CN118228234A

CN118228234A - Application management method

Info

Publication number: CN118228234A
Application number: CN202410325808.0A
Authority: CN
Inventors: 刁志远; 董自泰; 韩士斌; 贾朋亮
Original assignee: Donghua Yiwei Technology Co ltd
Current assignee: Donghua Yiwei Technology Co ltd
Priority date: 2024-03-21
Filing date: 2024-03-21
Publication date: 2024-06-21

Abstract

The application management method comprises the steps of displaying an accessible application for a current user and the available environment of each accessible application according to accessible information under the condition that the accessible information for the current user sent by a service platform of an application management system is received; transmitting a first starting request aiming at a target application to a service platform under the condition that the current user is detected to determine the target application from accessible applications; and sending the authorization request to the service platform under the condition that the authorization request sent by the target application is received, and sending the authorization token to the target application under the condition that the authorization token sent by the service platform is received. According to the application management method disclosed by the embodiment of the invention, the required target application can be opened in different running environments through the portal application, so that the running efficiency and convenience of the application program are improved.

Description

Application management method

Technical Field

The disclosure relates to the technical field of software development, in particular to an application management method.

Background

In the context of the current internet, the number and types of various applications are increasing, and data sharing and interworking between various applications is becoming more and more difficult. And, as applications continue to increase, application management and security becomes more and more important. However, the existing technical solutions still have some problems, for example, the security aspect of various application programs needs to be further improved, and the authorization aspect needs to be more convenient and secure.

Disclosure of Invention

In view of this, the present disclosure proposes an application management method, so that a user can open a desired target application through a portal application and perform business work through the target application running in a target running environment, thereby improving the use security and authorization convenience of the target application.

According to an aspect of the present disclosure, there is provided an application management method applied to a portal application of an application management system, where the application management system provides a first running environment, a second running environment, and a third running environment, and the portal application runs in the first running environment, the method includes: under the condition that the accessible information sent by a service platform of the application management system for a current user is received, displaying the accessible application for the current user and the usable environment of each accessible application according to the accessible information, wherein the current user is a user authenticated by the service platform, the accessible information is determined by the service platform according to the authority information of the current user, and the usable environment comprises at least one of the first running environment, the second running environment and the third running environment; under the condition that the current user determines a target application from the accessible applications, a first starting request aiming at the target application is sent to the service platform, the service platform starts and runs the target application in a target running environment corresponding to the target application, and the portal application is controlled to show the running target application; and under the condition that the authorization request sent by the target application is received, sending the authorization request to the service platform so that the service platform generates an authorization token for the authorization request, and under the condition that the authorization token sent by the service platform is received, sending the authorization token to the portal application so that the target application runs successfully in the target running environment based on the authorization token. In this way, under the condition that the accessible information sent by the service platform of the application management system for the current user is received, the accessible application for the current user and the usable environments of all the accessible applications are displayed according to the accessible information, under the condition that the current user is detected to determine the target application from the accessible applications, a first starting request for the target application is sent to the service platform, so that the service platform starts and runs the target application in the target running environment corresponding to the target application and controls the portal application to display the running target application, under the condition that the authorization request sent by the target application is received, the authorization request is sent to the service platform, so that the service platform generates an authorization token for the authorization request, and under the condition that the authorization token sent by the service platform is received, the authorization token is sent to the target application, so that the target application can run successfully in the target running environment based on the authorization token, the user can open the target application in the user right through the portal application, and the target application can be run in the target running environment under the premise of ensuring safety, and the use safety and the authorization convenience of the application are improved.

In one possible implementation, the method further includes: displaying a first login prompt under the condition that a login request of the current user is detected, wherein the first login prompt is used for reminding the user to input login information; under the condition that input login information is detected, the login information is sent to the service platform, so that the service platform performs user authentication based on the login information and obtains an authentication result, wherein the authentication result is passing or failing; when the received authentication result sent by the service platform is passing, carrying out login of the current user based on the login information; or under the condition that the authentication result sent by the service platform is not passed, displaying a second login prompt, wherein the second login prompt is used for reminding the user of the login information error and reminding the user of inputting new login information. Therefore, by providing clear and orderly flow, the user can complete login operation more conveniently and quickly, clear prompt is provided when login information is wrong, confusion and repeated operation of the user are reduced, all login information can pass through the authentication of the service platform, the safety of the system is greatly enhanced, users passing authentication can successfully log in, illegal access and potential safety risks are effectively prevented, traditional user name and password login are supported, and the system can be expanded to other forms of authentication modes such as short message authentication, mailbox authentication, social media login and the like, and the flexibility and the expandability of the system are improved.

In one possible implementation, the accessible information includes a usable environment of an accessible application of the current user; the sending, when it is detected that the current user determines a target application from the accessible applications, a first start request for the target application to the service platform includes: in the case that the usable environment is one of the first running environment, the second running environment and the third running environment, taking the usable environment as a target running environment, and generating the first starting request according to the target application and the target running environment; or under the condition that the available environment is a plurality of the first running environment, the second running environment and the third running environment, determining a target running environment from the available environments according to the selection of the current user, and generating the first starting request according to the target application and the target running environment. In this way, by considering the available environment of the accessible application of the current user, the system can intelligently recommend or select the most suitable running environment for the user, which reduces the trouble of manual configuration or selection of the user and improves the user experience; whether the environment of the user is single or multiple, the implementation mode can be flexibly dealt with, and the system can be directly selected for the single environment; for multiple environments, users can select the environments preferred by the users, so that the flexibility of the system and the autonomy of the users are improved; through automatically detecting and matching the available environment of the target application, the implementation mode obviously improves the intelligence and the automation degree of the system, so that a user can use various applications more conveniently and efficiently.

In one possible implementation, the method further includes: under the condition that a switching request sent by the current user through the target application is detected, determining a target running environment where the target application is currently located, a usable environment of the target application and an expected running environment indicated by the switching request; generating a second starting request according to the current user and the expected running environment under the condition that the usable environment comprises the expected running environment, and sending the second starting request to the service platform so as to enable the service platform to start and run the target application in the expected running environment; generating an environment authorization request according to the current user, the target application and the expected operation environment under the condition that the expected operation environment does not exist in the usable environment, sending the environment authorization request to the service platform so as to enable the service platform to generate an authorization result aiming at the environment authorization request, wherein the authorization result is used for indicating whether the expected operation environment is authorized to be used by the target application of the current user, and generating a second starting request according to the current user and the expected operation environment and sending the second starting request to the service platform under the condition that the authorization result sent by the service platform is received and is authorized, so that the service platform starts and operates the target application in the expected operation environment; or under the condition that the received authorization result sent by the service platform is not authorized, sending the authorization result to the target application, wherein the authorization result is also used for indicating the reason of not passing the authorization. Therefore, the user can access the proper running environment according to the authority and the requirement, realize the seamless switching of the running environments of different applications, realize smooth application experience, and the switching function of the running environment has flexibility, convenience and user friendliness, thereby being beneficial to strengthening the overall management of the application management platform and improving the user experience.

In one possible implementation, the method further includes: before sending first data to the service platform, carrying out encryption processing on the first data, and sending the encrypted first data to the service platform, wherein the first data comprises at least one of a first starting request, login information, a second starting request and an environment authorization request; and/or before sending the second data to the target application, encrypting the second data, and sending the encrypted second data to the target application, wherein the second data comprises at least one of the authorization token, a switching request and an authorization result for an environment authorization request; wherein the encryption process includes adding encryption information and/or adding a time stamp. In this way, by carrying out encryption processing on the first data and the second data, even if the data is intercepted in the data transmission process, the content in the data cannot be easily decrypted and obtained, so that the privacy and sensitive information of a user are effectively protected, and the safety of the data is enhanced; the encryption processing is added with additional information such as a time stamp, the integrity and the source of the data can be verified, the data can be prevented from being tampered in the transmission process, and any illegal modification of the data can damage the integrity of the encryption information, so that the encryption information can be easily identified.

According to an aspect of the present disclosure, there is provided an application management method applied to a service platform of an application management system, where the application management system provides multiple operating environments, and the service platform is configured to schedule the multiple operating environments, where the multiple operating environments include a first operating environment, a second operating environment, and a third operating environment, and the method includes: transmitting, in a case where it is determined that the authentication result of the current user is passed, accessible information for the current user to a portal application of the application management system, wherein the accessible information includes an accessible application for the current user and a usable environment of each of the accessible applications, the portal application being run in the first running environment, the usable environment including at least one of the first running environment, the second running environment, and the third running environment; under the condition that a first starting request for a target application sent by the portal application is received, starting and running the target application in a target running environment indicated by the first starting request, and controlling the portal application to show the running target application; and under the condition that an authorization request sent by the portal application is received, generating an authorization token based on the authorization request, and sending the authorization token to the portal application so that the portal application sends the authorization token to the target application, thereby the target application runs successfully in a target running environment based on the authorization token. In this way, when the authentication result of the current user is determined to be passing, the accessible information of the current user is sent to the portal application of the application management system, when a first starting request of the target application sent by the portal application is received, the target application is started and operated in a target operation environment indicated by the first starting request, and the target application in operation is controlled to be displayed, when an authorization request sent by the portal application is received, an authorization token is generated based on the authorization request, and the authorization token is sent to the portal application, so that the portal application sends the authorization token to the target application, and therefore the target application can successfully operate in the target operation environment based on the authorization token, so that the user can open the target application in the user through the portal application, and operate the target application in the target operation environment on the premise of ensuring safety, and the use safety and the authorization convenience of the application program are improved.

In one possible implementation, the method further includes: acquiring authentication configuration information for the current user under the condition that login information sent by the portal application and aiming at the current user is received, wherein the authentication configuration information comprises an authentication mode selected by the current user when registering the portal application; user authentication is carried out according to the authentication configuration information, and an authentication result is obtained, wherein the authentication result is passing or failing; and sending the authentication result to the portal application. In this way, by acquiring the authentication mode selected by the current user when registering the portal application and performing user authentication according to the authentication mode, the implementation mode can ensure the accuracy and the credibility of the user identity, and because the authentication mode is determined according to the user's own selection, the authentication mode can effectively prevent an unauthorized user from accessing the system or performing sensitive operation; the authentication configuration information contains a plurality of authentication modes for users to select, such as password authentication, biological feature recognition, mobile phone verification codes and the like. The flexibility enables the system to adapt to authentication requirements of different users, improves the use experience of the users, and meanwhile, the selection of multiple authentication modes also enhances the security of the system, because different authentication modes have different security intensities, the implementation mode provides safer, more convenient and more efficient authentication experience for the users by improving the security of user authentication, flexibly adapting to different authentication requirements, simplifying user authentication processes, improving the expandability and maintainability of the system and enhancing the collaborative work capability with portal application.

In one possible implementation manner, the sending, in a case that it is determined that the authentication result of the current user is passed, the accessible information for the current user to the portal application of the application management system includes: and under the condition that the authentication result of the current user is determined to be passed, determining the accessible information of the current user according to the authority information of the current user stored in a database, wherein the authority information is determined according to at least one of the role of the user, the post of the user and the resource allocation condition, and the accessible information comprises accessible applications and the usable environments of the accessible applications. Therefore, by authenticating the current user and determining the accessible information according to the authority information after the authentication is passed, the unauthorized user can be effectively prevented from accessing sensitive data or executing key operation, thereby greatly improving the data security of the system; the authority information of the user is determined according to various factors such as the role of the user, the post of the user, the resource allocation situation and the like, and very fine-grained authority control can be realized, which means that the system can accurately control which applications can be accessed and which environments can be used by the system according to the actual demands and the work responsibilities of the user, thereby ensuring reasonable utilization of data and stable operation of the system; by associating the authority information with resource allocation conditions such as user roles and posts, the system can easily adapt to the change of an organization structure and the adjustment of user responsibilities, when new users are needed to be added, the user roles are modified or the resource allocation is adjusted, the corresponding authority information is only needed to be updated, and the whole system is not needed to be modified or reconstructed on a large scale.

In one possible implementation, the method further includes: under the condition that a second starting request sent by the portal application is received, determining a current user indicated by the second starting request and a desired running environment; starting, running the target application in the expected running environment and controlling the portal application to show the target application in running under the condition that the expected running environment is included in the usable environment of the current user according to the accessible information of the current user; under the condition that an environment authorization request sent by the portal application is received, determining a current user, a target application and an expected operation environment indicated by the environment authorization request, generating an authorization result for the environment authorization request according to authority information of the current user and the target application, wherein the authorization result is used for indicating whether the expected operation environment is authorized for the target application of the current user or not, and sending the authorization result to the door application; under the condition that an environment authorization request sent by the portal application is received, determining a current user, a target application and an expected operation environment indicated by the environment authorization request, generating an authorization result for the environment authorization request according to authority information of the current user and the target application, wherein the authorization result is used for indicating whether the expected operation environment is authorized to be used by the target application of the current user or not, and sending the authorization result to the portal application and starting, operating the target application and controlling the portal application to show the target application in operation in the expected operation environment when the authorization result is authorized; and under the condition that the authorization result is not authorized, the authorization result is also used for indicating the reason of not authorized. Therefore, the user can access the proper running environment according to the authority and the requirement, realize the seamless switching of the running environments of different applications, realize smooth application experience, and the switching function of the running environment has flexibility, convenience and user friendliness, thereby being beneficial to strengthening the overall management of the application management platform and improving the user experience.

In one possible implementation, the method further includes: and before sending third data to the target application, carrying out encryption processing on the third data, and sending the third data after the encryption processing to the target application, wherein the third data comprises at least one of the accessible information, an authentication result, the authorization token and an authorization result for an environment authorization request, and the encryption processing comprises adding encryption information and/or adding a timestamp. Therefore, by carrying out encryption processing on the third data, even if the data is intercepted in the data transmission process, the content in the third data cannot be easily decrypted and obtained, so that the privacy and sensitive information of a user are effectively protected, and the safety of the data is enhanced; the encryption processing is added with additional information such as a time stamp, the integrity and the source of the data can be verified, the data can be prevented from being tampered in the transmission process, and any illegal modification of the data can damage the integrity of the encryption information, so that the encryption information can be easily identified.

According to another aspect of the present disclosure, there is provided an application management apparatus applied to a portal application of an application management system that provides a first operating environment in which the portal application operates, a second operating environment, and a third operating environment, the apparatus including: the display module is configured to display an accessible application for the current user and a usable environment of each accessible application according to the accessible information when receiving the accessible information for the current user sent by a service platform of the application management system, wherein the current user is a user authenticated by the service platform, the accessible information is determined by the service platform according to authority information of the current user, and the usable environment comprises at least one of the first running environment, the second running environment and the third running environment; the first sending module is configured to send a first starting request for the target application to the service platform when the current user is detected to determine the target application from the accessible applications, so that the service platform starts and runs the target application in a target running environment corresponding to the target application and controls the portal application to show the running target application; and the second sending module is configured to send the authorization request to the service platform when receiving the authorization request sent by the target application, so that the service platform generates an authorization token for the authorization request, and send the authorization token to the portal application when receiving the authorization token sent by the service platform, so that the target application runs successfully in the target running environment based on the authorization token. In this way, under the condition that the accessible information sent by the service platform of the application management system for the current user is received, the accessible application for the current user and the usable environments of all the accessible applications are displayed according to the accessible information, under the condition that the current user is detected to determine the target application from the accessible applications, a first starting request for the target application is sent to the service platform, so that the service platform starts and runs the target application in the target running environment corresponding to the target application and controls the portal application to display the running target application, under the condition that the authorization request sent by the target application is received, the authorization request is sent to the service platform, so that the service platform generates an authorization token for the authorization request, and under the condition that the authorization token sent by the service platform is received, the authorization token is sent to the target application, so that the target application can run successfully in the target running environment based on the authorization token, the user can open the target application in the user right through the portal application, and the target application can be run in the target running environment under the premise of ensuring safety, and the use safety and the authorization convenience of the application are improved.

In one possible implementation, the apparatus further includes a login module configured to: displaying a first login prompt under the condition that a login request of the current user is detected, wherein the first login prompt is used for reminding the user to input login information; under the condition that input login information is detected, the login information is sent to the service platform, so that the service platform performs user authentication based on the login information and obtains an authentication result, wherein the authentication result is passing or failing; when the received authentication result sent by the service platform is passing, carrying out login of the current user based on the login information; or under the condition that the authentication result sent by the service platform is not passed, displaying a second login prompt, wherein the second login prompt is used for reminding the user of the login information error and reminding the user of inputting new login information. Therefore, by providing clear and orderly flow, the user can complete login operation more conveniently and quickly, clear prompt is provided when login information is wrong, confusion and repeated operation of the user are reduced, all login information can pass through the authentication of the service platform, the safety of the system is greatly enhanced, users passing authentication can successfully log in, illegal access and potential safety risks are effectively prevented, traditional user name and password login are supported, and the system can be expanded to other forms of authentication modes such as short message authentication, mailbox authentication, social media login and the like, and the flexibility and the expandability of the system are improved.

In one possible implementation, the apparatus further includes a switching module configured to: under the condition that a switching request sent by the current user through the target application is detected, determining a target running environment where the target application is currently located, a usable environment of the target application and an expected running environment indicated by the switching request; generating a second starting request according to the current user and the expected running environment under the condition that the usable environment comprises the expected running environment, and sending the second starting request to the service platform so as to enable the service platform to start and run the target application in the expected running environment; generating an environment authorization request according to the current user, the target application and the expected operation environment under the condition that the expected operation environment does not exist in the usable environment, sending the environment authorization request to the service platform so as to enable the service platform to generate an authorization result aiming at the environment authorization request, wherein the authorization result is used for indicating whether the expected operation environment is authorized to be used by the target application of the current user, and generating a second starting request according to the current user and the expected operation environment and sending the second starting request to the service platform under the condition that the authorization result sent by the service platform is received and is authorized, so that the service platform starts and operates the target application in the expected operation environment; or under the condition that the received authorization result sent by the service platform is not authorized, sending the authorization result to the target application, wherein the authorization result is also used for indicating the reason of not passing the authorization. Therefore, the user can access the proper running environment according to the authority and the requirement, realize the seamless switching of the running environments of different applications, realize smooth application experience, and the switching function of the running environment has flexibility, convenience and user friendliness, thereby being beneficial to strengthening the overall management of the application management platform and improving the user experience.

In one possible implementation, the apparatus further includes an encryption module configured to: before sending first data to the service platform, carrying out encryption processing on the first data, and sending the encrypted first data to the service platform, wherein the first data comprises at least one of a first starting request, login information, a second starting request and an environment authorization request; and/or before sending the second data to the target application, encrypting the second data, and sending the encrypted second data to the target application, wherein the second data comprises at least one of the authorization token, a switching request and an authorization result for an environment authorization request; wherein the encryption process includes adding encryption information and/or adding a time stamp. In this way, by carrying out encryption processing on the first data and the second data, even if the data is intercepted in the data transmission process, the content in the data cannot be easily decrypted and obtained, so that the privacy and sensitive information of a user are effectively protected, and the safety of the data is enhanced; the encryption processing is added with additional information such as a time stamp, the integrity and the source of the data can be verified, the data can be prevented from being tampered in the transmission process, and any illegal modification of the data can damage the integrity of the encryption information, so that the encryption information can be easily identified.

According to another aspect of the present disclosure, there is provided an application management apparatus applied to a service platform of an application management system, the application management system providing a plurality of operating environments, the service platform being configured to schedule the plurality of operating environments, the plurality of operating environments including a first operating environment, a second operating environment, and a third operating environment, the apparatus including: a first transmitting module configured to transmit, to a portal application of the application management system, accessible information for a current user if it is determined that an authentication result of the current user is passed, wherein the accessible information includes an accessible application for the current user and a usable environment of each of the accessible applications, the portal application being run in the first running environment, the usable environment including at least one of the first running environment, the second running environment, and the third running environment; the starting module is configured to start, run and control the target application in the running portal application presentation in a target running environment indicated by a first starting request under the condition that the first starting request sent by the portal application is received for the target application; and the second sending module is configured to generate an authorization token based on the authorization request and send the authorization token to the portal application when receiving the authorization request sent by the portal application, so that the portal application sends the authorization token to the target application, and the target application successfully operates in a target operating environment based on the authorization token. In this way, when the authentication result of the current user is determined to be passing, the accessible information of the current user is sent to the portal application of the application management system, when a first starting request of the target application sent by the portal application is received, the target application is started and operated in a target operation environment indicated by the first starting request, and the target application in operation is controlled to be displayed, when an authorization request sent by the portal application is received, an authorization token is generated based on the authorization request, and the authorization token is sent to the portal application, so that the portal application sends the authorization token to the target application, and therefore the target application can successfully operate in the target operation environment based on the authorization token, so that the user can open the target application in the user through the portal application, and operate the target application in the target operation environment on the premise of ensuring safety, and the use safety and the authorization convenience of the application program are improved.

In one possible implementation, the apparatus further comprises an authentication module configured to: acquiring authentication configuration information for the current user under the condition that login information sent by the portal application and aiming at the current user is received, wherein the authentication configuration information comprises an authentication mode selected by the current user when registering the portal application; user authentication is carried out according to the authentication configuration information, and an authentication result is obtained, wherein the authentication result is passing or failing; and sending the authentication result to the portal application. In this way, by acquiring the authentication mode selected by the current user when registering the portal application and performing user authentication according to the authentication mode, the implementation mode can ensure the accuracy and the credibility of the user identity, and because the authentication mode is determined according to the user's own selection, the authentication mode can effectively prevent an unauthorized user from accessing the system or performing sensitive operation; the authentication configuration information contains a plurality of authentication modes for users to select, such as password authentication, biological feature recognition, mobile phone verification codes and the like. The flexibility enables the system to adapt to authentication requirements of different users, improves the use experience of the users, and meanwhile, the selection of multiple authentication modes also enhances the security of the system, because different authentication modes have different security intensities, the implementation mode provides safer, more convenient and more efficient authentication experience for the users by improving the security of user authentication, flexibly adapting to different authentication requirements, simplifying user authentication processes, improving the expandability and maintainability of the system and enhancing the collaborative work capability with portal application.

In one possible implementation, the apparatus further includes a switching module configured to: under the condition that a second starting request sent by the portal application is received, determining a current user indicated by the second starting request and a desired running environment; starting, running the target application in the expected running environment and controlling the portal application to show the target application in running under the condition that the expected running environment is included in the usable environment of the current user according to the accessible information of the current user; under the condition that an environment authorization request sent by the portal application is received, determining a current user, a target application and an expected operation environment indicated by the environment authorization request, generating an authorization result for the environment authorization request according to authority information of the current user and the target application, wherein the authorization result is used for indicating whether the expected operation environment is authorized for the target application of the current user or not, and sending the authorization result to the door application; under the condition that an environment authorization request sent by the portal application is received, determining a current user, a target application and an expected operation environment indicated by the environment authorization request, generating an authorization result for the environment authorization request according to authority information of the current user and the target application, wherein the authorization result is used for indicating whether the expected operation environment is authorized to be used by the target application of the current user or not, and sending the authorization result to the portal application and starting, operating the target application and controlling the portal application to show the target application in operation in the expected operation environment when the authorization result is authorized; and under the condition that the authorization result is not authorized, the authorization result is also used for indicating the reason of not authorized. Therefore, the user can access the proper running environment according to the authority and the requirement, realize the seamless switching of the running environments of different applications, realize smooth application experience, and the switching function of the running environment has flexibility, convenience and user friendliness, thereby being beneficial to strengthening the overall management of the application management platform and improving the user experience.

In one possible implementation, the apparatus further includes an encryption module configured to: and before sending third data to the target application, carrying out encryption processing on the third data, and sending the third data after the encryption processing to the target application, wherein the third data comprises at least one of the accessible information, the authorization token, an authentication result and an authorization result for an environment authorization request, and the encryption processing comprises adding encryption information and/or adding a timestamp. Therefore, by carrying out encryption processing on the third data, even if the data is intercepted in the data transmission process, the content in the third data cannot be easily decrypted and obtained, so that the privacy and sensitive information of a user are effectively protected, and the safety of the data is enhanced; the encryption processing is added with additional information such as a time stamp, the integrity and the source of the data can be verified, the data can be prevented from being tampered in the transmission process, and any illegal modification of the data can damage the integrity of the encryption information, so that the encryption information can be easily identified.

Other features and aspects of the present disclosure will become apparent from the following detailed description of exemplary embodiments, which proceeds with reference to the accompanying drawings.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate exemplary embodiments, features and aspects of the present disclosure and together with the description, serve to explain the principles of the disclosure.

Fig. 1 shows a schematic diagram of an application management method provided according to an embodiment of the present disclosure.

Fig. 2 shows a flowchart of an application management method provided according to an embodiment of the present disclosure.

Fig. 3 to 4 are schematic diagrams illustrating an application management method provided according to an embodiment of the present disclosure.

Fig. 5 shows a flowchart of an application management method provided according to an embodiment of the present disclosure.

Fig. 6 to 7 illustrate block diagrams of an application management apparatus provided according to an embodiment of the present disclosure.

Fig. 8 illustrates a block diagram of an apparatus for performing an application management method provided according to an embodiment of the present disclosure.

Detailed Description

Various exemplary embodiments, features and aspects of the disclosure will be described in detail below with reference to the drawings. In the drawings, like reference numbers indicate identical or functionally similar elements. Although various aspects of the embodiments are illustrated in the accompanying drawings, the drawings are not necessarily drawn to scale unless specifically indicated. The word "exemplary" is used herein to mean "serving as an example, embodiment, or illustration. Any embodiment described herein as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments. In addition, numerous specific details are set forth in the following detailed description in order to provide a better understanding of the present disclosure. It will be understood by those skilled in the art that the present disclosure may be practiced without some of these specific details. In some instances, well known methods and means have not been described in detail in order to facilitate a focus of the disclosure.

In order to solve the above-mentioned problems, an embodiment of the present disclosure provides an application management method, applied to a portal application of an application management system, where the application management system provides a first running environment, a second running environment, and a third running environment, and the portal application runs in the first running environment, and by displaying an accessible application for a current user and a usable environment of each accessible application according to the accessible information when receiving the accessible information for the current user sent by a service platform of the application management system, where the current user is a user authenticated by the service platform, the accessible information is determined by the service platform according to authority information of the current user, and the usable environment includes at least one of the first running environment, the second running environment, and the third running environment; the method comprises the steps that under the condition that a current user is detected to determine a target application from accessible applications, a first starting request aiming at the target application is sent to a service platform, so that the service platform starts and runs the target application in a target running environment corresponding to the target application, and the portal application is controlled to display the running target application; by sending the authorization request to the service platform under the condition that the authorization request sent by the target application is received, so that the service platform generates an authorization token for the authorization request, and sending the authorization token to the target application under the condition that the authorization token sent by the service platform is received, the target application can run successfully in the target running environment based on the authorization token, thus, a user can open the target application required by the user through the portal application, and can perform business work through the target application running in the target running environment, and the use safety and the authorization convenience of the target application, namely the application program, are improved.

The application management system provided by the embodiment of the disclosure adopts a mixed architecture construction, and supports the running of a web application (web app) and a front-end application (uniapp applet) besides running own native application programs. That is, the application management system may provide a variety of operating environments. The plurality of operating environments may include a first operating environment, a second operating environment, and a third operating environment.

In some embodiments, the application management system may be configured to construct a native application environment (i.e., a first running environment) for running a native application, a web app environment (i.e., a second running environment) for running a web app, and a uniapp environment (i.e., a third running environment) for running uniapp applet, where the web app and uniapp applet may interact with the native application via an open interface in the native application, and the interaction process is detailed in the interaction process between the target application and the portal application, which is not developed herein.

In some embodiments, the application management system may use application sandbox technology to construct a web app environment (i.e., a second running environment) and a uniapp environment (i.e., a third running environment) based on a native application running environment (i.e., a first running environment), wherein the web app environment includes two parts, namely a web view and a web app sandbox, and the uniapp environment includes two parts, namely a uniapp view sandbox and a uniapp sandbox, to ensure data isolation and security protection between different applications, in a specific manner, such as performing isolation packaging on the applications, limiting access rights of the applications, and realizing data protection and security isolation between the applications. The web app environment and uniapp environment can be dynamically added and deleted, and the running environment can be switched according to user operation. The native application program invokes and manages the web app and uniapp applet through an open interface, implementing data interaction and function expansion, such as obtaining user login information, sending a message notification, invoking a native function, and the like.

In some embodiments, the application management system may design and implement an open interface to support data exchange and integration between applications, in a specific manner, such as designing open data formats and protocols, implementing secure transmission and sharing of data, supporting data exchange for multiple data formats and protocols.

In this way, the application management system can realize unified management and operation of the native application program, the web app and uniapp applet through the hybrid architecture, the application sandbox technology can realize isolation and security protection of the application program, and data sharing and integration can realize communication between the application programs, so that the application management method based on the application management system can improve the efficiency and convenience of the application program, ensure safe and independent operation of the application program, and improve the interconnection interoperability of the application.

The application management system may include a portal application and a service platform. The portal application is a native application running in the first running environment, for example, the portal application may be an application located on a cell phone, tablet, or other client. It should be noted that the application herein is a simplified description of an application program. The service platform is a server of the application management system, and the service platform can be used for scheduling (or switching) the multiple operation environments, wherein the scheduling process is detailed later, and is not developed here. In some embodiments, the service platform may include an authorization server and a resource server. In some embodiments, the service platform may include an application management module, a user management module, and a rights management module.

The application management module of the service platform can be used for creating (registering), publishing, configuring, monitoring, updating and application information management of various applications in the application management system, so that the application management system can manage the full life cycle of the application program through the functions of the application management module, and normal running and continuous optimization of the application are ensured. The application information management may include setting of application authority information, the authority information may include a running environment and a resource access range, the running environment of different applications may be different, the resource access range of different applications may be different, and the authority information of the applications may be set in the application management module according to actual functions of the applications.

The application management module may design and create an application according to the input application information in case of detecting the application registration request, wherein the design and creation process may include collection, verification and storage of the application information and construction of a running environment of the application. For example, as shown in fig. 1, according to the schematic diagram of the application management method provided in the embodiment of the present disclosure, an administrator logs in to a service platform, enters an application management module provided by the service platform, fills application basic information for an application to be created in the application management module, and after detecting that the application basic information submitted by the user, that is, the service platform completes information collection, verification and storage work of the application to be created, the service platform can automatically construct three different operation environments, namely, a first operation environment, a second operation environment and a third operation environment, for the application to be created to operate by using a hybrid architecture, or the service platform can construct a corresponding operation environment according to the type of the operation environment actually set by the administrator. It should be noted that, the user may flexibly set the type and the number of the running environments of the accessible applications according to the actual application scenario, and the embodiments of the present disclosure are not limited thereto.

The application management module may perform configuration of the application to be configured according to application configuration information under the condition that an application configuration request for the application to be configured is detected, where the application configuration information may include information such as a runtime parameter (i.e., a parameter transferred by the service platform to the application program when the application program runs), an access right, a resource limitation, and the like, where the access right and the resource limitation may also be set in the rights management module, as will be described later.

The application management module can deploy the application to be released according to application release information in the application release request under the condition that the application release request aiming at the application to be released is detected, so as to realize application release, wherein the deployment of the application to be released refers to the deployment of the application to be released into a service platform, so that a subsequent user opens the application which is completed through the deployment of the portal application, and the application release information can comprise information such as application version, application-oriented user range and the like.

The application management module can start monitoring the application under the condition that the application is detected to be in the running state, so as to obtain monitoring information, wherein the monitoring information can comprise the running condition, performance index, error log and the like of the application program. The application management module can update the current version of the application under the condition that the change of the version of the application is detected, so that the automatic update and version management of the application are realized, and the safety of the application is ensured. For example, for web apps and uniapp, an application management module of a service platform designs and realizes automatic update and version management functions, and ensures timely update and version control of an application program, wherein the application management module can perform version management and release planning, namely, determines a strategy of version management and release, formulates a version number rule, comprises three parts, names by an X.X.X rule, the first X represents large functional version iteration, the last X represents functional internal optimization upgrade, the last X represents application bug repair, and the application version numbers under different systems (such as Android and iOS) need to ensure that the first two bits are the same, so that clear version naming is ensured to manage update and version control of the application program; the application management module may be designed and implement an update detection mechanism for detecting release of the new version, which is detected for availability by communicating with the server when the uniapp application is started.

The application management module designs and realizes an update detection mechanism, and can be used for detecting the release of a new version. For example, when starting uniapp the application, the availability of the new version is detected by communicating with an application management module of the service platform.

The application management module may automatically download and install the latest version of the application if it is detected that the new version of the application is present, or the application management module may send an update prompt to the portal application to alert the user to download the latest version of the application if it is detected that the new version of the application is present.

The application management module adopts a gray level release strategy, and the application management module supports that the new version application is released to a small part of users for testing and verification, so that stability and compatibility are ensured. If the application management module detects that the application has problems, the application management module can quickly restore the version of the application with problems to the last stable version through a rollback mechanism.

In the service platform, the application management module is arranged, so that the service platform can realize comprehensive application program management functions including application creation, release, configuration, monitoring and updating through the application management module, and can repair the loopholes of the application program in time and improve the application functions through the updating and upgrading functions of the application program, thereby helping management staff to monitor and control the updating of the application program and improving the application performance and user experience.

The user management module of the service platform can be used for registration, login and user information management of the user in the application management system. Therefore, the application management system can realize user registration, login, information management and allocation and management of user roles and authorities through the user management module. The user information management may include setting of user authority information, the authority information may include an accessible application and an accessible resource range, the application types or the running environments of the applications that different users can access may be different, the resource access ranges that different users can access may be different, and the authority information of the users may be set in the application management module according to roles of the users.

The user management module designs and realizes the user registration function, including collection, verification and storage of user information. For example, when detecting a registration request of a user, the user management module of the service platform obtains input user information such as a name, a contact way, a position, and the like, and after verification by the user management module of the service platform, allocates an account number to the user, such as sending the user name and the password to the user, so that the user logs in to the portal application. Besides the mode of independently registering the new users, the user management module of the service platform can also support the mode of regularly and batchwise importing a plurality of user information by a third party service system and an appointed application interface (API), so that the enterprise can conveniently register the users in batches, the registration time is greatly reduced, and the convenience and the rapidness are realized.

In the user management module, a plurality of modes for user identity authentication (or verification) are arranged, including authentication modes such as passwords, short message verification codes, identity tokens, biological recognition and the like, and the user management module is provided with a plurality of professional and innovative authentication modes, so that a user can conveniently select a proper multi-factor authentication mode according to security requirements and personal preferences. The portal application can judge whether the authentication flow is passed or not according to the verification result of the authentication mode. For example, an administrator logs in to the service platform and enters a multi-factor authentication configuration module of the user management module to configure a multi-factor authentication mode, including but not limited to passwords, fingerprints, facial recognition, hardware tokens and the like; the user selects an authentication mode required by subsequent login when registering an account, and performs a saving operation; when a user logs in a portal application, the user inputs a user name and a password, clicks a login button, obtains authentication configuration of the user from a service platform to be used by the portal application, determines required authentication factors for authentication of the user, and sequentially completes authentication of each authentication mode according to requirements, such as inputting a dynamic authentication code generated by a hardware token, performing face recognition and the like. In this way, professional, safe and flexible authentication modes and authentication flow management capability can be provided through the multi-factor authentication mode, so that a user can conveniently select and bind the authentication modes according to security requirements and personal preferences, authentication factors can be flexibly switched, and in the login process, the user needs to pass verification of a plurality of authentication factors, so that the security of an application management system is improved.

The user management module realizes the user login function, verifies the user identity and authorizes the access right. After the user logs in successfully, only the content distributed to the user by the service platform can be checked and edited, and details are shown later.

The user management module realizes the user information management function, including viewing, modifying and editing of the user information. The user can modify personal information through portal application and service platform.

The user management module designs and realizes the user role management function, including the creation, distribution and authorization of roles. One user may contain multiple roles. For example, the user management module creates corresponding roles according to the input user information, the same user can correspond to one or more roles, and different roles can have different rights.

The user management module realizes the management function of the user organization structure and is used for organizing and managing users. An organization architecture may include multiple users.

The user management module realizes the user authority management function, including definition, distribution and control of authority. Rights may be assigned to a particular group of users in bulk, or may be assigned to individual users. The user rights management function may also be implemented in a rights management module, as described in more detail below. The authority information of the user may be related to at least one of a role of the user, a post of the user, and a resource allocation situation.

The user management module realizes the storage of user portrait. For example, the user image, which is login information such as the login time and the terminal of the same user, may be stored, and when a new terminal device is detected, the user can be authenticated to ensure security.

In the service platform, the user management module is arranged, so that the user identity authentication and authorization can be provided to realize the identification of the user identity and the control of the authority, the safety and the stability of the application program are ensured, the user management module provides a perfect user management mechanism for the application management system, the registration, the login and the information management of the user can be flexibly managed, the user role and the authority are distributed through the user management module, the application management system can effectively control the access authority of the user to the system resources and functions, the user is effectively managed, and the safety and the manageability of the system are improved.

The rights management module of the service platform may enable definition, allocation and control of rights of users and/or applications. Therefore, the application management system can realize the allocation and management of the rights of the user and/or the application through the rights management module.

The rights management module designs and implements rights definition functions, including the creation and classification of rights. Such as browsing rights, editing rights, downloading rights. Different rights may be created for the user and the application, respectively.

The rights management module implements a rights assignment function, associating rights with a user or role. For example, in the first role of user a, user a has browsing rights, editing rights; in the second role of user a, user a has browsing rights. The rights management module may also associate rights with the application. The rights management module supports a variety of rights control policies including role-based rights control, resource-based rights control, and post-based rights control, among others.

The rights management module implements rights control functionality, limiting access to resources and functions by verifying the rights of the user, and/or limiting access to resources and functions by verifying the rights of the application. For example, the operating environments that the application a can use are a first operating environment and a second operating environment, and the operating environment that the application B can use is the first operating environment.

In some embodiments, the rights management module may also provide an authorization management service. The authorization management service is used for realizing authorization management and authority management of users and/or applications. The authorization management comprises the functions of distribution, revocation, updating and the like of the rights. The authority management and control realizes the management of user authority and/or application authority, including the functions of authority allocation, recovery, revocation, etc. For example, an administrator logs in to the service platform, enters the rights management module, determines the target user, and distributes, revokes and updates the corresponding rights for the target user. The authorization management service supports a variety of authorization means including role-based authorization, resource-based authorization, and the like. The authorization management service can realize the management and control of the application level, the resource acquisition level and the resource access level. Aiming at the application level, the authority management module can set the visible range of the system application and the third party application, so that the granularity of the visible range can be thinned, and the flexibility of the system application and the third party application is improved based on the user setting. Aiming at the resource acquisition layer, the authority management module can manage and control the system data resources, so that the unauthorized access of the resources can be prevented. Aiming at the resource access level, the authority management module can judge the accessibility of the resource for the multiple attributes of the position of the user, the network environment and the like, and change the resource according to different attributes of the user, thereby further preventing the leakage of the data resource. Therefore, the authority management and control capability with flexibility, safety and individuation can be provided through the authority management service, an administrator is helped to limit the visible range, login position and network environment of a user, the safety, data protection and compliance of the system are ensured, the control force of an organization on the system can be improved through the functions, and a safe and reliable working environment is provided for the user.

In some embodiments, the rights management module may further determine a resource range required by the application according to the input registration information of the application, and allocate rights to the application based on the resource range. The registration information may include at least one of an object-oriented application, a memory size expected to be acquired by the application, a main function of the application, and a visible range of the application, and a resource suitable for the application may be determined according to the registration information of the application. Where the application defaults to being visible to all users, some applications, such as college daycare, are viewable only by the hospital management layer. For example, in the case that the application management method is applied to the medical industry, the application object can be a worker of a medical enterprise or a customer served by the medical enterprise, more resources can be allocated to the worker of the medical enterprise, so that the worker of the medical enterprise can view more information, and less resources are allocated to the customer served by the medical enterprise, such as omitting enterprise information related to the medical enterprise, so that different resource ranges can be determined based on the input registration information of different applications, resources of an application management platform are saved, the application can be ensured to only access the resources and functions of the application with the authority by providing an authority allocation mechanism for each application, and the security and data protection capability of the application management platform are improved.

In the service platform, the authority management module is arranged, so that the authority management module provides a flexible authority definition and allocation mechanism for the application management system, fine granularity control can be carried out on the authority of a user and/or an application, the system can ensure that the user and the application can only access the resource and the function with the authority through the authority control function, the security and the data protection capability of the system are improved, the fine management of the authority of the user and/or the application by the application management system is realized, the safe access and the compliance operation of the resource of the application management system are ensured, and the security and the data protection capability of the application management system are improved.

Fig. 2 shows a flowchart of an application management method provided according to an embodiment of the present disclosure. As shown in fig. 2, the application management method applied to the portal application of the application management system provided in the embodiment of the present disclosure may include the following steps S101 to S103.

Step S101, under the condition that the accessible information of the current user sent by the service platform of the application management system is received, the accessible application of the current user and the usable environment of each accessible application are displayed according to the accessible information.

Step S102, under the condition that the current user determines the target application from the accessible applications, a first starting request aiming at the target application is sent to the service platform, so that the service platform starts and runs the target application in a target running environment corresponding to the target application and controls the portal application to display the running target application.

Step S103, under the condition that an authorization request sent by the target application is received, the authorization request is sent to the service platform, so that the service platform generates an authorization token for the authorization request, and under the condition that the authorization token sent by the service platform is received, the authorization token is sent to the target application, so that the target application runs successfully in a target running environment based on the authorization token.

The current user is a user which passes through the service platform authentication and completes login through the portal application. The accessible information is determined by the service platform based on the rights information of the current user. The usable environment may include at least one of a first operating environment, a second operating environment, and a third operating environment. The usable environment of each accessible application may be set when the application is created to the application management system.

In this way, under the condition that the accessible information of the current user sent by the service platform of the application management system is received, the accessible application of the current user and the usable environments of the accessible applications can be displayed according to the accessible information, under the condition that the current user determines the target application from the accessible applications, the first starting request of the target application can be sent to the service platform by the step S102, so that the service platform starts and runs the target application in the target running environment corresponding to the target application and controls the portal application to display the running target application, under the condition that the authorization request sent by the target application is received, the step S103 can send the authorization request to the service platform, so that the service platform generates an authorization token for the authorization request, and under the condition that the authorization token sent by the service platform is received, the authorization token is sent to the target application, so that the target application can run successfully in the target running environment based on the authorization token, the user can open the target application in the user authority through the portal application, and run the target application in the target running environment under the condition of safety is ensured, and the use safety and the convenience of the application are improved.

Fig. 3 shows a schematic diagram of an application management method provided according to an embodiment of the present disclosure. The following describes an application management method provided by an embodiment of the present disclosure.

The user opens a login page of the portal application on a terminal, such as a tablet, as shown in fig. 3, and the portal application displays a first login prompt when detecting a login request generated by the current user triggered from the login page, wherein the first login prompt can be used for reminding the user to input login information, for example, the login information can be a user name and a password obtained by the user when registering the portal application, and the user can successfully login to the portal application by filling in correct login information so as to view a required target application. The portal application sends the login information to the service platform under the condition that the input login information is detected, so that the service platform obtains the authentication configuration information for the current user under the condition that the login information for the current user sent by the portal application is received, the authentication configuration information can comprise an authentication mode selected by the current user when registering the portal application or a special authentication mode set by the service platform for the current user so as to improve system safety, and the authentication mode can be at least one of a password, a short message verification code, an identity token, biological recognition (fingerprint recognition, face recognition and iris recognition). And the service platform performs user authentication according to the authentication configuration information to obtain an authentication result, wherein the authentication result is passed or failed. For example, when the user selects an authentication mode of face recognition during registration, the service platform performs face recognition on the user to obtain an authentication result of user identity authentication, the authentication result indicates validity of the user logging in the portal application, in some embodiments, if the authentication modes for the user are multiple, the service platform can perform authentication based on each authentication mode to obtain each authentication sub-result, and the service platform determines that the authentication result of the user is passed when all the authentication sub-results are passed. And the service platform sends the authentication result to the portal application. As shown in fig. 3, the portal application performs login of the current user based on login information when the received authentication result sent by the service platform is passed; or the portal application displays a second login prompt when receiving the authentication result sent by the service platform is not passed, wherein the second login prompt can be used for reminding a user of wrong login information and reminding the user of inputting new login information.

Therefore, by providing clear and orderly processes, a user can complete login operation more conveniently and quickly, clear prompts are provided when login information is wrong, confusion and repeated operation of the user are reduced, all login information can pass authentication of a service platform, the safety of the system is greatly enhanced, only authenticated users can successfully log in, illegal access and potential safety risks are effectively prevented, traditional user name and password login is supported, other forms of authentication modes such as short message authentication, mailbox authentication and social media login can be expanded, the flexibility and expandability of the system are improved, the service platform provides professional, safe and flexible multiple authentication modes, the user can select the authentication mode according to the safety requirement and personal preference, or the service platform can additionally set the authentication mode to improve the safety of user login, in the login process, the identity of the user can be authenticated through each authentication mode, the safety of an application program can be maximally prevented, the application management platform of non-registered personnel is prevented, and the safety of the application management system is improved.

The portal application supports single-point login and multi-point login, and can be selected and configured according to application scenes.

The portal application may also perform the following steps in the user login process: and under the condition that the login of the current user is determined to be completed, acquiring and storing the terminal information of the current user, wherein the terminal information can indicate an access source, so that a user image is drawn based on the user access source. In the process of user login, under the condition that the service platform detects an abnormal access source, a third login prompt can be directly displayed, and the third login prompt can be used for providing user re-login to enable the service platform to perform user authentication, so that even if various data are checked correctly, an access token (such as a password in login information) is set to be invalid, the user is required to re-login, the identity of the user is verified, the extreme situations of equipment loss or theft are met, the risk of sensitive data leakage is greatly reduced, and more serious property loss is avoided.

And under the condition that the authentication result of the current user is determined to pass, the service platform can determine the accessible information of the current user according to the authority information of the current user stored in the database. The accessible information may include an accessible application for the current user and a usable environment of each accessible application. The authority information is determined according to at least one of user roles, user positions and resource allocation conditions, and the user information related to the users such as the user roles, the user positions and the resource allocation conditions can be preset in a user management module of the service platform. The user role, the user post and other basic information related to the user can be uniformly configured for each user in a user management module of the service platform by an administrator or can be filled in by the user when registering and configured after being audited by the administrator; the resource allocation situation can be configured uniformly for each user in the user management module and/or the authority management module by an administrator.

The service platform can also send the accessible information for the current user to a portal application of the application management system under the condition that the authentication result of the current user is determined to be passed, so that the portal application can display the accessible application for the current user and the available environment of each accessible application according to the accessible information sent by the service platform, and the available environment can comprise a first running environment, a second running environment and the available environment of each accessible application.

In the case that the portal application receives the accessible information for the current user sent by the service platform, as shown in fig. 3, application information, that is, the accessible application for the current user and the available environment of each accessible application, may be displayed according to the accessible information. Therefore, the application display user can ensure that the user can only access the application with the authority to use the corresponding resources and functions of the application according to the accessible information of the user, so that the safety is improved and the data protection capability is improved.

In the case where the number of accessible applications is only one, the subsequent start-up work of the target application may be performed after detecting the selection operation of the current user with respect to the one accessible application (i.e., the target application), or the subsequent start-up work of the target application may be performed directly, and different steps may be performed based on the number of usable environments. In the case that the available environment is one of the first running environment, the second running environment and the third running environment, which means that the running environment of the application which can be viewed by the current user is only one, the operation can be simplified, the portal application can directly take the available environment as a target running environment, and generate a first starting request according to the target application and the target running environment and send the first starting request to the service platform; or in the case that the available environment is a plurality of the first running environment, the second running environment and the third running environment, the portal application can determine the target running environment from the available environments according to the selection of the current user, generate a first starting request according to the target application and the target running environment, and send the first starting request to the service platform.

In the case where the number of accessible applications is plural, the portal application may determine the target application in the case where a selection operation of the application by the current user is detected. The portal application may perform subsequent startup work based on the number of available environments. In the case that the usable environment is one of the first operating environment, the second operating environment and the third operating environment, the portal application can take the usable environment as a target operating environment and generate a first starting request according to the target application and the target operating environment; or in the case that the available environment is a plurality of the first running environment, the second running environment and the third running environment, the portal application can determine the target running environment from the available environments according to the selection of the current user, and generate the first starting request according to the target application and the target running environment. In this way, by considering the available environment of the accessible application of the current user, the system can intelligently recommend or select the most suitable running environment for the user, which reduces the trouble of manual configuration or selection of the user and improves the user experience; whether the environment of the user is single or multiple, the implementation mode can be flexibly dealt with, and the system can be directly selected for the single environment; for multiple environments, users can select the environments preferred by the users, so that the flexibility of the system and the autonomy of the users are improved; through automatically detecting and matching the available environment of the target application, the implementation mode obviously improves the intelligence and the automation degree of the system, so that a user can use various applications more conveniently and efficiently.

Under the condition that a first starting request aiming at the target application and sent by the portal application is received, the service platform can start and run the target application in a target running environment indicated by the first starting request and control the portal application to display the running target application.

As shown in fig. 3, the current user may view the target application within the portal application, which upon startup will perform verification of the authorization token (i.e., validity check). In the case where the target application is first started, the target application sends an authorization request (which may include a terminal identification, a request scope, and a callback method or a redirect URI) to the portal application. The portal application may send an authorization request to the service platform upon receiving the authorization request sent by the target application. And the service platform generates an authorization token for the authorization request according to the terminal identification and the request range in the received authorization request and sends the authorization token to the portal application. The portal application sends the authorization token to the target application under the condition that the authorization token sent by the service platform is received. The target application performs authorization verification based on an authorization token generated by the service platform and sent by the portal application, and successfully operates in the target operation environment after the verification is successful, so that the current user performs service processing in the target application. The authorization verification of the authorization token by the target application can be verification of timeliness of the authorization token.

The target application verifies the authorization token before each operation, and the verified authorization token is the latest authorization token generated by the service platform and is usually stored in the last operation so as to verify the authorization token next time. Under the condition that the target application is not started for the first time, the target application takes out the last saved authorization token and verifies the last saved authorization token, and if the verification result is passed, an authorization request is not required to be sent to the portal application to acquire a new authorization token; if the verification result is that the verification is not passed, an authorization request needs to be sent to the portal application to acquire a new authorization token for re-verification.

The application management system provides a plurality of open APIs for the original application program/web app/uniapp applet to acquire the information such as the required authorization token through the portal application, the original application program/web app/uniapp applet does not need to be in butt joint with the service platform, and the security of the whole system is higher. The application management system also provides for skip running of third party applications. Unlike the native application/web app/uniapp applet, the third party application does not run in the portal application, directly obtains the required information such as authorization code from the service platform, as shown in fig. 3, and the third party application also performs verification of the authorization code after starting, if the verification is passed, the third party application is used; if the authorization code is not verified, the third party application directly sends an authorization code request (which can comprise a terminal identification and a request range) to the service platform, the service platform returns an authorization code to the third party application, and the third party application can verify the authorization code based on the new authorization code until the authorization code is verified.

The user can also perform an operation of switching the operating environment of the target application in the process of using the target application. The portal application can determine the current target running environment of the target application, the available environment of the target application and the expected running environment indicated by the switching request under the condition that the portal application detects the switching request sent by the current user through the target application and/or under the condition that the portal application detects the switching request generated by the current user through the portal application.

In the case that the portal application determines that the usable environment comprises the expected running environment, a second starting request can be generated according to the current user and the expected running environment, and the second starting request is sent to the service platform so that the service platform can start and run the target application in the expected running environment.

In the case that the portal application determines that the expected running environment does not exist in the usable environment, the portal application can generate an environment authorization request according to the current user, the target application and the expected running environment, and can send the environment authorization request to the service platform so that the service platform can generate an authorization result for the environment authorization request. The authorization result is used to indicate whether the desired running environment is authorized for use by the target application of the current user.

And under the condition that the authorization result sent by the service platform is passing authorization, the portal application can generate a second starting request according to the current user and the expected operation environment and send the second starting request to the service platform so as to enable the service platform to start and operate the target application in the expected operation environment.

The portal application may send the authorization result to the target application when the authorization result sent by the service platform is received as not passing authorization, where in this case, the authorization result is further used to indicate a reason of not passing authorization.

The service platform starts and runs the target application in the expected running environment, and may include: under the condition that a second starting request sent by a portal application is received, the service platform can determine the current user indicated by the second starting request and the expected running environment; in the case that the available environment of the current user comprises the expected running environment according to the accessible information of the current user, the service platform can start, run the target application in the expected running environment and control the portal application to display the target application in the running state.

The service platform may only issue authorization results for the environmental authorization request. Under the condition that an environment authorization request sent by a portal application is received, the service platform can determine a current user indicated by the environment authorization request, a target application and an expected running environment, and generates an authorization result aiming at the environment authorization request according to the authority information of the current user and the target application. The authorization result is used for indicating whether the expected running environment is authorized to be used by the target application of the current user, and the service platform sends the authorization result to the door application.

The service platform may simultaneously launch the target application if the authorization result of the sending of the authorization request for the environment is a pass authorization. Under the condition that an environment authorization request sent by a portal application is received, the service platform can determine a current user indicated by the environment authorization request, a target application and an expected running environment, and generates an authorization result aiming at the environment authorization request according to the authority information of the current user and the target application. The authorization result is used to indicate whether the desired running environment is authorized for use by the target application of the current user. And the service platform can send the authorization result to the portal application and start and run the target application in the expected running environment and control the portal application to display the running target application under the condition that the authorization result is that the authorization passes. And under the condition that the authorization result is not authorized, the authorization result is also used for indicating the reason of the non-authorized.

In some embodiments, application runtime environment scheduling and switching may be achieved through the cooperation of portal applications and service platforms. For example, portal applications and service platforms can intelligently schedule appropriate application execution environments for presentation based on user needs and permissions. The user opens the portal application, logs in and enters the main interface. The portal application determines an accessible application running environment list according to the user roles and the authorities in combination with the service platform. The portal application dispatches the proper application to display through the service platform according to the selection or default configuration of the user. For another example, the portal application and the service platform can provide an application running environment switching function, so that a user can seamlessly switch different application running environments, and smooth application experience is realized. The user browses the content of the current application running environment in the portal application. The user can switch to other registered application running environments through cooperation with the service platform through navigation bars, menus or other interface elements. The portal application can be switched to a corresponding application running environment according to the switching operation of the user and under the cooperation of the service platform, and the content of the application is loaded. Through the steps, unified management and scheduling of various application running environments (including H5 applications, applet applications and native function modules) can be realized. The administrator can register and manage different application running environments, a user can access the appropriate application running environments according to the authority and the requirements, the user can seamlessly switch different application running environments, smooth application experience is realized, flexibility, convenience and user friendliness are provided by the innovative functions, and the overall management and user experience of the application are improved.

Therefore, the user can access the proper running environment according to the authority and the requirement, realize the seamless switching of the running environments of different applications, realize smooth application experience, and the switching function of the running environment has flexibility, convenience and user friendliness, thereby being beneficial to strengthening the overall management of the application management platform and improving the user experience.

The portal application can encrypt first data before sending the first data to the service platform and send the encrypted first data to the service platform, wherein the first data comprises at least one of a first starting request, login information, a second starting request and an environment authorization request; and/or the portal application may encrypt the second data before sending the second data to the target application, and send the encrypted second data to the target application, where the second data includes at least one of an authorization token, a handover request, and an authorization result for the environmental authorization request. Wherein the encryption process includes adding encryption information and/or adding a time stamp. In this way, by carrying out encryption processing on the first data and the second data, even if the data is intercepted in the data transmission process, the content in the data cannot be easily decrypted and obtained, so that the privacy and sensitive information of a user are effectively protected, and the safety of the data is enhanced; the encryption processing is added with additional information such as a time stamp, the integrity and the source of the data can be verified, the data can be prevented from being tampered in the transmission process, and any illegal modification of the data can damage the integrity of the encryption information, so that the encryption information can be easily identified.

The service platform may encrypt the third data before sending the third data to the target application, and send the encrypted third data to the target application, where the third data includes at least one of accessible information, an authorization token, an authentication result, and an authorization result for the environmental authorization request, and the encryption process includes adding the encrypted information and/or adding a timestamp. Therefore, by carrying out encryption processing on the third data, even if the data is intercepted in the data transmission process, the content in the third data cannot be easily decrypted and obtained, so that the privacy and sensitive information of a user are effectively protected, and the safety of the data is enhanced; the encryption processing is added with additional information such as a time stamp, the integrity and the source of the data can be verified, the data can be prevented from being tampered in the transmission process, and any illegal modification of the data can damage the integrity of the encryption information, so that the encryption information can be easily identified.

In some embodiments, the traditional oauth2.0 authentication protocol does not contain cross-platform features, is difficult to prevent request interception and data tampering attacks, and is also difficult to prevent token abuse for acquired access tokens, resulting in data leakage. Based on the method, for transmission of any data, the application management system improves a data transmission link of OAuth2.0, adds MD5 information abstract and time stamp of ordered data to carry out secondary verification on access source and data integrity, ensures consistency of request source, confirms that the data is real and effective, and realizes cross-platform access of the data by developing data transmission channels of native application, web application and applet application. Aiming at misuse of the access token and possible data leakage, the application management system improves the transmission mode of the protected data, and ciphertext is uniformly used in the transmission process, so that even if a third party intercepts the data or takes the data access token, the real data cannot be obtained. The resource access supports various encryption modes such as SM4/AES/RSA and the like. For extreme cases, such as equipment loss or theft, not only are risks of sensitive data leakage faced, but also more serious property damage may be incurred. The application management system provides authorization service, draws user images based on user access sources, and abnormal access sources, and can require the user to log in again and verify the user identity even if various data are checked correctly. In a word, by improving the traditional oauth2.0 authentication protocol, the application management system basically eliminates the risk of data tampering, greatly reduces the possibility of data leakage, and has a corresponding emergency plan for extreme cases.

Fig. 4 shows a schematic diagram of an application management method provided according to an embodiment of the present disclosure. In the application management method, a second running environment corresponding to the web app is constructed by the service platform, and as shown in fig. 4, the second running environment includes a web page view (web view) and a web app sandbox. The corresponding running environment of uniapp applets, i.e., the third running environment, is built by the service platform, as shown in fig. 4, including the applet view (uniapp view) and uniapp sandboxes. The web app sandboxes and uniapp sandboxes can be dynamically configured and managed, so that requirements of different application scenes (such as different product groups in a hospital) are met. For example, portal applications integrate multiple H5 and applet applications, each of which needs to run in a separate sandboxed environment to ensure isolation and security between applications. As shown in FIG. 4, the application management platform adopts an application sandbox mode to provide independent running environments for each application, so that isolation and safety protection of application programs are realized. The application sandbox mode may be determined based on isolation mechanisms such as process isolation, file isolation, network isolation, rights isolation, etc., to ensure secure isolation between applications. An administrator logs in a portal platform, configures application running parameters and corresponding authorities in an application management module, and automatically loads relevant parameters and configurations into a sandbox environment when the application runs. An administrator can create an independent sandboxed environment for each application as needed and flexibly configure it, including runtime parameters, access rights, resource limitations, and the like. This dynamic configuration and management approach increases the controllability and flexibility of the application running environment. The sandbox technology is applied to ensure the safety isolation among application programs by a plurality of isolation mechanisms such as process isolation, file isolation, network isolation, authority isolation and the like. The embodiment of the disclosure adopts an application sandbox technology to provide independent running environments for each application program, and realizes the isolation and the safety protection of the application program.

In the application management method, data sharing and integration of each application can be realized based on the open interface, and data exchange of various data formats and protocols can be realized. The open interface refers to that the native capability of the native application is opened to the native application program/web app/uniapp applet for use by way of an API, and by defining a standardized set of interfaces and protocols, data transfer, function call and interaction operations can be performed between different applications. For example, a web app (H5 application) cannot call a bluetooth function module of a mobile phone, a native application opens a method interface for calling the bluetooth module, and the web app can obtain a bluetooth calling function only by calling the open interface. The data communication and the capacity calling are realized through an open interface mode, interaction and sharing can be conveniently carried out between different applications, the respective characteristics and advantages are fully utilized, the user experience is improved, and meanwhile, the standardized design of the open interface also provides convenience for the expansion and integration of the applications. Among other things, data sharing and integration functions support data exchange of multiple data formats and protocols, such as JSON, XML, SOAP, REST, etc. The data sharing and integration functions may enable data sharing and integration between applications, including reading, writing, updating, deleting, etc. of data.

In one example, the operation of an item may be achieved by performing the steps of:

S11, deploying a unified portal user center. User management, authority management, application management and the like are completed by utilizing the service platform so as to manage and monitor the running condition and data security of the application program, and the related description of the user management module, the authority management module and the application management module is detailed above and is not repeated here.

S12, constructing an application program by using the mixed architecture. An administrator logs in the service platform, enters the application management module, creates an application, fills in application basic information, and automatically builds three running environments of a native application program, a web app and uniapp applet after submitting the application basic information. For application runtime registration, the service platform may register different application runtime environments (e.g., H5 applications, applet applications, and native function modules) into the application management system, with application developers submitting their application or module information to the service platform's administrator. An administrator logs in the service platform and enters the application management module, and the administrator completes registration of the application running environment according to the provided application or module information, wherein the registration comprises names, types, access addresses and the like. And, the administrator can configure and manage the submitted application running environment, log in the service platform, enter the application management module, and view the submitted application list and configure and manage the submitted application list, such as modifying access addresses, adjusting rights, and the like. The administrator can also add new application running environments, delete application running environments that are not needed to be used, and the like.

S13, realizing the sandbox technology. Based on the native application running environment, the web app and uniapp running environments are constructed by using application sandbox technology to ensure data isolation and security protection between different application programs. The specific implementation method comprises the following steps: and the application programs are isolated and packaged, the access rights of the application programs are limited, and data protection and safety isolation between the application programs are realized.

S14, data sharing and integration are achieved. An open interface is designed and implemented to support data exchange and integration between applications. The specific implementation method comprises the following steps: and an open data format and protocol are designed, so that safe transmission and sharing of data are realized, and data exchange of multiple data formats and protocols is supported.

S15, user authentication and authorization are achieved. And the authentication and authorization modes of multiple users are supported, including authentication based on user names and passwords, authentication based on short message verification codes, authentication based on biological identification and the like, and various roles and authority management modes are supported, so that fine authority control and user management are realized. The specific implementation method comprises the following steps: (1) And a multi-factor user authentication and authorization mode is designed and realized. Based on authentication based on user name and password, authentication mode based on short message verification code or based on combination of biological recognition (such as fingerprint recognition or facial recognition) is added. And (2) a management mode of various roles and authorities is realized. Designing role management functions: defining authority ranges of different roles, such as an administrator, a common user, a visitor and the like, ensures that each role has proper authority. Designing a right management function: different authority levels and authority fine granularity are defined, such as reading, writing, deleting, etc. to realize fine authority control. The assignment of enforcement roles and permissions: and allocating corresponding roles and authorities for each user, and ensuring that the user can only access resources and functions with authorities. (3) user management functions are implemented. Designing and realizing user creation and information management functions: a user creation interface and a user information management page are provided to ensure that an administrator can create a new account and manage personal information thereof. The user supports the third party service to synchronize through the agreed API. User identity verification and access control are realized: when a user requests access to a resource or a function, the user is subjected to identity verification and access authority check to prevent unauthorized access. Locking and unlocking of the user account are realized: and a function mechanism for locking the user account is realized, such as the password error times exceeding the limit or account abnormal behavior, so as to improve the account safety. And (4) guaranteeing the safety and stability. Password security: and a safe password storage scheme is adopted, and a hash mode is used for storing the user password, so that the safety of the user password is ensured. Forced access control: and implementing a multi-factor (account number and password plus verification code or biological identification) authority verification mechanism to ensure that only authorized users can access sensitive data and functions. Logging and monitoring: and recording user login and operation logs, and performing real-time monitoring so as to discover and respond to security threats in time. Through the steps, fine authority control and user management can be realized. Different user authentication and authorization modes and management modes of multiple roles and authorities are designed and realized, so that the identity authentication and the accurate control of access authorities of users can be ensured.

S16, automatic updating and version management of the application are achieved. For web apps and uniapp, design and implementation: (1) version management and release planning. Determining a strategy of version management and release, formulating a version number rule, wherein the version number comprises three parts, naming the version number by an X.X.X rule, enabling the first part to be a large functional version iteration, enabling the second part to be a functional internal optimization upgrade, enabling the last part to be an application version number under different systems (such as Android and iOS), and ensuring that the first two parts are the same, and ensuring that clear version naming is used for managing updating and version control of an application program. (2) implementing an update detection mechanism. An update detection mechanism is designed and implemented for detecting release of a new version. When the uniapp application is started, the availability of the new version is detected by communicating with the service platform. (3) realizing the automatic updating function. The development and integration automatic update functions enable applications to automatically download and install the latest version. By update hints and automatic download of installers within the portal application. Wherein, the automatic updating and version management functions of the web apps and uniapp can ensure timeliness and security thereof; the automatic updating and version management functions of the web apps and uniapp adopt a mode of combining incremental updating and full updating, so that the updating efficiency is improved, and the updating accuracy and integrity are ensured; the functions of version rollback, version release and the like are supported, so that the management and control of the application program are facilitated; meanwhile, the management and control can be performed through the service platform, including version release, version rollback, version management and the like. (4) Gray scale publishing and rollback mechanism. By adopting the gray level release strategy, the system supports that the new version application program is released to a small part of users for testing and verification, and stability and compatibility are ensured. If a problem occurs, the system implements a rollback mechanism that can quickly revert to the last stable version. (5) a background management system. Version information, version release and update contents of an application program are managed by an application management function module. This feature may help the manager monitor and control the updating of the application.

S17, an applied authority configuration function. And designing and realizing the authority configuration function of the application so as to set the visible range and the access authority of the application. The specific implementation method comprises the following steps: the access control and authority management functions of the application are designed and realized, different access authorities of users with different authorities are supported, and the visible range and the fine control of the access authorities of the application are realized. For example, (1) define roles and rights. The system implements a hierarchy of users: different organization structures, such as high-level manager, common staff, intern and the like, are defined according to the requirements of the application, and the authority range of each layer is determined. Dividing authority levels and fine grain authorities: the rights are divided into different levels and fine-grained rights, such as read, write, delete, etc., are defined to achieve fine rights control. (2) user rights allocation. User registration and authentication: the system realizes the functions of user creation and identity verification, ensures that an administrator can create an account, and enables the user to use the created account for identity verification. User role allocation: in user management, each user is assigned an appropriate organizational structure to determine the scope of its access rights. (3) application visibility range settings and rights management and control. Application visibility range setting: the system implements a configuration of the application visibility range, allowing an administrator to select the visibility of the application to different users. The settings may be based on the organization architecture such that only users of a particular organization architecture may see and access a particular application. Rights management and control: and implementing access control inside the application, and limiting the access of the user to the application functions and resources according to the organization architecture and the authority of the user. The authority control is carried out in the modes of authority interception, condition judgment and the like, so that only the user with the authority can execute the corresponding operation. (4) interface and user experience. Display of user roles: on the unified portal mobile application interface, according to the organization architecture of the user, the functions and menus suitable for the roles of the user are dynamically displayed, and a clear user interface and operation flow are provided. Error handling and feedback: when the user tries to access the function without authority, friendly error prompt and feedback are provided, the authority of the user is insufficient, and corresponding contact ways are provided to acquire more information. Through the steps, the authority configuration function of the portal application can be realized, different access authorities of users with different authorities are supported, the visible range of the application and the fine control of the access authorities are realized, and the safety and the user experience of the system are improved.

The embodiment of the disclosure also provides an application management method, which is applied to a service platform of the application management system, the application management system provides a plurality of operation environments, the service platform is used for scheduling the plurality of operation environments, and the plurality of operation environments comprise a first operation environment, a second operation environment and a third operation environment. Fig. 5 shows a flowchart of an application management method provided according to an embodiment of the present disclosure. As shown in fig. 5, the application management method may include the following steps S501 to S503.

S501, under the condition that the authentication result of the current user is determined to be passing, sending the accessible information aiming at the current user to a portal application of an application management system, wherein the accessible information comprises the accessible application aiming at the current user and usable environments of all the accessible applications, the portal application is operated in a first operation environment, and the usable environments comprise at least one of the first operation environment, a second operation environment and a third operation environment.

S502, under the condition that a first starting request for the target application sent by the portal application is received, starting and running the target application in a target running environment indicated by the first starting request, and controlling the portal application to display the running target application.

And S503, under the condition that an authorization request sent by the portal application is received, generating an authorization token based on the authorization request, and sending the authorization token to the portal application, so that the portal application sends the authorization token to the target application, and the target application runs successfully in the target running environment based on the authorization token.

In this way, when the authentication result of the current user is determined to be passing, the accessible information of the current user is sent to the portal application of the application management system, when a first starting request of the target application sent by the portal application is received, the target application is started and operated in a target operation environment indicated by the first starting request, and the target application in operation is controlled to be displayed, when an authorization request sent by the portal application is received, an authorization token is generated based on the authorization request, and the authorization token is sent to the portal application, so that the portal application sends the authorization token to the target application, and therefore the target application can successfully operate in the target operation environment based on the authorization token, so that the user can open the target application in the user through the portal application, and operate the target application in the target operation environment on the premise of ensuring safety, and the use safety and the authorization convenience of the application program are improved.

In one possible implementation, the method further includes: and before sending third data to the target application, carrying out encryption processing on the third data, and sending the third data after the encryption processing to the target application, wherein the third data comprises at least one of the accessible information, the authorization token, an authentication result and an authorization result for an environment authorization request, and the encryption processing comprises adding encryption information and/or adding a timestamp. Therefore, by carrying out encryption processing on the third data, even if the data is intercepted in the data transmission process, the content in the third data cannot be easily decrypted and obtained, so that the privacy and sensitive information of a user are effectively protected, and the safety of the data is enhanced; the encryption processing is added with additional information such as a time stamp, the integrity and the source of the data can be verified, the data can be prevented from being tampered in the transmission process, and any illegal modification of the data can damage the integrity of the encryption information, so that the encryption information can be easily identified.

In some embodiments, the specific implementation of the application management method applied to the service platform provided in the embodiments of the present disclosure may refer to the description of the application management method embodiment applied to the portal application, which is not repeated herein for brevity.

The application management method provided by the embodiment of the disclosure is realized based on a hybrid architecture construction, three running environments of a native application program, a web app and uniapp applet are supported, an application sandbox technology is supported, and isolation and security protection of the application program are realized; the data sharing and integration functions of the application program can be realized through the open interface, and the data exchange of various data formats and protocols is supported; meanwhile, various user authentication and authorization modes are supported, including authentication based on a user name and a password, authentication based on a short message verification code, authentication based on biological identification and the like, and various roles and authority management modes are supported, so that fine authority control and user management can be realized, automatic update and version management of an application program, data caching and data backup functions are also supported, and timely update and security of the application program and security and stability of data are ensured; and supports a variety of web app and uniapp applet development languages and frameworks including HTML5, CSS, javaScript, vue.

The application management method provided by the embodiment of the disclosure is characterized in that: 1. hybrid architecture based operation: including three operating environments including a native application, a web app, and uniapp applet. The construction mode enables the application program to have higher efficiency and convenience, can simultaneously meet the requirements of different users, and improves the compatibility and flexibility of the application program. 2. The sandbox technique is applied: the sandbox technology is supported, the isolation and the safety protection of the application programs can be realized, the data leakage and the attack between the application programs are prevented, and the safety and the stability of the application programs are ensured. 3. Data sharing and integration: the application programs support data sharing and integration functions, data exchange among the application programs is realized through an open interface, data exchange of various data formats and protocols is supported, and the interoperability of the application programs and the flexibility of data sharing are improved. 4. User authentication and authorization: the application program supports various user authentication and authorization modes, including authentication based on user names and passwords, authentication based on short message verification codes, authentication based on fingerprint identification and the like, and supports various roles and authority management modes, so that fine authority control and user management can be realized, and the safety and stability of the application program are ensured. 5. Automatic update and version management, data caching and data backup functions: the application program supports the functions of automatic updating and version management, data caching and data backup, ensures the timely updating and security of the application program, and the security and stability of the data, and improves the reliability and stability of the application program. The method not only improves the efficiency and the safety of the application programs, but also improves the interconnection interoperability and the user experience between the application programs.

The embodiment of the disclosure also provides an application management device which is applied to a portal application of an application management system, wherein the application management system provides a first running environment, a second running environment and a third running environment, and the portal application runs in the first running environment. Fig. 6 shows a block diagram of an application management apparatus provided according to an embodiment of the present disclosure. As shown in fig. 6, the application management apparatus 600 may include:

A display module 601, where the display module 601 is configured to display, according to accessible information sent by a service platform of the application management system, an accessible application for a current user and a usable environment of each of the accessible applications, where the current user is a user authenticated by the service platform, the accessible information is determined by the service platform according to authority information of the current user, and the usable environment includes at least one of the first operating environment, the second operating environment, and the third operating environment;

a first sending module 602, where the first sending module 602 is configured to send a first starting request for a target application to the service platform when it is detected that the current user determines the target application from the accessible applications, so that the service platform starts, runs the target application in a target running environment corresponding to the target application, and controls the target application in the portal application display running;

a second sending module 603, where the second sending module 603 is configured to send an authorization request to the service platform when receiving the authorization request sent by the target application, so that the service platform generates an authorization token for the authorization request, and send the authorization token to the portal application when receiving the authorization token sent by the service platform, so that the target application runs successfully in the target running environment based on the authorization token.

In this way, under the condition that the accessible information sent by the service platform of the application management system for the current user is received, the accessible application for the current user and the usable environments of all the accessible applications are displayed according to the accessible information, under the condition that the current user is detected to determine the target application from the accessible applications, a first starting request for the target application is sent to the service platform, so that the service platform starts and runs the target application in the target running environment corresponding to the target application and controls the portal application to display the running target application, under the condition that the authorization request sent by the target application is received, the authorization request is sent to the service platform, so that the service platform generates an authorization token for the authorization request, and under the condition that the authorization token sent by the service platform is received, the authorization token is sent to the target application, so that the target application can run successfully in the target running environment based on the authorization token, the user can open the target application in the user right through the portal application, and the target application can be run in the target running environment under the premise of ensuring safety, and the use safety and the authorization convenience of the application are improved.

In some embodiments, functions or modules included in the application management apparatus provided by the embodiments of the present disclosure may be used to perform the methods described in the foregoing method embodiments, and specific implementations thereof may refer to the descriptions of the foregoing application management method embodiments, which are not repeated herein for brevity.

The embodiment of the disclosure also provides an application management device, which is applied to a service platform of an application management system, wherein the application management system provides a plurality of operation environments, the service platform is used for scheduling the plurality of operation environments, and the plurality of operation environments comprise a first operation environment, a second operation environment and a third operation environment. Fig. 7 shows a block diagram of an application management apparatus provided according to an embodiment of the present disclosure. The application management apparatus 700 may include:

A first sending module 701, where the first sending module 701 is configured to send, if it is determined that an authentication result of a current user is passed, accessible information for the current user to a portal application of the application management system, where the accessible information includes an accessible application for the current user and a usable environment of each of the accessible applications, the portal application running in the first running environment, and the usable environment includes at least one of the first running environment, the second running environment, and the third running environment;

A starting module 702, where the starting module 702 is configured to, when receiving a first starting request for a target application sent by the portal application, start, run the target application in a target running environment indicated by the first starting request, and control the portal application to show the target application in running;

And a second sending module 703, where the second sending module 703 is configured to generate an authorization token based on the authorization request and send the authorization token to the portal application, so that the portal application sends the authorization token to the target application, and the target application successfully operates in a target operating environment based on the authorization token.

In one possible implementation, the apparatus further includes an encryption module configured to: and before sending third data to the target application, carrying out encryption processing on the third data, and sending the third data after the encryption processing to the target application, wherein the third data comprises at least one of the accessible information, the authorization token, an authentication result, a response result for a second starting request and an authorization result for an environment authorization request, and the encryption processing comprises adding encryption information and/or adding a timestamp. Therefore, by carrying out encryption processing on the third data, even if the data is intercepted in the data transmission process, the content in the third data cannot be easily decrypted and obtained, so that the privacy and sensitive information of a user are effectively protected, and the safety of the data is enhanced; the encryption processing is added with additional information such as a time stamp, the integrity and the source of the data can be verified, the data can be prevented from being tampered in the transmission process, and any illegal modification of the data can damage the integrity of the encryption information, so that the encryption information can be easily identified.

The disclosed embodiments also provide a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the above-described method. The computer readable storage medium may be a volatile or nonvolatile computer readable storage medium. In some embodiments, functions or modules included in the computer readable storage medium provided by the embodiments of the present disclosure may be used to perform the methods described in the above method embodiments, and specific implementations thereof may refer to the descriptions of the application management method embodiments above, which are not repeated herein for brevity.

The embodiment of the disclosure also provides an electronic device, which comprises: a processor; a memory for storing processor-executable instructions; wherein the processor is configured to implement the above-described method when executing the instructions stored by the memory. In some embodiments, functions or modules included in the electronic device provided by the embodiments of the present disclosure may be used to perform the methods described in the foregoing method embodiments, and specific implementations thereof may refer to descriptions of the foregoing application management method embodiments, which are not repeated herein for brevity.

Embodiments of the present disclosure also provide a computer program product comprising computer readable code, or a non-transitory computer readable storage medium carrying computer readable code, which when run in a processor of an electronic device, performs the above method. In some embodiments, functions or modules included in the application management apparatus provided by the embodiments of the present disclosure may be used to perform the methods described in the foregoing method embodiments, and specific implementations thereof may refer to the descriptions of the foregoing application management method embodiments, which are not repeated herein for brevity.

Fig. 8 illustrates a block diagram of an apparatus for performing an application management method provided according to an embodiment of the present disclosure. For example, the apparatus 1900 may be provided as a server or terminal device. Referring to fig. 8, the apparatus 1900 includes a processing component 1922 that further includes one or more processors and memory resources represented by memory 1932 for storing instructions, such as application programs, that are executable by the processing component 1922. The application programs stored in memory 1932 may include one or more modules each corresponding to a set of instructions. Further, processing component 1922 is configured to execute instructions to perform the methods described above.

The apparatus 1900 may further comprise a power component 1926 configured to perform power management of the apparatus 1900, a wired or wireless network interface 1950 configured to connect the apparatus 1900 to a network, and an input/output interface 1958 (I/O interface). The device 1900 may operate based on an operating system stored in memory 1932, such as Windows Server ^TM,Mac OS X^TM,Unix^TM,Linux^TM,FreeBSD^TM or the like.

In an exemplary embodiment, a non-transitory computer readable storage medium is also provided, such as memory 1932, including computer program instructions executable by processing component 1922 of apparatus 1900 to perform the above-described methods.

The present disclosure may be a system, method, and/or computer program product. The computer program product may include a computer readable storage medium having computer readable program instructions embodied thereon for causing a processor to implement aspects of the present disclosure.

The computer readable storage medium may be a tangible device that can hold and store instructions for use by an instruction execution device. The computer readable storage medium may be, for example, but not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: portable computer disks, hard disks, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), static Random Access Memory (SRAM), portable compact disk read-only memory (CD-ROM), digital Versatile Disks (DVD), memory sticks, floppy disks, mechanical coding devices, punch cards or in-groove structures such as punch cards or grooves having instructions stored thereon, and any suitable combination of the foregoing. Computer-readable storage media, as used herein, are not to be construed as transitory signals per se, such as radio waves or other freely propagating electromagnetic waves, electromagnetic waves propagating through waveguides or other transmission media (e.g., optical pulses through fiber optic cables), or electrical signals transmitted through wires.

The computer readable program instructions described herein may be downloaded from a computer readable storage medium to a respective computing/processing device or to an external computer or external storage device over a network, such as the internet, a local area network, a wide area network, and/or a wireless network. The network may include copper transmission cables, fiber optic transmissions, wireless transmissions, routers, firewalls, switches, gateway computers and/or edge servers. The network interface card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium in the respective computing/processing device.

The computer program instructions for performing the operations of the present disclosure may be assembly instructions, instruction Set Architecture (ISA) instructions, machine-related instructions, microcode, firmware instructions, state setting data, or source or object code written in any combination of one or more programming languages, including an object oriented programming language such as SMALLTALK, C ++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The computer readable program instructions may be executed entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider). In some embodiments, aspects of the present disclosure are implemented by personalizing electronic circuitry, such as programmable logic circuitry, field Programmable Gate Arrays (FPGAs), or Programmable Logic Arrays (PLAs), with state information of computer readable program instructions, which can execute the computer readable program instructions.

Various aspects of the present disclosure are described herein with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the disclosure. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer-readable program instructions.

These computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks. These computer readable program instructions may also be stored in a computer readable storage medium that can direct a computer, programmable data processing apparatus, and/or other devices to function in a particular manner, such that the computer readable medium having the instructions stored therein includes an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.

The computer readable program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer, other programmable apparatus or other devices implement the functions/acts specified in the flowchart and/or block diagram block or blocks.

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of instructions, which comprises one or more executable instructions for implementing the specified logical function(s). In some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The foregoing description of the embodiments of the present disclosure has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the embodiments disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the various embodiments described. The terminology used herein was chosen in order to best explain the principles of the embodiments, the practical application, or the technical improvements in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.

Claims

1. An application management method, characterized by being applied to a portal application of an application management system, wherein the application management system provides a first running environment, a second running environment and a third running environment, and the portal application runs in the first running environment, and the method comprises:

Under the condition that the accessible information sent by a service platform of the application management system for a current user is received, displaying the accessible application for the current user and the usable environment of each accessible application according to the accessible information, wherein the current user is a user authenticated by the service platform, the accessible information is determined by the service platform according to the authority information of the current user, and the usable environment comprises at least one of the first running environment, the second running environment and the third running environment;

Under the condition that the current user determines a target application from the accessible applications, a first starting request aiming at the target application is sent to the service platform, the service platform starts and runs the target application in a target running environment corresponding to the target application, and the portal application is controlled to show the running target application;

and under the condition that the authorization request sent by the target application is received, sending the authorization request to the service platform so that the service platform generates an authorization token for the authorization request, and under the condition that the authorization token sent by the service platform is received, sending the authorization token to the portal application so that the target application runs successfully in the target running environment based on the authorization token.

2. The method according to claim 1, wherein the method further comprises:

displaying a first login prompt under the condition that a login request of the current user is detected, wherein the first login prompt is used for reminding the user to input login information;

Under the condition that input login information is detected, the login information is sent to the service platform, so that the service platform performs user authentication based on the login information and obtains an authentication result, wherein the authentication result is passing or failing;

When the received authentication result sent by the service platform is passing, carrying out login of the current user based on the login information; or under the condition that the authentication result sent by the service platform is not passed, displaying a second login prompt, wherein the second login prompt is used for reminding the user of the login information error and reminding the user of inputting new login information.

3. The method of claim 1, wherein the accessible information comprises a usable environment of an accessible application of the current user; the sending, when it is detected that the current user determines a target application from the accessible applications, a first start request for the target application to the service platform includes:

In the case that the usable environment is one of the first running environment, the second running environment and the third running environment, taking the usable environment as a target running environment, and generating the first starting request according to the target application and the target running environment; or alternatively

And under the condition that the available environment is a plurality of the first running environment, the second running environment and the third running environment, determining a target running environment from the available environments according to the selection of the current user, and generating the first starting request according to the target application and the target running environment.

4. The method according to claim 1, wherein the method further comprises:

Under the condition that a switching request sent by the current user through the target application is detected, determining a target running environment where the target application is currently located, a usable environment of the target application and an expected running environment indicated by the switching request;

Generating a second starting request according to the current user and the expected running environment under the condition that the usable environment comprises the expected running environment, and sending the second starting request to the service platform so as to enable the service platform to start and run the target application in the expected running environment;

Generating an environment authorization request according to the current user, the target application and the expected running environment in the condition that the expected running environment does not exist in the usable environment, sending the environment authorization request to the service platform so that the service platform generates an authorization result aiming at the environment authorization request, wherein the authorization result is used for indicating whether the expected running environment is authorized to be used by the target application of the current user,

Generating a second starting request according to the current user and the expected running environment and sending the second starting request to the service platform under the condition that the authorization result sent by the service platform is passing authorization, so that the service platform starts and runs the target application in the expected running environment; or alternatively

And under the condition that the received authorization result sent by the service platform is not authorized, sending the authorization result to the target application, wherein the authorization result is also used for indicating the reason of not passing the authorization.

5. The method according to any one of claims 1 to 4, further comprising:

Before sending first data to the service platform, carrying out encryption processing on the first data, and sending the encrypted first data to the service platform, wherein the first data comprises at least one of a first starting request, login information, a second starting request and an environment authorization request;

and/or

Encrypting the second data before sending the second data to the target application, and sending the encrypted second data to the target application, wherein the second data comprises at least one of an authorization token, a switching request and an authorization result for an environment authorization request;

Wherein the encryption process includes adding encryption information and/or adding a time stamp.

6. An application management method, applied to a service platform of an application management system, where the application management system provides multiple operating environments, and the service platform is used for scheduling the multiple operating environments, and the multiple operating environments include a first operating environment, a second operating environment, and a third operating environment, and the method includes:

transmitting, in a case where it is determined that the authentication result of the current user is passed, accessible information for the current user to a portal application of the application management system, wherein the accessible information includes an accessible application for the current user and a usable environment of each of the accessible applications, the portal application being run in the first running environment, the usable environment including at least one of the first running environment, the second running environment, and the third running environment;

Under the condition that a first starting request for a target application sent by the portal application is received, starting and running the target application in a target running environment indicated by the first starting request, and controlling the portal application to show the running target application;

And under the condition that an authorization request sent by the portal application is received, generating an authorization token based on the authorization request, and sending the authorization token to the portal application so that the portal application sends the authorization token to the target application, thereby the target application runs successfully in a target running environment based on the authorization token.

7. The method of claim 6, wherein the method further comprises:

Acquiring authentication configuration information for the current user under the condition that login information sent by the portal application and aiming at the current user is received, wherein the authentication configuration information comprises an authentication mode selected by the current user when registering the portal application;

user authentication is carried out according to the authentication configuration information, and an authentication result is obtained, wherein the authentication result is passing or failing;

And sending the authentication result to the portal application.

8. The method according to claim 6, wherein the sending the accessible information for the current user to the portal application of the application management system in the case that the authentication result of the current user is determined to be passed, comprises:

and under the condition that the authentication result of the current user is determined to be passed, determining the accessible information of the current user according to the authority information of the current user stored in a database, wherein the authority information is determined according to at least one of the role of the user, the post of the user and the resource allocation condition, and the accessible information comprises accessible applications and the usable environments of the accessible applications.

9. The method of claim 6, wherein the method further comprises:

Under the condition that a second starting request sent by the portal application is received, determining a current user indicated by the second starting request and a desired running environment;

starting, running the target application in the expected running environment and controlling the portal application to show the target application in running under the condition that the expected running environment is included in the usable environment of the current user according to the accessible information of the current user;

Under the condition that an environment authorization request sent by the portal application is received, determining a current user, a target application and an expected operation environment indicated by the environment authorization request, generating an authorization result for the environment authorization request according to authority information of the current user and the target application, wherein the authorization result is used for indicating whether the expected operation environment is authorized for the target application of the current user or not, and sending the authorization result to the door application;

Under the condition that an environment authorization request sent by the portal application is received, determining a current user, a target application and an expected operation environment indicated by the environment authorization request, generating an authorization result for the environment authorization request according to authority information of the current user and the target application, wherein the authorization result is used for indicating whether the expected operation environment is authorized to be used by the target application of the current user or not, and sending the authorization result to the portal application and starting, operating the target application and controlling the portal application to show the target application in operation in the expected operation environment when the authorization result is authorized;

and under the condition that the authorization result is not authorized, the authorization result is also used for indicating the reason of not authorized.

10. The method according to any one of claims 6 to 9, characterized in that the method further comprises:

And before sending third data to the target application, carrying out encryption processing on the third data, and sending the third data after the encryption processing to the target application, wherein the third data comprises at least one of the accessible information, the authorization token, an authentication result and an authorization result for an environment authorization request, and the encryption processing comprises adding encryption information and/or adding a timestamp.