WO2020134838A1 - Authority verification method and related device - Google Patents

Authority verification method and related device Download PDF

Info

Publication number
WO2020134838A1
WO2020134838A1 PCT/CN2019/121604 CN2019121604W WO2020134838A1 WO 2020134838 A1 WO2020134838 A1 WO 2020134838A1 CN 2019121604 W CN2019121604 W CN 2019121604W WO 2020134838 A1 WO2020134838 A1 WO 2020134838A1
Authority
WO
WIPO (PCT)
Prior art keywords
sub
function module
permission
identifier
microservice
Prior art date
Application number
PCT/CN2019/121604
Other languages
French (fr)
Chinese (zh)
Inventor
李春林
莫中平
蓝深
钟斌
Original Assignee
深圳云天励飞技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳云天励飞技术有限公司 filed Critical 深圳云天励飞技术有限公司
Publication of WO2020134838A1 publication Critical patent/WO2020134838A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Definitions

  • the present application relates to the field of electronic technology, and in particular, to a method of authorization verification and related devices.
  • an application Under the microservices architecture, an application will be split into several microapplications, each microapplication needs to authenticate access, and each microapplication needs to specify the current access user and its permissions.
  • the code is inserted into each microservice to obtain permission information, which leads to code redundancy and large business intrusion. It can be seen that the authentication method under the single application architecture is not particularly suitable.
  • Embodiments of the present application provide a permission verification method and related device, with a view to improving the convenience of permission verification in a microservice mode and reducing the complexity of permission verification codes.
  • an embodiment of the present application provides a permission verification method, which is applied to an electronic device, and a target application program is installed on the electronic device, and the target application program includes a main function module and a plurality of sub-function modules.
  • the methods described include:
  • the main function module calls the first subfunction module among the plurality of subfunction modules corresponding to the first microservice instance to obtain the permission identifier [0008] calling the second sub-function module corresponding to the authority verification function through the first sub-function module, and according to the The second sub-function module verifies whether the authority identifier is valid;
  • an embodiment of the present application provides a permission verification apparatus, which is applied to an electronic device, and a target application program is installed on the electronic device, and the target application program includes a main function module and a plurality of sub-function modules.
  • the authority verification device includes an acquisition unit, a verification unit and an execution unit, wherein,
  • the acquiring unit is configured to call the first of the plurality of sub-function modules corresponding to the first microservice instance through the main function module when a start request for the first microservice instance is detected A sub-function module to obtain permission identification;
  • the verification unit is configured to call a second sub-function module corresponding to a permission verification function through the first sub-function module, and verify whether the permission identifier is valid according to the second sub-function module;
  • the execution unit is configured to execute the first microservice instance through the first sub-function module when it is detected that the authority identifier is valid.
  • an embodiment of the present application provides an electronic device, including a processor, a memory, a communication interface, and one or more programs, where the one or more programs are stored in the memory and configured
  • the foregoing processor executes the foregoing program, and the foregoing program includes instructions for executing steps in any method of the first aspect of the embodiments of the present application.
  • an embodiment of the present application provides a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program for electronic data exchange, where the computer program causes the computer to execute as described in the present application Part or all of the steps described in any method of the first aspect of the embodiment.
  • an embodiment of the present application provides a computer program product, wherein the computer program product includes a non-transitory computer-readable storage medium that stores the computer program, and the computer program is operable to cause the computer to execute Part or all of the steps described in any method of the first aspect of the embodiments of the present application.
  • the computer program product may be a software installation package.
  • the main function module invokes a plurality of the corresponding ones of the first microservice instance
  • the first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the second sub-function module according to the second sub-function module Whether the authority identifier is valid, and finally, when it is detected that the authority identifier is valid, the first micro service instance is executed through the first sub-function module.
  • the electronic device does not need to add permission verification code in each microservice sub-function module, and only intercepts the permission identifier when verification is required to verify the sub-module calling the permission verification function, which can save each
  • the code for microservice application permission verification is helpful to reduce the verbosity of each microservice application code and improve the convenience of permission verification under the microservice mode.
  • FIG. 1 is a schematic structural diagram of a microservice architecture provided by an embodiment of the present application.
  • FIG. 2 is a schematic flowchart of a permission verification method provided by an embodiment of the present application.
  • FIG. 3 is a schematic flowchart of another authority verification method provided by an embodiment of the present application.
  • FIG. 4 is a schematic flowchart of another authority verification method provided by an embodiment of the present application.
  • FIG. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
  • FIG. 6 is a functional block diagram of a functional verification device provided by an embodiment of the present application.
  • the electronic devices involved in the embodiments of the present application may include various handheld devices, in-vehicle devices, wearable devices, computing devices, or other processing devices connected to a wireless modem, and various forms of user equipment (User Equipment, UE), mobile station (Mobile
  • UE User Equipment
  • Mobile station Mobile
  • the long-running application is built as a set of mutually coordinated services, and each service can be easily improved locally.
  • the microservice architecture is a method of developing a single application as a set of small services, each application runs in its own process, and is linked to a lightweight mechanism (usually HTTP The resource's Application Programming Interface (API) communicates.
  • API Application Programming Interface
  • These services are built around business functions and can be independently deployed through a fully automated deployment mechanism. The centralized management of these services is the least. They can be written in different programming languages and use different data storage technologies.
  • the microservice-based architecture may have 5 to 100 or more services.
  • the API gateway can provide a unified entry point for external consumers, regardless of the number and composition of internal microservices.
  • an application A based on a microservice architecture which consists of multiple The composition of the microservice application, each microservice corresponds to a different function in application A, which can be specifically corresponding to function 1 of microservice 1 and corresponding to microservice 2 Function 2, microservice 3 corresponds to function 3, microservice 4 corresponds to function 4, microservice 5 corresponds to function 5, etc.
  • Each microservice can be designed by a different design team, that is to say, each microservice is independent , And each microservice can be written in a different programming language.
  • FIG. 2 is a schematic flow chart of a method for verifying permission provided by an embodiment of the present application, which is applied to an electronic device, a target application program is installed on the electronic device, and the target application program includes a main function
  • this permission verification method includes:
  • S201 when detecting an activation request for a first microservice instance, the electronic device calls the first subfunction of the plurality of subfunction modules corresponding to the first microservice instance through the main function module The module obtains the permission identifier.
  • the first microservice instance is an object corresponding to any function in the target application program, and the specific implementation manner of the electronic device when the startup request for the first microservice instance is detected may be that the electronic device detects the user
  • the selection operation may be a touch operation, a voice operation, etc., which is not limited herein.
  • the permission identifier is Token
  • the main function module and the multiple sub-function modules belong to the relationship between calling and called.
  • S202 the electronic device calls a second sub-function module corresponding to a permission verification function through the first sub-function module, and verifies whether the permission identifier is valid according to the second sub-function module.
  • the permission verification program corresponds to a separate microservice application, without the need to add the same permission verification program to each other microservice application, the microservice application corresponds to the second sub Function module, the permission verification function of the second sub-function module can verify the validity of any token
  • the permission identifier is used by the first sub-function module to verify the startup request, that is, when the verification is successful, it proves that the target application has the permission to call and access the first microservice instance interface, and then Jump to the function page corresponding to the first microservice instance. If the verification fails, the jump response is not executed.
  • the main function module can display information such as a failed jump on the page before the jump.
  • the main function module invokes a plurality of the corresponding ones of the first microservice instance
  • the first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the permission identifier according to the second sub-function module Whether it is valid, and finally, when it is detected that the authority identifier is valid, executing the first microservice instance through the first sub-function module.
  • the electronic device does not need to add permission verification code in each microservice sub-function module, and only intercepts the permission identifier when verification is required to verify the sub-module calling the permission verification function, which can save each
  • the code for microservice application permission verification is helpful to reduce the verbosity of each microservice application code and improve the convenience of permission verification under the microservice mode.
  • the method before the start request for the first microservice instance is detected, the method further includes:
  • the authority identifier being a authority identifier pre-configured by the server according to the login identifier.
  • different target applications correspond to different servers
  • the permission identifier is assigned by the server, that is, the server obtains the permission identifier according to the user name when logging in the user name and password, that is, one account corresponds to one permission identifier value .
  • the main function module stores the authority identifier when receiving the authority identifier.
  • the electronic device when logging in the target application, can obtain the permission identifier unique to the logon identifier from the server, and store the permission identifier, which is beneficial to enhancing the permission of other microservices when using the permission identifier Logo convenience.
  • the method further includes:
  • the interceptor is used to intercept before a method or field is accessed, and then add certain operations before or after, here, the first sub-function module preloads the interceptor, so that the interceptor is in the first sub
  • the function obtains the permission identifier before executing the corresponding first microservice instance.
  • the fuse is a rewriting fuse
  • the method is implemented by configuring a processing class to implement the interface to rewrite its method, and the authority identifier is passed to the third sub-function.
  • the second microservice instance corresponding to the third sub-function module is independent of the first microservice instance, that is, the second microservice instance and the first microservice instance are two independent and unrelated microservices It can be understood that the thread executing the second microservice instance and the thread executing the first microservice instance are not the same thread.
  • the first sub-function module will pre-load the interceptor and fuse instead of using the interceptor and fuse. Carrying out loading is beneficial to improving the timeliness of authorization verification.
  • the method further includes:
  • the first relationship includes a mutually independent relationship and a subordinate relationship, and the subordinate relationship, that is, two microservice instances belong to microservice instances performed by the same thread.
  • the first sub-function module will send the fourth sub-function through different methods according to different first relationships
  • the module sends the permission identifier, and the method is preset in the first sub-function module.
  • the electronic device executes the first microservice instance and detects a start request of another microservice instance, it sends a permission identifier according to the correspondence between the microservice instance and the first microservice instance It is beneficial to ensure that any microservice instance can obtain a permission identifier, and the security of permission verification is improved.
  • the first relationship is that the third microservice instance is subordinate to the first microservice instance, and the invoking the first sub-function module according to the first relationship will
  • the permission identifier sent to the fourth sub-function module corresponding to the third microservice instance includes:
  • the F client that is, Feign
  • Feign is a declarative web service client, which is more convenient than writing a web service client, use Feign to create an interface, and only need to use the annotation method to configure and define, then Completing the interface binding to the service provider simplifies the development of self-packaged service call clients.
  • the first sub-function module may send the permission identifier to the fourth sub-function module through the interface created by the F client.
  • the permission identifier is sent to the fourth sub-function module corresponding to the third microservice instance through the F client, which may be that the permission identifier is set to the header of the http request, which is the fourth
  • the sub-function module provides the basis for permission verification.
  • the electronic device can directly send the permission identifier to the fourth sub-function module through the F client, and the F client is an annotation, which is beneficial to reduce the third
  • the code of the microservice instance is too verbose to avoid code intrusion into the third microservice instance.
  • the first relationship is that the third microservice instance is independent of the first microservice instance, the calling the first sub-function module according to the first relationship will
  • the permission identifier sent to the fourth sub-function module corresponding to the third microservice instance includes:
  • the preset policy of calling the first sub-function module through the fuse Slightly pass the permission identifier to the fourth sub-function module corresponding to the third microservice instance, so that the fourth sub-function module injects the permission identifier to the F client to implement the F client Start multiple microservice instances subordinate to the third microservice instance.
  • the specific implementation of the first sub-function module passing the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the preset policy of the fuse may be to create a An interface, through which an authority identifier is transferred to the fourth sub-function module, where the preset strategy may be an isolation strategy for rewriting the fuse.
  • the permission identification transfer between two microservice instances with different threads can be achieved by rewriting the isolation policy of the fuse .
  • the calling the first sub-function module among the plurality of sub-function modules corresponding to the first microservice instance through the main function module to obtain the permission identifier includes:
  • the request header is an http request header.
  • the first subfunction when the electronic device needs to start the first microservice instance, the first subfunction only needs to obtain the request header of the start request to obtain the permission identifier, which is beneficial to improve the microservice architecture.
  • a microservice permission verification can be realized and convenient.
  • microservice instance 1 includes sub-instance 3
  • microservice instance 2 includes sub-instance 4
  • the server also assigns the corresponding account during the process of determining whether to log in successfully through the account and password Authorization flag, when a start request for microservice instance 1 is detected, the micro The first subfunction corresponding to the service instance 1 obtains the permission identifier through the request header, and preloads the interceptor and the fuse, and verifies the micro service by calling the permission verification.
  • Case 1 When the permission identifier is valid, the micro service instance 1 is executed, and the micro service instance is executed. At 1 o'clock, it is divided into two cases.
  • Case 1 When the start request of sub-instance 3 is detected, the authority identifier is injected into the F client in the main function module by calling the first sub-function module, and the F client The end sends the permission identifier to the sub-function module corresponding to sub-instance 3, so that the sub-function module corresponding to sub-instance 3 can call the permission verification microservice to verify the permission identifier and then execute sub-instance 3;
  • Case 2 A microservice instance is detected In the start request of 2, the permission identifier is injected into the F client in the sub-function module corresponding to the microservice instance 2 by rewriting the isolation policy of the fuse, and sent to the sub-function module corresponding to the sub-instance 3 through the F client The permission identifier enables the sub-function module corresponding to the microservice instance 2 to call the permission verification microservice to verify the permission
  • FIG. 3 is a schematic flowchart of a permission verification method provided by an embodiment of the present application, which is applied to an electronic device, and the electronic device is installed with A target application program, the target application program includes a main function module and a plurality of sub-function modules.
  • the permission verification method includes:
  • S301 When detecting a login request for a target application, the electronic device obtains the login identifier in the login request through the main function module.
  • the electronic device logs in to the target application when receiving a message that the server successfully authenticates the logon identifier.
  • the electronic device receives a permission identifier from the server through the main function module, where the permission identifier is a permission identifier preconfigured by the server according to the login identifier.
  • S304 when detecting an activation request for the first microservice instance, the electronic device calls the first of the plurality of sub-function modules corresponding to the first microservice instance through the main function module The sub-function module obtains the permission identifier.
  • S305 the electronic device calls a second sub-function module corresponding to a permission verification function through the first sub-function module, and verifies whether the permission identifier is valid according to the second sub-function module.
  • S306 When detecting that the authority identifier is valid, the electronic device executes the first microservice instance through the first sub-function module. [0090] S307, when detecting an activation request for a third microservice instance, the electronic device determines a first relationship between the third microservice instance and the first microservice instance.
  • S308 When the first relationship is a subordinate relationship, the electronic device calls the first sub-function module to inject the permission identifier to the F client in the main function module.
  • S309 The electronic device sends the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the F client.
  • S310 The electronic device obtains the permission identifier through the fourth sub-function module, and verifies whether the permission identifier is valid by calling the second sub-function module.
  • the main function module invokes a plurality of the corresponding ones of the first microservice instance
  • the first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the permission identifier according to the second sub-function module Whether it is valid, and finally, when it is detected that the authority identifier is valid, executing the first microservice instance through the first sub-function module.
  • the electronic device does not need to add permission verification code in each microservice sub-function module, and only intercepts the permission identifier when verification is required to verify the sub-module calling the permission verification function, which can save each
  • the code for microservice application permission verification is helpful to reduce the verbosity of each microservice application code and improve the convenience of permission verification in the microservice mode.
  • the electronic device may obtain a permission identifier unique to the logon identifier from the server, and store the permission identifier, which is beneficial to improve the convenience of obtaining the permission identifier when other microservices use the permission identifier .
  • the electronic device when the first microservice instance is executed and the electronic device detects a start request of another microservice instance, it sends a permission identifier according to the corresponding relationship between the microservice instance and the first microservice instance, which is beneficial to guarantee Any microservice instance can obtain the permission identification, which improves the security of permission verification, and when the first relationship is a subordinate relationship, the electronic device can directly send the permission identification to the fourth sub-function module through the F client, and the F client As a comment, it is helpful to reduce the code complexity of the third microservice instance To avoid code intrusion into the third microservice instance.
  • FIG. 4 is a schematic flow chart of a method for authorization verification provided by an embodiment of the present application, which is applied to an electronic device, and the electronic device is installed with A target application program, the target application program includes a main function module and a plurality of sub-function modules.
  • the permission verification method includes:
  • the electronic device preloads an interceptor and a fuse through the first sub-function module, the interceptor is used by the first sub-function module to obtain a permission identifier, and the fuse is used to enable a third sub-function
  • the function module obtains the permission identifier, and the second microservice instance corresponding to the third sub-function module is independent of the first microservice instance.
  • S403 The electronic device calls the first sub-function module to obtain a request header of a start request for the first micro service instance through the interceptor.
  • S405 The electronic device calls a second sub-function module corresponding to a permission verification function through the first sub-function module, and verifies whether the permission identifier is valid according to the second sub-function module.
  • the main function module invokes a plurality of the corresponding ones of the first microservice instance
  • the first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the permission identifier according to the second sub-function module Whether it is valid, and finally, when it is detected that the authority identifier is valid, executing the first microservice instance through the first sub-function module.
  • the electronic device does not need to add permission verification code in the subfunction module of each microservice, and only intercepts the permission ID when verification is required to verify the submodule calling the permission verification function, which can save each Microservice application permission verification
  • the code helps to reduce the verbosity of each microservice application code and improve the convenience of permission verification in the microservice mode.
  • the first sub-function module will pre-load the interceptor and the fuse instead of loading it after the interceptor and the fuse need to be used. Conducive to improving the timeliness of authorization verification.
  • the first subfunction only needs to obtain the request header of the start request to obtain the permission identifier, which is beneficial to enhance the permissions of each microservice under the microservice architecture Verification can realize the note and convenience.
  • FIG. 5 is a schematic structural diagram of an electronic device 500 provided by an embodiment of the present application.
  • a target application program is installed.
  • the target application program includes a main function module and a plurality of sub-function modules.
  • the electronic device 500 includes an application processor 510, a memory 520, a communication interface 530, and one or more programs 5 21, wherein the one or more programs 521 are stored in the above-mentioned memory 520, and are configured to be executed by the above-mentioned application processor 510, and the one or more programs 521 include instructions for performing the following steps:
  • the main function module calls the first subfunction module among the plurality of subfunction modules corresponding to the first microservice instance to obtain the permission identifier ;
  • the main function module invokes a plurality of the corresponding ones of the first microservice instance
  • the first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the permission identifier according to the second sub-function module Whether it is valid, and finally, when it is detected that the authority identifier is valid, executing the first microservice instance through the first sub-function module.
  • the electronic device does not need to add permission verification code in each microservice sub-function module, and only intercepts the permission label when verification is required. Recognizing the submodules that call the permission verification function can eliminate the code for permission verification of each microservice application, which is helpful to reduce the complexity of each microservice application code and improve the convenience of permission verification in the microservice mode.
  • the one or more programs 521 further include instructions for performing the following steps: before the start request for the first microservice instance is detected, when the target application is detected During the login request, obtain the login ID in the login request through the main function module; and when receiving a message that the server successfully authenticates the login ID, log in to the target application; and through the main function
  • the module receives the authority identifier from the server, where the authority identifier is a authority identifier preconfigured by the server according to the login identifier.
  • the one or more programs 521 further include instructions for performing the following steps: after the start request for the first microservice instance is detected, called by the main function module A first sub-function module corresponding to the first microservice instance; and pre-loading an interceptor and a fuse through the first sub-function module, the interceptor is used by the first sub-function module to obtain the permission identifier, The fuse is used to enable a third sub-function module to obtain the permission identifier, and the second microservice instance corresponding to the third sub-function module is independent of the first microservice instance.
  • the one or more programs 521 further include instructions for performing the following steps: after executing the first microservice instance through the first sub-function module, when detecting When a start request is made for the third microservice instance, determine the first relationship between the third microservice instance and the first microservice instance; and call the first sub-function module to change the location according to the first relationship Sending the permission identifier to the fourth sub-function module corresponding to the third microservice instance; and obtaining the permission identifier through the fourth sub-function module, and verifying the permission identifier by calling the second sub-function module Whether it is valid; and when it is detected that the authority identifier is valid, executing the third microservice instance through the fourth sub-function module.
  • the first relationship is that the third microservice instance is subordinate to the first microservice instance, and the calling the first sub-function module according to the first relationship
  • the instructions in the one or more programs 521 are specifically used to perform the following operations:
  • the first relationship is a slave
  • invoking the first sub-function module to inject the permission identifier to the F client in the main function module Sending the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the F client.
  • the first relationship is that the third microservice instance is independent of the first microservice instance, and the calling the first sub-function module according to the first relationship
  • the instructions in the one or more programs 521 are specifically used to perform the following operations:
  • the first sub-function module is called to send the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the preset policy of the fuse, so that the fourth sub-function module passes the F
  • the manner in which the client injects the permission identifier enables the F client to start multiple microservice instances subordinate to the third microservice instance.
  • the The instructions in one or more programs 521 are specifically used to perform the following operations: call the first sub-function module among the plurality of sub-function modules corresponding to the first microservice instance through the main function module to obtain the A request header for initiating the request of the first microservice instance; and the permission identifier used for determining the request header.
  • the electronic device includes a hardware structure and/or a software module corresponding to each function.
  • the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a function is executed by hardware or computer software driven hardware depends on the specific application and design constraints of the technical solution. Professional technicians can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
  • the embodiments of the present application may divide the functional unit of the electronic device according to the above method example, for example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit.
  • the above integrated unit may be implemented in the form of hardware or a software functional unit. It should be noted that the division of units in the embodiments of the present application is a schematic sexually, it is only a division of logical functions, and there may be other divisions in actual implementation.
  • FIG. 6 is a block diagram of the functional units of the authority verification device 600 involved in the embodiment of the present application.
  • the permission verification device 600 is applied to an electronic device, and a target application program is installed on the electronic device, the target application program includes a main function module and a plurality of sub-function modules, and the permission verification device 600 includes an acquisition unit 601, a verification unit 602, and Execution unit 603, where:
  • the acquiring unit 601 is configured to call the plurality of sub-function modules corresponding to the first microservice instance through the main function module when a start request for the first microservice instance is detected
  • the first sub-function module obtains the permission identifier
  • the verification unit 602 is configured to call a second sub-function module corresponding to a permission verification function through the first sub-function module, and verify whether the permission identifier is valid according to the second sub-function module;
  • the execution unit 603 is configured to execute the first microservice instance through the first sub-function module when it is detected that the authority identifier is valid.
  • the main function module invokes a plurality of the corresponding ones of the first microservice instance
  • the first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the permission identifier according to the second sub-function module Whether it is valid, and finally, when it is detected that the authority identifier is valid, executing the first microservice instance through the first sub-function module.
  • the electronic device does not need to add permission verification code in the subfunction module of each microservice, and only intercepts the permission ID when verification is required to verify the submodule calling the permission verification function, which can save each The code for microservice application permission verification is helpful to reduce the verbosity of each microservice application code and improve the convenience of permission verification in the microservice mode.
  • the acquiring unit 601 is further configured to: when a login request for the target application is detected, pass the The main function module obtains the login identifier in the login request;
  • the execution unit 603 is further configured to: when receiving a message that the server successfully authenticates the login identifier, log in to the target application; and receive the authority from the server through the main function module ID, the permission ID is a permission ID pre-configured by the server according to the login ID [0129]
  • the execution unit 603 is further configured to: call the first microservice instance corresponding to the main function module A first sub-function module; and pre-loading an interceptor and a fuse through the first sub-function module, the interceptor is used by the first sub-function module to obtain the permission identifier, and the fuse is used to enable the third
  • the sub-function module obtains the permission identifier, and the second microservice instance corresponding to the third sub-function module is independent of the first microservice instance.
  • the execution unit 603 is further used to: When initiating a request, determine a first relationship between the third microservice instance and the first microservice instance; and call the first sub-function module to send the permission identifier to the first according to the first relationship
  • the fourth sub-function module corresponding to the three microservice instances;
  • the obtaining unit 601 is further configured to: obtain the permission identifier through the fourth sub-function module;
  • the verification unit 602 is further configured to: verify whether the authority identifier is valid by calling the second sub-function module;
  • the execution unit 603 is further configured to: when it is detected that the authority identifier is valid, execute the third microservice instance through the fourth sub-function module.
  • the first relationship is that the third microservice instance is subordinate to the first microservice instance, and the calling the first sub-function module according to the first relationship
  • the execution unit 603 is specifically configured to: when the first relationship is a subordinate relationship, call the first sub-function The module injects the permission identifier to the F client in the main function module; and is used to send the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the F client.
  • the first relationship is that the third microservice instance is independent of the first microservice instance, and the calling the first sub-function module according to the first relationship
  • the execution unit 603 is specifically configured to: when the first relationship is an independent relationship, call the first sub-function
  • the module sends the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the preset strategy of the fuse, so that The fourth sub-function module injects the permission identifier to the F client to enable the F client to start multiple microservice instances subordinate to the third microservice instance.
  • the The obtaining unit 601 is specifically configured to: use the main function module to call a first sub-function module among the plurality of sub-function modules corresponding to the first micro-service instance to obtain a start request for the first micro-service instance A request header; and a permission identifier used to determine the request header.
  • the acquisition unit 601 and the execution unit 603 may be a processor, a communication interface or a transceiver, and the verification unit 602 may be a processor.
  • Embodiments of the present application also provide a computer storage medium, wherein the computer storage medium stores a computer program for electronic data exchange, and the computer program causes the computer to perform part of any method described in the foregoing method embodiments Or all steps, the computer includes electronic equipment.
  • Embodiments of the present application also provide a computer program product, where the computer program product includes a non-transitory computer-readable storage medium that stores the computer program, and the computer program is operable to cause the computer to perform as described in the foregoing method embodiments Part or all of the steps of any method.
  • the computer program product may be a software installation package, and the computer includes electronic equipment.
  • the disclosed device may be implemented in other ways.
  • the device embodiments described above are only schematic.
  • the division of the above-mentioned units is only a division of logical functions.
  • there may be other division modes for example, multiple units or components may be combined or integrated To another system, or some features can be ignored, or Not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, and the indirect coupling or communication connection of the device or unit may be in electrical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units on. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above integrated unit may be implemented in the form of hardware, or in the form of a software functional unit.
  • the above integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer readable memory.
  • the technical solution of the present application may essentially be a part that contributes to the existing technology or all or part of the technical solution may be embodied in the form of a software product, and the computer software product is stored in a memory,
  • Several instructions are included to enable a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the above methods in various embodiments of the present application.
  • the aforementioned memory includes: U disk, read-only memory (ROM, Read-Only
  • RAM Random Access Memory
  • RAM Random Access Memory
  • removable hard drives magnetic disks, or optical disks and other media that can store program codes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Facsimiles In General (AREA)

Abstract

An authority verification method and a related device, the method comprising: when a start request for a first micro-service instance is detected, calling a first sub-function module among a plurality of sub-function modules corresponding to the first micro-service instance by means of a main function module to obtain an authority identifier (S201); calling a second sub-function module corresponding to an authority verification function by means of the first sub-function module, and verifying whether the authority identifier is valid according to the second sub-function module (S202); and when detected that the authority identifier is valid, executing the first micro-service instance by means of the first sub-function module (S203). The present method is conducive to improving the convenience of authority verification in a micro-service mode and reducing the disorderliness of authority verification codes.

Description

权限验证方法及相关装置 Authority verification method and related device
技术领域 Technical field
[0001] 本申请涉及电子技术领域, 具体涉及一种权限验证方法及相关装置。 [0001] The present application relates to the field of electronic technology, and in particular, to a method of authorization verification and related devices.
[0002] 本申请要求于 2018年 12月 29日提交中国专利局, 申请号为 201811640222.4、 发 明名称为“权限验证方法及相关装置”的中国专利申请的优先权, 其全部内容通过 引用结合在本申请中。 [0002] This application requires the priority of the Chinese patent application filed on December 29, 2018, with the application number 201811640222.4 and the invention titled "Authentication Verification Method and Related Devices", the entire contents of which are incorporated herein by reference Applying.
背景技术 Background technique
[0003] 随着微服务架构的兴起, 传统的单体应用场景下的身份认证和鉴权面临的挑战 越来越大。 单体应用体系下, 应用是一个整体, 一般针对所有的请求都会进行 权限校验。 [0003] With the rise of microservice architecture, the challenges of identity authentication and authentication in traditional single-use application scenarios are increasing. Under the monolithic application system, the application is a whole, and the permissions are generally checked for all requests.
[0004] 而微服务架构下, 一个应用会被拆分成若干个微应用, 每个微应用都需要对访 问进行鉴权, 每个微应用都需要明确当前访问用户以及其权限, 需要在每个微 服务中植入代码去获取权限信息, 导致代码冗余, 且对业务侵入大, 可见, 单 体应用架构下的鉴权方式就不是特别合适了。 [0004] Under the microservices architecture, an application will be split into several microapplications, each microapplication needs to authenticate access, and each microapplication needs to specify the current access user and its permissions. The code is inserted into each microservice to obtain permission information, which leads to code redundancy and large business intrusion. It can be seen that the authentication method under the single application architecture is not particularly suitable.
发明概述 Summary of the invention
技术问题 technical problem
问题的解决方案 Solution to the problem
技术解决方案 Technical solution
[0005] 本申请实施例提供了一种权限验证方法及相关装置, 以期提升微服务模式下权 限验证的便捷性, 降低权限验证代码的冗杂度。 [0005] Embodiments of the present application provide a permission verification method and related device, with a view to improving the convenience of permission verification in a microservice mode and reducing the complexity of permission verification codes.
[0006] 第一方面, 本申请实施例提供一种权限验证方法, 应用于电子设备, 所述电子 设备上安装有目标应用程序, 所述目标应用程序包括主函数模块和多个子函数 模块, 所述方法包括: [0006] In a first aspect, an embodiment of the present application provides a permission verification method, which is applied to an electronic device, and a target application program is installed on the electronic device, and the target application program includes a main function module and a plurality of sub-function modules. The methods described include:
[0007] 当检测到针对第一微服务实例的启动请求时, 通过所述主函数模块调用所述第 一微服务实例对应的多个所述子函数模块中的第一子函数模块获取权限标识; [0008] 通过所述第一子函数模块调用权限验证功能对应的第二子函数模块, 并根据所 述第二子函数模块验证所述权限标识是否有效; [0007] When a start request for the first microservice instance is detected, the main function module calls the first subfunction module among the plurality of subfunction modules corresponding to the first microservice instance to obtain the permission identifier [0008] calling the second sub-function module corresponding to the authority verification function through the first sub-function module, and according to the The second sub-function module verifies whether the authority identifier is valid;
[0009] 当检测到所述权限标识有效时, 通过所述第一子函数模块执行所述第一微服务 实例。 [0009] When it is detected that the authority identifier is valid, execute the first microservice instance through the first sub-function module.
[0010] 第二方面, 本申请实施例提供一种权限验证装置, 应用于电子设备, 所述电子 设备上安装有目标应用程序, 所述目标应用程序包括主函数模块和多个子函数 模块, 所述权限验证装置包括获取单元、 验证单元和执行单元, 其中, [0010] In a second aspect, an embodiment of the present application provides a permission verification apparatus, which is applied to an electronic device, and a target application program is installed on the electronic device, and the target application program includes a main function module and a plurality of sub-function modules. The authority verification device includes an acquisition unit, a verification unit and an execution unit, wherein,
[0011] 所述获取单元, 用于当检测到针对第一微服务实例的启动请求时, 通过所述主 函数模块调用所述第一微服务实例对应的多个所述子函数模块中的第一子函数 模块获取权限标识; [0011] The acquiring unit is configured to call the first of the plurality of sub-function modules corresponding to the first microservice instance through the main function module when a start request for the first microservice instance is detected A sub-function module to obtain permission identification;
[0012] 所述验证单元, 用于通过所述第一子函数模块调用权限验证功能对应的第二子 函数模块, 并根据所述第二子函数模块验证所述权限标识是否有效; [0012] The verification unit is configured to call a second sub-function module corresponding to a permission verification function through the first sub-function module, and verify whether the permission identifier is valid according to the second sub-function module;
[0013] 所述执行单元, 用于当检测到所述权限标识有效时, 通过所述第一子函数模块 执行所述第一微服务实例。 [0013] The execution unit is configured to execute the first microservice instance through the first sub-function module when it is detected that the authority identifier is valid.
[0014] 第三方面, 本申请实施例提供一种电子设备, 包括处理器、 存储器、 通信接口 以及一个或多个程序, 其中, 上述一个或多个程序被存储在上述存储器中, 并 且被配置由上述处理器执行, 上述程序包括用于执行本申请实施例第一方面任 一方法中的步骤的指令。 [0014] In a third aspect, an embodiment of the present application provides an electronic device, including a processor, a memory, a communication interface, and one or more programs, where the one or more programs are stored in the memory and configured The foregoing processor executes the foregoing program, and the foregoing program includes instructions for executing steps in any method of the first aspect of the embodiments of the present application.
[0015] 第四方面, 本申请实施例提供了一种计算机可读存储介质, 其中, 上述计算机 可读存储介质存储用于电子数据交换的计算机程序, 其中, 上述计算机程序使 得计算机执行如本申请实施例第一方面任一方法中所描述的部分或全部步骤。 [0015] According to a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, wherein the computer-readable storage medium stores a computer program for electronic data exchange, where the computer program causes the computer to execute as described in the present application Part or all of the steps described in any method of the first aspect of the embodiment.
[0016] 第五方面, 本申请实施例提供了一种计算机程序产品, 其中, 上述计算机程序 产品包括存储了计算机程序的非瞬时性计算机可读存储介质, 上述计算机程序 可操作来使计算机执行如本申请实施例第一方面任一方法中所描述的部分或全 部步骤。 该计算机程序产品可以为一个软件安装包。 [0016] In a fifth aspect, an embodiment of the present application provides a computer program product, wherein the computer program product includes a non-transitory computer-readable storage medium that stores the computer program, and the computer program is operable to cause the computer to execute Part or all of the steps described in any method of the first aspect of the embodiments of the present application. The computer program product may be a software installation package.
[0017] 可以看出, 本申请实施例中, 电子设备首先当检测到针对第一微服务实例的启 动请求时, 通过所述主函数模块调用所述第一微服务实例对应的多个所述子函 数模块中的第一子函数模块获取权限标识, 然后, 通过所述第一子函数模块调 用权限验证功能对应的第二子函数模块, 并根据所述第二子函数模块验证所述 权限标识是否有效, 最后, 当检测到所述权限标识有效时, 通过所述第一子函 数模块执行所述第一微服务实例。 可见, 电子设备在微服务架构下, 不需要在 每个微服务的子函数模块中加入权限验证的代码, 只在需要验证时截取权限标 识调用权限验证功能的子模块进行验证, 可以免除每个微服务应用权限验证的 代码, 有利于降低每个微服务应用代码的冗杂度, 提升微服务模式下权限验证 的便捷性。 [0017] It can be seen that in the embodiment of the present application, when the electronic device first detects a start request for the first microservice instance, the main function module invokes a plurality of the corresponding ones of the first microservice instance The first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the second sub-function module according to the second sub-function module Whether the authority identifier is valid, and finally, when it is detected that the authority identifier is valid, the first micro service instance is executed through the first sub-function module. It can be seen that under the microservices architecture, the electronic device does not need to add permission verification code in each microservice sub-function module, and only intercepts the permission identifier when verification is required to verify the sub-module calling the permission verification function, which can save each The code for microservice application permission verification is helpful to reduce the verbosity of each microservice application code and improve the convenience of permission verification under the microservice mode.
发明的有益效果 Beneficial effects of invention
对附图的简要说明 Brief description of the drawings
附图说明 BRIEF DESCRIPTION
[0018] 为了更清楚地说明本申请实施例或现有技术中的技术方案, 下面将对实施例或 5见有技术描述中所需要使用的附图作简单地介绍, 显而易见地, 下面描述中的 附图仅仅是本申请的一些实施例, 对于本领域普通技术人员来讲, 在不付出创 造性劳动的前提下, 还可以根据这些附图获得其他的附图。 [0018] In order to more clearly explain the embodiments of the present application or the technical solutions in the prior art, the following will briefly introduce the drawings required to be used in the technical description of the embodiment or the fifth embodiment. Obviously, the following description The drawings are only some embodiments of the present application. For those of ordinary skill in the art, without paying any creative labor, other drawings can also be obtained based on these drawings.
[0019] 图 1是本申请实施例提供的一种微服务架构的架构示意图; [0019] FIG. 1 is a schematic structural diagram of a microservice architecture provided by an embodiment of the present application;
[0020] 图 2是本申请实施例提供的一种权限验证方法的流程示意图; [0020] FIG. 2 is a schematic flowchart of a permission verification method provided by an embodiment of the present application;
[0021] 图 3是本申请实施例提供的另一种权限验证方法的流程示意图; [0021] FIG. 3 is a schematic flowchart of another authority verification method provided by an embodiment of the present application;
[0022] 图 4是本申请实施例提供的另一种权限验证方法的流程示意图; [0022] FIG. 4 is a schematic flowchart of another authority verification method provided by an embodiment of the present application;
[0023] 图 5是本申请实施例提供的一种电子设备的结构示意图; [0023] FIG. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
[0024] 图 6是本申请实施例提供的一种权限验证装置的功能单元组成框图。 [0024] FIG. 6 is a functional block diagram of a functional verification device provided by an embodiment of the present application.
发明实施例 Invention Example
本发明的实施方式 Embodiments of the invention
[0025] 为了使本技术领域的人员更好地理解本申请方案, 下面将结合本申请实施例中 的附图, 对本申请实施例中的技术方案进行清楚、 完整地描述, 显然, 所描述 的实施例仅仅是本申请一部分实施例, 而不是全部的实施例。 基于本申请中的 实施例, 本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他 实施例, 都属于本申请保护的范围。 [0025] In order to enable those skilled in the art to better understand the solution of the present application, the technical solutions in the embodiments of the present application will be described clearly and completely in conjunction with the drawings in the embodiments of the present application. Obviously, the described The embodiments are only a part of the embodiments of the present application, but not all the embodiments. Based on the embodiments in the present application, all other embodiments obtained by a person of ordinary skill in the art without making creative work fall within the protection scope of the present application.
[0026] 本申请的说明书和权利要求书及上述附图中的术语“第一”、 “第二”等是用于区 别不同对象, 而不是用于描述特定顺序。 此外, 术语“包括”和“具有”以及它们任 何变形, 意图在于覆盖不排他的包含。 例如包含了一系列步骤或单元的过程、 方法、 系统、 产品或设备没有限定于已列出的步骤或单元, 而是可选地还包括 没有列出的步骤或单元, 或可选地还包括对于这些过程、 方法、 产品或设备固 有的其他步骤或单元。 [0026] The terms “first”, “second”, etc. in the description and claims of the present application and the above drawings are used for Don't describe different objects, not describe specific sequences. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions. For example, a process, method, system, product, or device that includes a series of steps or units is not limited to the listed steps or units, but optionally includes steps or units that are not listed, or optionally also includes Other steps or units inherent to these processes, methods, products or equipment.
[0027] 在本文中提及“实施例”意味着, 结合实施例描述的特定特征、 结构或特性可以 包含在本申请的至少一个实施例中。 在说明书中的各个位置出现该短语并不一 定均是指相同的实施例, 也不是与其它实施例互斥的独立的或备选的实施例。 本领域技术人员显式地和隐式地理解的是, 本文所描述的实施例可以与其它实 施例相结合。 [0027] Reference herein to "embodiments" means that specific features, structures, or characteristics described in connection with the embodiments may be included in at least one embodiment of the present application. The appearance of this phrase in various places in the specification does not necessarily refer to the same embodiment, nor is it an independent or alternative embodiment mutually exclusive of other embodiments. Those skilled in the art understand explicitly and implicitly that the embodiments described herein can be combined with other embodiments.
[0028] 本申请实施例所涉及到的电子设备可以包括各种手持设备、 车载设备、 可穿戴 设备、 计算设备或连接到无线调制解调器的其他处理设备, 以及各种形式的用 户设备 (User Equipment, UE) , 移动台 (Mobile [0028] The electronic devices involved in the embodiments of the present application may include various handheld devices, in-vehicle devices, wearable devices, computing devices, or other processing devices connected to a wireless modem, and various forms of user equipment (User Equipment, UE), mobile station (Mobile
Station , MS) , 电子设备 (terminal device) 等等。 Station, MS), electronic device (terminal device), etc.
[0029] 下面结合附图对本申请实施例进行详细介绍。 [0029] The embodiments of the present application will be described in detail below in conjunction with the accompanying drawings.
[0030] 微服务架构模式 (Microservices Architecture Pattern)的目的是将大型的、 复杂的 [0030] The purpose of the Microservices Architecture Pattern is to integrate large, complex
、 长期运行的应用程序构建为一组相互配合的服务, 每个服务都可以很容易得 到局部改良。 The long-running application is built as a set of mutually coordinated services, and each service can be easily improved locally.
[0031] 简而言之, 微服务架构是一种将单应用程序作为一套小型服务开发的方法, 每 种应用程序都在其自己的进程中运行, 并与轻量级机制 (通常是 HTTP资源的应 用程序编辑接口 (Application Programming Interface, API)) 进行通信。 这些服务 是围绕业务功能构建的, 可以通过全自动部署机制进行独立部署。 这些服务的 集中化管理已经是最少的, 它们可以用不同的编程语言编写, 并使用不同的数 据存储技术。 [0031] In short, the microservice architecture is a method of developing a single application as a set of small services, each application runs in its own process, and is linked to a lightweight mechanism (usually HTTP The resource's Application Programming Interface (API) communicates. These services are built around business functions and can be independently deployed through a fully automated deployment mechanism. The centralized management of these services is the least. They can be written in different programming languages and use different data storage technologies.
[0032] 基于微服务的架构可以具有 5到 100个或更多个服务。 API网关使用中可以为外 部消费者提供统一的入口点, 而与内部微服务的数量和组成无关, 举例而言, 如图 1所示, 基于微服务架构的应用 A, 该应用 A由多个微服务应用构成, 每个微 服务对应该应用 A中不同的功能, 具体可以是微服务 1对应功能 1、 微服务 2对应 功能 2、 微服务 3对应功能 3、 微服务 4对应功能 4、 微服务 5对应功能 5等, 每个微 服务可以由不同的设计团队设计完成, 也就是说每个微服务之间是独立的, 且 每个微服务可以使用不同的编程语言编写。 [0032] The microservice-based architecture may have 5 to 100 or more services. The API gateway can provide a unified entry point for external consumers, regardless of the number and composition of internal microservices. For example, as shown in FIG. 1, an application A based on a microservice architecture, which consists of multiple The composition of the microservice application, each microservice corresponds to a different function in application A, which can be specifically corresponding to function 1 of microservice 1 and corresponding to microservice 2 Function 2, microservice 3 corresponds to function 3, microservice 4 corresponds to function 4, microservice 5 corresponds to function 5, etc. Each microservice can be designed by a different design team, that is to say, each microservice is independent , And each microservice can be written in a different programming language.
[0033] 下面对本发明实施例进行详细介绍。 [0033] The following describes the embodiments of the present invention in detail.
[0034] 请参阅图 2, 图 2是本申请实施例提供了一种权限验证方法的流程示意图, 应用 于电子设备, 所述电子设备上安装有目标应用程序, 所述目标应用程序包括主 函数模块和多个子函数模块, 如图所示, 本权限验证方法包括: [0034] Please refer to FIG. 2, FIG. 2 is a schematic flow chart of a method for verifying permission provided by an embodiment of the present application, which is applied to an electronic device, a target application program is installed on the electronic device, and the target application program includes a main function The module and multiple sub-function modules, as shown in the figure, this permission verification method includes:
[0035] S201 , 电子设备当检测到针对第一微服务实例的启动请求时, 通过所述主函数 模块调用所述第一微服务实例对应的多个所述子函数模块中的第一子函数模块 获取权限标识。 [0035] S201, when detecting an activation request for a first microservice instance, the electronic device calls the first subfunction of the plurality of subfunction modules corresponding to the first microservice instance through the main function module The module obtains the permission identifier.
[0036] 其中, 所述第一微服务实例为目标应用程序中任意功能对应的对象, 所述电子 设备当检测到针对第一微服务实例的启动请求的具体实现方式可以是电子设备 检测到了用户针对第一微服务实例的选取操作, 该选取操作可以是触控操作、 语音操作等, 在此不做限定。 [0036] Wherein, the first microservice instance is an object corresponding to any function in the target application program, and the specific implementation manner of the electronic device when the startup request for the first microservice instance is detected may be that the electronic device detects the user For the selection operation of the first microservice instance, the selection operation may be a touch operation, a voice operation, etc., which is not limited herein.
[0037] 其中, 权限标识为 Token, 主函数模块和多个子函数模块属于调用与被调用的 关系。 [0037] Wherein, the permission identifier is Token, and the main function module and the multiple sub-function modules belong to the relationship between calling and called.
[0038] S202, 所述电子设备通过所述第一子函数模块调用权限验证功能对应的第二子 函数模块, 并根据所述第二子函数模块验证所述权限标识是否有效。 [0038] S202, the electronic device calls a second sub-function module corresponding to a permission verification function through the first sub-function module, and verifies whether the permission identifier is valid according to the second sub-function module.
[0039] 其中, 在微服务架构下, 权限验证程序对应一个单独的微服务应用, 而不需要 在每个其他的微服务应用中均添加相同的权限验证程序, 该微服务应用对应第 二子函数模块, 该第二子函数模块的权限验证功能可以验证任意 Token的有效性 [0039] Wherein, under the microservice architecture, the permission verification program corresponds to a separate microservice application, without the need to add the same permission verification program to each other microservice application, the microservice application corresponds to the second sub Function module, the permission verification function of the second sub-function module can verify the validity of any token
[0040] S203, 所述电子设备当检测到所述权限标识有效时, 通过所述第一子函数模块 执行所述第一微服务实例。 [0040] S203, when detecting that the authority identifier is valid, the electronic device executes the first microservice instance through the first sub-function module.
[0041] 其中, 所述权限标识用于所述第一子函数模块对该启动请求进行验证, 即当验 证成功时, 证明目标应用程序具有调用并访问该第一微服务实例接口的权限, 继而跳转进入第一微服务实例对应的功能页面, 如果验证失败, 则不执行该跳 转响应, 相应的第一子函数模块可以反馈验证失败的消息给主函数模块时, 主 函数模块可以在跳转之前的页面显示跳转失败等信息。 [0041] Wherein, the permission identifier is used by the first sub-function module to verify the startup request, that is, when the verification is successful, it proves that the target application has the permission to call and access the first microservice instance interface, and then Jump to the function page corresponding to the first microservice instance. If the verification fails, the jump response is not executed. When the corresponding first sub-function module can feed back the verification failure message to the main function module, the main The function module can display information such as a failed jump on the page before the jump.
[0042] 可以看出, 本申请实施例中, 电子设备首先当检测到针对第一微服务实例的启 动请求时, 通过所述主函数模块调用所述第一微服务实例对应的多个所述子函 数模块中的第一子函数模块获取权限标识, 然后, 通过所述第一子函数模块调 用权限验证功能对应的第二子函数模块, 并根据所述第二子函数模块验证所述 权限标识是否有效, 最后, 当检测到所述权限标识有效时, 通过所述第一子函 数模块执行所述第一微服务实例。 可见, 电子设备在微服务架构下, 不需要在 每个微服务的子函数模块中加入权限验证的代码, 只在需要验证时截取权限标 识调用权限验证功能的子模块进行验证, 可以免除每个微服务应用权限验证的 代码, 有利于降低每个微服务应用代码的冗杂度, 提升微服务模式下权限验证 的便捷性。 [0042] It can be seen that in the embodiment of the present application, when the electronic device first detects a start request for the first microservice instance, the main function module invokes a plurality of the corresponding ones of the first microservice instance The first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the permission identifier according to the second sub-function module Whether it is valid, and finally, when it is detected that the authority identifier is valid, executing the first microservice instance through the first sub-function module. It can be seen that under the microservices architecture, the electronic device does not need to add permission verification code in each microservice sub-function module, and only intercepts the permission identifier when verification is required to verify the sub-module calling the permission verification function, which can save each The code for microservice application permission verification is helpful to reduce the verbosity of each microservice application code and improve the convenience of permission verification under the microservice mode.
[0043] 在一个可能的示例中, 所述检测到针对第一微服务实例的启动请求之前, 所述 方法还包括: [0043] In a possible example, before the start request for the first microservice instance is detected, the method further includes:
[0044] 当检测到针对目标应用程序的登录请求时, 通过所述主函数模块获取所述登录 请求中的登录标识; [0044] When a login request for the target application is detected, the login identifier in the login request is obtained through the main function module;
[0045] 当接收到服务器对所述登录标识验证成功的消息时, 登录所述目标应用程序; [0045] when receiving a message that the server successfully authenticates the login ID, log in to the target application;
[0046] 通过所述主函数模块接收来自所述服务器的所述权限标识, 所述权限标识是所 述服务器根据所述登录标识预配置的权限标识。 [0046] receiving the authority identifier from the server through the main function module, the authority identifier being a authority identifier pre-configured by the server according to the login identifier.
[0047] 其中, 不同的目标应用程序对应不同的服务器, 所述权限标识是服务器分配的 , 即服务器在登陆用户名和密码的时候, 根据用户名去获取权限标识, 即一个 账号对应一个权限标识值。 [0047] Wherein, different target applications correspond to different servers, and the permission identifier is assigned by the server, that is, the server obtains the permission identifier according to the user name when logging in the user name and password, that is, one account corresponds to one permission identifier value .
[0048] 其中, 所述主函数模块在接收到所述权限标识时存储所述权限标识。 [0048] Wherein, the main function module stores the authority identifier when receiving the authority identifier.
[0049] 可见, 本示例中, 电子设备在登录目标应用程序时, 可以从服务器获取针对登 录标识独有的权限标识, 并存储该权限标识, 有利于提升其他微服务使用权限 标识时, 获取权限标识的便捷性。 [0049] It can be seen that, in this example, when logging in the target application, the electronic device can obtain the permission identifier unique to the logon identifier from the server, and store the permission identifier, which is beneficial to enhancing the permission of other microservices when using the permission identifier Logo convenience.
[0050] 在一个可能的示例中, 所述检测到针对第一微服务实例的启动请求之后, 所述 方法还包括: [0050] In a possible example, after the start request for the first microservice instance is detected, the method further includes:
[0051] 通过所述主函数模块调用所述第一微服务实例对应的第一子函数模块; [0052] 通过所述第一子函数模块预加载拦截器和熔断器, 所述拦截器用于所述第一子 函数模块获取所述权限标识, 所述熔断器用于使第三子函数模块获取所述权限 标识, 所述第三子函数模块对应的第二微服务实例独立于所述第一微服务实例 [0051] calling the first sub-function module corresponding to the first microservice instance through the main function module; [0052] An interceptor and a fuse are preloaded through the first sub-function module, the interceptor is used by the first sub-function module to obtain the permission identifier, and the fuse is used to enable the third sub-function module to obtain The permission identifier, the second microservice instance corresponding to the third sub-function module is independent of the first microservice instance
[0053] 其中, 拦截器用于在某个方法或字段被访问之前, 进行拦截然后在之前或之后 加入某些操作, 在这里, 第一子函数模块预加载拦截器, 使拦截器在第一子函 数执行对应的第一微服务实例之前获取权限标识。 [0053] Wherein, the interceptor is used to intercept before a method or field is accessed, and then add certain operations before or after, here, the first sub-function module preloads the interceptor, so that the interceptor is in the first sub The function obtains the permission identifier before executing the corresponding first microservice instance.
[0054] 其中, 熔断器为重写熔断器, 通过配置一个处理类实现接口重写其方法, 向第 三子函数传递权限标识。 [0054] Wherein, the fuse is a rewriting fuse, and the method is implemented by configuring a processing class to implement the interface to rewrite its method, and the authority identifier is passed to the third sub-function.
[0055] 其中, 所述第三子函数模块对应的第二微服务实例独立于所述第一微服务实例 , 即第二微服务实例与第一微服务实例为两个独立不相关的微服务, 可以理解 为执行第二微服务实例的线程与执行第一微服务实例的线程为非同一线程。 [0055] wherein the second microservice instance corresponding to the third sub-function module is independent of the first microservice instance, that is, the second microservice instance and the first microservice instance are two independent and unrelated microservices It can be understood that the thread executing the second microservice instance and the thread executing the first microservice instance are not the same thread.
[0056] 可见, 本示例中, 电子设备在通过主函数调用第一子函数模块之后, 第一子函 数模块会预先加载拦截器和熔断器, 而不是在需要使用到拦截器和熔断器之后 再进行加载, 有利于提升权限验证的时效性。 [0056] It can be seen that, in this example, after the electronic device calls the first sub-function module through the main function, the first sub-function module will pre-load the interceptor and fuse instead of using the interceptor and fuse. Carrying out loading is beneficial to improving the timeliness of authorization verification.
[0057] 在一个可能的示例中, 所述通过所述第一子函数模块执行所述第一微服务实例 之后, 所述方法还包括: [0057] In a possible example, after executing the first microservice instance through the first sub-function module, the method further includes:
[0058] 当检测到针对第三微服务实例的启动请求时, 确定所述第三微服务实例与所述 第一微服务实例的第一关系; [0058] when a start request for the third microservice instance is detected, determine a first relationship between the third microservice instance and the first microservice instance;
[0059] 调用所述第一子函数模块根据所述第一关系将所述权限标识发送给所述第三微 服务实例对应的第四子函数模块; [0059] calling the first sub-function module to send the permission identifier to the fourth sub-function module corresponding to the third microservice instance according to the first relationship;
[0060] 通过所述第四子函数模块获取所述权限标识, 并通过调用所述第二子函数模块 验证所述权限标识是否有效; [0060] obtaining the permission identifier through the fourth sub-function module, and verifying whether the permission identifier is valid by calling the second sub-function module;
[0061] 当检测到所述权限标识有效时, 通过所述第四子函数模块执行所述第三微服务 实例。 [0061] When it is detected that the authority identifier is valid, execute the third microservice instance through the fourth sub-function module.
[0062] 其中, 所述第一关系包括相互独立的关系和从属关系, 所述从属关系, 即两个 微服务实例属于同一线程进行的微服务实例。 [0062] wherein, the first relationship includes a mutually independent relationship and a subordinate relationship, and the subordinate relationship, that is, two microservice instances belong to microservice instances performed by the same thread.
[0063] 其中, 第一子函数模块会根据不同的第一关系, 通过不同的方法向第四子函数 模块发送所述权限标识, 所述方法预设置在第一子函数模块中。 [0063] Wherein, the first sub-function module will send the fourth sub-function through different methods according to different first relationships The module sends the permission identifier, and the method is preset in the first sub-function module.
[0064] 可见, 本示例中, 电子设备在执行第一微服务实例的情况下, 检测到其他微服 务实例的启动请求时, 根据该微服务实例与第一微服务实例的对应关系发送权 限标识, 有利于保障任意微服务实例均可以获取权限标识, 提升了权限验证的 保障性。 [0064] It can be seen that in this example, when the electronic device executes the first microservice instance and detects a start request of another microservice instance, it sends a permission identifier according to the correspondence between the microservice instance and the first microservice instance It is beneficial to ensure that any microservice instance can obtain a permission identifier, and the security of permission verification is improved.
[0065] 在这个可能的示例中, 所述第一关系为所述第三微服务实例从属于所述第一微 服务实例, 所述调用所述第一子函数模块根据所述第一关系将所述权限标识发 送给所述第三微服务实例对应的第四子函数模块, 包括: [0065] In this possible example, the first relationship is that the third microservice instance is subordinate to the first microservice instance, and the invoking the first sub-function module according to the first relationship will The permission identifier sent to the fourth sub-function module corresponding to the third microservice instance includes:
[0066] 当所述第一关系为从属关系时, 调用所述第一子函数模块向所述主函数模块中 的 F客户端注入所述权限标识; [0066] When the first relationship is a subordinate relationship, call the first sub-function module to inject the permission identifier to the F client in the main function module;
[0067] 通过所述 F客户端向所述第三微服务实例对应的所述第四子函数模块发送所述 权限标识。 [0067] sending the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the F client.
[0068] 其中, F客户端, 即 Feign, 是一个声明 web服务客户端, 这比编写 web服务客户 端更便捷, 使用 Feign创建一个接口, 并且只需要用注释的方法来配置进行定义 , 即可完成对服务提供方的接口绑定, 简化了自行封装服务调用客户端的开发 量。 [0068] Among them, the F client, that is, Feign, is a declarative web service client, which is more convenient than writing a web service client, use Feign to create an interface, and only need to use the annotation method to configure and define, then Completing the interface binding to the service provider simplifies the development of self-packaged service call clients.
[0069] 其中, 第一子函数模块可以通过 F客户端创建的接口向第四子函数模块发送权 限标识。 [0069] Wherein, the first sub-function module may send the permission identifier to the fourth sub-function module through the interface created by the F client.
[0070] 其中, 通过所述 F客户端向所述第三微服务实例对应的所述第四子函数模块发 送所述权限标识, 可以是将权限标识设置到 http请求的头部, 为第四子函数模块 提供权限校验的依据。 [0070] where the permission identifier is sent to the fourth sub-function module corresponding to the third microservice instance through the F client, which may be that the permission identifier is set to the header of the http request, which is the fourth The sub-function module provides the basis for permission verification.
[0071] 可见, 本示例中, 电子设备在第一关系为从属关系时, 可以直接通过 F客户端 向第四子函数模块发送权限标识, 而 F客户端为注释的方式, 有利于降低第三微 服务实例代码冗杂度, 避免对第三微服务实例的代码侵入。 [0071] It can be seen that, in this example, when the first relationship is a subordinate relationship, the electronic device can directly send the permission identifier to the fourth sub-function module through the F client, and the F client is an annotation, which is beneficial to reduce the third The code of the microservice instance is too verbose to avoid code intrusion into the third microservice instance.
[0072] 在一个可能的示例中, 所述第一关系为所述第三微服务实例独立于所述第一微 服务实例, 所述调用所述第一子函数模块根据所述第一关系将所述权限标识发 送给所述第三微服务实例对应的第四子函数模块, 包括: [0072] In a possible example, the first relationship is that the third microservice instance is independent of the first microservice instance, the calling the first sub-function module according to the first relationship will The permission identifier sent to the fourth sub-function module corresponding to the third microservice instance includes:
[0073] 当所述第一关系为独立关系时, 调用所述第一子函数模块通过熔断器的预设策 略向所述第三微服务实例对应的第四子函数模块传递所述权限标识, 使所述第 四子函数模块通过向 F客户端注入所述权限标识的方式以实现通过所述 F客户端 启动从属于所述第三微服务实例的多个微服务实例。 [0073] When the first relationship is an independent relationship, the preset policy of calling the first sub-function module through the fuse Slightly pass the permission identifier to the fourth sub-function module corresponding to the third microservice instance, so that the fourth sub-function module injects the permission identifier to the F client to implement the F client Start multiple microservice instances subordinate to the third microservice instance.
[0074] 其中, 第一子函数模块通过熔断器的预设策略向所述第三微服务实例对应的第 四子函数模块传递所述权限标识的具体实现方式可以是通过重写熔断器创建一 个接口, 通过该接口向第四子函数模块传递权限标识, 其中, 预设策略可以为 重写熔断器的隔离策略。 [0074] The specific implementation of the first sub-function module passing the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the preset policy of the fuse may be to create a An interface, through which an authority identifier is transferred to the fourth sub-function module, where the preset strategy may be an isolation strategy for rewriting the fuse.
[0075] 其中, 当需要同时启动处于独立关系的第一微服务实例和第三微服务实例时, 可以通过重写熔断器的隔离策略实现非同一线程两个微服务实例之间的权限标 识传递。 [0075] Wherein, when it is necessary to start the first microservice instance and the third microservice instance in an independent relationship at the same time, the permission identification transfer between two microservice instances with different threads can be achieved by rewriting the isolation policy of the fuse .
[0076] 可见, 本示例中, 电子设备在第一微服务实例执行的过程中需要启动与第一微 服务实例不属于同一线程的第三微服务实例时, 通过重写熔断器的隔离策略实 现第四子函数模块获取权限标识, 有利于提升每个微服务实例权限验证以及启 动可靠性。 [0076] It can be seen that in this example, when the electronic device needs to start a third microservice instance that does not belong to the same thread as the first microservice instance during the execution of the first microservice instance, it is achieved by rewriting the isolation policy of the fuse The fourth sub-function module obtains the permission identifier, which is beneficial to improve the permission verification and startup reliability of each microservice instance.
[0077] 在一个可能的示例中, 所述通过所述主函数模块调用所述第一微服务实例对应 的多个所述子函数模块中的第一子函数模块获取权限标识, 包括: [0077] In a possible example, the calling the first sub-function module among the plurality of sub-function modules corresponding to the first microservice instance through the main function module to obtain the permission identifier includes:
[0078] 通过所述主函数模块调用所述第一微服务实例对应的多个所述子函数模块中的 第一子函数模块获取针对所述第一微服务实例的启动请求的请求头; [0078] calling the first sub-function module among the plurality of sub-function modules corresponding to the first microservice instance through the main function module to obtain a request header for the start request of the first microservice instance;
[0079] 确定所述请求头中的所述权限标识。 [0079] determining the authority identifier in the request header.
[0080] 其中, 所述请求头为 http请求头。 [0080] Wherein, the request header is an http request header.
[0081] 可见, 本示例中, 电子设备需要启动第一微服务实例时, 通过第一子函数仅仅 需要获取启动请求的请求头既可获取所述权限标识, 有利于提升微服务架构下 , 每个微服务权限验证的可实现注和便捷性。 [0081] It can be seen that in this example, when the electronic device needs to start the first microservice instance, the first subfunction only needs to obtain the request header of the start request to obtain the permission identifier, which is beneficial to improve the microservice architecture. A microservice permission verification can be realized and convenient.
[0082] 针对上述图 2所示的实施例, 举例一种具体的实施例加以说明, 其中, 目标应 用程序为应用程序 A, 应用程序 A包括微服务实例 1、 微服务实例 2, 权限验证微 服务, 微服务实例 1包括子实例 3 , 微服务实例 2包括子实例 4, 当用户登录应用 程序 A输入账号和密码时, 服务器在通过账号和密码确定是否成功登陆的过程中 同时赋予该账号对应的权限标识, 当检测到针对微服务实例 1的启动请求时, 微 服务实例 1对应的第一子函数通过请求头获取权限标识, 同时预加载拦截器和熔 断器, 并通过调用权限验证微服务验证权限标识有效时, 执行微服务实例 1, 且 在执行微服务实例 1时分为两种情况, 情况一: 检测到子实例 3的启动请求时, 通过调用所述第一子函数模块向所述主函数模块中的 F客户端注入所述权限标识 , 并通过 F客户端向子实例 3对应的子函数模块发送所述权限标识, 使子实例 3对 应的子函数模块可以调用权限验证微服务对权限标识进行验证进而执行子实例 3 ; 情况二: 检测到微服务实例 2的启动请求时, 通过重写熔断器的隔离策略向微 服务实例 2对应的子函数模块中的 F客户端注入所述权限标识, 并通过 F客户端向 子实例 3对应的子函数模块发送所述权限标识, 使微服务实例 2对应的子函数模 块可以调用权限验证微服务对权限标识进行验证进而执行微服务实例 2, 而在执 行微服务实例 2的过程中, 同样可以分为上述两种情况, 在此不做赘述。 [0082] For the embodiment shown in FIG. 2 above, a specific embodiment will be described as an example, where the target application is application A, and application A includes microservice instance 1, microservice instance 2, and permission verification micro Service, microservice instance 1 includes sub-instance 3, microservice instance 2 includes sub-instance 4, when the user logs in to the application A and enters an account and password, the server also assigns the corresponding account during the process of determining whether to log in successfully through the account and password Authorization flag, when a start request for microservice instance 1 is detected, the micro The first subfunction corresponding to the service instance 1 obtains the permission identifier through the request header, and preloads the interceptor and the fuse, and verifies the micro service by calling the permission verification. When the permission identifier is valid, the micro service instance 1 is executed, and the micro service instance is executed. At 1 o'clock, it is divided into two cases. Case 1: When the start request of sub-instance 3 is detected, the authority identifier is injected into the F client in the main function module by calling the first sub-function module, and the F client The end sends the permission identifier to the sub-function module corresponding to sub-instance 3, so that the sub-function module corresponding to sub-instance 3 can call the permission verification microservice to verify the permission identifier and then execute sub-instance 3; Case 2: A microservice instance is detected In the start request of 2, the permission identifier is injected into the F client in the sub-function module corresponding to the microservice instance 2 by rewriting the isolation policy of the fuse, and sent to the sub-function module corresponding to the sub-instance 3 through the F client The permission identifier enables the sub-function module corresponding to the microservice instance 2 to call the permission verification microservice to verify the permission identifier and then execute the microservice instance 2, and the process of executing the microservice instance 2 can also be divided into the above two This situation will not be repeated here.
[0083] 与上述图 2所示的实施例一致的, 请参阅图 3, 图 3是本申请实施例提供的一种 权限验证方法的流程示意图, 应用于电子设备, 所述电子设备上安装有目标应 用程序, 所述目标应用程序包括主函数模块和多个子函数模块, 如图所示, 本 权限验证方法包括: [0083] Consistent with the embodiment shown in FIG. 2 above, please refer to FIG. 3, FIG. 3 is a schematic flowchart of a permission verification method provided by an embodiment of the present application, which is applied to an electronic device, and the electronic device is installed with A target application program, the target application program includes a main function module and a plurality of sub-function modules. As shown in the figure, the permission verification method includes:
[0084] S301 , 电子设备当检测到针对目标应用程序的登录请求时, 通过所述主函数模 块获取所述登录请求中的登录标识。 [0084] S301: When detecting a login request for a target application, the electronic device obtains the login identifier in the login request through the main function module.
[0085] S302, 所述电子设备当接收到服务器对所述登录标识验证成功的消息时, 登录 所述目标应用程序。 [0085] S302, the electronic device logs in to the target application when receiving a message that the server successfully authenticates the logon identifier.
[0086] S303 , 所述电子设备通过所述主函数模块接收来自所述服务器的权限标识, 所 述权限标识是所述服务器根据所述登录标识预配置的权限标识。 [0086] S303. The electronic device receives a permission identifier from the server through the main function module, where the permission identifier is a permission identifier preconfigured by the server according to the login identifier.
[0087] S304, 所述电子设备当检测到针对第一微服务实例的启动请求时, 通过所述主 函数模块调用所述第一微服务实例对应的多个所述子函数模块中的第一子函数 模块获取所述权限标识。 [0087] S304, when detecting an activation request for the first microservice instance, the electronic device calls the first of the plurality of sub-function modules corresponding to the first microservice instance through the main function module The sub-function module obtains the permission identifier.
[0088] S305 , 所述电子设备通过所述第一子函数模块调用权限验证功能对应的第二子 函数模块, 并根据所述第二子函数模块验证所述权限标识是否有效。 [0088] S305, the electronic device calls a second sub-function module corresponding to a permission verification function through the first sub-function module, and verifies whether the permission identifier is valid according to the second sub-function module.
[0089] S306 , 所述电子设备当检测到所述权限标识有效时, 通过所述第一子函数模块 执行所述第一微服务实例。 [0090] S307 , 所述电子设备当检测到针对第三微服务实例的启动请求时, 确定所述第 三微服务实例与所述第一微服务实例的第一关系。 [0089] S306: When detecting that the authority identifier is valid, the electronic device executes the first microservice instance through the first sub-function module. [0090] S307, when detecting an activation request for a third microservice instance, the electronic device determines a first relationship between the third microservice instance and the first microservice instance.
[0091] S308 , 所述电子设备当所述第一关系为从属关系时, 调用所述第一子函数模块 向所述主函数模块中的 F客户端注入所述权限标识。 [0091] S308: When the first relationship is a subordinate relationship, the electronic device calls the first sub-function module to inject the permission identifier to the F client in the main function module.
[0092] S309 , 所述电子设备通过所述 F客户端向所述第三微服务实例对应的第四子函 数模块发送所述权限标识。 [0092] S309: The electronic device sends the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the F client.
[0093] S310, 所述电子设备通过所述第四子函数模块获取所述权限标识, 并通过调用 所述第二子函数模块验证所述权限标识是否有效。 [0093] S310: The electronic device obtains the permission identifier through the fourth sub-function module, and verifies whether the permission identifier is valid by calling the second sub-function module.
[0094] S311, 所述电子设备当检测到所述权限标识有效时, 通过所述第四子函数模块 执行所述第三微服务实例。 [0094] S311, when detecting that the authority identifier is valid, the electronic device executes the third microservice instance through the fourth sub-function module.
[0095] 可以看出, 本申请实施例中, 电子设备首先当检测到针对第一微服务实例的启 动请求时, 通过所述主函数模块调用所述第一微服务实例对应的多个所述子函 数模块中的第一子函数模块获取权限标识, 然后, 通过所述第一子函数模块调 用权限验证功能对应的第二子函数模块, 并根据所述第二子函数模块验证所述 权限标识是否有效, 最后, 当检测到所述权限标识有效时, 通过所述第一子函 数模块执行所述第一微服务实例。 可见, 电子设备在微服务架构下, 不需要在 每个微服务的子函数模块中加入权限验证的代码, 只在需要验证时截取权限标 识调用权限验证功能的子模块进行验证, 可以免除每个微服务应用权限验证的 代码, 有利于降低每个微服务应用代码的冗杂度, 提升微服务模式下权限验证 的便捷性。 [0095] It can be seen that in the embodiment of the present application, when the electronic device first detects a start request for the first microservice instance, the main function module invokes a plurality of the corresponding ones of the first microservice instance The first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the permission identifier according to the second sub-function module Whether it is valid, and finally, when it is detected that the authority identifier is valid, executing the first microservice instance through the first sub-function module. It can be seen that under the microservices architecture, the electronic device does not need to add permission verification code in each microservice sub-function module, and only intercepts the permission identifier when verification is required to verify the sub-module calling the permission verification function, which can save each The code for microservice application permission verification is helpful to reduce the verbosity of each microservice application code and improve the convenience of permission verification in the microservice mode.
[0096] 此外, 电子设备在登录目标应用程序时, 可以从服务器获取针对登录标识独有 的权限标识, 并存储该权限标识, 有利于提升其他微服务使用权限标识时, 获 取权限标识的便捷性。 [0096] In addition, when logging in the target application program, the electronic device may obtain a permission identifier unique to the logon identifier from the server, and store the permission identifier, which is beneficial to improve the convenience of obtaining the permission identifier when other microservices use the permission identifier .
[0097] 此外, 电子设备在执行第一微服务实例的情况下, 检测到其他微服务实例的启 动请求时, 根据该微服务实例与第一微服务实例的对应关系发送权限标识, 有 利于保障任意微服务实例均可以获取权限标识, 提升了权限验证的保障性, 且 电子设备在第一关系为从属关系时, 可以直接通过 F客户端向第四子函数模块发 送权限标识, 而 F客户端为注释的方式, 有利于降低第三微服务实例代码冗杂度 , 避免对第三微服务实例的代码侵入。 [0097] In addition, when the first microservice instance is executed and the electronic device detects a start request of another microservice instance, it sends a permission identifier according to the corresponding relationship between the microservice instance and the first microservice instance, which is beneficial to guarantee Any microservice instance can obtain the permission identification, which improves the security of permission verification, and when the first relationship is a subordinate relationship, the electronic device can directly send the permission identification to the fourth sub-function module through the F client, and the F client As a comment, it is helpful to reduce the code complexity of the third microservice instance To avoid code intrusion into the third microservice instance.
[0098] [0098]
[0099] 与上述图 2所示的实施例一致的, 请参阅图 4, 图 4是本申请实施例提供的一种 权限验证方法的流程示意图, 应用于电子设备, 所述电子设备上安装有目标应 用程序, 所述目标应用程序包括主函数模块和多个子函数模块, 如图所示, 本 权限验证方法包括: [0099] Consistent with the embodiment shown in FIG. 2 above, please refer to FIG. 4, FIG. 4 is a schematic flow chart of a method for authorization verification provided by an embodiment of the present application, which is applied to an electronic device, and the electronic device is installed with A target application program, the target application program includes a main function module and a plurality of sub-function modules. As shown in the figure, the permission verification method includes:
[0100] S401 , 电子设备当检测到针对第一微服务实例的启动请求时, 通过所述主函数 模块调用所述第一微服务实例对应的多个所述子函数模块中的第一子函数模块 [0100] S401, when detecting an activation request for a first microservice instance, the electronic device calls the first subfunction of the plurality of subfunction modules corresponding to the first microservice instance through the main function module Module
[0101] S402, 所述电子设备通过所述第一子函数模块预加载拦截器和熔断器, 所述拦 截器用于所述第一子函数模块获取权限标识, 所述熔断器用于使第三子函数模 块获取所述权限标识, 所述第三子函数模块对应的第二微服务实例独立于所述 第一微服务实例。 [0101] S402, the electronic device preloads an interceptor and a fuse through the first sub-function module, the interceptor is used by the first sub-function module to obtain a permission identifier, and the fuse is used to enable a third sub-function The function module obtains the permission identifier, and the second microservice instance corresponding to the third sub-function module is independent of the first microservice instance.
[0102] S403 , 所述电子设备调用所述第一子函数模块通过所述拦截器获取针对所述第 一微服务实例的启动请求的请求头。 [0102] S403: The electronic device calls the first sub-function module to obtain a request header of a start request for the first micro service instance through the interceptor.
[0103] S404, 所述电子设备确定所述请求头中的所述权限标识。 [0103] S404, the electronic device determines the authority identifier in the request header.
[0104] S405 , 所述电子设备通过所述第一子函数模块调用权限验证功能对应的第二子 函数模块, 并根据所述第二子函数模块验证所述权限标识是否有效。 [0104] S405: The electronic device calls a second sub-function module corresponding to a permission verification function through the first sub-function module, and verifies whether the permission identifier is valid according to the second sub-function module.
[0105] S406 , 所述电子设备当检测到所述权限标识有效时, 通过所述第一子函数模块 执行所述第一微服务实例。 [0105] S406: When detecting that the authority identifier is valid, the electronic device executes the first microservice instance through the first sub-function module.
[0106] 可以看出, 本申请实施例中, 电子设备首先当检测到针对第一微服务实例的启 动请求时, 通过所述主函数模块调用所述第一微服务实例对应的多个所述子函 数模块中的第一子函数模块获取权限标识, 然后, 通过所述第一子函数模块调 用权限验证功能对应的第二子函数模块, 并根据所述第二子函数模块验证所述 权限标识是否有效, 最后, 当检测到所述权限标识有效时, 通过所述第一子函 数模块执行所述第一微服务实例。 可见, 电子设备在微服务架构下, 不需要在 每个微服务的子函数模块中加入权限验证的代码, 只在需要验证时截取权限标 识调用权限验证功能的子模块进行验证, 可以免除每个微服务应用权限验证的 代码, 有利于降低每个微服务应用代码的冗杂度, 提升微服务模式下权限验证 的便捷性。 [0106] It can be seen that in the embodiment of the present application, when the electronic device first detects a start request for the first microservice instance, the main function module invokes a plurality of the corresponding ones of the first microservice instance The first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the permission identifier according to the second sub-function module Whether it is valid, and finally, when it is detected that the authority identifier is valid, executing the first microservice instance through the first sub-function module. It can be seen that, under the microservice architecture, the electronic device does not need to add permission verification code in the subfunction module of each microservice, and only intercepts the permission ID when verification is required to verify the submodule calling the permission verification function, which can save each Microservice application permission verification The code helps to reduce the verbosity of each microservice application code and improve the convenience of permission verification in the microservice mode.
[0107] 此外, 电子设备在通过主函数调用第一子函数模块之后, 第一子函数模块会预 先加载拦截器和熔断器, 而不是在需要使用到拦截器和熔断器之后再进行加载 , 有利于提升权限验证的时效性。 [0107] In addition, after the electronic device calls the first sub-function module through the main function, the first sub-function module will pre-load the interceptor and the fuse instead of loading it after the interceptor and the fuse need to be used. Conducive to improving the timeliness of authorization verification.
[0108] 此外, 电子设备需要启动第一微服务实例时, 通过第一子函数仅仅需要获取启 动请求的请求头既可获取所述权限标识, 有利于提升微服务架构下, 每个微服 务权限验证的可实现注和便捷性。 [0108] In addition, when the electronic device needs to start the first microservice instance, the first subfunction only needs to obtain the request header of the start request to obtain the permission identifier, which is beneficial to enhance the permissions of each microservice under the microservice architecture Verification can realize the note and convenience.
[0109] 与上述图 2、 图 3、 图 4所示的实施例一致的, 请参阅图 5, 图 5是本申请实施例 提供的一种电子设备 500的结构示意图, 所述电子设备 500上安装有目标应用程 序, 所述目标应用程序包括主函数模块和多个子函数模块, 如图 5所示, 所述电 子设备 500包括应用处理器 510、 存储器 520、 通信接口 530以及一个或多个程序 5 21, 其中, 所述一个或多个程序 521被存储在上述存储器 520中, 并且被配置由 上述应用处理器 510执行, 所述一个或多个程序 521包括用于执行以下步骤的指 令: [0109] Consistent with the embodiments shown in FIG. 2, FIG. 3, and FIG. 4, please refer to FIG. 5, FIG. 5 is a schematic structural diagram of an electronic device 500 provided by an embodiment of the present application. A target application program is installed. The target application program includes a main function module and a plurality of sub-function modules. As shown in FIG. 5, the electronic device 500 includes an application processor 510, a memory 520, a communication interface 530, and one or more programs 5 21, wherein the one or more programs 521 are stored in the above-mentioned memory 520, and are configured to be executed by the above-mentioned application processor 510, and the one or more programs 521 include instructions for performing the following steps:
[0110] 当检测到针对第一微服务实例的启动请求时, 通过所述主函数模块调用所述第 一微服务实例对应的多个所述子函数模块中的第一子函数模块获取权限标识; [0110] When a start request for the first microservice instance is detected, the main function module calls the first subfunction module among the plurality of subfunction modules corresponding to the first microservice instance to obtain the permission identifier ;
[0111] 通过所述第一子函数模块调用权限验证功能对应的第二子函数模块, 并根据所 述第二子函数模块验证所述权限标识是否有效; [0111] calling the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifying whether the permission identifier is valid according to the second sub-function module;
[0112] 当检测到所述权限标识有效时, 通过所述第一子函数模块执行所述第一微服务 实例。 [0112] When it is detected that the authority identifier is valid, execute the first microservice instance through the first sub-function module.
[0113] 可以看出, 本申请实施例中, 电子设备首先当检测到针对第一微服务实例的启 动请求时, 通过所述主函数模块调用所述第一微服务实例对应的多个所述子函 数模块中的第一子函数模块获取权限标识, 然后, 通过所述第一子函数模块调 用权限验证功能对应的第二子函数模块, 并根据所述第二子函数模块验证所述 权限标识是否有效, 最后, 当检测到所述权限标识有效时, 通过所述第一子函 数模块执行所述第一微服务实例。 可见, 电子设备在微服务架构下, 不需要在 每个微服务的子函数模块中加入权限验证的代码, 只在需要验证时截取权限标 识调用权限验证功能的子模块进行验证, 可以免除每个微服务应用权限验证的 代码, 有利于降低每个微服务应用代码的冗杂度, 提升微服务模式下权限验证 的便捷性。 [0113] It can be seen that in the embodiment of the present application, when the electronic device first detects a start request for the first microservice instance, the main function module invokes a plurality of the corresponding ones of the first microservice instance The first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the permission identifier according to the second sub-function module Whether it is valid, and finally, when it is detected that the authority identifier is valid, executing the first microservice instance through the first sub-function module. It can be seen that, under the microservice architecture, the electronic device does not need to add permission verification code in each microservice sub-function module, and only intercepts the permission label when verification is required. Recognizing the submodules that call the permission verification function can eliminate the code for permission verification of each microservice application, which is helpful to reduce the complexity of each microservice application code and improve the convenience of permission verification in the microservice mode.
[0114] 在一个可能的示例中, 所述一个或多个程序 521还包括用于执行以下步骤的指 令: 所述检测到针对第一微服务实例的启动请求之前, 当检测到针对目标应用 程序的登录请求时, 通过所述主函数模块获取所述登录请求中的登录标识; 以 及当接收到服务器对所述登录标识验证成功的消息时, 登录所述目标应用程序 ; 以及通过所述主函数模块接收来自所述服务器的所述权限标识, 所述权限标 识是所述服务器根据所述登录标识预配置的权限标识。 [0114] In a possible example, the one or more programs 521 further include instructions for performing the following steps: before the start request for the first microservice instance is detected, when the target application is detected During the login request, obtain the login ID in the login request through the main function module; and when receiving a message that the server successfully authenticates the login ID, log in to the target application; and through the main function The module receives the authority identifier from the server, where the authority identifier is a authority identifier preconfigured by the server according to the login identifier.
[0115] 在一个可能的示例中, 所述一个或多个程序 521还包括用于执行以下步骤的指 令: 所述检测到针对第一微服务实例的启动请求之后, 通过所述主函数模块调 用所述第一微服务实例对应的第一子函数模块; 以及通过所述第一子函数模块 预加载拦截器和熔断器, 所述拦截器用于所述第一子函数模块获取所述权限标 识, 所述熔断器用于使第三子函数模块获取所述权限标识, 所述第三子函数模 块对应的第二微服务实例独立于所述第一微服务实例。 [0115] In a possible example, the one or more programs 521 further include instructions for performing the following steps: after the start request for the first microservice instance is detected, called by the main function module A first sub-function module corresponding to the first microservice instance; and pre-loading an interceptor and a fuse through the first sub-function module, the interceptor is used by the first sub-function module to obtain the permission identifier, The fuse is used to enable a third sub-function module to obtain the permission identifier, and the second microservice instance corresponding to the third sub-function module is independent of the first microservice instance.
[0116] 在一个可能的示例中, 所述一个或多个程序 521还包括用于执行以下步骤的指 令: 所述通过所述第一子函数模块执行所述第一微服务实例之后, 当检测到针 对第三微服务实例的启动请求时, 确定所述第三微服务实例与所述第一微服务 实例的第一关系; 以及调用所述第一子函数模块根据所述第一关系将所述权限 标识发送给所述第三微服务实例对应的第四子函数模块; 以及通过所述第四子 函数模块获取所述权限标识, 并通过调用所述第二子函数模块验证所述权限标 识是否有效; 以及当检测到所述权限标识有效时, 通过所述第四子函数模块执 行所述第三微服务实例。 [0116] In a possible example, the one or more programs 521 further include instructions for performing the following steps: after executing the first microservice instance through the first sub-function module, when detecting When a start request is made for the third microservice instance, determine the first relationship between the third microservice instance and the first microservice instance; and call the first sub-function module to change the location according to the first relationship Sending the permission identifier to the fourth sub-function module corresponding to the third microservice instance; and obtaining the permission identifier through the fourth sub-function module, and verifying the permission identifier by calling the second sub-function module Whether it is valid; and when it is detected that the authority identifier is valid, executing the third microservice instance through the fourth sub-function module.
[0117] 在这个可能的示例中, 所述第一关系为所述第三微服务实例从属于所述第一微 服务实例, 在所述调用所述第一子函数模块根据所述第一关系将所述权限标识 发送给所述第三微服务实例对应的第四子函数模块方面, 所述一个或多个程序 5 21中的指令具体用于执行以下操作: 当所述第一关系为从属关系时, 调用所述 第一子函数模块向所述主函数模块中的 F客户端注入所述权限标识; 以及用于通 过所述 F客户端向所述第三微服务实例对应的所述第四子函数模块发送所述权限 标识。 [0117] In this possible example, the first relationship is that the third microservice instance is subordinate to the first microservice instance, and the calling the first sub-function module according to the first relationship In terms of sending the permission identifier to the fourth sub-function module corresponding to the third microservice instance, the instructions in the one or more programs 521 are specifically used to perform the following operations: When the first relationship is a slave During the relationship, invoking the first sub-function module to inject the permission identifier to the F client in the main function module; Sending the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the F client.
[0118] 在一个可能的示例中, 所述第一关系为所述第三微服务实例独立于所述第一微 服务实例, 在所述调用所述第一子函数模块根据所述第一关系将所述权限标识 发送给所述第三微服务实例对应的第四子函数模块方面, 所述一个或多个程序 5 21中的指令具体用于执行以下操作: 当所述第一关系为独立关系时, 调用所述 第一子函数模块通过熔断器的预设策略向所述第三微服务实例对应的第四子函 数模块发送所述权限标识, 使所述第四子函数模块通过向 F客户端注入所述权限 标识的方式以实现通过所述 F客户端启动从属于所述第三微服务实例的多个微服 务实例。 [0118] In a possible example, the first relationship is that the third microservice instance is independent of the first microservice instance, and the calling the first sub-function module according to the first relationship In terms of sending the permission identifier to the fourth sub-function module corresponding to the third microservice instance, the instructions in the one or more programs 521 are specifically used to perform the following operations: When the first relationship is independent In the relationship, the first sub-function module is called to send the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the preset policy of the fuse, so that the fourth sub-function module passes the F The manner in which the client injects the permission identifier enables the F client to start multiple microservice instances subordinate to the third microservice instance.
[0119] 在一个可能的示例中, 在所述通过所述主函数模块调用所述第一微服务实例对 应的多个所述子函数模块中的第一子函数模块获取权限标识方面, 所述一个或 多个程序 521中的指令具体用于执行以下操作: 通过所述主函数模块调用所述第 一微服务实例对应的多个所述子函数模块中的第一子函数模块获取针对所述第 一微服务实例的启动请求的请求头; 以及用于确定所述请求头中的所述权限标 识。 [0119] In a possible example, in terms of acquiring the permission identifier by the first sub-function module among the plurality of sub-function modules corresponding to the first microservice instance called by the main function module, the The instructions in one or more programs 521 are specifically used to perform the following operations: call the first sub-function module among the plurality of sub-function modules corresponding to the first microservice instance through the main function module to obtain the A request header for initiating the request of the first microservice instance; and the permission identifier used for determining the request header.
[0120] 上述主要从方法侧执行过程的角度对本申请实施例的方案进行了介绍。 可以理 解的是, 电子设备为了实现上述功能, 其包含了执行各个功能相应的硬件结构 和 /或软件模块。 本领域技术人员应该很容易意识到, 结合本文中所提供的实施 例描述的各示例的单元及算法步骤, 本申请能够以硬件或硬件和计算机软件的 结合形式来实现。 某个功能究竟以硬件还是计算机软件驱动硬件的方式来执行 , 取决于技术方案的特定应用和设计约束条件。 专业技术人员可以对每个特定 的应用使用不同方法来实现所描述的功能, 但是这种实现不应认为超出本申请 的范围。 [0120] The above describes the solutions of the embodiments of the present application mainly from the perspective of the execution process on the method side. It can be understood that, in order to realize the above-mentioned functions, the electronic device includes a hardware structure and/or a software module corresponding to each function. Those skilled in the art should easily realize that, in combination with the units and algorithm steps of the examples described in the embodiments provided herein, the present application can be implemented in the form of hardware or a combination of hardware and computer software. Whether a function is executed by hardware or computer software driven hardware depends on the specific application and design constraints of the technical solution. Professional technicians can use different methods to implement the described functions for each specific application, but such implementation should not be considered beyond the scope of this application.
[0121] 本申请实施例可以根据上述方法示例对电子设备进行功能单元的划分, 例如, 可以对应各个功能划分各个功能单元, 也可以将两个或两个以上的功能集成在 一个处理单元中。 上述集成的单元既可以采用硬件的形式实现, 也可以采用软 件功能单元的形式实现。 需要说明的是, 本申请实施例中对单元的划分是示意 性的, 仅仅为一种逻辑功能划分, 实际实现时可以有另外的划分方式。 [0121] The embodiments of the present application may divide the functional unit of the electronic device according to the above method example, for example, each functional unit may be divided corresponding to each function, or two or more functions may be integrated into one processing unit. The above integrated unit may be implemented in the form of hardware or a software functional unit. It should be noted that the division of units in the embodiments of the present application is a schematic Sexually, it is only a division of logical functions, and there may be other divisions in actual implementation.
[0122] 图 6是本申请实施例中所涉及的权限验证装置 600的功能单元组成框图。 该权限 验证装置 600应用于电子设备, 所述电子设备上安装有目标应用程序, 所述目标 应用程序包括主函数模块和多个子函数模块, 该权限验证装置 600包括获取单元 601、 验证单元 602和执行单元 603, 其中: [0122] FIG. 6 is a block diagram of the functional units of the authority verification device 600 involved in the embodiment of the present application. The permission verification device 600 is applied to an electronic device, and a target application program is installed on the electronic device, the target application program includes a main function module and a plurality of sub-function modules, and the permission verification device 600 includes an acquisition unit 601, a verification unit 602, and Execution unit 603, where:
[0123] 所述获取单元 601, 用于当检测到针对第一微服务实例的启动请求时, 通过所 述主函数模块调用所述第一微服务实例对应的多个所述子函数模块中的第一子 函数模块获取权限标识; [0123] The acquiring unit 601 is configured to call the plurality of sub-function modules corresponding to the first microservice instance through the main function module when a start request for the first microservice instance is detected The first sub-function module obtains the permission identifier;
[0124] 所述验证单元 602, 用于通过所述第一子函数模块调用权限验证功能对应的第 二子函数模块, 并根据所述第二子函数模块验证所述权限标识是否有效; [0124] The verification unit 602 is configured to call a second sub-function module corresponding to a permission verification function through the first sub-function module, and verify whether the permission identifier is valid according to the second sub-function module;
[0125] 所述执行单元 603 , 用于当检测到所述权限标识有效时, 通过所述第一子函数 模块执行所述第一微服务实例。 [0125] The execution unit 603 is configured to execute the first microservice instance through the first sub-function module when it is detected that the authority identifier is valid.
[0126] 可以看出, 本申请实施例中, 电子设备首先当检测到针对第一微服务实例的启 动请求时, 通过所述主函数模块调用所述第一微服务实例对应的多个所述子函 数模块中的第一子函数模块获取权限标识, 然后, 通过所述第一子函数模块调 用权限验证功能对应的第二子函数模块, 并根据所述第二子函数模块验证所述 权限标识是否有效, 最后, 当检测到所述权限标识有效时, 通过所述第一子函 数模块执行所述第一微服务实例。 可见, 电子设备在微服务架构下, 不需要在 每个微服务的子函数模块中加入权限验证的代码, 只在需要验证时截取权限标 识调用权限验证功能的子模块进行验证, 可以免除每个微服务应用权限验证的 代码, 有利于降低每个微服务应用代码的冗杂度, 提升微服务模式下权限验证 的便捷性。 [0126] It can be seen that in the embodiment of the present application, when the electronic device first detects a start request for the first microservice instance, the main function module invokes a plurality of the corresponding ones of the first microservice instance The first sub-function module in the sub-function module obtains the permission identifier, and then, calls the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifies the permission identifier according to the second sub-function module Whether it is valid, and finally, when it is detected that the authority identifier is valid, executing the first microservice instance through the first sub-function module. It can be seen that, under the microservice architecture, the electronic device does not need to add permission verification code in the subfunction module of each microservice, and only intercepts the permission ID when verification is required to verify the submodule calling the permission verification function, which can save each The code for microservice application permission verification is helpful to reduce the verbosity of each microservice application code and improve the convenience of permission verification in the microservice mode.
[0127] 在一个可能的示例中, 所述获取单元 601在所述检测到针对第一微服务实例的 启动请求之前, 还用于: 当检测到针对目标应用程序的登录请求时, 通过所述 主函数模块获取所述登录请求中的登录标识; [0127] In a possible example, before the detecting the start request for the first microservice instance, the acquiring unit 601 is further configured to: when a login request for the target application is detected, pass the The main function module obtains the login identifier in the login request;
[0128] 所述执行单元 603还用于: 当接收到服务器对所述登录标识验证成功的消息时 , 登录所述目标应用程序; 以及通过所述主函数模块接收来自所述服务器的所 述权限标识, 所述权限标识是所述服务器根据所述登录标识预配置的权限标识 [0129] 在一个可能的示例中, 所述执行单元 603在所述检测到针对第一微服务实例的 启动请求之后, 还用于: 通过所述主函数模块调用所述第一微服务实例对应的 第一子函数模块; 以及通过所述第一子函数模块预加载拦截器和熔断器, 所述 拦截器用于所述第一子函数模块获取所述权限标识, 所述熔断器用于使第三子 函数模块获取所述权限标识, 所述第三子函数模块对应的第二微服务实例独立 于所述第一微服务实例。 [0128] The execution unit 603 is further configured to: when receiving a message that the server successfully authenticates the login identifier, log in to the target application; and receive the authority from the server through the main function module ID, the permission ID is a permission ID pre-configured by the server according to the login ID [0129] In a possible example, after the detection of the start request for the first microservice instance is performed, the execution unit 603 is further configured to: call the first microservice instance corresponding to the main function module A first sub-function module; and pre-loading an interceptor and a fuse through the first sub-function module, the interceptor is used by the first sub-function module to obtain the permission identifier, and the fuse is used to enable the third The sub-function module obtains the permission identifier, and the second microservice instance corresponding to the third sub-function module is independent of the first microservice instance.
[0130] 在一个可能的示例中, 所述执行单元 603在所述通过所述第一子函数模块执行 所述第一微服务实例之后, 还用于: 当检测到针对第三微服务实例的启动请求 时, 确定所述第三微服务实例与所述第一微服务实例的第一关系; 以及调用所 述第一子函数模块根据所述第一关系将所述权限标识发送给所述第三微服务实 例对应的第四子函数模块; [0130] In a possible example, after the execution of the first microservice instance by the first sub-function module, the execution unit 603 is further used to: When initiating a request, determine a first relationship between the third microservice instance and the first microservice instance; and call the first sub-function module to send the permission identifier to the first according to the first relationship The fourth sub-function module corresponding to the three microservice instances;
[0131] 所述获取单元 601还用于: 通过所述第四子函数模块获取所述权限标识; [0131] The obtaining unit 601 is further configured to: obtain the permission identifier through the fourth sub-function module;
[0132] 所述验证单元 602还用于: 通过调用所述第二子函数模块验证所述权限标识是 否有效; [0132] The verification unit 602 is further configured to: verify whether the authority identifier is valid by calling the second sub-function module;
[0133] 所述执行单元 603还用于: 当检测到所述权限标识有效时, 通过所述第四子函 数模块执行所述第三微服务实例。 [0133] The execution unit 603 is further configured to: when it is detected that the authority identifier is valid, execute the third microservice instance through the fourth sub-function module.
[0134] 在这个可能的示例中, 所述第一关系为所述第三微服务实例从属于所述第一微 服务实例, 在所述调用所述第一子函数模块根据所述第一关系将所述权限标识 发送给所述第三微服务实例对应的第四子函数模块方面, 所述执行单元 603具体 用于: 当所述第一关系为从属关系时, 调用所述第一子函数模块向所述主函数 模块中的 F客户端注入所述权限标识; 以及用于通过所述 F客户端向所述第三微 服务实例对应的所述第四子函数模块发送所述权限标识。 [0134] In this possible example, the first relationship is that the third microservice instance is subordinate to the first microservice instance, and the calling the first sub-function module according to the first relationship In terms of sending the permission identifier to the fourth sub-function module corresponding to the third microservice instance, the execution unit 603 is specifically configured to: when the first relationship is a subordinate relationship, call the first sub-function The module injects the permission identifier to the F client in the main function module; and is used to send the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the F client.
[0135] 在一个可能的示例中, 所述第一关系为所述第三微服务实例独立于所述第一微 服务实例, 在所述调用所述第一子函数模块根据所述第一关系将所述权限标识 发送给所述第三微服务实例对应的第四子函数模块方面, 所述执行单元 603具体 用于: 当所述第一关系为独立关系时, 调用所述第一子函数模块通过熔断器的 预设策略向所述第三微服务实例对应的第四子函数模块发送所述权限标识, 使 所述第四子函数模块通过向 F客户端注入所述权限标识的方式以实现通过所述 F 客户端启动从属于所述第三微服务实例的多个微服务实例。 [0135] In a possible example, the first relationship is that the third microservice instance is independent of the first microservice instance, and the calling the first sub-function module according to the first relationship In terms of sending the permission identifier to the fourth sub-function module corresponding to the third microservice instance, the execution unit 603 is specifically configured to: when the first relationship is an independent relationship, call the first sub-function The module sends the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the preset strategy of the fuse, so that The fourth sub-function module injects the permission identifier to the F client to enable the F client to start multiple microservice instances subordinate to the third microservice instance.
[0136] 在一个可能的示例中, 在所述通过所述主函数模块调用所述第一微服务实例对 应的多个所述子函数模块中的第一子函数模块获取权限标识方面, 所述获取单 元 601具体用于: 通过所述主函数模块调用所述第一微服务实例对应的多个所述 子函数模块中的第一子函数模块获取针对所述第一微服务实例的启动请求的请 求头; 以及用于确定所述请求头中的所述权限标识。 [0136] In a possible example, in terms of acquiring the permission identifier by the first sub-function module among the plurality of sub-function modules corresponding to the first microservice instance invoked by the main function module, the The obtaining unit 601 is specifically configured to: use the main function module to call a first sub-function module among the plurality of sub-function modules corresponding to the first micro-service instance to obtain a start request for the first micro-service instance A request header; and a permission identifier used to determine the request header.
[0137] 其中, 获取单元 601和执行单元 603可以是处理器、 通信接口或者收发器, 验证 单元 602可以是处理器。 [0137] Wherein, the acquisition unit 601 and the execution unit 603 may be a processor, a communication interface or a transceiver, and the verification unit 602 may be a processor.
[0138] [0138]
[0139] 本申请实施例还提供一种计算机存储介质, 其中, 该计算机存储介质存储用于 电子数据交换的计算机程序, 该计算机程序使得计算机执行如上述方法实施例 中记载的任一方法的部分或全部步骤, 上述计算机包括电子设备。 [0139] Embodiments of the present application also provide a computer storage medium, wherein the computer storage medium stores a computer program for electronic data exchange, and the computer program causes the computer to perform part of any method described in the foregoing method embodiments Or all steps, the computer includes electronic equipment.
[0140] 本申请实施例还提供一种计算机程序产品, 上述计算机程序产品包括存储了计 算机程序的非瞬时性计算机可读存储介质, 上述计算机程序可操作来使计算机 执行如上述方法实施例中记载的任一方法的部分或全部步骤。 该计算机程序产 品可以为一个软件安装包, 上述计算机包括电子设备。 [0140] Embodiments of the present application also provide a computer program product, where the computer program product includes a non-transitory computer-readable storage medium that stores the computer program, and the computer program is operable to cause the computer to perform as described in the foregoing method embodiments Part or all of the steps of any method. The computer program product may be a software installation package, and the computer includes electronic equipment.
[0141] 需要说明的是, 对于前述的各方法实施例, 为了简单描述, 故将其都表述为一 系列的动作组合, 但是本领域技术人员应该知悉, 本申请并不受所描述的动作 顺序的限制, 因为依据本申请, 某些步骤可以采用其他顺序或者同时进行。 其 次, 本领域技术人员也应该知悉, 说明书中所描述的实施例均属于优选实施例 , 所涉及的动作和模块并不一定是本申请所必须的。 [0141] It should be noted that, for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should know that this application is not affected by the described action sequence Because of this application, certain steps can be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the involved actions and modules are not necessarily required by this application.
[0142] 在上述实施例中, 对各个实施例的描述都各有侧重, 某个实施例中没有详述的 部分, 可以参见其他实施例的相关描述。 [0142] In the above embodiments, the description of each embodiment has its own emphasis. For a part that is not detailed in an embodiment, you can refer to related descriptions in other embodiments.
[0143] 在本申请所提供的几个实施例中, 应该理解到, 所揭露的装置, 可通过其它的 方式实现。 例如, 以上所描述的装置实施例仅仅是示意性的, 例如上述单元的 划分, 仅仅为一种逻辑功能划分, 实际实现时可以有另外的划分方式, 例如多 个单元或组件可以结合或者可以集成到另一个系统, 或一些特征可以忽略, 或 不执行。 另一点, 所显示或讨论的相互之间的耦合或直接耦合或通信连接可以 是通过一些接口, 装置或单元的间接耦合或通信连接, 可以是电性或其它的形 式。 [0143] In the several embodiments provided in this application, it should be understood that the disclosed device may be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the above-mentioned units is only a division of logical functions. In actual implementation, there may be other division modes, for example, multiple units or components may be combined or integrated To another system, or some features can be ignored, or Not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, and the indirect coupling or communication connection of the device or unit may be in electrical or other forms.
[0144] 上述作为分离部件说明的单元可以是或者也可以不是物理上分开的, 作为单元 显示的部件可以是或者也可以不是物理单元, 即可以位于一个地方, 或者也可 以分布到多个网络单元上。 可以根据实际的需要选择其中的部分或者全部单元 来实现本实施例方案的目的。 [0144] The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units on. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
[0145] 另外, 在本申请各个实施例中的各功能单元可以集成在一个处理单元中, 也可 以是各个单元单独物理存在, 也可以两个或两个以上单元集成在一个单元中。 上述集成的单元既可以采用硬件的形式实现, 也可以采用软件功能单元的形式 实现。 [0145] In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit. The above integrated unit may be implemented in the form of hardware, or in the form of a software functional unit.
[0146] 上述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用 时, 可以存储在一个计算机可读取存储器中。 基于这样的理解, 本申请的技术 方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可 以以软件产品的形式体现出来, 该计算机软件产品存储在一个存储器中, 包括 若干指令用以使得一台计算机设备 (可为个人计算机、 服务器或者网络设备等 ) 执行本申请各个实施例上述方法的全部或部分步骤。 而前述的存储器包括: U 盘、 只读存储器 (ROM, Read-Only [0146] If the above integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it may be stored in a computer readable memory. Based on such an understanding, the technical solution of the present application may essentially be a part that contributes to the existing technology or all or part of the technical solution may be embodied in the form of a software product, and the computer software product is stored in a memory, Several instructions are included to enable a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the above methods in various embodiments of the present application. The aforementioned memory includes: U disk, read-only memory (ROM, Read-Only
Memory) 、 随机存取存储器 (RAM, Random Access Memory) 、 移动硬盘、 磁 碟或者光盘等各种可以存储程序代码的介质。 Memory), Random Access Memory (RAM, Random Access Memory), removable hard drives, magnetic disks, or optical disks and other media that can store program codes.
[0147] 本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可 以通过程序来指令相关的硬件来完成, 该程序可以存储于一计算机可读存储器 中, 存储器可以包括: 闪存盘、 只读存储器 (英文: Read-Only Memory , 简称 : ROM) 、 随机存取器 (英文: Random Access Memory, 简称: RAM) 、 磁盘 或光盘等。 [0147] Those of ordinary skill in the art may understand that all or part of the steps in the various methods of the foregoing embodiments may be completed by instructing relevant hardware through a program, and the program may be stored in a computer-readable memory, and the memory may include : Flash disk, Read-Only Memory (English: Read-Only Memory, abbreviation: ROM), Random Access Device (English: Random Access Memory, abbreviation: RAM), magnetic disk or optical disk, etc.
[0148] 以上对本申请实施例进行了详细介绍, 本文中应用了具体个例对本申请的原理 及实施方式进行了阐述, 以上实施例的说明只是用于帮助理解本申请的方法及 其核心思想; 同时, 对于本领域的一般技术人员, 依据本申请的思想, 在具体 实施方式及应用范围上均会有改变之处, 综上所述, 本说明书内容不应理解为 对本申请的限制。 [0148] The embodiments of the present application are described in detail above, and specific examples are used herein to explain the principles and implementation manners of the present application. The descriptions of the above embodiments are only used to help understand the method and the core idea of the present application; At the same time, for ordinary technicians in this field, according to the ideas of this application, in specific There will be changes in the implementation mode and the scope of application. In summary, the content of this specification should not be construed as limiting the application.

Claims

权利要求书 Claims
[权利要求 1] 一种权限验证方法, 其特征在于, 应用于电子设备, 所述电子设备上 安装有目标应用程序, 所述目标应用程序包括主函数模块和多个子函 数模块, 所述方法包括: [Claim 1] A permission verification method, which is applied to an electronic device, a target application program is installed on the electronic device, the target application program includes a main function module and a plurality of sub-function modules, and the method includes :
当检测到针对第一微服务实例的启动请求时, 通过所述主函数模块调 用所述第一微服务实例对应的多个所述子函数模块中的第一子函数模 块获取权限标识; When a start request for the first microservice instance is detected, the main function module calls the first subfunction module among the plurality of subfunction modules corresponding to the first microservice instance to obtain the permission identifier;
通过所述第一子函数模块调用权限验证功能对应的第二子函数模块, 并根据所述第二子函数模块验证所述权限标识是否有效; Calling the second sub-function module corresponding to the permission verification function through the first sub-function module, and verifying whether the permission identifier is valid according to the second sub-function module;
当检测到所述权限标识有效时, 通过所述第一子函数模块执行所述第 一微服务实例。 When it is detected that the authority identifier is valid, the first micro service instance is executed through the first sub-function module.
[权利要求 2] 根据权利要求 1所述的方法, 其特征在于, 所述检测到针对第一微服 务实例的启动请求之前, 所述方法还包括: [Claim 2] The method according to claim 1, characterized in that before the start request for the first microservice instance is detected, the method further comprises:
当检测到针对目标应用程序的登录请求时, 通过所述主函数模块获取 所述登录请求中的登录标识; When a login request for the target application is detected, the login identifier in the login request is obtained through the main function module;
当接收到服务器对所述登录标识验证成功的消息时, 登录所述目标应 用程序; When receiving a message that the server successfully authenticates the login ID, log in to the target application;
通过所述主函数模块接收来自所述服务器的所述权限标识, 所述权限 标识是所述服务器根据所述登录标识预配置的权限标识。 Receiving the authority identifier from the server through the main function module, where the authority identifier is a authority identifier pre-configured by the server according to the login identifier.
[权利要求 3] 根据权利要求:1或 2所述的方法, 其特征在于, 所述检测到针对第一微 服务实例的启动请求之后, 所述方法还包括: [Claim 3] The method according to claim: 1 or 2, characterized in that after the start request for the first microservice instance is detected, the method further comprises:
通过所述主函数模块调用所述第一微服务实例对应的第一子函数模块 通过所述第一子函数模块预加载拦截器和熔断器, 所述拦截器用于所 述第一子函数模块获取所述权限标识, 所述熔断器用于使第三子函数 模块获取所述权限标识, 所述第三子函数模块对应的第二微服务实例 独立于所述第一微服务实例。 Calling the first sub-function module corresponding to the first microservice instance through the main function module, pre-loading the interceptor and the fuse through the first sub-function module, the interceptor is used for obtaining by the first sub-function module The permission identifier, the fuse is used to enable a third sub-function module to obtain the permission identifier, and the second microservice instance corresponding to the third subfunction module is independent of the first microservice instance.
[权利要求 4] 根据权利要求 1所述的方法, 其特征在于, 所述通过所述第一子函数 模块执行所述第一微服务实例之后, 所述方法还包括: 当检测到针对第三微服务实例的启动请求时, 确定所述第三微服务实 例与所述第一微服务实例的第一关系; [Claim 4] The method according to claim 1, characterized in that the passing of the first sub-function After the module executes the first microservice instance, the method further includes: when a start request for the third microservice instance is detected, determine the first of the third microservice instance and the first microservice instance relationship;
调用所述第一子函数模块根据所述第一关系将所述权限标识发送给所 述第三微服务实例对应的第四子函数模块; Calling the first sub-function module to send the permission identifier to the fourth sub-function module corresponding to the third microservice instance according to the first relationship;
通过所述第四子函数模块获取所述权限标识, 并通过调用所述第二子 函数模块验证所述权限标识是否有效; Acquiring the permission identifier through the fourth sub-function module, and verifying whether the permission identifier is valid by calling the second sub-function module;
当检测到所述权限标识有效时, 通过所述第四子函数模块执行所述第 三微服务实例。 When it is detected that the authority identifier is valid, the third micro service instance is executed through the fourth sub-function module.
[权利要求 5] 根据权利要求 4所述的方法, 其特征在于, 所述第一关系为所述第三 微服务实例从属于所述第一微服务实例, 所述调用所述第一子函数模 块根据所述第一关系将所述权限标识发送给所述第三微服务实例对应 的第四子函数模块, 包括: [Claim 5] The method of claim 4, wherein the first relationship is that the third microservice instance is subordinate to the first microservice instance, and the calling the first subfunction The module sends the permission identifier to the fourth sub-function module corresponding to the third microservice instance according to the first relationship, including:
当所述第一关系为从属关系时, 调用所述第一子函数模块向所述主函 数模块中的 F客户端注入所述权限标识; When the first relationship is a subordinate relationship, invoking the first sub-function module to inject the permission identifier to the F client in the main function module;
通过所述 F客户端向所述第三微服务实例对应的所述第四子函数模块 发送所述权限标识。 Sending the permission identifier to the fourth sub-function module corresponding to the third microservice instance through the F client.
[权利要求 6] 根据权利要求 4所述的方法, 其特征在于, 所述第一关系为所述第三 微服务实例独立于所述第一微服务实例, 所述调用所述第一子函数模 块根据所述第一关系将所述权限标识发送给所述第三微服务实例对应 的第四子函数模块, 包括: [Claim 6] The method of claim 4, wherein the first relationship is that the third microservice instance is independent of the first microservice instance, and the calling the first subfunction The module sends the permission identifier to the fourth sub-function module corresponding to the third microservice instance according to the first relationship, including:
当所述第一关系为独立关系时, 调用所述第一子函数模块通过熔断器 的预设策略向所述第三微服务实例对应的第四子函数模块发送所述权 限标识, 使所述第四子函数模块通过向 F客户端注入所述权限标识的 方式以实现通过所述 F客户端启动从属于所述第三微服务实例的多个 微服务实例。 When the first relationship is an independent relationship, the first sub-function module is called to send the permission identifier to the fourth sub-function module corresponding to the third microservice instance through a preset policy of a fuse, so that the The fourth sub-function module injects the permission identifier to the F client to enable the F client to start multiple microservice instances subordinate to the third microservice instance.
[权利要求 7] 根据权利要求 1所述的方法, 其特征在于, 所述通过所述主函数模块 调用所述第一微服务实例对应的多个所述子函数模块中的第一子函数 模块获取权限标识, 包括: [Claim 7] The method according to claim 1, wherein the calling of the first sub-function among the plurality of sub-function modules corresponding to the first microservice instance by the main function module The module obtains the permission identification, including:
通过所述主函数模块调用所述第一微服务实例对应的多个所述子函数 模块中的第一子函数模块获取针对所述第一微服务实例的启动请求的 请求头; Acquiring, by the main function module, a first sub-function module among the plurality of sub-function modules corresponding to the first micro-service instance, a request header for a start request of the first micro-service instance;
确定所述请求头中的所述权限标识。 Determine the authority identifier in the request header.
[权利要求 8] 一种权限验证装置, 其特征在于, 应用于电子设备, 所述电子设备上 安装有目标应用程序, 所述目标应用程序包括主函数模块和多个子函 数模块, 所述权限验证装置包括获取单元、 验证单元和执行单元, 其 中, [Claim 8] A permission verification device, characterized in that it is applied to an electronic device, a target application program is installed on the electronic device, the target application program includes a main function module and a plurality of sub-function modules, and the permission verification The device includes an acquisition unit, a verification unit and an execution unit, wherein,
所述获取单元, 用于当检测到针对第一微服务实例的启动请求时, 通 过所述主函数模块调用所述第一微服务实例对应的多个所述子函数模 块中的第一子函数模块获取权限标识; The acquiring unit is configured to call the first sub-function of the plurality of sub-function modules corresponding to the first micro-service instance through the main function module when a start request for the first micro-service instance is detected The module obtains the permission identification;
所述验证单元, 用于通过所述第一子函数模块调用权限验证功能对应 的第二子函数模块, 并根据所述第二子函数模块验证所述权限标识是 否有效; The verification unit is configured to call the second sub-function module corresponding to the permission verification function through the first sub-function module, and verify whether the permission identifier is valid according to the second sub-function module;
所述执行单元, 用于当检测到所述权限标识有效时, 通过所述第一子 函数模块执行所述第一微服务实例。 The execution unit is configured to execute the first microservice instance through the first sub-function module when it is detected that the authority identifier is valid.
[权利要求 9] 一种电子设备, 其特征在于, 包括处理器、 存储器、 通信接口, 以及 一个或多个程序, 所述一个或多个程序被存储在所述存储器中, 并且 被配置由所述处理器执行, 所述程序包括用于执行如权利要求 1-7任 一项所述的方法中的步骤的指令。 [Claim 9] An electronic device, comprising a processor, a memory, a communication interface, and one or more programs, the one or more programs are stored in the memory, and are configured by all The processor executes, and the program includes instructions for performing the steps in the method according to any one of claims 1-7.
[权利要求 10] 一种计算机可读存储介质, 其特征在于, 存储用于电子数据交换的计 算机程序, 其中, 所述计算机程序使得计算机执行如权利要求 1-7任 一项所述的方法。 [Claim 10] A computer-readable storage medium, characterized by storing a computer program for electronic data exchange, wherein the computer program causes a computer to execute the method according to any one of claims 1-7.
PCT/CN2019/121604 2018-12-29 2019-11-28 Authority verification method and related device WO2020134838A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811640222.4 2018-12-29
CN201811640222.4A CN109815683B (en) 2018-12-29 2018-12-29 Authority verification method and related device

Publications (1)

Publication Number Publication Date
WO2020134838A1 true WO2020134838A1 (en) 2020-07-02

Family

ID=66603052

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/121604 WO2020134838A1 (en) 2018-12-29 2019-11-28 Authority verification method and related device

Country Status (2)

Country Link
CN (1) CN109815683B (en)
WO (1) WO2020134838A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333272A (en) * 2020-11-06 2021-02-05 杭州安恒信息技术股份有限公司 Micro-service data access method, device, equipment and readable storage medium
CN112364338A (en) * 2020-11-30 2021-02-12 杭州安恒信息技术股份有限公司 Management method and device of micro-service framework, electronic device and storage medium
CN112487405A (en) * 2020-12-18 2021-03-12 中国农业银行股份有限公司 Authority information processing method and device
CN113472794A (en) * 2021-07-05 2021-10-01 福州数据技术研究院有限公司 Multi-application system authority unified management method based on micro-service and computer readable storage medium
CN113556357A (en) * 2021-07-30 2021-10-26 平安普惠企业管理有限公司 Authentication method, device, equipment and storage medium based on registration center
CN113688343A (en) * 2021-07-23 2021-11-23 济南浪潮数据技术有限公司 Page permission control method, device, equipment and readable storage medium
CN115131103A (en) * 2022-06-27 2022-09-30 拉扎斯网络科技(上海)有限公司 Data processing method, terminal, server, electronic device and storage medium
CN116980182A (en) * 2023-06-21 2023-10-31 杭州明实科技有限公司 Abnormal request detection method and device and electronic equipment

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109815683B (en) * 2018-12-29 2021-09-14 深圳云天励飞技术有限公司 Authority verification method and related device
CN110381285B (en) * 2019-07-19 2021-05-28 视联动力信息技术股份有限公司 Conference initiating method and device
CN110708298A (en) * 2019-09-23 2020-01-17 广州海颐信息安全技术有限公司 Method and device for centralized management of dynamic instance identity and access
CN110912901A (en) * 2019-11-27 2020-03-24 中国银行股份有限公司 Application login verification method, device and system
CN112906018A (en) * 2021-02-01 2021-06-04 北京金山云网络技术有限公司 Authority control method, device, server and computer storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106470184A (en) * 2015-08-14 2017-03-01 阿里巴巴集团控股有限公司 Safety certifying method, apparatus and system
CN108306877A (en) * 2018-01-30 2018-07-20 泰康保险集团股份有限公司 Verification method, device and the storage medium of subscriber identity information based on NODE JS
CN108810029A (en) * 2018-07-23 2018-11-13 珠海宏桥高科技有限公司 Right discriminating system and optimization method between a kind of micro services infrastructure services
CN109815683A (en) * 2018-12-29 2019-05-28 深圳云天励飞技术有限公司 Method for verifying authority and relevant apparatus

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107528853A (en) * 2017-09-12 2017-12-29 上海艾融软件股份有限公司 The implementation method of micro services control of authority
CN108901022B (en) * 2018-06-28 2021-08-20 深圳云之家网络有限公司 Micro-service unified authentication method and gateway

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106470184A (en) * 2015-08-14 2017-03-01 阿里巴巴集团控股有限公司 Safety certifying method, apparatus and system
CN108306877A (en) * 2018-01-30 2018-07-20 泰康保险集团股份有限公司 Verification method, device and the storage medium of subscriber identity information based on NODE JS
CN108810029A (en) * 2018-07-23 2018-11-13 珠海宏桥高科技有限公司 Right discriminating system and optimization method between a kind of micro services infrastructure services
CN109815683A (en) * 2018-12-29 2019-05-28 深圳云天励飞技术有限公司 Method for verifying authority and relevant apparatus

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112333272A (en) * 2020-11-06 2021-02-05 杭州安恒信息技术股份有限公司 Micro-service data access method, device, equipment and readable storage medium
CN112364338A (en) * 2020-11-30 2021-02-12 杭州安恒信息技术股份有限公司 Management method and device of micro-service framework, electronic device and storage medium
CN112364338B (en) * 2020-11-30 2024-04-09 杭州安恒信息技术股份有限公司 Management method and device of micro-service framework, electronic device and storage medium
CN112487405A (en) * 2020-12-18 2021-03-12 中国农业银行股份有限公司 Authority information processing method and device
CN112487405B (en) * 2020-12-18 2023-07-28 中国农业银行股份有限公司 Authority information processing method and device
CN113472794A (en) * 2021-07-05 2021-10-01 福州数据技术研究院有限公司 Multi-application system authority unified management method based on micro-service and computer readable storage medium
CN113472794B (en) * 2021-07-05 2023-08-15 福州数据技术研究院有限公司 Multi-application system authority unified management method based on micro-service and storage medium
CN113688343B (en) * 2021-07-23 2023-11-03 济南浪潮数据技术有限公司 Page authority control method, device, equipment and readable storage medium
CN113688343A (en) * 2021-07-23 2021-11-23 济南浪潮数据技术有限公司 Page permission control method, device, equipment and readable storage medium
CN113556357A (en) * 2021-07-30 2021-10-26 平安普惠企业管理有限公司 Authentication method, device, equipment and storage medium based on registration center
CN115131103A (en) * 2022-06-27 2022-09-30 拉扎斯网络科技(上海)有限公司 Data processing method, terminal, server, electronic device and storage medium
CN116980182B (en) * 2023-06-21 2024-02-27 杭州明实科技有限公司 Abnormal request detection method and device and electronic equipment
CN116980182A (en) * 2023-06-21 2023-10-31 杭州明实科技有限公司 Abnormal request detection method and device and electronic equipment

Also Published As

Publication number Publication date
CN109815683A (en) 2019-05-28
CN109815683B (en) 2021-09-14

Similar Documents

Publication Publication Date Title
WO2020134838A1 (en) Authority verification method and related device
US12063208B2 (en) Single sign-on for unmanaged mobile devices
CN109600306B (en) Method, device and storage medium for creating session
EP3723341B1 (en) Single sign-on for unmanaged mobile devices
US11196739B2 (en) Authorization activation
US11190501B2 (en) Hybrid single sign-on for software applications and services using classic and modern identity providers
EP2919435B1 (en) Communication terminal and secure log-in method and program
US9430302B2 (en) Method, device and system for using and invoking Oauth API
US11570165B2 (en) Single sign-on service authentication through a voice assistant
CN113630377B (en) Single sign-on for hosted mobile devices
EP2156306B1 (en) Method and system for pre-authenticated calling for voice applications
EP3942775B1 (en) Application integration using multiple user identities
EP2441208B1 (en) Access control to secured application features using client trust levels
US11509479B2 (en) Service authentication through a voice assistant
CN111786969B (en) Single sign-on method, device and system
CN105188060A (en) Mobile terminal-oriented single sign-on (SSO) authentication method and system
US12063214B2 (en) Service authentication through a voice assistant
CN116170234B (en) Single sign-on method and system based on virtual account authentication
CN111510444A (en) Remote access method, system, server and access auxiliary component of container
WO2015096483A1 (en) Terminal application registration method, device and system
US20230291726A1 (en) System and method for providing multi factor authorization to rdp services through a zero trust cloud environment
CN113055186B (en) Cross-system service processing method, device and system
CN114567446A (en) Login authentication method and device, electronic equipment and storage medium
CN114268478A (en) Call request authentication method, device, equipment and medium of edge cloud platform
JP7305072B1 (en) Method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19905924

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19905924

Country of ref document: EP

Kind code of ref document: A1