JP6318017B2 - Business processing system, business processing method, and program - Google Patents

Description

  The present invention relates to a business processing system, a business processing method, and a program.

By operating the terminal device, the user can activate browser software and use various web services on the Internet, for example. A business processing system using such browser software is known.
On the other hand, only a specific user may use a specific business processing service. For example, in a business processing service that restricts users in this way, an authentication process for authenticating the user is performed when the provision of the business processing service is started. Every time an authentication process for authenticating a user is performed, it is necessary to input authentication information corresponding to the authentication process, and the operability of the user is lowered. In order to improve the decrease in operability due to such an authentication process, a technique for simplifying an input operation of authentication information required for the authentication process is known (see, for example, Patent Document 1). In Patent Literature 1, authentication information such as a user ID and a password is stored in advance in association with a URL (Uniform Resource Locator) used when referring to a web service page, and in response to a request for authentication processing, A technique for supporting input of authentication information corresponding to a URL is shown. In the technology that supports the input of authentication information, it is not necessary for the user to individually input authentication information required by the authentication process at the timing of using the web service. The user simplifies the authentication information input operation by performing an operation of selecting the authentication information presented by this technique. As described above, according to the technique of Patent Document 1, authentication information as input information for authentication processing is automatically input without inputting the authentication information itself by performing an operation in which the user selects authentication information. You can enter.

Japanese Patent No. 3520264

  However, since the technique of Patent Document 1 still requires the operation of selecting authentication information as described above, the user may be aware of the input of authentication information each time a process for specifying the user is performed. Needed. As described above, even if the technique disclosed in Patent Document 1 is used, there is a problem that the operation procedure of the authentication process for authenticating the user cannot be simplified.

  In view of the above problems, the present invention provides a business processing system, a business processing method, and a program that simplify an operation procedure of authentication processing for authenticating a user who is permitted to provide a service, in order to solve the above problems. To do.

One aspect of the present invention is a business processing system including a server device that provides a desired service to a user after performing processing for authenticating a user who is permitted to provide the service in response to a request from a terminal device. The server device associates and stores information indicating the location of the storage area in which information relating to the service to be provided is held, and user information of a user permitted to provide the service, and a terminal device in response to the first request from referring to the storage unit, information indicating the position of the storage area in which information relating to services provided is held, the user information of a user providing such services is permitted, response information including the information regarding the arguments for the process of providing the service in response to a second request from the terminal device as a process to be performed after the authentication process has been performed, before A response information generator for generating from the information obtained by referring to the storage unit, the response information to the first request from the terminal device sends to the terminal device, said response received by said terminal device A communication processing unit that accepts a second request from the terminal device based on information and connects the terminal device to a business information processing unit that provides the service; and included in the response information received by the terminal device The information relating to the argument that has been transferred is transferred from the terminal device to the server device in accordance with the second request, and the information relating to the argument transferred in accordance with the second request is extracted and extracted. A business information processing unit that uses a result obtained from information related to the argument as an argument of a process for providing the service .

  Further, according to one aspect of the present invention, in the business processing system, the generated response information includes a dynamic variable that dynamically changes according to a timing at which a request is received from the terminal device. The information generation unit generates the response information including the dynamic variable.

Another embodiment of the present invention, in the business processing system, before SL terminal device, the acquires the response information from the server apparatus, by referring to the business information processing unit based on the acquired response information It is characterized by.

  According to another aspect of the present invention, the business processing system includes a business information processing unit that provides the service, and the terminal device refers to the business information processing unit based on the acquired response information. The server apparatus is controlled so that the service information processing unit provides the service.

Further, according to one aspect of the present invention, in the business processing system, the dynamic variable includes time information indicating time, and the response information generation unit generates response information including the time information , The validity of the second request received from the terminal device is determined based on time information that is a dynamic variable included in the second request .

  In one embodiment of the present invention, in the business processing system, the dynamic variable includes argument information corresponding to the service, and the response information generation unit includes a response including argument information corresponding to the service. It is characterized by generating information.

  Moreover, one aspect of the present invention is characterized in that, in the business processing system, the response information generation unit encrypts various information included in the response information and generates response information from the encrypted various information. To do.

  One aspect of the present invention is characterized in that, in the business processing system, the response information generation unit encodes the encrypted various information and generates response information from the encoded various information. .

  In addition, according to an aspect of the present invention, in the business processing system, the terminal device activates a portlet that refers to a different WEB server, and the business information associated with the WEB server referred to by the portlet A business APL information acquisition unit for executing a service by the processing unit is provided.

According to another aspect of the present invention, a business processing system including a server device that provides a desired service to a user after performing processing for authenticating a user who is permitted to provide the service in response to a request from a terminal device In this business processing method, the storage unit of the server device associates information indicating the location of a storage area in which information related to the service to be provided is stored with user information of a user permitted to provide the service. Storing information, referring to the storage unit in response to the first request from the terminal device, information indicating the location of the storage area in which information relating to the service to be provided is held, and the provision of the service is permitted response information including the user information of the user, and generating from the information obtained by referring to the storage unit, and processing performed after the authentication process has been performed Said response information including the information regarding the arguments for the process of providing the service in response to a second request from the terminal device, and generating from the information obtained by referring to the storage unit, from the terminal device Te The response information for the first request is sent to the terminal device, the second request from the terminal device is received based on the response information received by the terminal device, and the service is provided The step of connecting the terminal device to a business information processing unit, and the information related to the argument included in the response information received by the terminal device are transmitted from the terminal device to the server device in accordance with the second request. Information related to the argument transferred and transferred in accordance with the second request is extracted, and a result obtained from the information related to the extracted argument is provided to the service. A business processing method characterized by comprising the step of utilizing as an argument of the process of.

Further, according to one aspect of the present invention, a process for authenticating a user who is permitted to provide a service is performed in response to a request from a terminal device, and then provided to a computer of a server device that provides a desired service to the user. Associating information indicating a location of a storage area in which information relating to a service to be held is stored with user information of a user permitted to provide the service in the storage unit, and a first request from the terminal device The response information including the information indicating the location of the storage area where the information related to the service to be provided is stored and the user information of the user permitted to provide the service is referred to the storage unit according to and generating from the information obtained by referring to the storage unit, the service in response to a second request from the terminal device as a process to be performed after the authentication process has been performed Response information including the information about the arguments of a process of providing the steps of generating from the reference-obtained information said storage unit, said response information in response to the first request from the terminal apparatus to the terminal apparatus a step of sending, accepting a second request from the terminal device based on the response information received by said terminal device, for connecting the terminal device to the business processing unit to provide the service, the terminal Information related to the argument included in the response information received by the device is transferred from the terminal device to the server device in accordance with the second request, and the argument transferred in accordance with the second request extracting information related to the results obtained from the information relating to the extracted parameter, and a step of utilizing as an argument of a process of providing the service It is because of the program.

  According to the present invention, it is possible to provide a business processing system, a business processing method, and a program that simplify an operation procedure of authentication processing for authenticating a user who is permitted to provide a service.

It is a block diagram which shows the structure of the business processing system of 1st Embodiment. It is a functional block diagram which shows the structural example of the control part in the terminal device of this embodiment. It is a functional block diagram which shows the structural example of the server control part in the server apparatus of this embodiment. It is explanatory drawing which shows the structural example of the user information storage part of this embodiment. It is a sequence diagram which shows the procedure of the process of the business processing system of this embodiment. It is explanatory drawing which shows an example of a structure of the "URL argument" of this embodiment. It is explanatory drawing which shows an example of the encrypted result of "URL argument" of this embodiment. It is explanatory drawing which shows an example of the encoding result of "URL argument" of this embodiment. It is explanatory drawing which shows an example of "URL" of this embodiment. It is explanatory drawing which shows an example of the analysis result of this embodiment. It is a sequence diagram which shows the procedure of business information acquisition of 2nd Embodiment. It is explanatory drawing which shows the business information acquirable by the process shown in said FIG. 11, and its structure. It is a functional block diagram which shows the structural example of the server control part in the server apparatus of 3rd Embodiment. It is a sequence diagram which shows the procedure of the process of the business processing system of this embodiment.

  Embodiments of the present invention will be described below with reference to the drawings.

(First embodiment)
FIG. 1 is a configuration diagram showing the configuration of the business processing system of the present embodiment.
The business processing system 1 shown in the figure provides a desired service to the user after authenticating the user who is permitted to provide the service. For example, the business processing system 1 stores user information of a user who is permitted to provide a service. In response to a request from the terminal device, the business processing system 1 sends response information including information indicating a position where information related to the provided service is held and user information of a user permitted to provide the service. Generate. The business processing system 1 sends the response information to the terminal device.
The business processing system 1 includes computer devices such as a terminal device 2 and a server device 3, and these computer devices are connected via a network 5. Here, a plurality of terminal devices 2 may be provided, corresponding to users who are users. For example, the terminal device 2 may be configured with a personal computer, a smartphone, or the like. Unless otherwise distinguished, one terminal device 2 will be described as an example. Further, the server device 3 may be configured by a plurality of computer devices, and at that time, each function can be arbitrarily assigned to the plurality of computer devices. The network 5 is an information communication network configured by the Internet, a WAN (Wide Area Network), a LAN (Local Area Network), a dedicated line, or a combination thereof.

The terminal device 2 includes a storage unit 21, a control unit 22, and an input / output unit 23.
The input / output unit 23 includes a display unit that displays information and an operation detection unit that detects a user operation. For example, the display unit includes a display device such as an LCD display panel or an organic EL. Further, for example, the operation detection unit is provided on the display surface of the display unit, and includes a touch panel that detects a user operation.

  The storage unit 21 stores information necessary for processing performed in the terminal device 2. For example, the storage unit 21 includes information such as the URL of the server device 3 that refers to the server device 3, a program that causes the control unit 22 to function, and the like.

The control unit 22 includes an input / output processing unit 221, a terminal authentication processing unit 222, a business APL information acquisition unit 223, a display control unit 224, a communication processing unit 225, and a database unit 226.
The input / output processing unit 221 obtains operation information from the input / output unit 23 based on a user operation detected by the operation detection unit in the input / output unit 23. The input / output processing unit 221 stores the operation information obtained from the input / output unit 23 in the storage unit 21 via the database unit 226. For example, the operation information obtained from the input / output unit 23 includes information for login operation of the terminal device 2, authentication information for a processing program activated by the terminal device 2, and the like.

  The terminal authentication processing unit 222 performs login processing of the terminal device 2 based on information for login operation of the terminal device 2 extracted by the input / output processing unit 221. When the login process is normally performed, the business APL information acquisition unit 223 refers to the business information processing unit 321 that performs the business process (business APL) (hereinafter referred to as “URL of business APL”). And the URL of the business APL is obtained from the server device 3.

  When the URL of the business APL is obtained in response to the request, the business APL information acquisition unit 223 “requests the server device 3 to provide information related to the service APL service and sends the information related to the service APL service to the server Obtained from the device 3. The business APL information acquisition unit 223 causes the storage unit 21 to store information related to the business APL service obtained from the server device 3 via the database unit 226.

  The display control unit 224 generates image information to be displayed on the display unit of the input / output unit 23 based on information generated by each functional unit in the control unit 22, and inputs / outputs the input / output unit via the input / output processing unit 221. 23.

The communication processing unit 225 communicates with the server device 3 based on the operation information detected by the input / output processing unit 221.
The database unit 226 stores information generated by each functional unit in the control unit 22 in the storage unit 21. Further, the database unit 226 reads information stored in the storage unit 21 and supplies the information to each functional unit in the control unit 22 that has requested reading of the information. For example, the database unit 226 may manage a relational database configured in the storage unit 21.

Such a control unit 22 of the terminal device 2 may be configured as shown in FIG. 2, for example. FIG. 2 is a functional configuration diagram illustrating a configuration example of the control unit 22 in the terminal device 2.
In the control unit 22, a database unit 226 and a browser 225B are mounted on the OS. Further, in the control unit 22, a terminal application server 225S, a framework processing unit 225F, and a portlet (Portlet) unit 223P are hierarchically mounted in order on the OS. Here, the communication processing unit 225 may be configured by the browser 225B, the terminal application server 225S, and the framework processing unit 225F. The aforementioned business APL information acquisition unit 223 may be configured by the portlet unit 223P. In the control unit 22 configured as described above, the browser 225B causes the terminal application server 225S and the framework processing unit 225F to function together, and further activates the portlet by the portlet unit 223P. Portlets are known as removable user interface components that are managed and displayed on a web portal. For example, the portlet unit 223P performs control so as to acquire desired content from another server device. The browser 225B displays the content acquired by the portlet unit 223P on the screen of the browser 225B.

Returning to FIG. 1, the server apparatus 3 will be described. The server device 3 includes a storage unit 31 and a server control unit 32.
The storage unit 31 stores information necessary for processing performed in the server device 3. The storage unit 31 includes a user information storage unit 311, an application information storage unit 312, and a business information storage unit 313.
The user information storage unit 311 stores identification information for identifying a user. For example, the users stored in the user information storage unit 311 are limited to users who are permitted to provide services. FIG. 4 shows a configuration example of the user information storage unit 311. This figure is an explanatory diagram showing a configuration example of the user information storage unit 311. The user information storage unit 311 includes items such as “business APL user ID”, “business APL password”, and “function ID”. The “business APL user ID” is identification information for identifying a user of a specific business APL. The “business APL password” is defined in correspondence with the “business APL user ID” and is a password for authenticating the user of the “business APL user ID”. The “function ID” is identification information indicating a function provided to the user of “business APL user ID”.

The application information storage unit 312 stores business information provided to the terminal device 2 in response to a request from the terminal device 2. For example, the business information provided to the terminal device 2 includes information for referring to the business information storage unit 313. The information for referring to the business information storage unit 313 includes the URL of the business APL described above, and may further include a variable (argument) for causing the business APL to function.
The business information storage unit 313 stores a business APL program, variables of the program, and the like.

The server control unit 32 includes a business information processing unit 321, a URL information processing unit 322, a WEB service processing unit 323, a time measuring unit 324, and a database unit 325.
The business information processing unit 321 (response information generation unit) includes information indicating a position where information related to a service provided by the business processing system 1 is held, and user information of a user permitted to provide the service. Response information is generated in response to a request from the terminal device 2. For example, the response information includes information indicating a position where information related to a service provided by the business processing system 1 is held. Further, for example, the business information processing unit 321 refers to the storage unit 31 in response to a request from the terminal device 2, and information indicating a position where information related to a service provided by the business processing system 1 is held; Information including user information of a user permitted to provide the service is obtained. For example, in the present embodiment, the following description will be given on the assumption that the server apparatus 3 holds information related to a service provided by the business processing system 1.
The business information processing unit 321 generates response information from information including information indicating a position where information related to a service provided by the server device 3 is held and user information of a user permitted to provide the service. . Note that the response information may include a dynamic variable that dynamically changes according to the timing at which the request is received from the terminal device 2. For example, the dynamic variable may include current time information, information used for a decryption key, and the like. The business information processing unit 321 may generate such response information.

  In response to a request from the terminal device 2, the URL information processing unit 322 provides URL information of a business APL server (“URL information of the business APL server”) for executing a desired business process. Details of the URL information processing unit 322 will be described later.

The WEB service processing unit 323 provides a WEB service in response to a request from the terminal device 2.
The timer 324 includes a so-called clock that provides information on the current time. The timer 324 can adjust the time so as to synchronize with the time information supplied from the outside as needed.
The database unit 325 stores information generated by each functional unit in the server control unit 32 in the storage unit 31. The database unit 325 reads information stored in the storage unit 31 and supplies the information to each functional unit in the server control unit 32 that has requested reading of the information. For example, the database unit 325 may be configured to manage a relational database configured in the storage unit 31.

Such a server control unit 32 of the server device 3 may be configured as shown in FIG. 3, for example. FIG. 3 is a functional configuration diagram illustrating a configuration example of the server control unit 32 in the server device 3.
In the server control unit 32, a database unit 325 and a URL information processing unit 322 are mounted on the OS. Further, in the server control unit 32, a web server 323W, an application server 323S, a web service processing unit 323, and a business information processing unit 321 are hierarchically mounted on the OS. The WEB server 323W is a so-called WEB server that provides a WEB service. The application server 323S manages execution of processes such as the WEB service processing unit 323 and the business information processing unit 321.

  With reference to FIG. 5, the process of the business processing system of this embodiment will be described. FIG. 3 is a sequence diagram showing a processing procedure of the business processing system according to the present embodiment. In this figure, an example of a predetermined procedure between the terminal device 2 and the server device 3 and between main functional units in the server device 3 is shown.

  First, in response to a user activation operation (step S110), the terminal device 2 sends a “business APL server URL acquisition request” requesting acquisition of URL information of the business APL server to the server device 3 (step S112).

  The server device 3 that has received the “business APL server URL information acquisition request” from the terminal device 2 causes the WEB service processing unit 323 to activate a WEB service based on IFRAME (Inline Frame). The WEB service processing unit 323 passes a “business APL server URL generation request” requesting the URL information processing unit 322 to generate URL information of the business APL server to the URL information processing unit 322 (step S114).

Upon receiving the “business APL server URL generation request” from the WEB service processing unit 323, the URL information processing unit 322 activates the URL information generation processing. In addition, the URL information processing unit 322 passes a “user information acquisition request” to the database unit 325 (step S120).
Upon receiving the “user information acquisition request” from the URL information processing unit 322, the database unit 325 passes “user information” corresponding to the “user information acquisition request” to the URL information processing unit 322 (step S121).

After acquiring the “user information”, the URL information processing unit 322 passes an “application information acquisition request” to the database unit 325 (step S122).
Upon receiving the “application information acquisition request” from the URL information processing unit 322, the database unit 325 passes the “application information” corresponding to the “application information acquisition request” to the URL information processing unit 322 (step S123).

After acquiring the “application information”, the URL information processing unit 322 acquires “time information” indicating the current time from the time measuring unit 324 (step S124).
The URL information processing unit 322 generates “URL argument” after acquiring “time information” from the time measuring unit 324 (step S126). For example, the “URL argument” includes information shown in FIG. This figure is an explanatory diagram showing an example of the configuration of the “URL argument”. The “URL argument” shown in this figure includes information of “<business APL user ID>;<business APL password>;<functionID>;<timeinformation>”.

  After generating the “URL argument”, the URL information processing unit 322 encrypts the generated “URL argument” (step S128). For example, the “URL argument” is encrypted into information “XXXXXXXXXXX” as shown in FIG. This figure is an explanatory diagram showing an example of the encrypted result of the “URL argument”.

  After encrypting the “URL argument”, the URL information processing unit 322 encodes the encrypted “URL argument” (step S130). For example, the “URL argument” is encoded into information “EEEEEEEEEEEE” as shown in FIG. This figure is an explanatory diagram showing an example of the encoded result of “URL argument”.

  After encoding the “URL argument”, the URL information processing unit 322 generates a “URL” for referring to the business information processing unit 321 (application server 323S, hereinafter referred to as “business APL server”) (step S132). ). For example, “URL” is generated as information “<business APL_URL>? Param = EEEEEEEEEE” as shown in FIG. This figure is an explanatory diagram showing an example of the generated “URL”. This “URL” includes information for referring to the WEB server 323W and the application server 323S (business APL server). By referring to the WEB server 323W and the application server 323S (business APL server) using this “URL”, the business information processing unit 321 associated with the WEB server 323W and the application server 323S can be activated.

After generating the “URL”, the URL information processing unit 322 passes the generated “URL”, that is, the “URL of the business APL server” to the WEB service processing unit 323 (step S115).
The WEB service processing unit 323 receives the “business APL server URL” sent from the URL information processing unit 322, and sends the received “business APL server URL” to the terminal device 2 (step S113).

  The terminal device 2 accepts the “business APL server URL” sent from the WEB service processing unit 323 and, based on the accepted “business APL server URL”, issues a “connection request to the business APL server” to the WEB service. The data is sent to the processing unit 323 (step S116).

The WEB service processing unit 323 that has received the “request for connection to the business APL server” from the terminal device 2 requests the business information processing unit 321 to “call the business APL” (step S118).
The business information processing unit 321 receives a “call business APL” request from the WEB service processing unit 323 and activates the “business APL”. In accordance with the “business APL” process, the business information processing unit 321 requests the URL information processing unit 322 to perform “URL argument analysis” (step S142).

The URL information processing unit 322 receives the “URL argument analysis” request from the business information processing unit 321, combines the “URL argument”, and decrypts the decrypted “URL argument”. (Step S144).
The URL information processing unit 322, after decrypting the encryption of the “URL argument”, decomposes the decrypted “URL argument” into individual information, and reproduces the information shown in FIG. 6 (step S146).

Next, the URL information processing unit 322 determines the time at which the URL argument was generated in step S126 by comparing the time information included in the “URL argument” with the current time. For example, if the above determination is not made until a predetermined time elapses after the URL argument is generated in step S126, the URL argument may not have been normally notified. The URL argument analysis result is “abnormal”. On the other hand, if the above determination is made before a predetermined time elapses after the URL argument is generated in step S126, it is determined that the URL argument is normally notified, and the URL The analysis result of the argument is set to “normal”.
Thus, by including the time information in the “URL argument” and notifying it, the reliability of the “URL argument” can be easily verified. In this way, it is possible to ensure security by verifying whether the connection request to the business APL server requested from the terminal device 2 is valid. The URL information processing unit 322 passes the analysis result to the business information processing unit 321. An example of the analysis result is shown in FIG. The figure is an explanatory diagram showing an example of the analysis result.

When the business information processing unit 321 detects from the analysis result notified from the URL information processing unit 322 that the analysis result of the URL argument is determined to be “normal”, the business information processing unit 321 sends a “business information acquisition request” to the database unit. It passes to 325 (step S150).
The database unit 325 receives the “business information acquisition request” from the business information processing unit 321 and returns the “business information” corresponding to the “business information acquisition request” to the business information processing unit 321 (step S151).

  After receiving the “business information” from the database unit 325, the business information processing unit 321 returns “business information” in response to the “call business APL” request in step S118 to the WEB service processing unit 323 (step S119). ).

  After receiving the “business information” from the business information processing unit 321, the WEB service processing unit 323 returns “business information” corresponding to the “connection request to the business APL server” in step S 116 to the terminal device 2. After receiving the “business information” from the WEB service processing unit 323, the terminal device 2 displays the “business information” on the display screen of the browser (step S117).

  In addition, the process of the terminal device 2 is demonstrated, showing a more specific example.

(Step S1)
The browser 225B activates a WEB service referred to by the following URL in accordance with a user operation. The following URL is associated with the portlet unit 223P of the terminal device 2 (FITBEMS_MASTER).

  FITBEMS_MASTER / asmx / GetIFrameURL.asmx

  The browser 225B calls the portlet unit 223P with reference to the above URL. At that time, the browser 225B passes the following two arguments to the terminal application server 225S. The first argument is a login user ID for logging in to the service of the framework processing unit 225F that manages the portlet unit 223P. The second argument is a URL of a page configured so that a display corresponding to the portlet unit 223P is arranged in the page. The URL of the page (hereinafter referred to as “designated friendly URL”) can be referred to without performing authentication processing other than processing for logging in to the service of the framework processing unit 225F.

(Step S2)
The portlet unit 223P called by the browser 225B requests acquisition of the following information from the storage unit 31 (FB-BMSCONFIG DB) of the server device 3, and acquires the same information from the server device 3. For example, the information acquired by the above process includes an application URL corresponding to the designated friendly URL, a function ID, a function name (application name), and the like. The processing from when the server apparatus 3 is requested to acquire information until the server apparatus 3 acquires the information is as described above.
The server device 3 returns the above information to the portlet unit 223P (Frame-portlet) of the terminal device 2 in the following format.

<Application URL>? Param = <BMS user ID>; <BMS password>; <Function ID>; Terminal device login user ID; Current date and time

  For example, “Terminal Device Login User ID” is “ABC@framework.com”, and <BMS User ID>; <BMS Password>; <Function ID> are “BMSUID”, “BMSUIDF”, “25”, respectively. And Also, “Application URL is“ http: //SVNAME/fitbems-mcm/login.aspx ”. When defined as above, the URL is as follows.

http: //SVNAME/fitbems-mcm/login.aspx? param = BMSUID; BMSUIDF; 25; ABC@framework.com; 2014/01/23 09:01:16

  Further, the range after “param =” of the URL is encrypted by an encryption method such as triple DES (TDES). The result of the encryption process is as follows, for example.

http: //SVNAME/fitbems-mcm/login.aspx? param = rliJsag / ZTqTPUrmiOJ1Hb + MMtyPRM22xLntavAGDeNd01BXUAIFidlylWGNrRogiVjcMkdZTVhwct3sl4XJ9Q ==

  The character string in the range subjected to the above encryption processing includes characters that cannot be used in the URI. Here, with respect to the entire character string, characters that cannot be used in the URI are converted and URL-encoded so as to be within the range of usable characters. Examples of the URL-encoded character string are as follows.

http: //SVNAME/fitbems-mcm/login.aspx? param = rliJsag% 2fZTqTPUrmiOJ1Hb% 2bMMtyPRM22xLntavAGDeNd01BXUAIFidlylWGNrRogiVjcMkdZTVhwct3sl4XJ9Q% 3d% 3d

  Thus, the URL-encoded character string is returned to the portlet unit 223P (FITBEMS-Frame-portlet) of the terminal device 2 via the network 5.

(Step S3)
The portlet unit 223P (FITBEMS-Frame-portlet) of the terminal device 2 receives the encrypted character string and sets it in the IFRAME in the page. Here, the portlet unit 223P activates the application.

(Step S4)
The FITBEMS-MCM (http: //SVNAME/fitbems-mcm/login.aspx) of the server device 3 decrypts the encrypted character string after “param =” and decomposes it into each argument. Here, the FITBEMS-MCM of the server device 3 may perform a determination based on a determination process exemplified below and a process based on the determination result.

  In the first judgment, if the “BMS user ID” and “password” obtained after decrypting and decomposing the argument (QueryString) do not exist in the storage unit 31 (FB-BMSCONFIG DB), user authentication is not established. Is determined. If the user authentication is not established as a result of the determination process, an exception process is directed to an unauthenticated page indicating that the user authentication is not established.

  In the second determination, if the “argument creation date / time” obtained by decrypting and decomposing the argument (QueryString) is, for example, 30 seconds or more before the current date / time, it is determined that an invalid process is requested. As a result of the determination process, when it is determined that an unauthorized process is requested, the process is directed to an unauthenticated page indicating that user authentication has not been established as an exception process.

  In the third determination, it is determined whether or not the BMS user ID of the argument (QueryString) is empty. As a result of this determination processing, when it is determined that the BMS user ID is empty, as an exception processing, the user is directed to an unauthenticated page indicating that user authentication has not been established.

  As described above, the business processing system 1 according to the present embodiment can simplify the operation procedure of authentication processing for authenticating a user who is permitted to provide a service.

(Second Embodiment)
Next, a case where the business processing system 1 shown in the first embodiment is applied to a building management business will be described with reference to FIGS. 11 and 12.
FIG. 11 is a sequence diagram showing a procedure for acquiring business information when the business processing system 1 is applied to a building management business processing system.
The portlet unit 223P of the terminal device 2 requests the business information processing unit 321 of the server device 3 for information on buildings that can be referred to by the terminal login user (step S216).
The business information processing unit 321 returns “building information that can be referred to by the terminal login user” to the portlet unit 223P in response to the request of “building information that can be referred to by the terminal login user” from the portlet unit 223P (step S217). ).
Note that steps S216 and S217 described above may be performed in association with steps S116 and S117 described above.

  FIG. 12 is an explanatory diagram showing business information that can be acquired by the processing shown in FIG. 11 and the configuration thereof. As shown in the figure, the user information storage unit 311, the application information storage unit 312, and the business information storage unit 313 in the storage unit 31 store the following tables, respectively.

  The user information storage unit 311 stores a [terminal user] table. The [terminal user] table stores information including items of “terminal login user ID”, “terminal user name”, and “BMS user ID”. In “terminal login user ID” and “terminal user name”, the login user ID of the terminal device 2 and the name of the user are stored. In the “BMS user ID”, identification information for identifying a user of a series of business processes is stored.

  The application information storage unit 312 stores a [business APL user] table. The [Business APL User] table includes items such as “Business APL User ID”, “Password”, “User Name”, “User Type”, “Editing Authority”, “User Company Code”, and “Building Reference Definition ID”. Information including is stored. The “business APL user ID” and “password” are as described above. “User name”, “user type”, “edit authority”, “user affiliated company code”, and “building reference definition ID” are user information associated with “business APL user ID”. Note that the user associated with the “business APL user ID” is permitted to use the building information of the “building reference definition ID”.

  The business information storage unit 313 stores [MT_building reference definition], [MT_reference building], [MM_building], [MM_area], and [MM_company] tables. In the [MT_building reference definition] table, information including an item of “building reference definition name” referenced by “building reference definition ID” is stored. In the [MT_reference building] table, information including an item of “building ID” referred to by “building reference definition ID” is stored. The [MM_building] table includes “building name”, “owner company code”, “construction year”, “building area”, “total floor area”, “building structure”, “ground” referenced by “building ID”. Information including items of “number of floors”, “number of basements”, and “display order” is stored. The [MM_Area] table stores information including items of “area ID”, [area name], “tenant company code”, and “display order” referred to by “building ID”. In the [MM_company] table, information including an item of “company name” referred to by “company code” is stored.

Each of the above tables is associated as follows.
The item “BMS user ID” in the [terminal user] table is associated with the item “business APL user ID” in the [business APL user] table. Each information in the [APL user] table can be referred to.

  The item “building reference definition ID” in the [business APL user] table includes the item “building reference definition ID” in the [MT_building reference definition] table and the “building reference definition ID” in the [MT_reference building] table. The information is associated with each other, and the information in the “MT_building reference definition” table and the [MT_reference building] table can be referred to using the information of “building reference definition ID” as a key.

  The item “building ID” in the [MT_reference building] table is associated with the item “building ID” in the [MM_building] table, and the information of “building ID” is used as a key in the [MM_building] table. Each information can be referred to.

  The item “building ID” in the [MT_reference building] table is associated with the item “building ID” in the [MM_building] table and the item “building ID” in the [MM_area] table. Each information in the [MM_building] table and [MM_area] table can be referred to using the information of “building ID” as a key.

  The item “owner company code” in the [MM_building] table and the item “tenant company code” in the [MM_area] table are respectively associated with the “company code” in the [MM_company] table. Each piece of information in the [MM_company] table can be referred to using any of the information of “code” and “tenant company code” as a key.

  By associating the information of each table as described above, from the information of items such as “terminal login user ID”, “terminal user name”, “BMS user ID” stored in the [terminal user] table, Information of business APL that can be used by the user can be specified.

  As described above, the business processing system 1 according to the present embodiment can simplify the operation procedure of authentication processing for authenticating a user who is permitted to provide a service.

(Third embodiment)
Next, a business processing system 1A different from the business processing system 1 shown in the first embodiment will be described with reference to FIGS. In the description of the present embodiment, points different from the first embodiment will be mainly described. The same components as those shown in the first embodiment are denoted by the same reference numerals.
FIG. 13 is a functional configuration diagram illustrating a configuration example of the server control unit 32A in the server device 3A.
In the server control unit 32A, a database unit 325, a business information processing unit 321A, and a URL information processing unit 322 are mounted on the OS. Further, in the server control unit 32A, a WEB server 323WA, an application server 323SA, and a WEB service processing unit 323A are hierarchically mounted on the OS. The WEB server 323WA is a so-called WEB server that provides a WEB service. The application server 323SA manages execution of processing such as the WEB service processing unit 323.

FIG. 14 is a sequence diagram illustrating a processing procedure of the business processing system according to this embodiment. This figure shows an example of a predetermined procedure between the terminal device 2 and the server device 3A and between main functional units in the server device 3A. The procedure from step S110 to step S113 shown in the figure is the same as the procedure shown in FIG.
In the procedure shown in FIG. 4, the URL of the business APL server generated by the URL information processing unit 322 can refer to the WEB server 323W and the application server 323S (business APL server). On the other hand, the URL of the business APL server generated by the URL information processing unit 322 according to the present embodiment can refer to the terminal application server 225S, the framework processing unit 225F, and the portlet unit 223P (business APL server). is there.
The portlet unit 223P of this embodiment is configured to function as a business APL server.

  With this configuration, the terminal device 2A accepts the “business APL server URL” sent from the WEB service processing unit 323 in step S113, and the portlet based on the received “business APL server URL”. The unit 223P is activated. The portlet unit 223P requests the “business APL call” from the desired business information processing unit 321A based on the information included in the “business APL server URL” (step S116A).

  The business information processing unit 321A receives a request for “call business APL” from the portlet unit 223P and activates “business APL”. In accordance with the “business APL” process, the business information processing unit 321A requests the “URL argument analysis” from the URL information processing unit 322 (step S142).

Hereinafter, the procedure from step S144 to step S151 is the same as the procedure shown in FIG.
After receiving the “business information” from the database unit 325, the business information processing unit 321A returns “business information” in response to the “call of business APL” request in step S116A to the terminal device 2. After the portlet unit 223P receives the “business information” from the WEB service processing unit 323, the terminal device 2 displays the “business information” on the display screen of the browser (step S117A).

  As described above, the business processing system 1A according to the present embodiment can simplify the operation procedure of authentication processing for authenticating a user who is permitted to provide a service.

(Fourth embodiment)
With reference to FIG. 5 and FIG. 14, the business processing system 1B of the present embodiment will be described.
The business processing system 1B of the present embodiment displays a plurality of business APL information on the display screen of the terminal device 2 by combining the business processing system 1 and the business processing system 1A. For example, the business processing system 1B displays the business APL (first business APL) in the business processing system 1 and the business APL (second business APL) in the business processing system 1A on the display screen of the terminal device 2. . The terminal device 2A in the business processing system 1A is replaced with the terminal device 2.
For example, the business processing system 1B performs the procedure shown in FIG. 14 after performing the procedure shown in FIG. In this way, by executing the processing as the business processing system 1 and the processing as the business processing system 1A, different business processing information can be displayed in the display screen opened by the browser of the terminal device 2. it can.
Note that the processing as the business processing system 1 and the processing as the business processing system 1A may be performed in combination by performing one activation operation (step S100). In this case, it can be realized by configuring so as to perform the processing after step S112 of each system based on one activation operation.

  As described above, the business processing system 1B of the present embodiment can perform different business processing by simplifying the operation procedure of the authentication processing for authenticating a user who is permitted to provide a service.

  The embodiment of the present invention has been described above. In the above embodiment, when the business processing systems 1, 1A, 1B (hereinafter referred to as “business processing systems 1, 1A, 1B” are collectively described), 1 ”) may be realized by dedicated hardware, and is configured by a memory and a CPU (Central Processing Unit), and a program for realizing the functions of the above-described units. The function may be realized by loading the program into a memory and executing it.

  For example, in the above embodiment, the business processing system 1 has a computer system inside. Then, a program for realizing the functions of the above-described units is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into a computer system and executed, thereby executing the processing of each unit described above. You may go. Here, the “computer system” includes an OS and hardware such as peripheral devices.

Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW system is used.
The “computer-readable recording medium” refers to a storage device such as a flexible medium, a magneto-optical disk, a portable medium such as a ROM and a CD-ROM, and a hard disk incorporated in a computer system. Furthermore, “computer-readable recording medium” means a program that dynamically holds a program for a short time when the program is transmitted via a network such as the Internet or a communication line such as a telephone line. It also includes those that hold programs for a certain period of time, such as volatile memory inside computer systems that serve as servers and clients. The program may be a program for realizing a part of the functions described above, and may be a program capable of realizing the functions described above in combination with a program already recorded in a computer system.

[1] In the embodiment described above, the business processing system 1 provides a desired service to the user after performing a process of authenticating a user who is permitted to provide the service in response to a request from the terminal device 2. Server device 3 to be included. The server device 3 includes a storage unit 31 that stores information indicating a location of a storage area in which information related to a service to be provided is stored, and user information of a user permitted to provide the service, and the terminal device 2. A response including information indicating the location of the storage area in which information relating to the service to be provided is stored, and user information of a user permitted to provide the service, with reference to the storage unit 31 in response to a request from A response information generation unit (URL information processing unit 322) that generates information from information obtained by referring to the storage unit 31, and a communication processing unit (WEB service processing) that transmits the response information to the terminal device 2 Part 323).
In this way, the business processing system 1 refers to the storage unit 31 in response to a request from the terminal device 2, information indicating the location of the storage area in which information related to the service to be provided is stored, and the service Response information including user information of a user permitted to be provided is generated. The generated response information is sent to the terminal device 2.
As a result, the server device 3 notifies the terminal device 2 of the user information of the user permitted to provide the service as the response information without operating the terminal device 2 and inputting the user authentication information. In this way, the user can use a desired service without performing authentication information every time the authentication process is performed. From this, the business processing system 1 can simplify the operation procedure of the authentication process for authenticating the user who is permitted to provide the service.

[2] The response information generated by the business processing system 1 of the above embodiment includes dynamic variables that dynamically change according to the timing of receiving a request from the terminal device 2. The response information generation unit generates the response information including the dynamic variable.
As described above, the dynamic information is included in the response information transmitted to the terminal device 2, so that the dynamic variable can be used for the authentication process. Thereby, the business processing system 1 can improve the reliability of the authentication process by changing the argument used for the authentication process according to the timing of performing the authentication process.

[3] The response information generated by the business processing system 1 of the above embodiment includes information indicating the position of the business information processing unit 321 that provides the service. The terminal device 2 acquires the response information from the server device 3 and refers to the business information processing unit 321 based on the acquired response information.
As described above, the response information transmitted to the terminal device 2 includes information indicating the position of the business information processing unit 321 that provides the service, thereby providing the service selected from the plurality of business information processing units 321. be able to. Thereby, the business processing system 1 can provide a service according to the user and conditions.

[4] The business processing system 1 of the above embodiment includes a business information processing unit 321 that provides a service. The terminal device 2 controls the server device 3 to refer to the business information processing unit 321 based on the acquired response information, and causes the business information processing unit 321 to provide the service.
Thereby, the business processing system 1 according to the above-described embodiment includes the business information processing unit 321 that provides a service, so that the business information processing unit 321 can provide the service.

[5] The dynamic variable in the business processing system 1 of the above embodiment includes time information indicating time. The response information generation unit generates response information including the time information.
As described above, the time information is included as the dynamic variable in the response information transmitted to the terminal device 2, so that the time information can be used for the authentication process. Thereby, the business processing system 1 can use the time information of the argument used for the authentication process according to the timing of performing the authentication process, and can improve the reliability of the authentication process.

[6] Then, the dynamic variable in the business processing system 1 according to the above embodiment includes argument information corresponding to the service. The response information generation unit generates response information including argument information corresponding to the service.
As described above, the response information sent to the terminal device 2 includes the argument information corresponding to the service as a dynamic variable, so that the argument information corresponding to the service can be used for the authentication process. Thereby, the business process system 1 can change the argument used for the authentication process according to the condition for performing the authentication process, and can improve the reliability of the authentication process.

[7] In the business processing system 1 of the above embodiment, the response information generation unit encrypts various information included in the response information and generates response information from the encrypted various information.
Thereby, when sending response information to the terminal device 2, the information of the various variables contained in response information can be sent secretly, and the reliability of authentication processing can be improved.

[8] In the business processing system 1 according to the above embodiment, the response information generation unit encodes the encrypted various information and generates response information from the encoded various information.
For example, even when the encrypted response information includes a code that is not suitable for a Web service variable, the business processing system 1 can convert the response information into a code suitable for the Web service variable by encoding the response information. it can. Thereby, when sending the response information to the terminal device 2, the business processing system 1 can encrypt and send the information of various variables included in the response information by encoding the response information and then encoding it. The reliability of the authentication process can be increased.

[9] In the business processing system 1 according to the above-described embodiment, the terminal device 2 activates portlets that respectively refer to WEB servers with different reference destinations, and the business information associated with the WEB server referred to by the portlets A business APL information acquisition unit 223 for executing a service by the processing unit 321 is provided.
In this way, the business processing system 1 can provide different services by referring to WEB servers having different reference destinations.

  As mentioned above, although embodiment of this invention was described, the business processing system 1 of this invention is not limited only to the above-mentioned illustration example, A various change is added in the range which does not deviate from the summary of this invention. Of course you get.

1, 1A, 1B business processing system,
2 terminal device, 21 storage unit, 22 control unit, 23 input / output unit,
221 input / output processing unit, 222 terminal authentication processing unit, 223 business APL information acquisition unit,
224 display control unit, 225 communication processing unit, 226 database unit,
3 server devices, 31 storage units, 32 server control units,
311 User information storage unit, 312 Application information storage unit,
313 business information storage unit,
321 Business information processing unit, 322 URL information processing unit, 323 WEB service processing unit,
324 Timekeeping Department, 325 Database Department

Claims (11)

A business processing system including a server device that provides a desired service to a user after performing processing for authenticating a user who is permitted to provide a service in response to a request from a terminal device,
The server device
A storage unit that associates and stores information indicating a location of a storage area in which information relating to a service to be provided is held, and user information of a user permitted to provide the service;
Information indicating the location of a storage area in which information related to a service to be provided is stored by referring to the storage unit in response to a first request from a terminal device, and user information of a user permitted to provide the service And response information including information related to an argument of a process for providing the service in response to a second request from the terminal device as a process performed after the authentication process is performed, with reference to the storage unit A response information generating unit that generates from the received information;
Sending the response information for the first request from the terminal device to the terminal device, accepting the second request from the terminal device based on the response information received by the terminal device, and A communication processing unit that connects the terminal device to a business information processing unit that provides a service;
Information related to the argument included in the response information received by the terminal device is transferred from the terminal device to the server device in accordance with the second request, and transferred in accordance with the second request. A business information processing unit that extracts information related to the argument and uses a result obtained from the information related to the extracted argument as an argument of a process for providing the service;
A business processing system comprising: The generated response information includes a dynamic variable that dynamically changes according to the timing of receiving a request from the terminal device,
The response information generation unit
The business processing system according to claim 1, wherein the response information including the dynamic variable is generated. Before Symbol terminal equipment,
The business processing system according to claim 2, wherein the response information is acquired from the server device, and the business information processing unit is referred to based on the acquired response information. A business information processing unit for providing the service;
The terminal device
4. The business processing according to claim 3, wherein the business information processing unit is provided with the service by controlling the server device to refer to the business information processing unit based on the acquired response information. system. The dynamic variable includes time information indicating time,
The response information generation unit
Response information including the time information is generated, and the validity of the second request received from the terminal device is determined based on time information which is a dynamic variable included in the second request. The business processing system according to any one of claims 2 to 4. The dynamic variable includes argument information corresponding to the service,
The response information generation unit
6. The business processing system according to claim 2, wherein response information including argument information corresponding to the service is generated. The response information generation unit
The business processing system according to claim 6, wherein various information included in the response information is encrypted, and response information is generated from the encrypted various information. The response information generation unit
The business processing system according to claim 7, wherein the encrypted various information is encoded, and response information is generated from the encoded various information. The terminal device
A business APL information acquisition unit that activates portlets that respectively refer to different WEB servers that are referred to, and that executes services by the business information processing unit associated with the WEB server referred to by the portlet. Item 5. The business processing system according to item 3 or 4. A business processing method in a business processing system including a server device that provides a desired service to a user after performing processing for authenticating a user who is permitted to provide a service in response to a request from a terminal device,
Storing, in the storage unit of the server device, information indicating the location of a storage area in which information relating to the service to be provided is stored and user information of a user permitted to provide the service, in association with each other;
Information indicating the location of a storage area in which information related to a service to be provided is stored by referring to the storage unit in response to a first request from a terminal device, and user information of a user permitted to provide the service And response information including information related to an argument of a process for providing the service in response to a second request from the terminal device as a process performed after the authentication process is performed, with reference to the storage unit Generating from the generated information;
Sending the response information for the first request from the terminal device to the terminal device, accepting the second request from the terminal device based on the response information received by the terminal device, and Connecting the terminal device to a business information processing unit that provides a service ;
Information related to the argument included in the response information received by the terminal device is transferred from the terminal device to the server device in accordance with the second request, and transferred in accordance with the second request. Extracting the information related to the argument, and using the result obtained from the information related to the extracted argument as an argument of the process for providing the service . After performing processing for authenticating a user who is permitted to provide a service in response to a request from a terminal device, the computer of a server device that provides a desired service to the user,
Associating information indicating a position of a storage area in which information relating to a service to be provided is held with user information of a user permitted to provide the service in a storage unit;
Information indicating the location of a storage area in which information related to a service to be provided is stored by referring to the storage unit in response to a first request from a terminal device, and user information of a user permitted to provide the service And response information including information related to an argument of a process for providing the service in response to a second request from the terminal device as a process performed after the authentication process is performed, with reference to the storage unit Generating from the generated information;
Sending the response information for the first request from the terminal device to the terminal device, accepting the second request from the terminal device based on the response information received by the terminal device, and Connecting the terminal device to a business information processing unit that provides a service ;
Information related to the argument included in the response information received by the terminal device is transferred from the terminal device to the server device in accordance with the second request, and transferred in accordance with the second request. A program for extracting information relating to the argument and using a result obtained from the information relating to the extracted argument as an argument of a process for providing the service .

Images