the context object, and besides, the unique number of the call chain and each service node experienced by the call chain are stored in the context object. The ajax interface is further related to continuously transferring the calling chain context object when calling other services.
S102: the user identity information is saved in the call chain context object such that the user identity information remains communicated across the distributed call chain.
In this embodiment, the user identity information is stored in the context object of the call chain, and the user identity information is transferred on the distributed call chain, so that it is convenient to acquire the user identity information from the context object of the call chain when the subsequent service call triggered by the user operation needs to be judged whether interception is needed.
Specifically, the call chain context object also stores: the unique number of the distributed call chain, each service node that the distributed call chain experiences. The unique number of the distributed call chain can be used to distinguish and identify different call chains in different distributed systems, each service node that the distributed call chain experiences being all the service nodes that the user operation triggers the service call to include.
S103: acquiring user identity information, intercepting service call in execution triggered by the user identity information, and generating an interception identity information range.
In this embodiment, the specific steps of obtaining the user identity information, intercepting the service call in execution triggered by the user identity information, and generating the range of intercepting the identity information include:
Acquiring user identity information; an interception instruction is sent, and broadcast is carried out on the interception instruction; and intercepting the service call in execution triggered by the user identity information according to the interception instruction, and generating an interception identity information range.
Specifically, in this embodiment, user identity information is obtained, service call in execution triggered by the user identity information is intercepted, and the action of generating the interception identity information range may be completed by an interception instruction sending module, which may be a Web engineering with a graphical operation interface. The system security manager enters the interception instruction sending module to input user identity information such as a job number code, intercepts the service call in execution triggered by the job number code, and displays interception details. The interception instruction sending module provides a fixed connection port for all interception instruction execution modules, for example, 10.10.10.10:36770, and when a security administrator wants to issue an interception instruction, the interception instruction execution module in a connection state with the connection port is firstly obtained, and broadcast sending is performed through the connection port: "KILL STAFF _NO10010" represents a service call in execution to intercept 10010 the job number, and continues to wait for the intercept instruction execution module to return the intercept result list and display it on the page.
The Web engineering refers to an engineering for acquiring and transferring information based on a network. And the user inputs information at the browser end, then transmits the information to the server for processing to obtain information wanted by the user, and then returns the information to the browser end of the user.
S104: before the service is formally called, a calling chain context object is acquired, user identity information is extracted from the calling chain context object, whether the user identity information is in the range of interception identity information is judged, if not, step S105 is executed, and if so, step S106 is executed.
In this embodiment, this step may be performed by an interception instruction execution module, which may be deployed in the application process of the distributed system in the form of a java probe, and may monitor the calling behavior of each service. Before the service is formally called, the calling chain context object is obtained because the user identity information is stored in the calling chain context object, the user identity information can be obtained from the calling chain context object, and whether the service call triggered by the operation of the user needs to be intercepted or not can be judged by judging whether the user identity information is in the interception identity information range or not.
S105: continuing the service call.
In this embodiment, if the user identity information is not within the interception identity information range, it is indicated that the service call triggered by the user operation does not need to be intercepted, and the service call can be continued.
S106: terminating the service call, and generating an exception signal and interception details.
In this embodiment, if the user identity information is within the range of interception identity information, it is indicated that the service call triggered by the user operation needs to be intercepted, so that the service call is terminated, and exception abnormal signals are thrown to the upper layer method, the abnormal description is "staff forbidden", and finally the http protocol is used to report the interception details, including the user identity information such as the job number code, the interception time and the terminated service call. The program has an unexpected situation in the running process, which is called an abnormality, and the abnormality is a signal used for a caller to transmit information to indicate that the program has an unexpected situation. If the program runs, the program is immediately terminated and the code after the abnormality can not be executed, in order to keep the program having a robust system and not being terminated due to a small error, the abnormality needs to be processed, for example, an abnormality processing mechanism can be used for processing.
Specifically, the interception identity information range can be synchronously stored in a local memory and a disk of the interception instruction execution module, and after the interception instruction execution module receives the interception instruction, the interception instruction is loaded into the memory for use, and asynchronous disk writing is performed in the background to prevent the interception identity information range data from being lost when the module is reloaded.
S107: and receiving an abnormal signal and an interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call.
In this embodiment, the user identity information, the interception time and the terminated service call in the interception details may be used for subsequent duplication of the user operation.
In summary, in the user operation termination method provided in this embodiment, a call chain context object is created for a service call by monitoring the service call triggered by the user operation in the distributed system; storing the user identity information in a call chain context object so that the user identity information is kept transferred on a distributed call chain; acquiring user identity information, intercepting service call in execution triggered by the user identity information, and generating an interception identity information range; before the service is formally called, acquiring a calling chain context object, extracting user identity information from the calling chain context object, and if the user identity information is judged not to be in the range of intercepting the identity information, continuing to call the service; if the user identity information is judged to be in the interception identity information range, terminating the service call, and generating an abnormal signal and interception details; the method comprises the steps of receiving an abnormal signal and an interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call, so that the service call in the background circulation of the distributed system can be terminated immediately.
Fig. 2 is a schematic flow chart of a user operation termination method according to an embodiment of the present invention. Based on the embodiment provided in fig. 1, this embodiment adds a method of how to terminate a service call after the service is invoked. As shown in fig. 2, the method includes:
s201: after the service is invoked, a call chain context object is obtained, and user identity information is extracted from the call chain context object.
In this embodiment, this step may be performed by an interception instruction execution module, which may be deployed in the application process of the distributed system in the form of a java probe, and may monitor the calling behavior of each service. After the service is called, the calling chain context object is acquired because the user identity information is stored in the calling chain context object, the user identity information can be obtained from the calling chain context object, and the user identity information can be used for judging whether the service call triggered by the operation of the user needs to be intercepted.
S202: and judging whether the user identity information is in the interception identity information range, if not, executing the step S202, and if so, executing the step S203.
In this embodiment, by determining whether the user identity information is within the interception identity information range, it may be determined whether the service call triggered by the user operation needs to be intercepted.
S203: and returning a service processing result.
In this embodiment, if the user identity information is not in the interception identity information range, it is indicated that the service call triggered by the user operation does not need to be intercepted, and the service processing result may be returned after the service call is completed.
S204: and (5) returning a service processing terminating result, and generating an abnormal signal and interception details.
In this embodiment, if the user identity information is within the range of interception identity information, it is indicated that the service call triggered by the user operation needs to be intercepted, so that the service processing result is terminated, an abnormal signal is thrown exception to the upper layer method, the abnormal description is "staff forward", and finally the http protocol is used to report the interception details, including the user identity information such as the job number code, the interception time and the terminated service call.
S205: and receiving an abnormal signal and an interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call.
In this embodiment, the user identity information, the interception time and the terminated service call in the interception details may be used for subsequent duplication of the user operation.
In summary, in the user operation termination method provided in this embodiment, after a service is invoked, a call chain context object is obtained, user identity information is extracted from the call chain context object, and whether the user identity information is within the range of interception identity information is determined; if the user identity information is judged not to be in the range of intercepting the identity information, returning a service processing result; if the user identity information is judged to be in the interception identity information range, the service processing result is stopped, and an abnormal signal and interception details are generated; the abnormal signals and interception details are received, and the instant termination of the called service in the distributed system is realized.
Fig. 3 is a flowchart of a user operation termination method according to an embodiment of the present invention. The present embodiment is a floor embodiment of a user operation termination method in the present invention. As shown in fig. 3, the method includes:
s301: receiving login identity authentication information of a user, and generating an encrypted character string according to the login identity authentication information.
S302: verifying the identity of the user according to the character string, and executing user operation to trigger service call if the verification is passed; if the verification is not passed, sending a notification of the failed verification to the user side.
S303: monitoring service call triggered by user operation in the distributed system, and creating a call chain context object for the service call.
S304: and acquiring a request header field of the user, and decrypting according to the request header field to obtain user identity information.
S305: acquiring user identity information, intercepting service call in execution triggered by the user identity information, and generating an interception identity information range.
S306: before the service is formally called or after the service is called, a call chain context object is acquired, and user identity information is extracted from the call chain context object.
S307: whether the user identity information is within the interception identity information range is determined, if not, the step S308 is executed, and if yes, the step S309 is executed.
S308: continuing service call or returning service processing result.
Specifically, before the service is formally called, continuing the service call; after the service is invoked, the service processing result is returned.
S309: and (5) terminating the service call or returning the service processing result, and generating an abnormal signal and interception details.
Specifically, before the service is formally invoked, terminating the service invocation; after the service is invoked, the terminating service processing result is returned.
S310: and receiving an abnormal signal and an interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call.
In summary, in the user operation termination method provided in this embodiment, by receiving login identity authentication information of a user, generating an encrypted character string according to the login identity authentication information, verifying the identity of the user according to the character string, and if the verification is passed, executing user operation to trigger service invocation; if the verification is not passed, sending a notification of the failed verification to a user terminal, monitoring service call triggered by the operation of the user in the distributed system, and creating a call chain context object for the service call; storing the user identity information in a call chain context object so that the user identity information is kept transferred on a distributed call chain; acquiring user identity information, intercepting service call in execution triggered by the user identity information, and generating an interception identity information range; before the service is formally called or after the service is called, acquiring a calling chain context object, extracting user identity information from the calling chain context object, and if the user identity information is not in the interception identity information range, continuing service calling or returning a service processing result; if the user identity information is judged to be in the interception identity information range, terminating service call or returning a service processing result, and generating an abnormal signal and interception details; the method comprises the steps of receiving an abnormal signal and an interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call, so that the service before being formally called and the service after being called in the distributed system can be terminated immediately.
Fig. 4 is a schematic structural diagram of a user operation termination device according to an embodiment of the present invention. As shown in fig. 4, the user operation termination device includes: a listening module 401, a saving module 402, an intercepting module 403, an extracting module 404, a service calling module 405, a terminating module 405 and a receiving module 407.
A monitoring module 401, configured to monitor a service call triggered by a user operating in the distributed system, and create a call chain context object for the service call;
a saving module 402, configured to save the user identity information in the call chain context object, so that the user identity information remains transferred on the distributed call chain;
The interception module 403 is configured to obtain user identity information, intercept a service call in execution triggered by the user identity information, and generate an interception identity information range;
The extracting module 404 is configured to obtain a call chain context object before the service is formally called, extract user identity information from the call chain context object, and determine whether the user identity information is within the range of interception identity information;
a service calling module 405, configured to continue service calling if it is determined that the user identity information is not within the range of interception identity information;
a termination module 406, configured to terminate service call and generate an exception signal and interception details if it is determined that the user identity information is within the interception identity information range;
The receiving module 407 is configured to receive the exception signal and the interception details, where the interception details include user identity information, interception time, and terminated service call.
In a possible implementation manner, the user operation termination device further includes a verification module 408, configured to receive login identity authentication information of the user, and generate an encrypted character string according to the login identity authentication information; verifying the identity of the user according to the character string, and executing user operation to trigger service call if the verification is passed; if the verification is not passed, sending a notification of the failed verification to the user side.
In a possible implementation manner, the user operation termination device further includes a decryption module 409, configured to obtain a request header field of the user; and decrypting according to the request header field to obtain the user identity information.
In one possible implementation, the extracting module 404 is specifically configured to obtain user identity information; an interception instruction is sent, and broadcast is carried out on the interception instruction; and intercepting the service call in execution triggered by the user identity information according to the interception instruction, and generating an interception identity information range.
In a possible implementation manner, the user operation termination device further includes a return module 410, configured to obtain a call chain context object after the service is invoked, extract user identity information from the call chain context object, and determine whether the user identity information is within the range of interception identity information; if the user identity information is judged not to be in the range of intercepting the identity information, returning a service processing result; if the user identity information is judged to be in the interception identity information range, the service processing result is stopped, and an abnormal signal and interception details are generated; and receiving an abnormal signal and an interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call.
In one possible implementation, the service call includes one or more of the following: calling an ajax interface, executing a local java method, executing an asynchronous thread, sending an asynchronous message, presetting a timing task, calling a remote service and accessing a database.
The user operation termination device provided in this embodiment may be used to execute the technical scheme of the user operation termination method embodiment, and its implementation principle and technical effect are similar, and this embodiment is not repeated here.
Fig. 5 is a schematic hardware structure of a server according to an embodiment of the present invention. As shown in fig. 5, the server of the present embodiment includes: at least one processor 501 and memory 502; wherein the method comprises the steps of
A memory 502 for storing computer-executable instructions;
the processor 501 is configured to execute computer-executable instructions stored in the memory to implement the steps executed by the server in the above embodiment. Reference may be made in particular to the relevant description of the embodiments of the method described above.
Alternatively, the memory 502 may be separate or integrated with the processor 501.
When the memory 502 is provided separately, the server further comprises a bus 503 for connecting the memory 502 and the processor 501.
The embodiment of the invention also provides a computer storage medium, wherein computer execution instructions are stored in the computer storage medium, and when a processor executes the computer execution instructions, the user operation termination method is realized.
The embodiment of the invention also provides a computer program product, which comprises a computer program, and when the computer program is executed by a processor, the user operation termination method is realized.
The embodiment of the invention also provides a computer program product, which comprises a computer program, and when the computer program is executed by a processor, the user operation termination method is realized.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, e.g., the division of modules is merely a logical function division, and there may be additional divisions of actual implementation, e.g., multiple modules may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.
The modules illustrated as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to implement the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each module may exist alone physically, or two or more modules may be integrated in one unit. The units formed by the modules can be realized in a form of hardware or a form of hardware and software functional units.
The integrated modules, which are implemented in the form of software functional modules, may be stored in a computer readable storage medium. The software functional module is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) or a processor to perform some of the steps of the methods described above for the various embodiments of the application.
It should be appreciated that the Processor may be a central processing unit (Central Processing Unit, abbreviated as CPU), or may be other general purpose Processor, digital signal Processor (DIGITAL SIGNAL Processor, abbreviated as DSP), application SPECIFIC INTEGRATED Circuit (ASIC), or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor for execution, or in a combination of hardware and software modules in a processor for execution.
The memory may comprise a high-speed RAM memory, and may further comprise a non-volatile memory NVM, such as at least one magnetic disk memory, and may also be a U-disk, a removable hard disk, a read-only memory, a magnetic disk or optical disk, etc.
The bus may be an industry standard architecture (Industry Standard Architecture, ISA) bus, an external device interconnect (PERIPHERAL COMPONENT INTERCONNECT, PCI) bus, or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The buses may be divided into address buses, data buses, control buses, etc. For ease of illustration, the buses in the drawings of the present application are not limited to only one bus or to one type of bus.
The storage medium may be implemented by any type or combination of volatile or nonvolatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disk. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.
An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an Application SPECIFIC INTEGRATED Circuits (ASIC). It is also possible that the processor and the storage medium reside as discrete components in an electronic device or a master device.
Those of ordinary skill in the art will appreciate that: all or part of the steps for implementing the method embodiments described above may be performed by hardware associated with program instructions. The foregoing program may be stored in a computer readable storage medium. The program, when executed, performs steps including the method embodiments described above; and the aforementioned storage medium includes: various media that can store program code, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the same; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (10)
1. A user operation termination method, comprising:
monitoring service call triggered by user operation in a distributed system, and creating a call chain context object for the service call;
storing user identity information in the call chain context object so that the user identity information is kept transferred on a distributed call chain;
Acquiring user identity information, intercepting service call in execution triggered by the user identity information, and generating an interception identity information range;
Before a service is formally called, acquiring the calling chain context object, extracting the user identity information from the calling chain context object, and judging whether the user identity information is in the interception identity information range or not;
If the user identity information is judged not to be in the interception identity information range, continuing to call the service;
If the user identity information is judged to be in the interception identity information range, terminating the service call, and generating an abnormal signal and interception details;
And receiving the abnormal signal and the interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call.
2. The method of claim 1, wherein prior to the listening for the user operation triggered service call, further comprising:
Receiving login identity authentication information of a user, and generating an encrypted character string according to the login identity authentication information;
Verifying the identity of the user according to the character string, and executing the user operation to trigger service call if the verification is passed; if the verification is not passed, sending a notification of the failed verification to the user side.
3. The method of claim 1, wherein after the listening for the user operation triggered service call, further comprising:
Acquiring a request header field of a user;
And decrypting according to the request header field to obtain user identity information.
4. The method of claim 1, wherein the obtaining the user identity information, intercepting the ongoing service call triggered by the user identity information, and generating the range of intercepted identity information, comprises:
acquiring user identity information;
an interception instruction is sent, and broadcast is carried out on the interception instruction;
And intercepting the service call in execution triggered by the user identity information according to the interception instruction to generate an interception identity information range.
5. The method according to claim 1, wherein the steps of obtaining the user identity information, intercepting the service call in execution triggered by the user identity information, and after generating the range of the intercepted identity information, further comprise:
after the service is called, acquiring the calling chain context object, extracting the user identity information from the calling chain context object, and judging whether the user identity information is in the interception identity information range;
If the user identity information is judged not to be in the interception identity information range, returning a service processing result;
if the user identity information is judged to be in the interception identity information range, the service processing result is stopped, and an abnormal signal and interception details are generated;
And receiving the abnormal signal and the interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call.
6. The method of any one of claims 1 to 5, wherein the service call comprises one or more of: calling an ajax interface, executing a local java method, executing an asynchronous thread, sending an asynchronous message, presetting a timing task, calling a remote service and accessing a database.
7. A user operation termination device, comprising:
the monitoring module is used for monitoring service call triggered by the operation of a user in the distributed system and creating a call chain context object for the service call;
The storage module is used for storing the user identity information in the context object of the call chain so as to enable the user identity information to be transferred on the distributed call chain;
The interception module is used for acquiring user identity information, intercepting service call in execution triggered by the user identity information and generating an interception identity information range;
The extraction module is used for acquiring the calling chain context object before the service is formally called, extracting the user identity information from the calling chain context object and judging whether the user identity information is in the interception identity information range or not;
A service calling module, configured to continue the service call if it is determined that the user identity information is not within the interception identity information range;
the termination module is used for terminating the service call and generating an abnormal signal and interception details if the user identity information is judged to be in the interception identity information range;
The receiving module is used for receiving the abnormal signal and the interception detail, wherein the interception detail comprises user identity information, interception time and terminated service call.
8. The apparatus as recited in claim 7, further comprising: the verification module is used for receiving login identity authentication information of a user and generating an encrypted character string according to the login identity authentication information; verifying the identity of the user according to the character string, and executing the user operation to trigger service call if the verification is passed; if the verification is not passed, sending a notification of the failed verification to the user side.
9. A server, comprising: a processor and a memory;
the memory stores computer-executable instructions;
The processor executes the computer-executable instructions stored in the memory, causing the processor to perform the user operation termination method according to any one of claims 1 to 7.
10. A computer storage medium having stored therein computer executable instructions which, when executed by a processor, implement the user operation termination method of any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311719831.XA CN117978855A (en) | 2023-12-14 | 2023-12-14 | User operation termination method, device, server and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311719831.XA CN117978855A (en) | 2023-12-14 | 2023-12-14 | User operation termination method, device, server and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117978855A true CN117978855A (en) | 2024-05-03 |
Family
ID=90846643
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311719831.XA Pending CN117978855A (en) | 2023-12-14 | 2023-12-14 | User operation termination method, device, server and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117978855A (en) |
-
2023
- 2023-12-14 CN CN202311719831.XA patent/CN117978855A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11005989B1 (en) | Validating automatic number identification data | |
| US20170005858A1 (en) | Log processing method and client | |
| CN112835733A (en) | Self-service equipment service processing method and device and self-service equipment | |
| CN111625301A (en) | Idempotent processing method, apparatus, device and storage medium | |
| CN106465076B (en) | Method and terminal for controlling short message reading | |
| CN113806786B (en) | Software authorization management method, system, equipment and storage medium | |
| CN110011953A (en) | Stolen password is prevented to use again | |
| CN113971279A (en) | Network security management method, server and network security competition system | |
| CN111935092B (en) | Information interaction method and device based on third-party application and electronic equipment | |
| CN111371643B (en) | Authentication method, device and storage medium | |
| CN110995756B (en) | Method and device for calling service | |
| US20230244797A1 (en) | Data processing method and apparatus, electronic device, and medium | |
| CN117014138A (en) | Data interaction method, system, device, electronic equipment and storage medium | |
| CN117978855A (en) | User operation termination method, device, server and storage medium | |
| CN115001782B (en) | Processing method, device, equipment and storage medium of interface request parameters | |
| CN109582454A (en) | Permission releasing control method, device and equipment in a kind of distributed storage cluster | |
| CN109743338A (en) | A kind of verification method logged in automatically, system, server and readable storage medium storing program for executing | |
| CN114979109A (en) | Behavior track detection method and device, computer equipment and storage medium | |
| CN111049795B (en) | Method and device for detecting sensitive data unencrypted vulnerability of distributed Web application | |
| CN110597557A (en) | System information acquisition method, terminal and medium | |
| CN111381985B (en) | Heterogeneous system data calling method, device, equipment and storage medium | |
| CN113873029B (en) | Cryptographic service monitoring method, server, cryptographic machine, system, and storage medium | |
| CN113489726B (en) | Flow limiting method and device | |
| EP3244340A1 (en) | Method for securely running an application | |
| CN110248166B (en) | Video information processing method, client, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |