WO2020233354A1 - 基于网关的外部服务调用方法、装置及终端设备 - Google Patents
基于网关的外部服务调用方法、装置及终端设备 Download PDFInfo
- Publication number
- WO2020233354A1 WO2020233354A1 PCT/CN2020/087176 CN2020087176W WO2020233354A1 WO 2020233354 A1 WO2020233354 A1 WO 2020233354A1 CN 2020087176 W CN2020087176 W CN 2020087176W WO 2020233354 A1 WO2020233354 A1 WO 2020233354A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- service
- external
- address
- target service
- call request
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0876—Aspects of the degree of configuration automation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/50—Network service management, e.g. ensuring proper service fulfilment according to agreements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Definitions
- This application belongs to the technical field of massive data processing, and in particular relates to a gateway-based external service invocation method, device, terminal device, and computer-readable storage medium.
- network isolation solutions are usually applied in the network architecture built to isolate the internal network from the external network and ensure that users cannot Leaking secrets through external networks.
- the internal network Based on the internal and external network platforms that have been built, if the internal network wants to access external services provided by the external network to obtain data or perform other operations, it must pass the authentication and forwarding of the internal and external network platforms, but generally speaking, the internal and external network platforms And external services often have specific format requirements, causing the caller (that is, the user of the internal network) to manually configure the request according to the format requirements, and then send the request to the internal and external network platform.
- the caller that is, the user of the internal network
- embodiments of the present application provide a gateway-based method, device, terminal device, and computer-readable storage medium for invoking external services to solve the problem of low convenience in invoking external services in the prior art and the inability to achieve batch invoking.
- the first aspect of the embodiments of the present application provides a gateway-based method for invoking external services, including:
- the gateway address is the address of a preset service gateway
- the invocation request is completed based on the configuration information corresponding to the target service, and the completed invocation request is configured based on the configuration rule corresponding to the target service, and the configured
- the call request is forwarded to the internal and external network platform;
- the configured call request is forwarded from the internal and external network platform to the target service. If the configured source address of the call request is in the whitelist of the target service, the configured call request is The call request calls the target service.
- the second aspect of the embodiments of the present application provides a gateway-based external service invoking device, including:
- the replacement unit is used to find the calling code used to call the external service in the caller and replace the calling object in the calling code with a preset gateway address, wherein the caller is located in the internal network, and the external
- the service is a service provided by an external network, and the gateway address is the address of a preset service gateway;
- the reading unit is used to read all the external services that have been registered in the internal and external network platforms, and obtain and store the configuration information and configuration rules of each of the external services.
- the internal and external network platforms are used to implement internal network and Isolation and communication between said external networks;
- the running unit is used to run the calling code and send a calling request to the service gateway;
- a determining unit configured to analyze the external service requested by the call request, and determine the external service as a target service
- the configuration unit is configured to complete the invocation request based on the configuration information corresponding to the target service, and configure the completed invocation request based on the configuration rule corresponding to the target service, and The configured call request is forwarded to the internal and external network platform;
- the invoking unit is configured to forward the configured invocation request from the internal and external network platform to the target service, and if the source address of the configured invocation request is in the whitelist of the target service, follow The configured call request calls the target service.
- a third aspect of the embodiments of the present application provides a terminal device.
- the terminal device includes a memory, a processor, and a computer program stored in the memory and running on the processor, and the processor executes all When the computer program is described, the following steps are implemented:
- the gateway address is the address of a preset service gateway
- the invocation request is completed based on the configuration information corresponding to the target service, and the completed invocation request is configured based on the configuration rule corresponding to the target service, and the configured
- the call request is forwarded to the internal and external network platform;
- the configured call request is forwarded from the internal and external network platform to the target service. If the configured source address of the call request is in the whitelist of the target service, the configured call request is The call request calls the target service.
- the fourth aspect of the embodiments of the present application provides a computer-readable storage medium that stores a computer program, and the computer program implements the following steps when executed by a processor.
- the gateway address is the address of a preset service gateway
- the invocation request is completed based on the configuration information corresponding to the target service, and the completed invocation request is configured based on the configuration rule corresponding to the target service, and the configured
- the call request is forwarded to the internal and external network platform;
- the configured call request is forwarded from the internal and external network platform to the target service. If the configured source address of the call request is in the whitelist of the target service, the configured call request is The call request calls the target service.
- the calling object in the calling code for calling the external service is uniformly replaced with the gateway address, and at the same time, the configuration information and configuration rules of the registered external service in the internal and external network platform are stored. After the calling request is received, it is based on the configuration information and The configuration rule completes and configures the call request, and finally forwards the configured call request to the internal and external network platform, and forwards it to the target service via the internal and external network platform.
- the embodiment of the present invention realizes the automatic completion and automatic configuration of the call request.
- the configured call request conforms to the format requirements of the external service, while reducing manual operations and improving the convenience of calling external services.
- FIG. 1 is an implementation flowchart of a gateway-based external service invocation method provided by Embodiment 1 of the present application;
- FIG. 2 is an implementation flowchart of a gateway-based external service invocation method provided by Embodiment 2 of the present application;
- FIG. 3 is an implementation flowchart of a gateway-based external service invocation method provided by Embodiment 3 of the present application;
- FIG. 4 is an implementation flowchart of a gateway-based external service invocation method provided by Embodiment 4 of the present application;
- FIG. 5 is a structural block diagram of a gateway-based external service invoking device provided by Embodiment 5 of the present application;
- FIG. 6 is a schematic diagram of a terminal device provided in Embodiment 6 of the present application.
- FIG 1 shows the implementation process of the gateway-based external service invocation method provided by the embodiment of the present application, which is detailed as follows:
- the gateway address is a preset service gateway address.
- the embodiments of this application are aimed at a network architecture applying a network isolation solution.
- the network architecture includes an internal network and an external network.
- the internal network and the external network are isolated from each other, and both the internal network and the external network are connected to the internal and external network platforms.
- the internal and external network platforms realize communication.
- the embodiment of this application does not limit the method of network isolation. For example, network isolation can be achieved by setting a firewall or setting a specific protocol.
- the number of internal networks and external networks referred to in the embodiments of this application is at least One, for example, if the network isolation scheme is applied to a unit that includes internal subunit A, internal subunit B, external subunit C, and external subunit D, you can divide an internal network A to internal subunit A Use, divide an internal network B to internal sub-unit B, divide an external network C to external sub-unit C, divide an external network D to external sub-unit D, where different internal networks are isolated from each other Status, different external networks are also in a state of isolation from each other.
- An external service is a service provided by an external network, which may be specifically a log service or a data service, etc., which may be determined according to the actual situation of the external network, which is not limited in the embodiment of the present application.
- a routing module is established between the internal and external network platforms and the network (including the internal network and the external network), and the routing module is used to perform
- the routing module is named as the service gateway, and the address of the service gateway is used as the gateway address. Then, find the calling code used to call the external service in the caller, and replace the calling object in the calling code with the gateway address.
- the calling object can be pre-designated by the user or administrator, or can be found by other methods.
- the specific content is in Explained later. It is worth mentioning that registration refers to the provision of service-related information to the internal and external network platforms, so that the internal and external network platforms can access, identify and display the network.
- the specific value of the aforementioned gateway address can be set according to actual application scenarios. After completing the above operations, it can be considered that the service gateway provides a third-party service that abstracts all external services.
- S102 read all the external services that have been registered in the internal and external network platforms, obtain and store configuration information and configuration rules for each external service, where the internal and external network platforms are used to implement the internal network and the Isolation and communication between external networks.
- the configuration information and configuration rules can be stored in the established service gateway and established with the gateway address connection relation.
- the configuration information refers to the operating parameters of the external service.
- the configuration information may include the Internet protocol address, port number, service interface name, service interface version number, and network protocol used of the external service. This embodiment of the application does not do this.
- configuration rules refer to the rules of external requests that can be recognized by external services, that is, external services cannot recognize external requests that do not meet the configuration rules.
- the configuration rules can be configured as empty, and the configuration rules of different external services may be the same or different , The details will be explained later.
- the number of callers is at least one. For the convenience of description, the following description assumes that there is only one call request initiated by the caller.
- the external service requested by the call request is analyzed, and the external service is determined as a target service.
- the content of the call request can be analyzed according to the content of the call request.
- External service the analyzed external service is determined as the target service.
- the call request is completed based on the configuration information corresponding to the target service, and the completed call request is configured based on the configuration rule corresponding to the target service, and the configuration
- the subsequent call request is forwarded to the internal and external network platform.
- the information in the call request may be incomplete.
- the internal and external network platform can only identify requests that also contain the Internet protocol address, port number, service interface name, and service interface version number of the external service, while the call request only contains If there is an Internet protocol address of an external service, if the call request is sent directly to the intranet and extranet platform, it is likely that the call request cannot be successfully forwarded to the target service because the intranet and external network platform cannot recognize the call request.
- the invocation request is completed based on the configuration information corresponding to the target service in the service gateway.
- the completed call request is configured based on the configuration rules corresponding to the target service, and finally the configured call request is forwarded to the internal and external network platform (in order to make the service).
- the call request in the gateway can be forwarded to the internal and external network platform, and the route mapping relationship from the gateway address to the address of the internal and external network platform is stored in the service gateway in advance to ensure that the call request can be successfully identified by the internal and external network platform and the target service.
- the configuration rule corresponding to the target service is an address replacement rule
- the address replacement rule corresponds to a preset whitelist address
- the whitelist address is in the whitelist of the target service
- obtain the completed call request Source address and replace the source address with the whitelist address corresponding to the address replacement rule.
- the configuration rule corresponding to the target service may be an address replacement rule, which is used to instruct to replace the source address in the call request, so that the replaced source address can be successfully identified by the target service.
- the configuration rule is an address replacement rule
- the preset whitelist address corresponding to the address replacement rule is obtained.
- the whitelist address is in the whitelist of the target service, and the whitelist address can be pre-appointed by an external service manager Make settings, and then identify the source address in the completed call request in this step (the source address is usually the address of the caller), and replace the source address with the whitelist address corresponding to the address replacement rule.
- the whitelist address is used as the proxy address of the call request to access the target service.
- the location of the source address in the request is usually fixed and is related to the protocol type applied by the request. Therefore, the location of the source address can be determined according to the protocol type of the calling request application, thereby identifying the source address.
- the source address of the call request is replaced, it can be applied to the access requirement of the target service, and it is ensured that the replaced call request can be successfully recognized by the target service.
- the configuration rule corresponding to the target service is an encapsulation rule, and the encapsulation rule corresponds to a preset encapsulation protocol type
- the completed call request is encapsulated according to the encapsulation protocol type corresponding to the encapsulation rule.
- the configuration rule corresponding to the target service may be an encapsulation rule, and the encapsulation rule is used to instruct the call request to be encapsulated according to an encapsulation protocol type recognizable by the target service.
- the encapsulation protocol type corresponding to the encapsulation rule of the target service is obtained.
- the encapsulation protocol type can be set by the manager of the external service.
- the completed call request is obtained according to the obtained The encapsulation protocol type to be encapsulated.
- the encapsulation protocol type For example, suppose the target service can only recognize the request whose protocol type is Hypertext Transfer Protocol Secure (HTTPS), that is, the encapsulation protocol type is HTTPS, then in this step, the completed call is made according to the HTTPS protocol The request is encapsulated, and the encapsulated call request applies the HTTPS protocol and can be successfully identified by the target service.
- HTTPS Hypertext Transfer Protocol Secure
- the configuration rule corresponding to the target service is an encryption rule
- the encryption rule corresponds to a preset encryption algorithm
- the completed call request is encrypted according to the encryption algorithm corresponding to the encryption rule.
- the configuration rule corresponding to the target service is an encryption rule.
- the encryption algorithm corresponding to the encryption rule of the target service is obtained, and the completed call request is encrypted according to the encryption algorithm.
- the subsequent call request can be successfully identified by the target service.
- the encryption algorithm may be Data Encryption Standard (DES), International Data Encryption Algorithm (International Data Encryption Algorithm, IDEA) or RSA encryption algorithm, etc.
- the encryption rules can be preset to correspond to the keys (public key and/or private key) required in the encryption process to further enhance the security of encryption.
- the above configuration rules are only examples. According to different actual application scenarios, more types of configuration rules can be applied.
- the number of configuration rules corresponding to the external service may be zero, one, or at least two.
- the configuration rules corresponding to the target service may include address replacement rules and encryption rules. If the number of configuration rules corresponding to the target service is at least two, only when the invocation request meets all the configuration rules corresponding to the target service can the invocation request be successfully identified by the target service.
- the configured call request is forwarded from the intranet and external network platform to the target service. If the configured source address of the call request is in the whitelist of the target service, follow the configuration The subsequent call request calls the target service.
- the configured call request is continuously forwarded to the target service through the internal and external network platform.
- the target service is called according to the call request, where the whitelist stores the addresses that have permission to access the target service.
- the embodiment of the application does not limit the specific call method of the call request. For example, if the protocol type of the call request is Hyper Text Transfer Protocol (HTTP), the call request may be to obtain data from the target service.
- the GET request can be a PUT request to update the data in the target service, a POST request to add data to the target service, or a DELETE request to delete the data in the target service.
- HTTP Hyper Text Transfer Protocol
- the calling object in the calling code for calling the external service is uniformly replaced with the gateway address, and the configuration information and configuration rules of the registered external service in the internal and external network platforms are stored at the same time
- the embodiment of the present application completes the completion and configuration of the invocation request in the established service gateway, reduces manual operations, and improves the convenience and automation of invoking external services.
- the process of finding the calling code for calling external services in the caller and replacing the calling object in the calling code with the preset gateway address is detailed An external service call method obtained later.
- the embodiment of the application provides an implementation flowchart of a gateway-based external service invocation method. As shown in FIG. 2, the external service invocation method may include the following steps:
- the caller When looking for the calling code for calling external services, you can first determine the caller located in the internal network, and the caller is the caller who initiated the call request. Since in the traditional way, the call request is sent directly to the intranet and extranet platforms, in the embodiment of this application, the caller’s underlying code is searched according to the platform address, and each line of underlying code containing the platform address is determined to be the call Code, where the platform address is the address of the internal and external network platforms.
- the platform address is the calling object of the calling code. Therefore, in this step, the platform address in all calling codes is replaced with the gateway address. After the replacement is completed, when the calling code is run, the calling The request can be automatically sent to the gateway service in the service gateway.
- a search is performed in the underlying code of the caller to be invoked according to the platform address, and each line of the underlying code containing the platform address is determined as the calling code, and then The platform addresses in all calling codes are replaced with gateway addresses.
- the embodiment of the present application performs calling code search and address replacement based on platform addresses, which improves the convenience of replacing calling objects.
- Fig. 3 shows an external service invocation method obtained after analyzing the external service requested by the invocation request and determining the external service as the target service on the basis of Embodiment 1 of the present application.
- the embodiment of the present application provides an implementation flowchart of a gateway-based external service invocation method. As shown in FIG. 3, the external service invocation method may include the following steps:
- the feature information included in the call request is obtained, and the feature information is individually matched with all the configuration information, where the feature information is an interface name and/or a destination address.
- the characteristic information is information that can indicate the only corresponding external service, that is, the information used to distinguish different external services.
- the characteristic information can be specifically The name and/or destination address of the waiting interface in the call request, and the acquisition location of the name and destination address of the waiting interface in the call request are related to the protocol type of the calling request application.
- the feature information is individually matched with all the configuration information associated with the gateway address in the service gateway to check whether there is configuration information containing the feature information.
- the call request contains the source address and the destination address
- the source address is the address of the caller
- the destination address is the address of the external service requested by the call request
- the call object (gateway address) in the call code is The address that initiates the call, the destination address and the calling object have different meanings and cannot be the same.
- the external service corresponding to the configuration information that is successfully matched is determined as the target service.
- the feature information matches one of the configuration information successfully, that is, the configuration information contains feature information
- the external service corresponding to the successfully matched configuration information is determined as the target service; if the feature information does not match all the configuration information, the proof is not There is an external service corresponding to the call request, so the caller is notified that it cannot be called. It is worth mentioning that when the feature information includes the interface name and the destination address, only when a certain configuration information contains the interface name and the destination address, the configuration information and the feature information are determined to match successfully.
- the feature information contained in the call request is obtained, and the feature information is individually matched with all configuration information. If the feature information matches one of the configuration information successfully, it will match The external service corresponding to the successful configuration information is determined as the target service.
- the embodiment of the present application determines the target service according to the characteristic information in the call request, which improves the accuracy of the determination process and avoids target service errors.
- Figure 4 shows a method for invoking an external service after refining the process of completing the invocation request based on the configuration information corresponding to the target service on the basis of the third embodiment of the present application.
- the embodiment of the present application provides an implementation flowchart of a gateway-based external service invocation method. As shown in FIG. 4, the external service invocation method may include the following steps:
- an access format corresponding to the intranet and external network platform is acquired, and necessary information in the configuration information corresponding to the target service is filtered out according to the access format.
- the access format corresponding to the intranet and extranet platforms is obtained.
- the access format is used to indicate the type of information necessary to access the intranet and extranet platforms.
- the access format can be managed by the intranet and extranet platforms. Personnel make settings.
- the necessary information in the configuration information corresponding to the target service is filtered out according to the access format.
- the access format is "Internet Protocol address of external service-port number-service interface name-service interface version number”
- the configuration information corresponding to the target service includes the Internet protocol address, port number, service interface name of the external service
- the service interface version number and the network protocol used only the Internet protocol address, port number, service interface name, and service interface version number in the configuration information are used as necessary information to be filtered out.
- the call request is completed according to the necessary information until the call request includes the necessary information.
- the calling request After obtaining the necessary information, complete the call request based on the necessary information, first compare the necessary information with the call request, determine the missing information in the call request, and add the missing information to the call request. The added position and the missing information
- the type of information is related to the protocol type of the calling request application.
- the calling request contains the necessary information, which can be successfully identified by the internal and external network platforms. For example, if the necessary information includes the Internet Protocol address, port number, service interface name, and service interface version number of the target service, and the call request contains only the Internet protocol address and port number of the target service, it can be determined that the call request is missing
- the information is the service interface name and service interface version number, so the service interface name and service interface version number are added to the call request to complete the call request.
- the access format corresponding to the intranet and external network platforms is obtained, and the necessary information in the configuration information corresponding to the target service is filtered according to the access format, and the call request is completed according to the necessary information.
- the embodiment of this application completes the call request based on the access format of the intranet and extranet platform to prevent the call request from being successfully recognized by the intranet and extranet platform due to incomplete call request information, and improves the efficiency of the call request .
- FIG. 5 shows a structural block diagram of a gateway-based external service invoking device provided by an embodiment of the present application.
- the external service invoking device includes:
- the replacement unit 51 is configured to find the calling code used to call the external service in the caller, and replace the calling object in the calling code with a preset gateway address, wherein the caller is located in the internal network, and the The external service is a service provided by an external network, and the gateway address is the address of a preset service gateway;
- the reading unit 52 is configured to read all the external services that have been registered in the internal and external network platforms, and obtain and store configuration information and configuration rules for each of the external services.
- the internal and external network platforms are used to implement internal networks. Isolation and communication with the external network;
- the running unit 53 is configured to run the calling code and send a calling request to the service gateway;
- the determining unit 54 is configured to analyze the external service requested by the call request, and determine the external service as a target service;
- the configuration unit 55 is configured to complete the call request based on the configuration information corresponding to the target service, and configure the completed call request based on the configuration rule corresponding to the target service, Forwarding the configured call request to the internal and external network platform;
- the invoking unit 56 is configured to forward the configured invocation request from the intranet and external network platform to the target service. If the configured source address of the invocation request is in the whitelist of the target service, then Call the target service according to the configured call request.
- the replacement unit 51 includes:
- the search unit is configured to search in the bottom-level code of the caller according to the platform address, and determine that each line of the bottom-level code containing the platform address is the calling code, where the platform address is internal and external The address of the network platform;
- the replacement subunit is used to replace the platform addresses in all the calling codes with preset gateway addresses.
- the determining unit 54 includes:
- the matching unit is configured to obtain the characteristic information contained in the call request, and to individually match the characteristic information with all the configuration information, where the characteristic information is an interface name and/or a destination address;
- the determining subunit is configured to determine the external service corresponding to the successfully matched configuration information as a target service if the characteristic information matches one of the configuration information successfully.
- the configuration unit 55 includes:
- a screening unit configured to obtain the access format corresponding to the intranet and external network platform, and filter out the necessary information in the configuration information corresponding to the target service according to the access format;
- the completion unit is configured to complete the call request according to the necessary information until the necessary information is included in the call request.
- the configuration rule corresponding to the target service is an address replacement rule, and the address replacement rule corresponds to a preset whitelist address.
- the whitelist address is in the whitelist of the target service, and the configuration unit 55 includes:
- the identification unit is configured to identify the source address of the completed call request, and replace the source address with the whitelist address corresponding to the address replacement rule.
- the configuration rule corresponding to the target service is an encapsulation rule
- the encapsulation rule corresponds to a preset encapsulation protocol type
- the configuration unit 55 includes:
- the encapsulation unit is configured to encapsulate the completed call request according to the encapsulation protocol type corresponding to the encapsulation rule.
- the configuration rule corresponding to the target service is an encryption rule
- the encryption rule corresponds to a preset encryption algorithm
- the configuration unit 55 includes:
- the encryption unit is configured to encrypt the completed call request according to the encryption algorithm corresponding to the encryption rule.
- the gateway-based external service invoking device provided by the embodiment of the present invention automatically completes and automatically configures the invoking request initiated by the caller, thereby reducing manual operations and improving the convenience of invoking external services.
- Fig. 6 is a schematic diagram of a terminal device provided by an embodiment of the present application.
- the terminal device 6 of this embodiment includes: a processor 60, a memory 61, and a computer program 62 stored in the memory 61 and running on the processor 60, such as a gateway-based external service Call the program.
- the processor 60 executes the computer program 62, the steps in the above embodiments of the gateway-based external service invocation method are implemented, where the steps include: S101.
- the computer program 62 may be divided into one or more units, and the one or more units are stored in the memory 61 and executed by the processor 60 to complete the application.
- the one or more units may be a series of computer program instruction segments capable of completing specific functions, and the instruction segments are used to describe the execution process of the computer program 62 in the terminal device 6.
- the computer program 62 may be divided into a replacement unit, a reading unit, an operation unit, a determination unit, a configuration unit, and a calling unit, and the specific functions of each unit are as follows:
- the replacement unit is used to find the calling code used to call the external service in the caller and replace the calling object in the calling code with a preset gateway address, wherein the caller is located in the internal network, and the external
- the service is a service provided by an external network, and the gateway address is the address of a preset service gateway;
- the reading unit is used to read all the external services that have been registered in the internal and external network platforms, and obtain and store the configuration information and configuration rules of each of the external services.
- the internal and external network platforms are used to implement internal network and Isolation and communication between said external networks;
- the running unit is used to run the calling code and send a calling request to the service gateway;
- a determining unit configured to analyze the external service requested by the call request, and determine the external service as a target service
- the configuration unit is configured to complete the invocation request based on the configuration information corresponding to the target service, and configure the completed invocation request based on the configuration rule corresponding to the target service, and The configured call request is forwarded to the internal and external network platform;
- the invoking unit is configured to forward the configured invocation request from the internal and external network platform to the target service, and if the source address of the configured invocation request is in the whitelist of the target service, follow The configured call request calls the target service.
- the terminal device 6 may be a computing device such as a desktop computer, a notebook, a palmtop computer, and a cloud server.
- the terminal device may include, but is not limited to, a processor 60 and a memory 61.
- FIG. 6 is only an example of the terminal device 6 and does not constitute a limitation on the terminal device 6. It may include more or less components than shown in the figure, or a combination of certain components, or different components.
- the terminal device may also include input and output devices, network access devices, buses, etc.
- the so-called processor 60 may be a central processing unit (Central Processing Unit, CPU), it can also be other general-purpose processors, Digital Signal Processor (DSP), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
- the general-purpose processor may be a microprocessor or the processor may also be any conventional processor or the like.
- the memory 61 may be an internal storage unit of the terminal device 6, such as a hard disk or memory of the terminal device 6.
- the memory 61 may also be an external storage device of the terminal device 6, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), or a secure digital (Secure Digital, SD) equipped on the terminal device 6. Card, Flash Card, etc.
- the memory 61 may also include both an internal storage unit of the terminal device 6 and an external storage device.
- the memory 61 is used to store the computer program and other programs and data required by the terminal device.
- the memory 61 can also be used to temporarily store data that has been output or will be output.
- the disclosed terminal device and method may be implemented in other ways.
- the terminal device embodiments described above are only illustrative.
- the division of the units is only a logical function division.
- there may be other division methods for example, multiple units or components may be combined. Or it can be integrated into another system, or some features can be ignored or not implemented.
- the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or units, and may be in electrical, mechanical or other forms.
- the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to achieve the objectives of the solutions of the embodiments.
- each unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units may be integrated into one unit.
- the above-mentioned integrated unit can be implemented in the form of hardware or software functional unit.
- the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium.
- the computer-readable storage medium may be volatile or It can be non-volatile.
- this application implements all or part of the processes in the above-mentioned embodiments and methods, and can also be completed by instructing relevant hardware through a computer program.
- the computer program can be stored in a computer-readable storage medium. When the program is executed by the processor, the steps of the foregoing method embodiments can be implemented. The steps include: S101.
- the external service is a service provided by the external network, and the gateway address is the address of the preset service gateway; S102. Read all the registered external services in the internal and external network platforms, and obtain and store the information of each external service Configuration information and configuration rules, where the internal and external network platforms are used to implement isolation and communication between the internal network and the external network; S103. Run the calling code and send a calling request to the service gateway; S104. Analyze the external service requested by the invocation request, and determine the external service as a target service; S105.
- Completing the invocation request based on the configuration information corresponding to the target service, and based on the The configuration rule corresponding to the target service configures the completed call request, and forwards the configured call request to the internal and external network platform; S106.
- the configured call request is transferred from the The internal and external network platform forwards to the target service, and if the configured source address of the call request is in the whitelist of the target service, the target service is called according to the configured call request.
- the computer program includes computer program code, and the computer program code may be in the form of source code, object code, executable file, or some intermediate forms.
- the computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (Read-Only Memory, ROM) , Random Access Memory (Random Access Memory, RAM), electrical carrier signal, telecommunications signal, and software distribution media.
- ROM Read-Only Memory
- RAM Random Access Memory
- electrical carrier signal telecommunications signal
- software distribution media any entity or device capable of carrying the computer program code
- recording medium U disk, mobile hard disk, magnetic disk, optical disk, computer memory, read-only memory (Read-Only Memory, ROM) , Random Access Memory (Random Access Memory, RAM), electrical carrier signal, telecommunications signal, and software distribution media.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Automation & Control Theory (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
Description
Claims (20)
- 一种基于网关的外部服务调用方法,其中,包括:查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现所述内部网络与所述外部网络之间的隔离和通信;运行所述调用代码,将调用请求发向所述服务网关;分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
- 如权利要求1所述的外部服务调用方法,其中,所述查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,包括:根据平台地址在所述调用方的底层代码中进行查找,并将含有所述平台地址的每一行所述底层代码均确定为所述调用代码,其中,所述平台地址为内外网平台的地址;将所有所述调用代码中的所述平台地址均替换为预设的网关地址。
- 如权利要求1所述的外部服务调用方法,其中,所述分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务,包括:获取所述调用请求包含的特征信息,并将所述特征信息与所有所述配置信息进行单独匹配,其中,所述特征信息为接口名称和/或目的地址;若所述特征信息与其中一个所述配置信息匹配成功,则将匹配成功的所述配置信息所对应的所述外部服务确定为目标服务。
- 如权利要求1所述的外部服务调用方法,其中,所述基于所述目标服务对应的所述配置信息对所述调用请求进行补全,包括:获取所述内外网平台对应的访问格式,并根据所述访问格式筛选出所述目标服务对应的所述配置信息中的必要信息;根据所述必要信息补全所述调用请求,直到所述调用请求中包含所述必要信息。
- 如权利要求1所述的外部服务调用方法,其中,所述目标服务对应的所述配置规则为地址替换规则,且所述地址替换规则对应一个预设的白名单地址,所述白名单地址位于所述目标服务的所述白名单中,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:识别出补全后的所述调用请求的源地址,并将所述源地址替换为所述地址替换规则对应的所述白名单地址。
- 如权利要求1所述的外部服务调用方法,其中,所述目标服务对应的所述配置规则为封装规则,且所述封装规则对应一个预设的封装协议类型,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:对补全后的所述调用请求按照所述封装规则对应的所述封装协议类型进行封装。
- 如权利要求1所述的外部服务调用方法,其中,所述目标服务对应的所述配置规则为加密规则,且所述加密规则对应一个预设的加密算法,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:对补全后的所述调用请求按照所述加密规则对应的所述加密算法进行加密。
- 一种基于网关的外部服务调用装置,其中,包括:替换单元,用于查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;读取单元,用于读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信;运行单元,用于运行所述调用代码,将调用请求发向所述服务网关;确定单元,用于分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;配置单元,用于基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;调用单元,用于将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
- 一种终端设备,其中,所述终端设备包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现如下步骤:查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现内部网络与所述外部网络之间的隔离和通信;运行所述调用代码,将调用请求发向所述服务网关;分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
- 如权利要求9所述的终端设备,其中,所述查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,包括:根据平台地址在所述调用方的底层代码中进行查找,并将含有所述平台地址的每一行所述底层代码均确定为所述调用代码,其中,所述平台地址为内外网平台的地址;将所有所述调用代码中的所述平台地址均替换为预设的网关地址。
- 如权利要求9所述的终端设备,其中,所述分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务,包括:获取所述调用请求包含的特征信息,并将所述特征信息与所有所述配置信息进行单独匹配,其中,所述特征信息为接口名称和/或目的地址;若所述特征信息与其中一个所述配置信息匹配成功,则将匹配成功的所述配置信息所对应的所述外部服务确定为目标服务。
- 如权利要求9所述的终端设备,其中,所述基于所述目标服务对应的所述配置信息对所述调用请求进行补全,包括:获取所述内外网平台对应的访问格式,并根据所述访问格式筛选出所述目标服务对应的所述配置信息中的必要信息;根据所述必要信息补全所述调用请求,直到所述调用请求中包含所述必要信息。
- 如权利要求9所述的终端设备,其中,所述目标服务对应的所述配置规则为地址替换规则,且所述地址替换规则对应一个预设的白名单地址,所述白名单地址位于所述目标服务的所述白名单中,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:识别出补全后的所述调用请求的源地址,并将所述源地址替换为所述地址替换规则对应的所述白名单地址。
- 如权利要求9所述的终端设备,其中,所述目标服务对应的所述配置规则为封装规则,且所述封装规则对应一个预设的封装协议类型,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:对补全后的所述调用请求按照所述封装规则对应的所述封装协议类型进行封装。
- 如权利要求9所述的终端设备,其中,所述目标服务对应的所述配置规则为加密规则,且所述加密规则对应一个预设的加密算法,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:对补全后的所述调用请求按照所述加密规则对应的所述加密算法进行加密。
- 一种计算机可读存储介质,所述计算机可读存储介质存储有计算机程序,其中,所述计算机程序被处理器执行时实现如下步骤:查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,其中,所述调用方位于内部网络中,所述外部服务为外部网络提供的服务,所述网关地址为预设的服务网关的地址;读取内外网平台中已注册的所有所述外部服务,获取并存储每个所述外部服务的配置信息和配置规则,其中,所述内外网平台用于实现所述内部网络与所述外部网络之间的隔离和通信;运行所述调用代码,将调用请求发向所述服务网关;分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务;基于所述目标服务对应的所述配置信息对所述调用请求进行补全,并基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,将配置后的所述调用请求转发至所述内外网平台;将配置后的所述调用请求从所述内外网平台转发至所述目标服务中,若配置后的所述调用请求的源地址位于所述目标服务的白名单中,则按照配置后的所述调用请求调用所述目标服务。
- 如权利要求16所述的计算机可读存储介质,其中,所述查找调用方中用于调用外部服务的调用代码,并将所述调用代码中的调用对象替换为预设的网关地址,包括:根据平台地址在所述调用方的底层代码中进行查找,并将含有所述平台地址的每一行所述底层代码均确定为所述调用代码,其中,所述平台地址为内外网平台的地址;将所有所述调用代码中的所述平台地址均替换为预设的网关地址。
- 如权利要求16所述的计算机可读存储介质,其中,所述分析所述调用请求所请求的所述外部服务,将所述外部服务确定为目标服务,包括:获取所述调用请求包含的特征信息,并将所述特征信息与所有所述配置信息进行单独匹配,其中,所述特征信息为接口名称和/或目的地址;若所述特征信息与其中一个所述配置信息匹配成功,则将匹配成功的所述配置信息所对应的所述外部服务确定为目标服务。
- 如权利要求16所述的计算机可读存储介质,其中,所述基于所述目标服务对应的所述配置信息对所述调用请求进行补全,包括:获取所述内外网平台对应的访问格式,并根据所述访问格式筛选出所述目标服务对应的所述配置信息中的必要信息;根据所述必要信息补全所述调用请求,直到所述调用请求中包含所述必要信息。
- 如权利要求16所述的计算机可读存储介质,其中,所述目标服务对应的所述配置规则为地址替换规则,且所述地址替换规则对应一个预设的白名单地址,所述白名单地址位于所述目标服务的所述白名单中,所述基于所述目标服务对应的所述配置规则对补全后的所述调用请求进行配置,包括:识别出补全后的所述调用请求的源地址,并将所述源地址替换为所述地址替换规则对应的所述白名单地址。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910422759.1A CN110266517B (zh) | 2019-05-21 | 2019-05-21 | 基于网关的外部服务调用方法、装置及终端设备 |
CN201910422759.1 | 2019-05-21 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2020233354A1 true WO2020233354A1 (zh) | 2020-11-26 |
Family
ID=67914924
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2020/087176 WO2020233354A1 (zh) | 2019-05-21 | 2020-04-27 | 基于网关的外部服务调用方法、装置及终端设备 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110266517B (zh) |
WO (1) | WO2020233354A1 (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113973139A (zh) * | 2021-10-20 | 2022-01-25 | 北京沃东天骏信息技术有限公司 | 一种消息处理的方法和装置 |
CN114285852A (zh) * | 2021-12-28 | 2022-04-05 | 杭州数梦工场科技有限公司 | 基于多级服务平台的服务调用方法及装置 |
CN114296776A (zh) * | 2021-12-08 | 2022-04-08 | 山东齐鲁数通科技有限公司 | 一种服务包配置调用方法、装置、终端设备及存储介质 |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110266517B (zh) * | 2019-05-21 | 2021-10-29 | 深圳壹账通智能科技有限公司 | 基于网关的外部服务调用方法、装置及终端设备 |
CN112073504B (zh) * | 2020-09-03 | 2023-07-25 | 中国平安财产保险股份有限公司 | 请求转发方法、装置、设备及存储介质 |
CN112866379B (zh) * | 2021-01-15 | 2022-05-31 | 浪潮云信息技术股份公司 | 微服务的访问方法和装置 |
CN113259436B (zh) * | 2021-05-12 | 2023-04-07 | 中国建设银行股份有限公司 | 网络请求的处理方法和装置 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101820449A (zh) * | 2010-04-20 | 2010-09-01 | 江苏电力调度通信中心 | 跨安全区应用服务隔离平台 |
JP2012221255A (ja) * | 2011-04-08 | 2012-11-12 | Daiwa Institute Of Research Business Innovation Ltd | 情報処理システム,情報処理装置,及び情報処理方法 |
CN106209801A (zh) * | 2016-06-28 | 2016-12-07 | 广东电网有限责任公司信息中心 | 移动应用平台与内外网数据安全交换平台集成系统 |
CN109150702A (zh) * | 2018-08-16 | 2019-01-04 | 南京南瑞信息通信科技有限公司 | 一种连通信息内外网的高性能移动接入网关及其方法 |
CN110266517A (zh) * | 2019-05-21 | 2019-09-20 | 深圳壹账通智能科技有限公司 | 基于网关的外部服务调用方法、装置及终端设备 |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015065360A1 (en) * | 2013-10-30 | 2015-05-07 | Intel Corporation | Platform non-volatile store management and platform configuration |
US9712491B2 (en) * | 2014-03-03 | 2017-07-18 | Qualcomm Connected Experiences, Inc. | Access control lists for private networks of system agnostic connected devices |
-
2019
- 2019-05-21 CN CN201910422759.1A patent/CN110266517B/zh active Active
-
2020
- 2020-04-27 WO PCT/CN2020/087176 patent/WO2020233354A1/zh active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101820449A (zh) * | 2010-04-20 | 2010-09-01 | 江苏电力调度通信中心 | 跨安全区应用服务隔离平台 |
JP2012221255A (ja) * | 2011-04-08 | 2012-11-12 | Daiwa Institute Of Research Business Innovation Ltd | 情報処理システム,情報処理装置,及び情報処理方法 |
CN106209801A (zh) * | 2016-06-28 | 2016-12-07 | 广东电网有限责任公司信息中心 | 移动应用平台与内外网数据安全交换平台集成系统 |
CN109150702A (zh) * | 2018-08-16 | 2019-01-04 | 南京南瑞信息通信科技有限公司 | 一种连通信息内外网的高性能移动接入网关及其方法 |
CN110266517A (zh) * | 2019-05-21 | 2019-09-20 | 深圳壹账通智能科技有限公司 | 基于网关的外部服务调用方法、装置及终端设备 |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113973139A (zh) * | 2021-10-20 | 2022-01-25 | 北京沃东天骏信息技术有限公司 | 一种消息处理的方法和装置 |
CN114296776A (zh) * | 2021-12-08 | 2022-04-08 | 山东齐鲁数通科技有限公司 | 一种服务包配置调用方法、装置、终端设备及存储介质 |
CN114285852A (zh) * | 2021-12-28 | 2022-04-05 | 杭州数梦工场科技有限公司 | 基于多级服务平台的服务调用方法及装置 |
CN114285852B (zh) * | 2021-12-28 | 2023-12-26 | 杭州数梦工场科技有限公司 | 基于多级服务平台的服务调用方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN110266517B (zh) | 2021-10-29 |
CN110266517A (zh) | 2019-09-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2020233354A1 (zh) | 基于网关的外部服务调用方法、装置及终端设备 | |
CN111367983B (zh) | 数据库访问方法、系统、设备和存储介质 | |
WO2020233361A1 (zh) | 基于网关的内部服务调用方法、装置及终端设备 | |
EP3399777B1 (en) | Bluetooth automatic connection method, master device and system | |
US20190141022A1 (en) | On-premise and off-premise communication | |
US7627656B1 (en) | Providing configuration information to an endpoint | |
EP1233636A2 (en) | System and method for over the air configuration security | |
WO2021042849A1 (zh) | 一种云平台、业务处理方法、命令接口及计算机设备 | |
WO2020119476A1 (zh) | 联盟链信息发布控制方法及终端设备 | |
US10908970B1 (en) | Data interface for secure analytic data system integration | |
US11991177B2 (en) | Node security with intermediate devices | |
US20200344112A1 (en) | On-premise and off-premise debugging | |
US20150044997A1 (en) | Method and apparatus for verifying the authenticity of mobile device information | |
US11356295B2 (en) | Per-app virtual private network tunnel for multiple processes | |
US20220377171A1 (en) | Fraudulent call detection | |
CN111984561A (zh) | 一种bmc的ipmi命令处理方法、系统、设备以及介质 | |
US20220086182A1 (en) | Risk-adaptive dns forwarder | |
WO2023241366A1 (zh) | 数据处理方法、系统、电子设备及计算机可读存储介质 | |
WO2020259691A1 (zh) | 一种设备信息的管理方法、装置及系统 | |
WO2021081705A1 (zh) | 支付平台管理方法、设备、支付平台以及计算机存储介质 | |
CN114244555B (zh) | 一种安全策略的调整方法 | |
CN111046393A (zh) | 漏洞信息上传方法、装置、终端设备及存储介质 | |
US11936678B2 (en) | System and techniques for inferring a threat model in a cloud-native environment | |
US9038156B2 (en) | Automatic sign in of a user at multiple endpoints | |
CN110224997B (zh) | 基于网关的服务暴露方法、装置及终端设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 20809911 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20809911 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 30.03.2022) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 20809911 Country of ref document: EP Kind code of ref document: A1 |