WO2020233354A1 - 基于网关的外部服务调用方法、装置及终端设备 - Google Patents

基于网关的外部服务调用方法、装置及终端设备 Download PDF

Info

Publication number
WO2020233354A1
WO2020233354A1 PCT/CN2020/087176 CN2020087176W WO2020233354A1 WO 2020233354 A1 WO2020233354 A1 WO 2020233354A1 CN 2020087176 W CN2020087176 W CN 2020087176W WO 2020233354 A1 WO2020233354 A1 WO 2020233354A1
Authority
WO
WIPO (PCT)
Prior art keywords
service
external
address
target service
call request
Prior art date
Application number
PCT/CN2020/087176
Other languages
English (en)
French (fr)
Inventor
李晨光
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2020233354A1 publication Critical patent/WO2020233354A1/zh

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0876Aspects of the degree of configuration automation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Definitions

  • This application belongs to the technical field of massive data processing, and in particular relates to a gateway-based external service invocation method, device, terminal device, and computer-readable storage medium.
  • network isolation solutions are usually applied in the network architecture built to isolate the internal network from the external network and ensure that users cannot Leaking secrets through external networks.
  • the internal network Based on the internal and external network platforms that have been built, if the internal network wants to access external services provided by the external network to obtain data or perform other operations, it must pass the authentication and forwarding of the internal and external network platforms, but generally speaking, the internal and external network platforms And external services often have specific format requirements, causing the caller (that is, the user of the internal network) to manually configure the request according to the format requirements, and then send the request to the internal and external network platform.
  • the caller that is, the user of the internal network
  • embodiments of the present application provide a gateway-based method, device, terminal device, and computer-readable storage medium for invoking external services to solve the problem of low convenience in invoking external services in the prior art and the inability to achieve batch invoking.
  • the first aspect of the embodiments of the present application provides a gateway-based method for invoking external services, including:
  • the gateway address is the address of a preset service gateway
  • the invocation request is completed based on the configuration information corresponding to the target service, and the completed invocation request is configured based on the configuration rule corresponding to the target service, and the configured
  • the call request is forwarded to the internal and external network platform;
  • the configured call request is forwarded from the internal and external network platform to the target service. If the configured source address of the call request is in the whitelist of the target service, the configured call request is The call request calls the target service.
  • the second aspect of the embodiments of the present application provides a gateway-based external service invoking device, including:
  • the replacement unit is used to find the calling code used to call the external service in the caller and replace the calling object in the calling code with a preset gateway address, wherein the caller is located in the internal network, and the external
  • the service is a service provided by an external network, and the gateway address is the address of a preset service gateway;
  • the reading unit is used to read all the external services that have been registered in the internal and external network platforms, and obtain and store the configuration information and configuration rules of each of the external services.
  • the internal and external network platforms are used to implement internal network and Isolation and communication between said external networks;
  • the running unit is used to run the calling code and send a calling request to the service gateway;
  • a determining unit configured to analyze the external service requested by the call request, and determine the external service as a target service
  • the configuration unit is configured to complete the invocation request based on the configuration information corresponding to the target service, and configure the completed invocation request based on the configuration rule corresponding to the target service, and The configured call request is forwarded to the internal and external network platform;
  • the invoking unit is configured to forward the configured invocation request from the internal and external network platform to the target service, and if the source address of the configured invocation request is in the whitelist of the target service, follow The configured call request calls the target service.
  • a third aspect of the embodiments of the present application provides a terminal device.
  • the terminal device includes a memory, a processor, and a computer program stored in the memory and running on the processor, and the processor executes all When the computer program is described, the following steps are implemented:
  • the gateway address is the address of a preset service gateway
  • the invocation request is completed based on the configuration information corresponding to the target service, and the completed invocation request is configured based on the configuration rule corresponding to the target service, and the configured
  • the call request is forwarded to the internal and external network platform;
  • the configured call request is forwarded from the internal and external network platform to the target service. If the configured source address of the call request is in the whitelist of the target service, the configured call request is The call request calls the target service.
  • the fourth aspect of the embodiments of the present application provides a computer-readable storage medium that stores a computer program, and the computer program implements the following steps when executed by a processor.
  • the gateway address is the address of a preset service gateway
  • the invocation request is completed based on the configuration information corresponding to the target service, and the completed invocation request is configured based on the configuration rule corresponding to the target service, and the configured
  • the call request is forwarded to the internal and external network platform;
  • the configured call request is forwarded from the internal and external network platform to the target service. If the configured source address of the call request is in the whitelist of the target service, the configured call request is The call request calls the target service.
  • the calling object in the calling code for calling the external service is uniformly replaced with the gateway address, and at the same time, the configuration information and configuration rules of the registered external service in the internal and external network platform are stored. After the calling request is received, it is based on the configuration information and The configuration rule completes and configures the call request, and finally forwards the configured call request to the internal and external network platform, and forwards it to the target service via the internal and external network platform.
  • the embodiment of the present invention realizes the automatic completion and automatic configuration of the call request.
  • the configured call request conforms to the format requirements of the external service, while reducing manual operations and improving the convenience of calling external services.
  • FIG. 1 is an implementation flowchart of a gateway-based external service invocation method provided by Embodiment 1 of the present application;
  • FIG. 2 is an implementation flowchart of a gateway-based external service invocation method provided by Embodiment 2 of the present application;
  • FIG. 3 is an implementation flowchart of a gateway-based external service invocation method provided by Embodiment 3 of the present application;
  • FIG. 4 is an implementation flowchart of a gateway-based external service invocation method provided by Embodiment 4 of the present application;
  • FIG. 5 is a structural block diagram of a gateway-based external service invoking device provided by Embodiment 5 of the present application;
  • FIG. 6 is a schematic diagram of a terminal device provided in Embodiment 6 of the present application.
  • FIG 1 shows the implementation process of the gateway-based external service invocation method provided by the embodiment of the present application, which is detailed as follows:
  • the gateway address is a preset service gateway address.
  • the embodiments of this application are aimed at a network architecture applying a network isolation solution.
  • the network architecture includes an internal network and an external network.
  • the internal network and the external network are isolated from each other, and both the internal network and the external network are connected to the internal and external network platforms.
  • the internal and external network platforms realize communication.
  • the embodiment of this application does not limit the method of network isolation. For example, network isolation can be achieved by setting a firewall or setting a specific protocol.
  • the number of internal networks and external networks referred to in the embodiments of this application is at least One, for example, if the network isolation scheme is applied to a unit that includes internal subunit A, internal subunit B, external subunit C, and external subunit D, you can divide an internal network A to internal subunit A Use, divide an internal network B to internal sub-unit B, divide an external network C to external sub-unit C, divide an external network D to external sub-unit D, where different internal networks are isolated from each other Status, different external networks are also in a state of isolation from each other.
  • An external service is a service provided by an external network, which may be specifically a log service or a data service, etc., which may be determined according to the actual situation of the external network, which is not limited in the embodiment of the present application.
  • a routing module is established between the internal and external network platforms and the network (including the internal network and the external network), and the routing module is used to perform
  • the routing module is named as the service gateway, and the address of the service gateway is used as the gateway address. Then, find the calling code used to call the external service in the caller, and replace the calling object in the calling code with the gateway address.
  • the calling object can be pre-designated by the user or administrator, or can be found by other methods.
  • the specific content is in Explained later. It is worth mentioning that registration refers to the provision of service-related information to the internal and external network platforms, so that the internal and external network platforms can access, identify and display the network.
  • the specific value of the aforementioned gateway address can be set according to actual application scenarios. After completing the above operations, it can be considered that the service gateway provides a third-party service that abstracts all external services.
  • S102 read all the external services that have been registered in the internal and external network platforms, obtain and store configuration information and configuration rules for each external service, where the internal and external network platforms are used to implement the internal network and the Isolation and communication between external networks.
  • the configuration information and configuration rules can be stored in the established service gateway and established with the gateway address connection relation.
  • the configuration information refers to the operating parameters of the external service.
  • the configuration information may include the Internet protocol address, port number, service interface name, service interface version number, and network protocol used of the external service. This embodiment of the application does not do this.
  • configuration rules refer to the rules of external requests that can be recognized by external services, that is, external services cannot recognize external requests that do not meet the configuration rules.
  • the configuration rules can be configured as empty, and the configuration rules of different external services may be the same or different , The details will be explained later.
  • the number of callers is at least one. For the convenience of description, the following description assumes that there is only one call request initiated by the caller.
  • the external service requested by the call request is analyzed, and the external service is determined as a target service.
  • the content of the call request can be analyzed according to the content of the call request.
  • External service the analyzed external service is determined as the target service.
  • the call request is completed based on the configuration information corresponding to the target service, and the completed call request is configured based on the configuration rule corresponding to the target service, and the configuration
  • the subsequent call request is forwarded to the internal and external network platform.
  • the information in the call request may be incomplete.
  • the internal and external network platform can only identify requests that also contain the Internet protocol address, port number, service interface name, and service interface version number of the external service, while the call request only contains If there is an Internet protocol address of an external service, if the call request is sent directly to the intranet and extranet platform, it is likely that the call request cannot be successfully forwarded to the target service because the intranet and external network platform cannot recognize the call request.
  • the invocation request is completed based on the configuration information corresponding to the target service in the service gateway.
  • the completed call request is configured based on the configuration rules corresponding to the target service, and finally the configured call request is forwarded to the internal and external network platform (in order to make the service).
  • the call request in the gateway can be forwarded to the internal and external network platform, and the route mapping relationship from the gateway address to the address of the internal and external network platform is stored in the service gateway in advance to ensure that the call request can be successfully identified by the internal and external network platform and the target service.
  • the configuration rule corresponding to the target service is an address replacement rule
  • the address replacement rule corresponds to a preset whitelist address
  • the whitelist address is in the whitelist of the target service
  • obtain the completed call request Source address and replace the source address with the whitelist address corresponding to the address replacement rule.
  • the configuration rule corresponding to the target service may be an address replacement rule, which is used to instruct to replace the source address in the call request, so that the replaced source address can be successfully identified by the target service.
  • the configuration rule is an address replacement rule
  • the preset whitelist address corresponding to the address replacement rule is obtained.
  • the whitelist address is in the whitelist of the target service, and the whitelist address can be pre-appointed by an external service manager Make settings, and then identify the source address in the completed call request in this step (the source address is usually the address of the caller), and replace the source address with the whitelist address corresponding to the address replacement rule.
  • the whitelist address is used as the proxy address of the call request to access the target service.
  • the location of the source address in the request is usually fixed and is related to the protocol type applied by the request. Therefore, the location of the source address can be determined according to the protocol type of the calling request application, thereby identifying the source address.
  • the source address of the call request is replaced, it can be applied to the access requirement of the target service, and it is ensured that the replaced call request can be successfully recognized by the target service.
  • the configuration rule corresponding to the target service is an encapsulation rule, and the encapsulation rule corresponds to a preset encapsulation protocol type
  • the completed call request is encapsulated according to the encapsulation protocol type corresponding to the encapsulation rule.
  • the configuration rule corresponding to the target service may be an encapsulation rule, and the encapsulation rule is used to instruct the call request to be encapsulated according to an encapsulation protocol type recognizable by the target service.
  • the encapsulation protocol type corresponding to the encapsulation rule of the target service is obtained.
  • the encapsulation protocol type can be set by the manager of the external service.
  • the completed call request is obtained according to the obtained The encapsulation protocol type to be encapsulated.
  • the encapsulation protocol type For example, suppose the target service can only recognize the request whose protocol type is Hypertext Transfer Protocol Secure (HTTPS), that is, the encapsulation protocol type is HTTPS, then in this step, the completed call is made according to the HTTPS protocol The request is encapsulated, and the encapsulated call request applies the HTTPS protocol and can be successfully identified by the target service.
  • HTTPS Hypertext Transfer Protocol Secure
  • the configuration rule corresponding to the target service is an encryption rule
  • the encryption rule corresponds to a preset encryption algorithm
  • the completed call request is encrypted according to the encryption algorithm corresponding to the encryption rule.
  • the configuration rule corresponding to the target service is an encryption rule.
  • the encryption algorithm corresponding to the encryption rule of the target service is obtained, and the completed call request is encrypted according to the encryption algorithm.
  • the subsequent call request can be successfully identified by the target service.
  • the encryption algorithm may be Data Encryption Standard (DES), International Data Encryption Algorithm (International Data Encryption Algorithm, IDEA) or RSA encryption algorithm, etc.
  • the encryption rules can be preset to correspond to the keys (public key and/or private key) required in the encryption process to further enhance the security of encryption.
  • the above configuration rules are only examples. According to different actual application scenarios, more types of configuration rules can be applied.
  • the number of configuration rules corresponding to the external service may be zero, one, or at least two.
  • the configuration rules corresponding to the target service may include address replacement rules and encryption rules. If the number of configuration rules corresponding to the target service is at least two, only when the invocation request meets all the configuration rules corresponding to the target service can the invocation request be successfully identified by the target service.
  • the configured call request is forwarded from the intranet and external network platform to the target service. If the configured source address of the call request is in the whitelist of the target service, follow the configuration The subsequent call request calls the target service.
  • the configured call request is continuously forwarded to the target service through the internal and external network platform.
  • the target service is called according to the call request, where the whitelist stores the addresses that have permission to access the target service.
  • the embodiment of the application does not limit the specific call method of the call request. For example, if the protocol type of the call request is Hyper Text Transfer Protocol (HTTP), the call request may be to obtain data from the target service.
  • the GET request can be a PUT request to update the data in the target service, a POST request to add data to the target service, or a DELETE request to delete the data in the target service.
  • HTTP Hyper Text Transfer Protocol
  • the calling object in the calling code for calling the external service is uniformly replaced with the gateway address, and the configuration information and configuration rules of the registered external service in the internal and external network platforms are stored at the same time
  • the embodiment of the present application completes the completion and configuration of the invocation request in the established service gateway, reduces manual operations, and improves the convenience and automation of invoking external services.
  • the process of finding the calling code for calling external services in the caller and replacing the calling object in the calling code with the preset gateway address is detailed An external service call method obtained later.
  • the embodiment of the application provides an implementation flowchart of a gateway-based external service invocation method. As shown in FIG. 2, the external service invocation method may include the following steps:
  • the caller When looking for the calling code for calling external services, you can first determine the caller located in the internal network, and the caller is the caller who initiated the call request. Since in the traditional way, the call request is sent directly to the intranet and extranet platforms, in the embodiment of this application, the caller’s underlying code is searched according to the platform address, and each line of underlying code containing the platform address is determined to be the call Code, where the platform address is the address of the internal and external network platforms.
  • the platform address is the calling object of the calling code. Therefore, in this step, the platform address in all calling codes is replaced with the gateway address. After the replacement is completed, when the calling code is run, the calling The request can be automatically sent to the gateway service in the service gateway.
  • a search is performed in the underlying code of the caller to be invoked according to the platform address, and each line of the underlying code containing the platform address is determined as the calling code, and then The platform addresses in all calling codes are replaced with gateway addresses.
  • the embodiment of the present application performs calling code search and address replacement based on platform addresses, which improves the convenience of replacing calling objects.
  • Fig. 3 shows an external service invocation method obtained after analyzing the external service requested by the invocation request and determining the external service as the target service on the basis of Embodiment 1 of the present application.
  • the embodiment of the present application provides an implementation flowchart of a gateway-based external service invocation method. As shown in FIG. 3, the external service invocation method may include the following steps:
  • the feature information included in the call request is obtained, and the feature information is individually matched with all the configuration information, where the feature information is an interface name and/or a destination address.
  • the characteristic information is information that can indicate the only corresponding external service, that is, the information used to distinguish different external services.
  • the characteristic information can be specifically The name and/or destination address of the waiting interface in the call request, and the acquisition location of the name and destination address of the waiting interface in the call request are related to the protocol type of the calling request application.
  • the feature information is individually matched with all the configuration information associated with the gateway address in the service gateway to check whether there is configuration information containing the feature information.
  • the call request contains the source address and the destination address
  • the source address is the address of the caller
  • the destination address is the address of the external service requested by the call request
  • the call object (gateway address) in the call code is The address that initiates the call, the destination address and the calling object have different meanings and cannot be the same.
  • the external service corresponding to the configuration information that is successfully matched is determined as the target service.
  • the feature information matches one of the configuration information successfully, that is, the configuration information contains feature information
  • the external service corresponding to the successfully matched configuration information is determined as the target service; if the feature information does not match all the configuration information, the proof is not There is an external service corresponding to the call request, so the caller is notified that it cannot be called. It is worth mentioning that when the feature information includes the interface name and the destination address, only when a certain configuration information contains the interface name and the destination address, the configuration information and the feature information are determined to match successfully.
  • the feature information contained in the call request is obtained, and the feature information is individually matched with all configuration information. If the feature information matches one of the configuration information successfully, it will match The external service corresponding to the successful configuration information is determined as the target service.
  • the embodiment of the present application determines the target service according to the characteristic information in the call request, which improves the accuracy of the determination process and avoids target service errors.
  • Figure 4 shows a method for invoking an external service after refining the process of completing the invocation request based on the configuration information corresponding to the target service on the basis of the third embodiment of the present application.
  • the embodiment of the present application provides an implementation flowchart of a gateway-based external service invocation method. As shown in FIG. 4, the external service invocation method may include the following steps:
  • an access format corresponding to the intranet and external network platform is acquired, and necessary information in the configuration information corresponding to the target service is filtered out according to the access format.
  • the access format corresponding to the intranet and extranet platforms is obtained.
  • the access format is used to indicate the type of information necessary to access the intranet and extranet platforms.
  • the access format can be managed by the intranet and extranet platforms. Personnel make settings.
  • the necessary information in the configuration information corresponding to the target service is filtered out according to the access format.
  • the access format is "Internet Protocol address of external service-port number-service interface name-service interface version number”
  • the configuration information corresponding to the target service includes the Internet protocol address, port number, service interface name of the external service
  • the service interface version number and the network protocol used only the Internet protocol address, port number, service interface name, and service interface version number in the configuration information are used as necessary information to be filtered out.
  • the call request is completed according to the necessary information until the call request includes the necessary information.
  • the calling request After obtaining the necessary information, complete the call request based on the necessary information, first compare the necessary information with the call request, determine the missing information in the call request, and add the missing information to the call request. The added position and the missing information
  • the type of information is related to the protocol type of the calling request application.
  • the calling request contains the necessary information, which can be successfully identified by the internal and external network platforms. For example, if the necessary information includes the Internet Protocol address, port number, service interface name, and service interface version number of the target service, and the call request contains only the Internet protocol address and port number of the target service, it can be determined that the call request is missing
  • the information is the service interface name and service interface version number, so the service interface name and service interface version number are added to the call request to complete the call request.
  • the access format corresponding to the intranet and external network platforms is obtained, and the necessary information in the configuration information corresponding to the target service is filtered according to the access format, and the call request is completed according to the necessary information.
  • the embodiment of this application completes the call request based on the access format of the intranet and extranet platform to prevent the call request from being successfully recognized by the intranet and extranet platform due to incomplete call request information, and improves the efficiency of the call request .
  • FIG. 5 shows a structural block diagram of a gateway-based external service invoking device provided by an embodiment of the present application.
  • the external service invoking device includes:
  • the replacement unit 51 is configured to find the calling code used to call the external service in the caller, and replace the calling object in the calling code with a preset gateway address, wherein the caller is located in the internal network, and the The external service is a service provided by an external network, and the gateway address is the address of a preset service gateway;
  • the reading unit 52 is configured to read all the external services that have been registered in the internal and external network platforms, and obtain and store configuration information and configuration rules for each of the external services.
  • the internal and external network platforms are used to implement internal networks. Isolation and communication with the external network;
  • the running unit 53 is configured to run the calling code and send a calling request to the service gateway;
  • the determining unit 54 is configured to analyze the external service requested by the call request, and determine the external service as a target service;
  • the configuration unit 55 is configured to complete the call request based on the configuration information corresponding to the target service, and configure the completed call request based on the configuration rule corresponding to the target service, Forwarding the configured call request to the internal and external network platform;
  • the invoking unit 56 is configured to forward the configured invocation request from the intranet and external network platform to the target service. If the configured source address of the invocation request is in the whitelist of the target service, then Call the target service according to the configured call request.
  • the replacement unit 51 includes:
  • the search unit is configured to search in the bottom-level code of the caller according to the platform address, and determine that each line of the bottom-level code containing the platform address is the calling code, where the platform address is internal and external The address of the network platform;
  • the replacement subunit is used to replace the platform addresses in all the calling codes with preset gateway addresses.
  • the determining unit 54 includes:
  • the matching unit is configured to obtain the characteristic information contained in the call request, and to individually match the characteristic information with all the configuration information, where the characteristic information is an interface name and/or a destination address;
  • the determining subunit is configured to determine the external service corresponding to the successfully matched configuration information as a target service if the characteristic information matches one of the configuration information successfully.
  • the configuration unit 55 includes:
  • a screening unit configured to obtain the access format corresponding to the intranet and external network platform, and filter out the necessary information in the configuration information corresponding to the target service according to the access format;
  • the completion unit is configured to complete the call request according to the necessary information until the necessary information is included in the call request.
  • the configuration rule corresponding to the target service is an address replacement rule, and the address replacement rule corresponds to a preset whitelist address.
  • the whitelist address is in the whitelist of the target service, and the configuration unit 55 includes:
  • the identification unit is configured to identify the source address of the completed call request, and replace the source address with the whitelist address corresponding to the address replacement rule.
  • the configuration rule corresponding to the target service is an encapsulation rule
  • the encapsulation rule corresponds to a preset encapsulation protocol type
  • the configuration unit 55 includes:
  • the encapsulation unit is configured to encapsulate the completed call request according to the encapsulation protocol type corresponding to the encapsulation rule.
  • the configuration rule corresponding to the target service is an encryption rule
  • the encryption rule corresponds to a preset encryption algorithm
  • the configuration unit 55 includes:
  • the encryption unit is configured to encrypt the completed call request according to the encryption algorithm corresponding to the encryption rule.
  • the gateway-based external service invoking device provided by the embodiment of the present invention automatically completes and automatically configures the invoking request initiated by the caller, thereby reducing manual operations and improving the convenience of invoking external services.
  • Fig. 6 is a schematic diagram of a terminal device provided by an embodiment of the present application.
  • the terminal device 6 of this embodiment includes: a processor 60, a memory 61, and a computer program 62 stored in the memory 61 and running on the processor 60, such as a gateway-based external service Call the program.
  • the processor 60 executes the computer program 62, the steps in the above embodiments of the gateway-based external service invocation method are implemented, where the steps include: S101.
  • the computer program 62 may be divided into one or more units, and the one or more units are stored in the memory 61 and executed by the processor 60 to complete the application.
  • the one or more units may be a series of computer program instruction segments capable of completing specific functions, and the instruction segments are used to describe the execution process of the computer program 62 in the terminal device 6.
  • the computer program 62 may be divided into a replacement unit, a reading unit, an operation unit, a determination unit, a configuration unit, and a calling unit, and the specific functions of each unit are as follows:
  • the replacement unit is used to find the calling code used to call the external service in the caller and replace the calling object in the calling code with a preset gateway address, wherein the caller is located in the internal network, and the external
  • the service is a service provided by an external network, and the gateway address is the address of a preset service gateway;
  • the reading unit is used to read all the external services that have been registered in the internal and external network platforms, and obtain and store the configuration information and configuration rules of each of the external services.
  • the internal and external network platforms are used to implement internal network and Isolation and communication between said external networks;
  • the running unit is used to run the calling code and send a calling request to the service gateway;
  • a determining unit configured to analyze the external service requested by the call request, and determine the external service as a target service
  • the configuration unit is configured to complete the invocation request based on the configuration information corresponding to the target service, and configure the completed invocation request based on the configuration rule corresponding to the target service, and The configured call request is forwarded to the internal and external network platform;
  • the invoking unit is configured to forward the configured invocation request from the internal and external network platform to the target service, and if the source address of the configured invocation request is in the whitelist of the target service, follow The configured call request calls the target service.
  • the terminal device 6 may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server.
  • the terminal device may include, but is not limited to, a processor 60 and a memory 61.
  • FIG. 6 is only an example of the terminal device 6 and does not constitute a limitation on the terminal device 6. It may include more or less components than shown in the figure, or a combination of certain components, or different components.
  • the terminal device may also include input and output devices, network access devices, buses, etc.
  • the so-called processor 60 may be a central processing unit (Central Processing Unit, CPU), it can also be other general-purpose processors, Digital Signal Processor (DSP), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
  • the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
  • the memory 61 may be an internal storage unit of the terminal device 6, such as a hard disk or memory of the terminal device 6.
  • the memory 61 may also be an external storage device of the terminal device 6, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), or a secure digital (Secure Digital, SD) equipped on the terminal device 6. Card, Flash Card, etc.
  • the memory 61 may also include both an internal storage unit of the terminal device 6 and an external storage device.
  • the memory 61 is used to store the computer program and other programs and data required by the terminal device.
  • the memory 61 can also be used to temporarily store data that has been output or will be output.
  • the disclosed terminal device and method may be implemented in other ways.
  • the terminal device embodiments described above are only illustrative.
  • the division of the units is only a logical function division.
  • there may be other division methods for example, multiple units or components may be combined. Or it can be integrated into another system, or some features can be ignored or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
  • each unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
  • the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium.
  • the computer-readable storage medium may be volatile or It can be non-volatile.
  • this application implements all or part of the processes in the above-mentioned embodiments and methods, and can also be completed by instructing relevant hardware through a computer program.
  • the computer program can be stored in a computer-readable storage medium. When the program is executed by the processor, the steps of the foregoing method embodiments can be implemented. The steps include: S101.
  • the external service is a service provided by the external network, and the gateway address is the address of the preset service gateway; S102. Read all the registered external services in the internal and external network platforms, and obtain and store the information of each external service Configuration information and configuration rules, where the internal and external network platforms are used to implement isolation and communication between the internal network and the external network; S103. Run the calling code and send a calling request to the service gateway; S104. Analyze the external service requested by the invocation request, and determine the external service as a target service; S105.
  • Completing the invocation request based on the configuration information corresponding to the target service, and based on the The configuration rule corresponding to the target service configures the completed call request, and forwards the configured call request to the internal and external network platform; S106.
  • the configured call request is transferred from the The internal and external network platform forwards to the target service, and if the configured source address of the call request is in the whitelist of the target service, the target service is called according to the configured call request.
  • the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate forms.
  • the computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (Read-Only Memory, ROM) , Random Access Memory (Random Access Memory, RAM), electrical carrier signal, telecommunications signal, and software distribution media.
  • ROM Read-Only Memory
  • RAM Random Access Memory
  • electrical carrier signal telecommunications signal
  • software distribution media any entity or device capable of carrying the computer program code
  • recording medium U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (Read-Only Memory, ROM) , Random Access Memory (Random Access Memory, RAM), electrical carrier signal, telecommunications signal, and software distribution media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Automation & Control Theory (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

本申请适用于海量数据处理技术领域,提供了基于网关的外部服务调用方法、装置、终端设备以及计算机可读存储介质,包括:将调用外部服务的调用代码中的调用对象替换为预设的网关地址;获取并存储内外网平台中已注册的每个外部服务的配置信息和配置规则;运行调用代码,将调用请求发向服务网关;将调用请求所请求的外部服务确定为目标服务;基于目标服务对应的配置信息及配置规则对调用请求进行补全及配置,将配置后的调用请求转发至内外网平台;将配置后的调用请求转发至目标服务中,若配置后的调用请求的源地址位于目标服务的白名单中,则按照该调用请求调用目标服务。本申请实现了调用请求的自动补全及自动配置,提升了调用外部服务的便利性。

Description

基于网关的外部服务调用方法、装置及终端设备
本申请要求于2019年5月21日提交中国专利局、申请号为201910422759.1,发明名称为“基于网关的外部服务调用方法、装置及终端设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
技术领域
本申请属于海量数据处理技术领域,尤其涉及基于网关的外部服务调用方法、装置、终端设备以及计算机可读存储介质。
背景技术
随着计算机技术和通信技术的快速发展,针对于目前企业或单位中存在的数据保密需求,通常会在搭建的网络架构中应用网络隔离的方案,使得内部网络与外部网络相互隔离,保证用户无法通过外部网络进行泄密。但是由于内部网络和外部网络之间通常也会存在一定的通信需求,如在内部网络中进行报表统计时,需要获取外部网络中的外部服务所提供的数据,故在应用网络隔离方案的基础上,通常会搭建一个内外网平台进行数据交互。
在已搭建有内外网平台的基础上,若内部网络想访问外部网络提供的外部服务,从而执行获取数据或其他操作,则必须通过内外网平台的认证以及转发,但通常来说,内外网平台以及外部服务往往存在特定的格式要求,导致调用方(即内部网络的用户)必须按照格式要求手动配置好请求,再将请求发送至内外网平台。发明人发现,现有技术中调动外部服务所需的人工配置操作繁琐,服务调用的便利性低,无法快速实现对外部服务的批量调用。
技术问题
有鉴于此,本申请实施例提供了基于网关的外部服务调用方法、装置、终端设备以及计算机可读存储介质,以解决现有技术中调用外部服务的便利性低,无法实现批量调用的问题。
技术解决方案
本申请实施例的第一方面提供了一种基于网关的外部服务调用方法,包括:
查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;
读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信;
运行所述调用代码,将调用请求发向所述服务网关;
分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;
基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;
将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
本申请实施例的第二方面提供了一种基于网关的外部服务调用装置,包括:
替换单元,用于查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;
读取单元,用于读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信;
运行单元,用于运行所述调用代码,将调用请求发向所述服务网关;
确定单元,用于分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;
配置单元,用于基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;
调用单元,用于将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
本申请实施例的第三方面提供了一种终端设备,所述终端设备包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如下步骤:
查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;
读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信;
运行所述调用代码,将调用请求发向所述服务网关;
分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;
基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;
将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
本申请实施例的第四方面提供了一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,所述计算机程序被处理器执行时实现如下步骤。
查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;
读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信;
运行所述调用代码,将调用请求发向所述服务网关;
分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;
基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;
将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
有益效果
本发明实施例与现有技术相比存在的有益效果是:
本发明实施例将调用外部服务的调用代码中的调用对象统一替换为网关地址,同时存储内外网平台中已注册的外部服务的配置信息和配置规则,在接收到调用请求后,基于配置信息和配置规则对调用请求进行补全及配置,最终将配置完成的调用请求转发至内外网平台,并且经由内外网平台转发至目标服务,本发明实施例实现了调用请求的自动补全及自动配置,使得配置后的调用请求符合外部服务的格式要求,同时减少了人工操作,提升了调用外部服务的便利性。
附图说明
图1是本申请实施例一提供的基于网关的外部服务调用方法的实现流程图;
图2是本申请实施例二提供的基于网关的外部服务调用方法的实现流程图;
图3是本申请实施例三提供的基于网关的外部服务调用方法的实现流程图;
图4是本申请实施例四提供的基于网关的外部服务调用方法的实现流程图;
图5是本申请实施例五提供的基于网关的外部服务调用装置的结构框图;
图6是本申请实施例六提供的终端设备的示意图。
本发明的实施方式
为了说明本申请所述的技术方案,下面通过具体实施例来进行说明。
图1示出了本申请实施例提供的基于网关的外部服务调用方法的实现流程,详述如下:
在S101中,查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址。
本申请实施例针对于应用网络隔离方案的网络架构,该网络架构中包括有内部网络和外部网络,内部网络与外部网络之间互相隔离,且内部网络与外部网络均接入内外网平台,通过内外网平台实现通信。本申请实施例对网络隔离的方式并不做限定,比如可通过设置防火墙或通过设置特定协议等方式来实现网络隔离,另外,本申请实施例所指的内部网络和外部网络的数量均为至少一个,举例来说,网络隔离方案应用于某单位中,该单位包括内部子单位A、内部子单位B、外部子单位C以及外部子单位D,则可划分一个内部网络A至内部子单位A使用,划分一个内部网络B至内部子单位B使用,划分一个外部网络C至外部子单位C使用,划分一个外部网络D至外部子单位D使用,其中,不同的内部网络之间处于互相隔离的状态,不同的外部网络之间也同样处于互相隔离的状态。
外部服务是外部网络提供的服务,具体可为日志服务或数据服务等,根据外部网络的实际情况而定,本申请实施例对此不做限定。为了实现从内部网络到外部网络提供的外部服务的快速调用,在本申请实施例中,在内外网平台与网络(包括内部网络和外部网络)之间建立一个路由模块,该路由模块用于进行路由规则的转发,为了便于理解,将该路由模块命名为服务网关,并将服务网关的地址作为网关地址。然后,查找调用方中用于调用外部服务的调用代码,并将调用代码中的调用对象替换为网关地址,该调用对象可由用户或管理员预先指定,也可通过其他方式查找得到,具体内容在后文进行阐述。值得一提的是,注册是指将服务的相关信息提供至内外网平台,从而使得内外网平台接入、识别并展示网络。另外,上述的网关地址的具体数值可根据实际应用场景进行设置。在完成上述操作后,便可视为服务网关提供了一个抽象所有外部服务的第三方服务。
在S102中,读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信。
为了使用户发起的对网关服务的调用能够被正确映射至对应的外部服务,预先设定在内外网平台上注册外部服务时,提供外部服务的配置信息和配置规则,并在本步骤中读取内外网平台中已注册的所有外部服务,获取并存储读取过程中得到的每个外部服务的配置信息和配置规则,配置信息和配置规则可存储在建立的服务网关中,并与网关地址建立关联关系。其中,配置信息是指外部服务的运行参数,比如配置信息可包括外部服务的互联网协议地址、端口号、服务接口名称、服务接口版本号以及所用的网络协议等,本申请实施例对此不做限定;配置规则是指外部服务可识别的外来请求的规则,即外部服务无法识别不符合配置规则的外来请求,配置规则可配置为空,且不同的外部服务的配置规则可能相同,也可能不同,具体在后文进行阐述。
在S103中,运行所述调用代码,将调用请求发向所述服务网关。
将调用代码的中的调用对象替换为网关地址后,即可运行调用代码,将生成的调用请求发向服务网关。在本申请实施例中,调用方的数量为至少一个,为了便于说明,后文以仅存在一个调用方发起的调用请求的情况进行说明。
在S104中,分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务。
对于发向服务网关中的调用请求,在服务网关中对其进行拦截,并且,由于服务网关关联有所有外部服务的配置信息,故可根据该调用请求中的内容分析出该调用请求所请求的外部服务,将分析出的外部服务确定为目标服务。
在S105中,基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台。
在确定目标服务后,由于调用请求中的信息可能不全,比如内外网平台仅能识别同时包含外部服务的互联网协议地址、端口号、服务接口名称以及服务接口版本号的请求,而调用请求仅包含有外部服务的互联网协议地址,如果直接将调用请求发送至内外网平台,很可能因为内外网平台无法识别调用请求,导致调用请求无法被成功地转发至目标服务。针对上述情况,在服务网关中基于目标服务对应的配置信息对调用请求进行补全。而为了使补全后的调用请求能够被目标服务成功识别,再基于目标服务对应的配置规则对补全后的调用请求进行配置,最终将配置后的调用请求转发至内外网平台(为了使服务网关内的调用请求能被转发至内外网平台,预先在服务网关中存储从网关地址到内外网平台的地址的路由映射关系),保证调用请求能够被内外网平台及目标服务成功识别。
可选地,若目标服务对应的配置规则为地址替换规则,且地址替换规则对应一个预设的白名单地址,该白名单地址位于目标服务的白名单中,则获取补全后的调用请求的源地址,并将源地址替换为地址替换规则对应的白名单地址。在确定目标服务后,该目标服务对应的配置规则可能为地址替换规则,该地址替换规则用于指示对调用请求中的源地址进行替换,以使替换后的源地址能够被目标服务成功识别。具体地,在配置规则为地址替换规则的情况下,获取地址替换规则对应的预设的白名单地址,该白名单地址位于目标服务的白名单中,白名单地址可预先由外部服务的管理人员进行设定,然后,在本步骤中识别出补全后的调用请求中的源地址(源地址通常为调用方的地址),将该源地址替换为地址替换规则对应的白名单地址,上述过程即是将白名单地址作为调用请求的代理地址,从而去访问目标服务。其中,源地址在请求中的位置通常固定,且与请求所应用的协议类型相关,故可根据调用请求应用的协议类型来确定源地址的位置,从而识别出源地址。通过上述方法,即对调用请求的源地址进行替换,可适用于目标服务的访问需求,保证替换后的调用请求能够被目标服务成功识别。
可选地,若目标服务对应的配置规则为封装规则,且封装规则对应一个预设的封装协议类型,则对补全后的调用请求按照封装规则对应的封装协议类型进行封装。在另外的情况中,目标服务对应的配置规则可能为封装规则,该封装规则用于指示对调用请求按照目标服务可识别的封装协议类型进行封装。在该情况下,获取与目标服务的封装规则对应的封装协议类型,同样地,该封装协议类型可由外部服务的管理人员进行设定,然后,在本步骤中对补全后的调用请求按照获取到的封装协议类型进行封装。举例来说,假设目标服务仅能识别协议类型为超文本传输安全协议(Hypertext Transfer Protocol Secure,HTTPS)的请求,即封装协议类型为HTTPS,则在本步骤中按照HTTPS协议对补全后的调用请求进行封装,封装后的调用请求即应用HTTPS协议,能够被目标服务成功识别。
可选地,若目标服务对应的配置规则为加密规则,且加密规则对应一个预设的加密算法,则对补全后的调用请求按照加密规则对应的加密算法进行加密。在另一种情况中,目标服务对应的配置规则为加密规则,在该情况下,获取与目标服务的加密规则对应的加密算法,并按照该加密算法对补全后的调用请求进行加密,加密后的调用请求则可被目标服务成功识别。本申请实施例对加密算法的具体类型不做限定,比如加密算法可为数据加密标准(Data Encryption Standard,DES)、国际数据加密算法(International Data Encryption Algorithm,IDEA)或RSA加密算法等。值得一提的是,除了加密算法之外,可预先设置加密规则还对应加密过程中所需的密钥(公钥和/或私钥),以进一步提升加密的安全性。
上述的配置规则仅为示例,根据实际应用场景的不同,还可应用更多种类的配置规则。并且,外部服务对应的配置规则的数量可为零个、一个或者至少两个,比如目标服务对应的配置规则可能包括地址替换规则和加密规则。若目标服务对应的配置规则的数量为至少两个,则只有当调用请求符合目标服务对应的全部配置规则时,调用请求才能够被目标服务成功识别。
在S105中,将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
在将配置后的调用请求转发至内外网平台后,由于内外网平台本身具有对符合配置规则的请求进行转发的特性,故通过内外网平台将配置后的调用请求继续转发至目标服务中。若该调用请求中的源地址位于目标服务的白名单中,则按照该调用请求调用目标服务,其中,白名单中存放的是有权限访问目标服务的地址。本申请实施例对调用请求的具体调用方式不做限定,举例来说,假如调用请求的协议类型为超文本传输协议(Hyper Text Transfer Protocol,HTTP),则调用请求可为从目标服务中获取数据的GET请求,可为更新目标服务中的数据的PUT请求,可为向目标服务中添加数据的POST请求,可为删除目标服务中的数据的DELETE请求。
通过图1所示实施例可知,在本申请实施例中,将调用外部服务的调用代码中的调用对象统一替换为网关地址,同时存储内外网平台中已注册的外部服务的配置信息和配置规则,在接收到调用请求后,基于配置信息和配置规则对调用请求进行补全及配置,最终将配置完成的调用请求转发至内外网平台,并通过内外网平台将该调用请求转发至目标服务中,从而实现对目标服务的调用,本申请实施例在建立的服务网关中完成对调用请求的补全及配置,减少了人工操作,提升了调用外部服务的便利性和自动化程度。
图2所示,是在本申请实施例一的基础上,对查找调用方中用于调用外部服务的调用代码,并将调用代码中的调用对象替换为预设的网关地址的过程进行细化后得到的一种外部服务调用方法。本申请实施例提供了基于网关的外部服务调用方法的实现流程图,如图2所示,该外部服务调用方法可以包括以下步骤:
在S201中,根据平台地址在所述调用方的底层代码中进行查找,并将含有所述平台地址的每一行所述底层代码均确定为所述调用代码,其中,所述平台地址为内外网平台的地址。
在查找用于调用外部服务的调用代码时,可首先确定位于内部网络的调用方,该调用方为发起调用请求的调用主体。由于在传统方式中,调用请求是直接被发送至内外网平台,故在本申请实施例中根据平台地址在调用方的底层代码中进行查找,将含有平台地址的每一行底层代码均确定为调用代码,其中平台地址为内外网平台的地址。
在S202中,将所有所述调用代码中的所述平台地址均替换为预设的网关地址。
对于查找出的调用代码,其中的平台地址即为该调用代码的调用对象,故在本步骤中将所有调用代码中的平台地址均替换为网关地址,替换完成后,在运行调用代码时,调用请求便可自动被发送至服务网关中的网关服务中。
通过图2所示实施例可知,在本申请实施例中,根据平台地址在待发起调用的调用方的底层代码中进行查找,并将含有平台地址的每一行底层代码均确定为调用代码,然后将所有调用代码中的平台地址均替换为网关地址,本申请实施例基于平台地址进行调用代码的查找及地址替换,提升了替换调用对象的便捷性。
图3所示,是在本申请实施例一的基础上,对分析调用请求所请求的外部服务,将该外部服务确定为目标服务的过程进行细化后得到的一种外部服务调用方法。本申请实施例提供了基于网关的外部服务调用方法的实现流程图,如图3所示,该外部服务调用方法可以包括以下步骤:
在S301中,获取所述调用请求包含的特征信息,并将所述特征信息与所有所述配置信息进行单独匹配,其中,所述特征信息为接口名称和/或目的地址。
在将调用请求发送至服务网关后,获取调用请求包含的特征信息,该特征信息为能够指示出对应的唯一一个外部服务的信息,即用于区分不同的外部服务的信息,特征信息具体可为调用请求中的待接口名称和/或目的地址,待接口名称及目的地址位于调用请求中的获取位置与调用请求应用的协议类型相关。在获取到特征信息之后,将特征信息与服务网关中的与网关地址关联的所有配置信息进行单独匹配,查看是否有包含特征信息的配置信息。值得一提的是,调用请求内包含源地址和目的地址,源地址为调用方的地址,目的地址是该调用请求所请求的外部服务的地址,而调用代码中的调用对象(网关地址)是发起调用的地址,目的地址与调用对象的含义不同,并不能等同。
在S302中,若所述特征信息与其中一个所述配置信息匹配成功,则将匹配成功的所述配置信息所对应的所述外部服务确定为目标服务。
若特征信息与其中一个配置信息匹配成功,即该配置信息包含特征信息,则将匹配成功的配置信息所对应的外部服务确定为目标服务;若特征信息与所有的配置信息均不匹配,证明不存在与调用请求对应的外部服务,故向调用方输出无法调用的提示。值得一提的是,在特征信息包含接口名称和目的地址的情况下,只有当某个配置信息均含有该接口名称和该目的地址时,才认定该配置信息与特征信息匹配成功。
通过图3所示实施例可知,在本申请实施例中,获取调用请求包含的特征信息,并将特征信息与所有配置信息进行单独匹配,若特征信息与其中一个配置信息匹配成功,则将匹配成功的配置信息所对应的外部服务确定为目标服务,本申请实施例根据调用请求中的特征信息来确定目标服务,提升了确定过程的准确性,避免目标服务错误。
图4所示,是在本申请实施例三的基础上,对基于目标服务对应的配置信息对调用请求进行补全的过程进行细化后得到的一种外部服务调用方法。本申请实施例提供了基于网关的外部服务调用方法的实现流程图,如图4所示,该外部服务调用方法可以包括以下步骤:
在S401中,获取所述内外网平台对应的访问格式,并根据所述访问格式筛选出所述目标服务对应的所述配置信息中的必要信息。
为了规范补全调用请求的机制,在本申请实施例中,获取内外网平台对应的访问格式,该访问格式用于指示访问内外网平台所必要的信息的类型,访问格式可由内外网平台的管理人员进行设定。在获取到访问格式后,由于配置信息中的某些信息可能是访问内外网平台所非必要的,故根据访问格式筛选出目标服务对应的配置信息中的必要信息。为了便于说明,假设访问格式为“外部服务的互联网协议地址-端口号-服务接口名称-服务接口版本号”,目标服务对应的配置信息包括外部服务的互联网协议地址、端口号、服务接口名称、服务接口版本号以及所用的网络协议,则只将配置信息中的互联网协议地址、端口号、服务接口名称以及服务接口版本号作为筛选出的必要信息。
在S402中,根据所述必要信息补全所述调用请求,直到所述调用请求中包含所述必要信息。
在得到必要信息后,根据必要信息补全调用请求,具体先将必要信息与调用请求进行比较,确定调用请求中缺失的信息,并将缺失的信息添加至调用请求中,添加的位置与缺失的信息的类型与调用请求应用的协议类型相关,在补全完成后,调用请求即包含有必要信息,能够被内外网平台成功识别。举例来说,必要信息包括目标服务的互联网协议地址、端口号、服务接口名称以及服务接口版本号,而调用请求中仅包含目标服务的互联网协议地址及端口号,则可确定出调用请求中缺失的信息为服务接口名称以及服务接口版本号,故将服务接口名称以及服务接口版本号添加至调用请求中,完成对调用请求的补全。
通过图4所示实施例可知,在本申请实施例中,获取内外网平台对应的访问格式,并根据访问格式筛选出目标服务对应的配置信息中的必要信息,根据必要信息补全调用请求,直到调用请求中包含必要信息,本申请实施例基于内外网平台的访问格式对调用请求进行补全,防止因调用请求信息不全导致调用请求无法被内外网平台成功识别,提升了调用请求的有效率。
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。
对应于上文实施例所述的方法,图5示出了本申请实施例提供的基于网关的外部服务调用装置的结构框图,参照图5,该外部服务调用装置包括:
替换单元51,用于查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;
读取单元52,用于读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信;
运行单元53,用于运行所述调用代码,将调用请求发向所述服务网关;
确定单元54,用于分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;
配置单元55,用于基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;
调用单元56,用于将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
可选地,替换单元51包括:
查找单元,用于根据平台地址在所述调用方的底层代码中进行查找,并将含有所述平台地址的每一行所述底层代码均确定为所述调用代码,其中,所述平台地址为内外网平台的地址;
替换子单元,用于将所有所述调用代码中的所述平台地址均替换为预设的网关地址。
可选地,确定单元54包括:
匹配单元,用于获取所述调用请求包含的特征信息,并将所述特征信息与所有所述配置信息进行单独匹配,其中,所述特征信息为接口名称和/或目的地址;
确定子单元,用于若所述特征信息与其中一个所述配置信息匹配成功,则将匹配成功的所述配置信息所对应的所述外部服务确定为目标服务。
可选地,配置单元55包括:
筛选单元,用于获取所述内外网平台对应的访问格式,并根据所述访问格式筛选出所述目标服务对应的所述配置信息中的必要信息;
补全单元,用于根据所述必要信息补全所述调用请求,直到所述调用请求中包含所述必要信息。
可选地,目标服务对应的配置规则为地址替换规则,且该地址替换规则对应一个预设的白名单地址,该白名单地址位于目标服务的白名单中,配置单元55包括:
识别单元,用于识别出补全后的所述调用请求的源地址,并将所述源地址替换为所述地址替换规则对应的所述白名单地址。
可选地,目标服务对应的配置规则为封装规则,且封装规则对应一个预设的封装协议类型,配置单元55包括:
封装单元,用于对补全后的所述调用请求按照所述封装规则对应的所述封装协议类型进行封装。
可选地,目标服务对应的配置规则为加密规则,且加密规则对应一个预设的加密算法,配置单元55包括:
加密单元,用于对补全后的所述调用请求按照所述加密规则对应的所述加密算法进行加密。
因此,本发明实施例提供的基于网关的外部服务调用装置通过对调用方发起的调用请求进行自动补全及自动配置,减少了人工操作,提升了调用外部服务的便利性。
图6是本申请实施例提供的终端设备的示意图。如图6所示,该实施例的终端设备6包括:处理器60、存储器61以及存储在所述存储器61中并可在所述处理器60上运行的计算机程序62,例如基于网关的外部服务调用程序。所述处理器60执行所述计算机程序62时实现上述各个基于网关的外部服务调用方法实施例中的步骤,其中,所述步骤包括:S101.查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;S102.读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现所述内部网络与所述外部网络之间的隔离和通信;S103.运行所述调用代码,将调用请求发向所述服务网关;S104.分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;S105.基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;S106.将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
示例性的,所述计算机程序62可以被分割成一个或多个单元,所述一个或者多个单元被存储在所述存储器61中,并由所述处理器60执行,以完成本申请。所述一个或多个单元可以是能够完成特定功能的一系列计算机程序指令段,该指令段用于描述所述计算机程序62在所述终端设备6中的执行过程。例如,所述计算机程序62可以被分割成替换单元、读取单元、运行单元、确定单元、配置单元以及调用单元,各单元具体功能如下:
替换单元,用于查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;
读取单元,用于读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信;
运行单元,用于运行所述调用代码,将调用请求发向所述服务网关;
确定单元,用于分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;
配置单元,用于基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;
调用单元,用于将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
所述终端设备6可以是桌上型计算机、笔记本、掌上电脑及云端服务器等计算设备。所述终端设备可包括,但不仅限于,处理器60、存储器61。本领域技术人员可以理解,图6仅仅是终端设备6的示例,并不构成对终端设备6的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件,例如所述终端设备还可以包括输入输出设备、网络接入设备、总线等。
所称处理器60可以是中央处理单元(Central Processing Unit,CPU),还可以是其他通用处理器、数字信号处理器 (Digital Signal Processor,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现成可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件等。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。
所述存储器61可以是所述终端设备6的内部存储单元,例如终端设备6的硬盘或内存。所述存储器61也可以是所述终端设备6的外部存储设备,例如所述终端设备6上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。进一步地,所述存储器61还可以既包括所述终端设备6的内部存储单元也包括外部存储设备。所述存储器61用于存储所述计算机程序以及所述终端设备所需的其他程序和数据。所述存储器61还可以用于暂时地存储已经输出或者将要输出的数据。
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元完成,即将所述终端设备的内部结构划分成不同的功能单元,以完成以上描述的全部或者部分功能。实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中,上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。另外,各功能单元的具体名称也只是为了便于相互区分,并不用于限制本申请的保护范围。上述系统中单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述或记载的部分,可以参见其它实施例的相关描述。
本领域普通技术人员可以意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、或者计算机软件和电子硬件的结合来实现。这些功能究竟以硬件还是软件方式来执行,取决于技术方案的特定应用和设计约束条件。专业技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应认为超出本发明的范围。
在本发明所提供的实施例中,应该理解到,所揭露的终端设备和方法,可以通过其它的方式实现。例如,以上所描述的终端设备实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通讯连接可以是通过一些接口,装置或单元的间接耦合或通讯连接,可以是电性,机械或其它的形式。
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中,该计算机可读取存储介质可以是易失性的,也可以是非易失性的。基于这样的理解,本申请实现上述实施例方法中的全部或部分流程,也可以通过计算机程序来指令相关的硬件来完成,所述的计算机程序可存储于一计算机可读存储介质中,该计算机程序在被处理器执行时,可实现上述各个方法实施例的步骤。所述步骤包括:S101.查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;S102.读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现所述内部网络与所述外部网络之间的隔离和通信;S103.运行所述调用代码,将调用请求发向所述服务网关;S104.分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;S105.基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;S106.将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。其中,所述计算机程序包括计算机程序代码,所述计算机程序代码可以为源代码形式、对象代码形式、可执行文件或某些中间形式等。所述计算机可读介质可以包括:能够携带所述计算机程序代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、电载波信号、电信信号以及软件分发介质等。需要说明的是,所述计算机可读介质包含的内容可以根据司法管辖区内立法和专利实践的要求进行适当的增减,例如在某些司法管辖区,根据立法和专利实践,计算机可读介质不包括电载波信号和电信信号。
以上所述实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的精神和范围,均应包含在本发明的保护范围之内。

Claims (20)

  1. 一种基于网关的外部服务调用方法,其中,包括:
    查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;
    读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现所述内部网络与所述外部网络之间的隔离和通信;
    运行所述调用代码,将调用请求发向所述服务网关;
    分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;
    基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;
    将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
  2. 如权利要求1所述的外部服务调用方法,其中,所述查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,包括:
    根据平台地址在所述调用方的底层代码中进行查找,并将含有所述平台地址的每一行所述底层代码均确定为所述调用代码,其中,所述平台地址为内外网平台的地址;
    将所有所述调用代码中的所述平台地址均替换为预设的网关地址。
  3. 如权利要求1所述的外部服务调用方法,其中,所述分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务,包括:
    获取所述调用请求包含的特征信息,并将所述特征信息与所有所述配置信息进行单独匹配,其中,所述特征信息为接口名称和/或目的地址;
    若所述特征信息与其中一个所述配置信息匹配成功,则将匹配成功的所述配置信息所对应的所述外部服务确定为目标服务。
  4. 如权利要求1所述的外部服务调用方法,其中,所述基于所述目标服务对应的所述配置信息对所述调用请求进行补全,包括:
    获取所述内外网平台对应的访问格式,并根据所述访问格式筛选出所述目标服务对应的所述配置信息中的必要信息;
    根据所述必要信息补全所述调用请求,直到所述调用请求中包含所述必要信息。
  5. 如权利要求1所述的外部服务调用方法,其中,所述目标服务对应的所述配置规则为地址替换规则,且所述地址替换规则对应一个预设的白名单地址,所述白名单地址位于所述目标服务的所述白名单中,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:
    识别出补全后的所述调用请求的源地址,并将所述源地址替换为所述地址替换规则对应的所述白名单地址。
  6. 如权利要求1所述的外部服务调用方法,其中,所述目标服务对应的所述配置规则为封装规则,且所述封装规则对应一个预设的封装协议类型,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:
    对补全后的所述调用请求按照所述封装规则对应的所述封装协议类型进行封装。
  7. 如权利要求1所述的外部服务调用方法,其中,所述目标服务对应的所述配置规则为加密规则,且所述加密规则对应一个预设的加密算法,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:
    对补全后的所述调用请求按照所述加密规则对应的所述加密算法进行加密。
  8. 一种基于网关的外部服务调用装置,其中,包括:
    替换单元,用于查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;
    读取单元,用于读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信;
    运行单元,用于运行所述调用代码,将调用请求发向所述服务网关;
    确定单元,用于分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;
    配置单元,用于基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;
    调用单元,用于将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
  9. 一种终端设备,其中,所述终端设备包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如下步骤:
    查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;
    读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信;
    运行所述调用代码,将调用请求发向所述服务网关;
    分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;
    基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;
    将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
  10. 如权利要求9所述的终端设备,其中,所述查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,包括:
    根据平台地址在所述调用方的底层代码中进行查找,并将含有所述平台地址的每一行所述底层代码均确定为所述调用代码,其中,所述平台地址为内外网平台的地址;
    将所有所述调用代码中的所述平台地址均替换为预设的网关地址。
  11. 如权利要求9所述的终端设备,其中,所述分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务,包括:
    获取所述调用请求包含的特征信息,并将所述特征信息与所有所述配置信息进行单独匹配,其中,所述特征信息为接口名称和/或目的地址;
    若所述特征信息与其中一个所述配置信息匹配成功,则将匹配成功的所述配置信息所对应的所述外部服务确定为目标服务。
  12. 如权利要求9所述的终端设备,其中,所述基于所述目标服务对应的所述配置信息对所述调用请求进行补全,包括:
    获取所述内外网平台对应的访问格式,并根据所述访问格式筛选出所述目标服务对应的所述配置信息中的必要信息;
    根据所述必要信息补全所述调用请求,直到所述调用请求中包含所述必要信息。
  13. 如权利要求9所述的终端设备,其中,所述目标服务对应的所述配置规则为地址替换规则,且所述地址替换规则对应一个预设的白名单地址,所述白名单地址位于所述目标服务的所述白名单中,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:
    识别出补全后的所述调用请求的源地址,并将所述源地址替换为所述地址替换规则对应的所述白名单地址。
  14. 如权利要求9所述的终端设备,其中,所述目标服务对应的所述配置规则为封装规则,且所述封装规则对应一个预设的封装协议类型,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:
    对补全后的所述调用请求按照所述封装规则对应的所述封装协议类型进行封装。
  15. 如权利要求9所述的终端设备,其中,所述目标服务对应的所述配置规则为加密规则,且所述加密规则对应一个预设的加密算法,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:
    对补全后的所述调用请求按照所述加密规则对应的所述加密算法进行加密。
  16. 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其中,所述计算机程序被处理器执行时实现如下步骤:
    查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;
    读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现所述内部网络与所述外部网络之间的隔离和通信;
    运行所述调用代码,将调用请求发向所述服务网关;
    分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;
    基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;
    将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
  17. 如权利要求16所述的计算机可读存储介质,其中,所述查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,包括:
    根据平台地址在所述调用方的底层代码中进行查找,并将含有所述平台地址的每一行所述底层代码均确定为所述调用代码,其中,所述平台地址为内外网平台的地址;
    将所有所述调用代码中的所述平台地址均替换为预设的网关地址。
  18. 如权利要求16所述的计算机可读存储介质,其中,所述分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务,包括:
    获取所述调用请求包含的特征信息,并将所述特征信息与所有所述配置信息进行单独匹配,其中,所述特征信息为接口名称和/或目的地址;
    若所述特征信息与其中一个所述配置信息匹配成功,则将匹配成功的所述配置信息所对应的所述外部服务确定为目标服务。
  19. 如权利要求16所述的计算机可读存储介质,其中,所述基于所述目标服务对应的所述配置信息对所述调用请求进行补全,包括:
    获取所述内外网平台对应的访问格式,并根据所述访问格式筛选出所述目标服务对应的所述配置信息中的必要信息;
    根据所述必要信息补全所述调用请求,直到所述调用请求中包含所述必要信息。
  20. 如权利要求16所述的计算机可读存储介质,其中,所述目标服务对应的所述配置规则为地址替换规则,且所述地址替换规则对应一个预设的白名单地址,所述白名单地址位于所述目标服务的所述白名单中,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:
    识别出补全后的所述调用请求的源地址,并将所述源地址替换为所述地址替换规则对应的所述白名单地址。
PCT/CN2020/087176 2019-05-21 2020-04-27 基于网关的外部服务调用方法、装置及终端设备 WO2020233354A1 (zh)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910422759.1A CN110266517B (zh) 2019-05-21 2019-05-21 基于网关的外部服务调用方法、装置及终端设备
CN201910422759.1 2019-05-21

Publications (1)

Publication Number Publication Date
WO2020233354A1 true WO2020233354A1 (zh) 2020-11-26

Family

ID=67914924

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/087176 WO2020233354A1 (zh) 2019-05-21 2020-04-27 基于网关的外部服务调用方法、装置及终端设备

Country Status (2)

Country Link
CN (1) CN110266517B (zh)
WO (1) WO2020233354A1 (zh)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113973139A (zh) * 2021-10-20 2022-01-25 北京沃东天骏信息技术有限公司 一种消息处理的方法和装置
CN114285852A (zh) * 2021-12-28 2022-04-05 杭州数梦工场科技有限公司 基于多级服务平台的服务调用方法及装置
CN114296776A (zh) * 2021-12-08 2022-04-08 山东齐鲁数通科技有限公司 一种服务包配置调用方法、装置、终端设备及存储介质

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110266517B (zh) * 2019-05-21 2021-10-29 深圳壹账通智能科技有限公司 基于网关的外部服务调用方法、装置及终端设备
CN112073504B (zh) * 2020-09-03 2023-07-25 中国平安财产保险股份有限公司 请求转发方法、装置、设备及存储介质
CN112866379B (zh) * 2021-01-15 2022-05-31 浪潮云信息技术股份公司 微服务的访问方法和装置
CN113259436B (zh) * 2021-05-12 2023-04-07 中国建设银行股份有限公司 网络请求的处理方法和装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820449A (zh) * 2010-04-20 2010-09-01 江苏电力调度通信中心 跨安全区应用服务隔离平台
JP2012221255A (ja) * 2011-04-08 2012-11-12 Daiwa Institute Of Research Business Innovation Ltd 情報処理システム,情報処理装置,及び情報処理方法
CN106209801A (zh) * 2016-06-28 2016-12-07 广东电网有限责任公司信息中心 移动应用平台与内外网数据安全交换平台集成系统
CN109150702A (zh) * 2018-08-16 2019-01-04 南京南瑞信息通信科技有限公司 一种连通信息内外网的高性能移动接入网关及其方法
CN110266517A (zh) * 2019-05-21 2019-09-20 深圳壹账通智能科技有限公司 基于网关的外部服务调用方法、装置及终端设备

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015065360A1 (en) * 2013-10-30 2015-05-07 Intel Corporation Platform non-volatile store management and platform configuration
US9712491B2 (en) * 2014-03-03 2017-07-18 Qualcomm Connected Experiences, Inc. Access control lists for private networks of system agnostic connected devices

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101820449A (zh) * 2010-04-20 2010-09-01 江苏电力调度通信中心 跨安全区应用服务隔离平台
JP2012221255A (ja) * 2011-04-08 2012-11-12 Daiwa Institute Of Research Business Innovation Ltd 情報処理システム,情報処理装置,及び情報処理方法
CN106209801A (zh) * 2016-06-28 2016-12-07 广东电网有限责任公司信息中心 移动应用平台与内外网数据安全交换平台集成系统
CN109150702A (zh) * 2018-08-16 2019-01-04 南京南瑞信息通信科技有限公司 一种连通信息内外网的高性能移动接入网关及其方法
CN110266517A (zh) * 2019-05-21 2019-09-20 深圳壹账通智能科技有限公司 基于网关的外部服务调用方法、装置及终端设备

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113973139A (zh) * 2021-10-20 2022-01-25 北京沃东天骏信息技术有限公司 一种消息处理的方法和装置
CN114296776A (zh) * 2021-12-08 2022-04-08 山东齐鲁数通科技有限公司 一种服务包配置调用方法、装置、终端设备及存储介质
CN114285852A (zh) * 2021-12-28 2022-04-05 杭州数梦工场科技有限公司 基于多级服务平台的服务调用方法及装置
CN114285852B (zh) * 2021-12-28 2023-12-26 杭州数梦工场科技有限公司 基于多级服务平台的服务调用方法及装置

Also Published As

Publication number Publication date
CN110266517B (zh) 2021-10-29
CN110266517A (zh) 2019-09-20

Similar Documents

Publication Publication Date Title
WO2020233354A1 (zh) 基于网关的外部服务调用方法、装置及终端设备
CN111367983B (zh) 数据库访问方法、系统、设备和存储介质
WO2020233361A1 (zh) 基于网关的内部服务调用方法、装置及终端设备
EP3399777B1 (en) Bluetooth automatic connection method, master device and system
US20190141022A1 (en) On-premise and off-premise communication
US7627656B1 (en) Providing configuration information to an endpoint
EP1233636A2 (en) System and method for over the air configuration security
WO2021042849A1 (zh) 一种云平台、业务处理方法、命令接口及计算机设备
WO2020119476A1 (zh) 联盟链信息发布控制方法及终端设备
US10908970B1 (en) Data interface for secure analytic data system integration
US11991177B2 (en) Node security with intermediate devices
US20200344112A1 (en) On-premise and off-premise debugging
US20150044997A1 (en) Method and apparatus for verifying the authenticity of mobile device information
US11356295B2 (en) Per-app virtual private network tunnel for multiple processes
US20220377171A1 (en) Fraudulent call detection
CN111984561A (zh) 一种bmc的ipmi命令处理方法、系统、设备以及介质
US20220086182A1 (en) Risk-adaptive dns forwarder
WO2023241366A1 (zh) 数据处理方法、系统、电子设备及计算机可读存储介质
WO2020259691A1 (zh) 一种设备信息的管理方法、装置及系统
WO2021081705A1 (zh) 支付平台管理方法、设备、支付平台以及计算机存储介质
CN114244555B (zh) 一种安全策略的调整方法
CN111046393A (zh) 漏洞信息上传方法、装置、终端设备及存储介质
US11936678B2 (en) System and techniques for inferring a threat model in a cloud-native environment
US9038156B2 (en) Automatic sign in of a user at multiple endpoints
CN110224997B (zh) 基于网关的服务暴露方法、装置及终端设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20809911

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20809911

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 30.03.2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20809911

Country of ref document: EP

Kind code of ref document: A1