WO2020248768A1 - Method and apparatus for managing application program service - Google Patents

Method and apparatus for managing application program service Download PDF

Info

Publication number
WO2020248768A1
WO2020248768A1 PCT/CN2020/090687 CN2020090687W WO2020248768A1 WO 2020248768 A1 WO2020248768 A1 WO 2020248768A1 CN 2020090687 W CN2020090687 W CN 2020090687W WO 2020248768 A1 WO2020248768 A1 WO 2020248768A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
token
sub
service
message
Prior art date
Application number
PCT/CN2020/090687
Other languages
French (fr)
Chinese (zh)
Inventor
陈晔
杜泽炜
卢道和
罗锶
Original Assignee
深圳前海微众银行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳前海微众银行股份有限公司 filed Critical 深圳前海微众银行股份有限公司
Publication of WO2020248768A1 publication Critical patent/WO2020248768A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/52Program synchronisation; Mutual exclusion, e.g. by means of semaphores
    • G06F9/526Mutual exclusion algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Definitions

  • the present invention relates to the field of process control of financial technology (Fintech), in particular to a method and device for managing application program services.
  • each sub-application is equal, and each sub-application can request services from the application, which may cause some sub-applications to cross their own business scope, and the request does not belong to the sub-application service department Services, which in turn affect other sub-applications.
  • sub-application A belongs to department A
  • sub-application A needs to modify a certain value
  • the modification of the value belongs to another department B, which needs to notify department B to provide services, but department A, for convenience
  • the embodiments of the present application provide a method and device for managing application services, which are used to solve the problem of great security risks and conflicts that are difficult to avoid when applications perform services in the prior art.
  • an embodiment of the present application provides an application service management method, including: receiving a first message from a first sub-application of an application, the first message being used to request to obtain a service from the application Determining the first sub-permission required to invoke the service indicated by the first message according to the service indicated by the first message; the first sub-permission is a preset sub-permission in the service permission for invoking the application; If the first sub-application meets a preset condition, a first token is obtained according to the first sub-authority; the first token is a command to invoke the service authority within the first sub-authority The first sub-authority uniquely corresponds to the first token; according to the first token, within the first sub-authority, the service indicated by the first message is invoked by the application, And set the first token to a locked state.
  • the first message is used to request to obtain the service from the application, and according to the service indicated by the first message, the first sub-authority required to invoke the service indicated by the first message is determined, and the first sub-right
  • the permission is a sub-permission preset in the service permission for calling the application. If the first sub-application satisfies a preset condition, a first token is obtained according to the first sub-permission.
  • the token is a token for invoking the service authority within the first sub-authority.
  • the first message indication can be performed through the application
  • the service of the application program cannot be invoked through the first token outside the first sub-authority; in addition, because the first sub-authority uniquely corresponds to the first token, and the second
  • the service indicated by a message the first token has been set to the locked state, then when the service indicated by the first message is performed, other sub-applications of the application cannot simultaneously obtain the first order by sending the message Therefore, the above method greatly improves the security of the application when performing services and avoids conflicts.
  • the preset condition is that the first sub-application is a sub-application in the white list of the application, and the white list of the application is used to indicate that it is authorized to be able to call all The sub-application of the service of the application.
  • the preset white list indicates the sub-applications authorized to call the service of the application, and the first sub-application is the sub-application in the white list of the application.
  • the first token can be obtained, thereby improving the security of application services.
  • the first token is valid for a first preset time period after acquisition, if the first token is used during the process of invoking the service indicated by the first message through the application If a token fails, the service indicated by the first message is interrupted; the first token is updated, and the updated token of the first token is used as the second token; according to the second token , Re-invoke the service indicated by the first message through the application.
  • the first token is valid for a preset period of time after acquisition, and if the first token becomes invalid during the process of invoking the service indicated by the first message through the application, then
  • the service indicated by the first message is interrupted, the first sub-authority is controlled by means of preset duration and timely interruption, and the first token is updated, and the updated token of the first token is used as the first token.
  • the second token according to the second token, re-invoke the service indicated by the first message through the application, and update the token in time, thereby improving the security of the application service.
  • the first message is discarded, and alarm information is sent.
  • the verification is performed through the preset condition, and if the first sub-application does not meet the preset condition, that is, the verification fails, the first message is discarded, and warning information feedback is sent in time, Thereby improving the security of application services.
  • the method further includes: if it is determined that the application program has completed invoking the service indicated by the first message, unlocking the first token through the application program status.
  • the application program is used to unlock the first token, so that other sub-applications can also obtain The first token, thereby enhancing the flexibility of application services.
  • an embodiment of the present application provides an application service management apparatus, including: a receiving module, configured to receive a first message from a first sub-application of the application, and the first message is used to request a slave
  • the application program obtains a service; a processing module, configured to determine, according to the service indicated by the first message, a first sub-authority required to call the service indicated by the first message; the first sub-authority is to call the application If the first sub-application meets a preset condition, obtain a first token according to the first sub-authority; the first token is in the first The token that calls the service permission within the sub-authority; the first sub-authority uniquely corresponds to the first token; according to the first token, within the first sub-authority, through the application Invoke the service indicated by the first message, and set the first token to a locked state.
  • the preset condition is that the first sub-application is a sub-application in the white list of the application, and the white list of the application is used to indicate that it is authorized to be able to call all The sub-application of the service of the application.
  • the first token is valid for a preset period of time after acquisition, and the processing module is further configured to: if the service indicated by the first message is invoked through the application If the first token becomes invalid during the process, the service indicated by the first message is interrupted; the first token is updated, and the updated token of the first token is used as the second token; The second token re-invokes the service indicated by the first message through the application.
  • the processing module is further configured to: if the first sub-application does not meet the preset condition, discard the first message and send alarm information.
  • the processing module is further configured to: if it is determined that the application program has completed invoking the service indicated by the first message, release the first token through the application program The locked state.
  • an embodiment of the present application provides a computer device including a program or instruction, and when the program or instruction is executed, it is used to execute the methods of the first aspect and the embodiments of the first aspect.
  • an embodiment of the present application provides a storage medium including a program or instruction, and when the program or instruction is executed, it is used to execute the methods of the first aspect and the embodiments of the first aspect.
  • FIG. 1 is a schematic diagram of a system architecture applicable to an application service management method in an embodiment of this application;
  • FIG. 2 is a schematic diagram of the process flow of an application service management method in an embodiment of this application
  • FIG. 3 is a schematic diagram of the architecture of token management in an application service management method in an embodiment of the application
  • FIG. 4 is a schematic diagram of a process flow diagram of authorizing sub-applications in an application service management method in an embodiment of the application;
  • FIG. 5 is a schematic diagram of an authorization page in an application service management method in an embodiment of the application
  • Fig. 6 is a schematic structural diagram of an application service management apparatus in an embodiment of the application.
  • appId the identity (Identification, ID) of the sub-application in the application
  • token the token is the credential for invoking the application program interface, and an application interface must be obtained
  • AppKey also called the secret key, the credential that the application provides to the sub-application to obtain the token.
  • an embodiment of the present application provides a system architecture for the management of application services.
  • the application service management method provided by the embodiment of this application is applied.
  • the system architecture shown in Figure 1 includes the following parts:
  • the user layer includes the sub-application system and the business system of the application.
  • the sub-application system includes multiple sub-applications. Each sub-application can request services by sending messages to the application, and communicate with the application through the proxy layer, so as to perform the required services through the application, and the business system of the application is required The system implemented in service.
  • Proxy layer The proxy layer is responsible for forwarding communication messages between the user layer and the service layer.
  • the specific forwarding tool is not limited.
  • proxy servers such as nginx and squid are used to implement forwarding.
  • the service layer includes sub-application program interface, service access layer, message forwarding module, interface agent, configuration management module, permission management module, token management module, service application layer, logging module, and permission control module.
  • the sub-application program interface, the service access layer, the message forwarding module, and the interface agent are used to transmit the messages sent by the sub-application program to the application program.
  • the message of the sub-application is first forwarded to the service access layer through the sub-application interface, and then sent to the message forwarding module through the service access layer, and then communicates with the application in the service application layer.
  • the interface proxy is used to send messages that the application needs to send to the corresponding sub-application interface.
  • the basic configuration information of each sub-application is stored in the configuration management, for example, the ID of the sub-application.
  • Each sub-permission is separated from the service permissions of the application encapsulated in the permission management module.
  • the token management module encapsulates the tokens corresponding to each sub-authority in the authorization management module.
  • the authority control module is used to control authority and allow or prohibit corresponding execution actions.
  • the logging module is used to record the processing of messages.
  • each application does not need additional configuration, and the configuration in the configuration management module in the service layer is directly used as the configuration of each application.
  • the service access layer is responsible for receiving messages and events, forwarding the messages and events to the service application layer for processing, and passing the message that needs to be returned or forwarded after the service application layer processing is completed through the interface proxy, after passing through the proxy layer Forward to sub-application or business system.
  • the addition of the service access layer allows multiple message events to be processed indiscriminately by the business logic of the service application layer after processing, and the service application layer classifies and processes the forwarded messages and events.
  • the service access layer can support simultaneous access of multiple sub-applications and smooth switching between sub-applications.
  • Database Store information records of services performed by applications.
  • the specific types of databases are not limited.
  • the databases are redis and kafka.
  • Operating environment used to provide the operating foundation for the user layer, agent layer, service layer and database.
  • the operating environment is composed of the following components: Linux, springboot1.4 and tomcat8.
  • each application can be independent into a separate system or service, and at the same time, the token management module and configuration management of the service layer can be separated, and the modules communicate through the message bus.
  • This architecture can also apply the application service management method proposed in the embodiments of the present application, so that each application program is relatively independent and does not affect each other, and the overall modularity of the small system coupled between modules is higher.
  • this service architecture can conveniently provide the relevant service capabilities of existing sub-applications to external business operators outside of the application through application access. When external business operators need to host their own sub-applications to the services of atomic applications, they can select the service permissions that need to be managed on the authorization page to complete the authorization operation and use the related services.
  • Step 201 Receive a first message from a first sub-application of the application.
  • the first message is a communication message for the first sub-application to request service from the application.
  • Step 202 According to the service indicated by the first message, determine the first sub-right required to invoke the service indicated by the first message.
  • the first sub-permission is a sub-permission preset in the service permission for calling the application program.
  • Step 203 If the first sub-application meets a preset condition, obtain a first token according to the first sub-authority; the first token is to call the service within the first sub-authority The permission token.
  • the first sub-authority uniquely corresponds to the first token.
  • Step 204 According to the first token, within the first sub-authority, call the service indicated by the first message through the application program, and set the first token to a locked state.
  • step 202 for example, the message management is authorized to the sub-application A, and the user information query management is authorized to the sub-application B.
  • the business system that obtains the token of the sub-application A only allows the message management operation, and Cannot query user information.
  • the first token is stored in a first storage space of the processing device, the first storage space also stores a third token, and the third token is pre-converted in the same storage format as the first token Token, the third token is uniquely mapped to the second sub-authority preset in the service authority; the calling method of the token stored in the first storage space is the same.
  • the processing device here can be any device that can run an application program, for example, a computer device, a terminal device, etc., without limitation.
  • the first storage space is also not limited, such as the memory in a computer device.
  • the first message is used to request to obtain the service from the application, and according to the service indicated by the first message, the first sub-authority required to invoke the service indicated by the first message is determined, and the first sub-right
  • the permission is a sub-permission preset in the service permission for calling the application. If the first sub-application satisfies a preset condition, a first token is obtained according to the first sub-permission.
  • the token is a token for invoking the service authority within the first sub-authority.
  • the first message indication can be performed through the application
  • the service of the application program cannot be invoked through the first token outside the first sub-authority; in addition, because the first sub-authority uniquely corresponds to the first token, and the second
  • the service indicated by a message the first token has been set to the locked state, then when the service indicated by the first message is performed, other sub-applications of the application cannot simultaneously obtain the first order by sending the message Therefore, the above method greatly improves the security of the application when performing services and avoids conflicts.
  • Fig. 3 is a schematic diagram of the architecture of token management in an application service management method in an embodiment of the application.
  • multiple sub-applications are managed through the token management service at the same time, and the token management service can also include update services, query services, and monitoring services.
  • the application service management method may also include:
  • the first token is valid for a first preset time period after being acquired, and if the first token becomes invalid during the process of invoking the service indicated by the first message through the application program, all services are interrupted.
  • the service indicated by the first message update the first token, and use the updated token of the first token as the second token; according to the second token, recall through the application The service indicated by the first message.
  • the first token is valid for a preset period of time after acquisition, and if the first token becomes invalid during the process of invoking the service indicated by the first message through the application, then
  • the service indicated by the first message is interrupted, the first sub-authority is controlled by means of preset duration and timely interruption, and the first token is updated, and the updated token of the first token is used as the first token.
  • the second token according to the second token, re-invoke the service indicated by the first message through the application, and update the token in time, thereby improving the security of the application service.
  • each token corresponds to a validity period, for example, 2 hours; and after acquiring a new token, the old token will expire within a certain period of time, such as 10 minutes.
  • the update service uses the program interface provided by the application to the sub-application to obtain the token. After the update service obtains the token, the token is stored locally and a valid time of no more than 2 hours is set. When the local token fails, the token is updated immediately To keep the local token always valid.
  • the query service provides an interface for real-time querying of the latest tokens. At any time, the tokens queried through the token management service are always the same and valid.
  • the monitoring service regularly checks whether the token is valid by actively calling the WeChat API, and immediately updates the token when it is found to be invalid, so as to avoid the token failure due to short-term WeChat failure or network reasons.
  • the token hybrid management also converts the token obtained from the second sub-application into a token in the same format as the first token and saves it in the token management service, and uses the same update, query and detection strategy for it.
  • the type field information is added while recording the token, and the token type is returned when querying the token.
  • the token management service is allowed to save and maintain multiple tokens at the same time, which can be obtained on demand during query.
  • the preset condition is that the first sub-application is a sub-application in the white list of the application, and the white list of the application is used to indicate the sub-applications that are authorized to call the service of the application program.
  • the preset white list indicates the sub-applications authorized to call the service of the application
  • the first sub-application is the sub-application in the white list of the application.
  • the first token can be obtained, thereby improving the security of application services.
  • Fig. 4 is a schematic diagram of the steps of authorization for the sub-application in an application service management method in an embodiment of the application
  • Fig. 5 This is a schematic diagram of an authorization page in an application service management method in an embodiment of this application.
  • Step 401 The user enters the website.
  • the user of the sub-application can enter the component side website of the application by clicking on the website.
  • Step 402 Obtain a pre-authorization code.
  • the component side website obtains the pre-authorization code through the application program interface provided by the application program to enter the pre-authorization.
  • Step 403 Guide the user to enter the application component authorization page.
  • Step 404 Authorize the user.
  • Step 405 Return the verification code.
  • Step 404 After the authorization is successful, the application program authorizes the website to send a verification code to the component side website.
  • Step 406 Use the authorization code to obtain user information.
  • the component website uses the authorization code to obtain user information through the application interface.
  • the process of obtaining the first token according to the first message in step 201 may be:
  • the first sub-authority required to perform the service indicated by the first message, and determine that the first message comes from the first sub-application; determine the first The sub-application is a sub-application verified by the preset whitelist, and obtains the first token uniquely mapped to the first sub-authority.
  • the verification is performed through the preset condition, and if the first sub-application does not meet the preset condition, that is, the verification fails, the first message is discarded, and warning information feedback is sent in time, Thereby improving the security of application services.
  • the application program is used to release the locked state of the first token.
  • the application program is used to unlock the first token, so that other sub-applications can also obtain The first token, thereby enhancing the flexibility of application services.
  • FIG. 6 it is a schematic structural diagram of an application service management apparatus in an embodiment of this application.
  • An embodiment of the present application provides an application service management apparatus, including: a receiving module 601, configured to receive a first message from a first sub-application of an application, and the first message is used to request a request from the application Obtain service; processing module 602, configured to determine, according to the service indicated by the first message, the first sub-authority required to invoke the service indicated by the first message; the first sub-authority is the service for invoking the application The preset sub-permission in the permission; if the first sub-application meets the preset condition, a first token is obtained according to the first sub-permission; the first token is in the first sub-permission The token that calls the service authority within; the first sub-authority uniquely corresponds to the first token; according to the first token, within the first sub-authority, the application is called The service indicated by the first message, and set the first token to a locked state.
  • the preset condition is that the first sub-application is a sub-application in the white list of the application, and the white list of the application is used to indicate that it is authorized to be able to call all The sub-application of the service of the application.
  • the first token is valid for a preset period of time after being acquired, and the processing module 602 is further configured to: if the first message indicated by the application is called When the first token becomes invalid during the service process, the service indicated by the first message is interrupted; the first token is updated, and the updated token of the first token is used as the second token; According to the second token, the service indicated by the first message is re-invoked through the application.
  • the processing module 602 is further configured to: if the first sub-application does not meet the preset condition, discard the first message and send alarm information.
  • the processing module 602 is further configured to: if it is determined that the application program has completed the invocation of the service indicated by the first message, release the first order through the application program The locked state of the card.
  • An embodiment of the application provides a computer device, including a program or instruction, when the program or instruction is executed, it is used to execute the application service management method and any optional method provided by the embodiment of the application.
  • the embodiment of the present application provides a storage medium including a program or instruction, and when the program or instruction is executed, it is used to execute the application service management method and any optional method provided by the embodiment of the present application.
  • the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, optical storage, etc.) containing computer-usable program codes.
  • a computer-usable storage media including but not limited to disk storage, optical storage, etc.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.

Abstract

Disclosed are a method and apparatus for managing an application program service. The method comprises: receiving a first message from a first sub-application program of an application program, the first message being used for requesting for obtaining a service from the application program; determining, according to the service indicated by the first message, a first sub-permission required for calling the service indicated by the first message; if the first sub-application program satisfies a preset condition, obtaining a first token according to the first sub-permission, the first sub-permission uniquely corresponding to the first token; and calling the service indicated by the first message by means of the application program according to the first token within the first sub-permission, and setting the first token to be in a locked state. When the method is applied to Fintech, the security of the application program in service is greatly improved, and conflicts are avoided.

Description

一种应用程序服务的管理方法及装置Method and device for managing application program service
相关申请的交叉引用Cross references to related applications
本申请要求在2019年06月11日提交中国专利局、申请号为201910499812.8、申请名称为“一种应用程序服务的管理方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office, the application number is 201910499812.8, and the application name is "A management method and device for application services" on June 11, 2019, the entire content of which is incorporated by reference In this application.
技术领域Technical field
本发明涉及金融科技(Fintech)的过程控制领域,尤其涉及一种应用程序服务的管理方法及装置。The present invention relates to the field of process control of financial technology (Fintech), in particular to a method and device for managing application program services.
背景技术Background technique
随着计算机技术的发展,越来越多的技术(大数据、分布式、区块链(Blockchain)、人工智能等)应用在金融领域,传统金融业正在逐步向金融科技(Fintech)转变。目前,金融科技领域中,应用程序可以向用户提供大量服务,现有技术中,一些应用程序由于用户较多等原因,处理数据量庞大,因此常常需要多个部门合作,联合管理这个应用程序。应用程序可以包含多个子应用程序,子应用程序在实现某个功能或进行某种服务时,一般不能脱离应用程序本身,子应用程序还需要借助应用程序来一同实现需要的服务。With the development of computer technology, more and more technologies (big data, distributed, Blockchain, artificial intelligence, etc.) are applied in the financial field, and the traditional financial industry is gradually transforming to Fintech. At present, in the field of financial technology, applications can provide a large number of services to users. In the prior art, some applications process a huge amount of data due to a large number of users, etc., so it often requires the cooperation of multiple departments to jointly manage this application. An application can contain multiple sub-applications. When a sub-application realizes a certain function or performs a certain service, it generally cannot be separated from the application itself. The sub-application also needs to use the application to realize the required services together.
但是对于应用程序来说,各个子应用程序是对等的,每个子应用程序都可以向应用程序请求服务,这样就可能导致一些子应用程序可以跨越自身业务范围,请求不属于子应用程序服务部门的服务,进而影响其它子应用程序。举例来说,子应用程序A属A部门,子应用程序A需要修改某个值,但对该值的修改本属于另一个B部门负责,本需要通知B部门进行服务,但A部门为了方便,可以直接控制子应用程序A向应用程序请求修改该值,而且B部门若同时需要修改该值,就很容易造成冲突。上述方式下,应用程序进行服务时存在很大安全隐患,难以避免冲突。But for applications, each sub-application is equal, and each sub-application can request services from the application, which may cause some sub-applications to cross their own business scope, and the request does not belong to the sub-application service department Services, which in turn affect other sub-applications. For example, sub-application A belongs to department A, and sub-application A needs to modify a certain value, but the modification of the value belongs to another department B, which needs to notify department B to provide services, but department A, for convenience, You can directly control the sub-application A to request the application to modify the value, and if department B needs to modify the value at the same time, it will easily cause conflicts. In the above manner, there are great security risks when the application performs services, and conflicts are difficult to avoid.
发明内容Summary of the invention
本申请实施例提供一种应用程序服务的管理方法及装置,用以解决现有技术中应用程序进行服务时存在很大安全隐患,难以避免冲突的问题。The embodiments of the present application provide a method and device for managing application services, which are used to solve the problem of great security risks and conflicts that are difficult to avoid when applications perform services in the prior art.
第一方面,本申请实施例提供一种应用程序服务的管理方法,包括:接收来自应用程序的第一子应用程序的第一消息,所述第一消息用于请求从所述应用程序获取服务;根据所述第一消息指示的服务,确定调用所述第一消息指示的服务需要的第一子权限;所述第一子权限为调用所述应用程序的服务权限中预设的子权限;若所述第一子应用程序满足预设条件,则根据所述第一子权限,获取第一令牌;所述第一令牌为在所述第一子权限内调用所述服务权限的令牌;所述第一子权限与所述第一令牌唯一对应;根据所述第一令牌,在所述第一子权限内,通过所述应用程序调用所述第一消息指示的服务,并将所述第一令牌设置为锁定状态。In a first aspect, an embodiment of the present application provides an application service management method, including: receiving a first message from a first sub-application of an application, the first message being used to request to obtain a service from the application Determining the first sub-permission required to invoke the service indicated by the first message according to the service indicated by the first message; the first sub-permission is a preset sub-permission in the service permission for invoking the application; If the first sub-application meets a preset condition, a first token is obtained according to the first sub-authority; the first token is a command to invoke the service authority within the first sub-authority The first sub-authority uniquely corresponds to the first token; according to the first token, within the first sub-authority, the service indicated by the first message is invoked by the application, And set the first token to a locked state.
上述方法中,第一消息用于请求从所述应用程序获取服务,根据所述第一消息指示的服务,确定调用所述第一消息指示的服务需要的第一子权限,所述第一子权限为调用所述应用程序的服务权限中预设的子权限,若所述第一子应用程序满足预设条件,则根据所述第一子权限,获取第一令牌,由于所述第一令牌为在所述第一子权限内调用所述服务权限的令牌,因此可根据第一令牌,仅在所述第一子权限内,通过所述应用程序进行所述第一消息指示的服务,而不能通过第一令牌在第一子权限之外的调用所述应用程序的服务;另外,由于所述第一子权限与所述第一令牌唯一对应,且进行所述第一消息指示的服务时,已经将所述第一令牌设置为锁定状态,那么进行所述第一消息指示的服务时,所述应用程序的其它子应用程序不能通过发送消息同时获得第一令牌,因此上述方法极大地提升了应用程序进行服务时的安全性,且避免了冲突。In the above method, the first message is used to request to obtain the service from the application, and according to the service indicated by the first message, the first sub-authority required to invoke the service indicated by the first message is determined, and the first sub-right The permission is a sub-permission preset in the service permission for calling the application. If the first sub-application satisfies a preset condition, a first token is obtained according to the first sub-permission. The token is a token for invoking the service authority within the first sub-authority. Therefore, according to the first token, only within the first sub-authority, the first message indication can be performed through the application The service of the application program cannot be invoked through the first token outside the first sub-authority; in addition, because the first sub-authority uniquely corresponds to the first token, and the second When the service indicated by a message, the first token has been set to the locked state, then when the service indicated by the first message is performed, other sub-applications of the application cannot simultaneously obtain the first order by sending the message Therefore, the above method greatly improves the security of the application when performing services and avoids conflicts.
一种可选实施方式中,所述预设条件为所述第一子应用程序为所述应用程序的白名单中的子应用程序,所述应用程序的白名单用于指示已授权能够调用所述应用程序的服务的子应用程序。In an optional implementation manner, the preset condition is that the first sub-application is a sub-application in the white list of the application, and the white list of the application is used to indicate that it is authorized to be able to call all The sub-application of the service of the application.
上述方式下,通过预设白名单,指示出了已授权能够调用所述应用程序的服务的子应用程序,在所述第一子应用程序为所述应用程序的白名单中的子应用程序的预设条件下,才能获取第一令牌,从而提升了应用程序服务的安全性。In the above manner, the preset white list indicates the sub-applications authorized to call the service of the application, and the first sub-application is the sub-application in the white list of the application. Under preset conditions, the first token can be obtained, thereby improving the security of application services.
一种可选实施方式中,所述第一令牌在获取后的第一预设时长内有效,若在所述通过所述应用程序调用所述第一消息指示的服务的过程中所述第一令牌失效,则中断所述第一消息指示的服务;更新所述第一令牌,并将所述第一令牌更新后的令牌作为第二令牌;根据所述第二令牌,通过所述应用程序重新调用所述第一消息指示的服务。In an optional implementation manner, the first token is valid for a first preset time period after acquisition, if the first token is used during the process of invoking the service indicated by the first message through the application If a token fails, the service indicated by the first message is interrupted; the first token is updated, and the updated token of the first token is used as the second token; according to the second token , Re-invoke the service indicated by the first message through the application.
上述方式下,所述第一令牌在获取后的预设时长内有效,若在所述通过所述应用程序调用所述第一消息指示的服务的过程中所述第一令牌失效,则中断所述第一消息指示的服务,通过预设时长和及时中断的方式,控制第一子权限,且更新所述第一令牌,并将所述第一令牌更新后的令牌作为第二令牌,根据所述第二令牌,通过所述应用程序重新调用所述第一消息指示的服务,及时更新令牌,从而提升了应用程序服务的安全性。In the above manner, the first token is valid for a preset period of time after acquisition, and if the first token becomes invalid during the process of invoking the service indicated by the first message through the application, then The service indicated by the first message is interrupted, the first sub-authority is controlled by means of preset duration and timely interruption, and the first token is updated, and the updated token of the first token is used as the first token. The second token, according to the second token, re-invoke the service indicated by the first message through the application, and update the token in time, thereby improving the security of the application service.
一种可选实施方式中,若所述第一子应用程序不满足所述预设条件,则丢弃所述第一消息,并发送告警信息。In an optional implementation manner, if the first sub-application does not meet the preset condition, the first message is discarded, and alarm information is sent.
上述方式下,通过所述预设条件进行验证,若所述第一子应用程序不满足所述预设条件,也就是没有通过验证,就丢弃所述第一消息,并及时发送告警信息反馈,从而提升了应用程序服务的安全性。In the above manner, the verification is performed through the preset condition, and if the first sub-application does not meet the preset condition, that is, the verification fails, the first message is discarded, and warning information feedback is sent in time, Thereby improving the security of application services.
一种可选实施方式中,所述方法还包括:若确定所述应用程序完成了对所述第一消息指示的服务的调用,则通过所述应用程序,解除所述第一令牌的锁定状态。In an optional implementation manner, the method further includes: if it is determined that the application program has completed invoking the service indicated by the first message, unlocking the first token through the application program status.
上述方式下,若确定所述应用程序完成了对所述第一消息指示的服务的调用,则通过所述应用程序,解除所述第一令牌的锁定,从而让其他子应用程序也能获取第一令牌,从而提升了应用程序服务的灵活性。In the above manner, if it is determined that the application program has completed the invocation of the service indicated by the first message, the application program is used to unlock the first token, so that other sub-applications can also obtain The first token, thereby enhancing the flexibility of application services.
第二方面,本申请实施例提供一种应用程序服务的管理装置,包括:接 收模块,用于接收来自应用程序的第一子应用程序的第一消息,所述第一消息用于请求从所述应用程序获取服务;处理模块,用于根据所述第一消息指示的服务,确定调用所述第一消息指示的服务需要的第一子权限;所述第一子权限为调用所述应用程序的服务权限中预设的子权限;若所述第一子应用程序满足预设条件,则根据所述第一子权限,获取第一令牌;所述第一令牌为在所述第一子权限内调用所述服务权限的令牌;所述第一子权限与所述第一令牌唯一对应;根据所述第一令牌,在所述第一子权限内,通过所述应用程序调用所述第一消息指示的服务,并将所述第一令牌设置为锁定状态。In a second aspect, an embodiment of the present application provides an application service management apparatus, including: a receiving module, configured to receive a first message from a first sub-application of the application, and the first message is used to request a slave The application program obtains a service; a processing module, configured to determine, according to the service indicated by the first message, a first sub-authority required to call the service indicated by the first message; the first sub-authority is to call the application If the first sub-application meets a preset condition, obtain a first token according to the first sub-authority; the first token is in the first The token that calls the service permission within the sub-authority; the first sub-authority uniquely corresponds to the first token; according to the first token, within the first sub-authority, through the application Invoke the service indicated by the first message, and set the first token to a locked state.
一种可选实施方式中,所述预设条件为所述第一子应用程序为所述应用程序的白名单中的子应用程序,所述应用程序的白名单用于指示已授权能够调用所述应用程序的服务的子应用程序。In an optional implementation manner, the preset condition is that the first sub-application is a sub-application in the white list of the application, and the white list of the application is used to indicate that it is authorized to be able to call all The sub-application of the service of the application.
一种可选实施方式中,所述第一令牌在获取后的预设时长内有效,所述处理模块还用于:若在所述通过所述应用程序调用所述第一消息指示的服务的过程中所述第一令牌失效,则中断所述第一消息指示的服务;更新所述第一令牌,并将所述第一令牌更新后的令牌作为第二令牌;根据所述第二令牌,通过所述应用程序重新调用所述第一消息指示的服务。In an optional implementation manner, the first token is valid for a preset period of time after acquisition, and the processing module is further configured to: if the service indicated by the first message is invoked through the application If the first token becomes invalid during the process, the service indicated by the first message is interrupted; the first token is updated, and the updated token of the first token is used as the second token; The second token re-invokes the service indicated by the first message through the application.
一种可选实施方式中,所述处理模块还用于:若所述第一子应用程序不满足所述预设条件,则丢弃所述第一消息,并发送告警信息。In an optional implementation manner, the processing module is further configured to: if the first sub-application does not meet the preset condition, discard the first message and send alarm information.
一种可选实施方式中,所述处理模块还用于:若确定所述应用程序完成了对所述第一消息指示的服务的调用,则通过所述应用程序,解除所述第一令牌的锁定状态。In an optional implementation manner, the processing module is further configured to: if it is determined that the application program has completed invoking the service indicated by the first message, release the first token through the application program The locked state.
上述第二方面及第二方面各个实施例的有益效果,可以参考上述第一方面及第一方面各个实施例的有益效果,这里不再赘述。For the beneficial effects of the above-mentioned second aspect and the embodiments of the second aspect, reference may be made to the beneficial effects of the above-mentioned first aspect and the embodiments of the first aspect, which will not be repeated here.
第三方面,本申请实施例提供一种计算机设备,包括程序或指令,当所述程序或指令被执行时,用以执行上述第一方面及第一方面各个实施例的方法。In a third aspect, an embodiment of the present application provides a computer device including a program or instruction, and when the program or instruction is executed, it is used to execute the methods of the first aspect and the embodiments of the first aspect.
第四方面,本申请实施例提供一种存储介质,包括程序或指令,当所述 程序或指令被执行时,用以执行上述第一方面及第一方面各个实施例的方法。In a fourth aspect, an embodiment of the present application provides a storage medium including a program or instruction, and when the program or instruction is executed, it is used to execute the methods of the first aspect and the embodiments of the first aspect.
附图说明Description of the drawings
图1为本申请实施例中一种应用程序服务的管理方法可应用的系统架构示意图;FIG. 1 is a schematic diagram of a system architecture applicable to an application service management method in an embodiment of this application;
图2为本申请实施例中一种应用程序服务的管理方法的步骤流程示意图;FIG. 2 is a schematic diagram of the process flow of an application service management method in an embodiment of this application;
图3为本申请实施例中一种应用程序服务的管理方法中令牌管理的架构示意图;3 is a schematic diagram of the architecture of token management in an application service management method in an embodiment of the application;
图4为本申请实施例中一种应用程序服务的管理方法中为子应用程序授权的步骤流程示意图;FIG. 4 is a schematic diagram of a process flow diagram of authorizing sub-applications in an application service management method in an embodiment of the application;
图5为本申请实施例中一种应用程序服务的管理方法中授权页面示意图;FIG. 5 is a schematic diagram of an authorization page in an application service management method in an embodiment of the application;
图6为本申请实施例中一种应用程序服务的管理装置的结构示意图。Fig. 6 is a schematic structural diagram of an application service management apparatus in an embodiment of the application.
具体实施方式Detailed ways
为了更好的理解上述技术方案,下面将结合说明书附图及具体的实施方式对上述技术方案进行详细的说明,应当理解本申请实施例以及实施例中的具体特征是对本申请技术方案的详细的说明,而不是对本申请技术方案的限定,在不冲突的情况下,本申请实施例以及实施例中的技术特征可以相互结合。In order to better understand the above technical solutions, the above technical solutions will be described in detail below with reference to the drawings and specific implementations of the specification. It should be understood that the embodiments of the application and the specific features in the embodiments are detailed to the technical solutions of the application. Note, rather than limiting the technical solution of the present application, the embodiments of the present application and the technical features in the embodiments can be combined with each other if there is no conflict.
在以下描述中,涉及到的缩略语如下:appId:子应用程序在应用程序中的身份(Identification,ID);令牌:令牌为调用应用程序接口的凭证,需要先获取一个应用程序的接口的令牌,才能获取相应的权限进行调用;appKey:也叫密钥,应用程序提供给子应用程序的用于获取令牌的凭证。In the following description, the abbreviations involved are as follows: appId: the identity (Identification, ID) of the sub-application in the application; token: the token is the credential for invoking the application program interface, and an application interface must be obtained first AppKey: also called the secret key, the credential that the application provides to the sub-application to obtain the token.
为了解决现有技术中用程序进行服务时存在很大安全隐患,难以避免冲突的问题,如图1所示,本申请实施例提供一种应用程序服务的管理的系统架构,该系统架构中可应用本申请实施例提供的一种应用程序服务的管理方法。In order to solve the problem of great security risks and conflicts when using programs for services in the prior art, as shown in FIG. 1, an embodiment of the present application provides a system architecture for the management of application services. The application service management method provided by the embodiment of this application is applied.
图1示出的系统架构包括以下几个部分:The system architecture shown in Figure 1 includes the following parts:
用户层:用户层包括子应用程序系统和应用程序的业务系统。其中子应用程序系统包括多个子应用程序,每个子应用程序可通过向应用发送消息请求服务,并通过代理层与应用进行通信,从而通过应用进行所需服务,应用程序的业务系统为进行所需服务时具体实现的系统。User layer: The user layer includes the sub-application system and the business system of the application. The sub-application system includes multiple sub-applications. Each sub-application can request services by sending messages to the application, and communicate with the application through the proxy layer, so as to perform the required services through the application, and the business system of the application is required The system implemented in service.
代理层:代理层负责转发用户层与服务层之间的通信消息。具体的转发工具不做限定,举例来说,用nginx和squid等代理服务器来实现转发。Proxy layer: The proxy layer is responsible for forwarding communication messages between the user layer and the service layer. The specific forwarding tool is not limited. For example, proxy servers such as nginx and squid are used to implement forwarding.
服务层:服务层包括子应用程序接口、服务接入层、消息转发模块、接口代理、配置管理模块、权限管理模块、令牌管理模块、服务应用层、日志记录模块、权限控制模块。其中,子应用程序接口、服务接入层、消息转发模块、接口代理用于传输子应用程序发送给应用程序的消息。子应用程序的消息先通过子应用程序接口转发至服务接入层,再通过服务接入层发送至消息转发模块,再与服务应用层中的应用程序进行通信。接口代理用于将应用程序需要发送的消息发送至相应的子应用程序接口。配置管理中存储着各个子应用程序的基本配置信息,举例来说,子应用程序的ID。权限管理模块中封装了应用的服务权限中分离出来个各个子权限。令牌管理模块中封装了与权限管理模块中各个子权限对应的令牌。权限控制模块用于控制权限,对相应执行动作允许或禁止。日志记录模块用于记录消息的处理过程。Service layer: The service layer includes sub-application program interface, service access layer, message forwarding module, interface agent, configuration management module, permission management module, token management module, service application layer, logging module, and permission control module. Among them, the sub-application program interface, the service access layer, the message forwarding module, and the interface agent are used to transmit the messages sent by the sub-application program to the application program. The message of the sub-application is first forwarded to the service access layer through the sub-application interface, and then sent to the message forwarding module through the service access layer, and then communicates with the application in the service application layer. The interface proxy is used to send messages that the application needs to send to the corresponding sub-application interface. The basic configuration information of each sub-application is stored in the configuration management, for example, the ID of the sub-application. Each sub-permission is separated from the service permissions of the application encapsulated in the permission management module. The token management module encapsulates the tokens corresponding to each sub-authority in the authorization management module. The authority control module is used to control authority and allow or prohibit corresponding execution actions. The logging module is used to record the processing of messages.
在服务层中,各个应用程序可不需要额外配置,直接将服务层中配置管理模块中的配置作为各个应用程序的配置。In the service layer, each application does not need additional configuration, and the configuration in the configuration management module in the service layer is directly used as the configuration of each application.
在服务层中,服务接入层负责接收消息和事件,将消息和事件转发到服务应用层进行处理,并将服务应用层处理完成后需要回传或转发的消息通过接口代理,在经过代理层转发给子应用程序或业务系统。服务接入层的加入让多种消息事件在经过处理后可以无差别的被服务应用层的业务逻辑处理,服务应用层对转发过来的消息和事件分类处理。服务接入层可以支持多种子应用程序同时接入,并支持子应用程序之间平滑的切换。In the service layer, the service access layer is responsible for receiving messages and events, forwarding the messages and events to the service application layer for processing, and passing the message that needs to be returned or forwarded after the service application layer processing is completed through the interface proxy, after passing through the proxy layer Forward to sub-application or business system. The addition of the service access layer allows multiple message events to be processed indiscriminately by the business logic of the service application layer after processing, and the service application layer classifies and processes the forwarded messages and events. The service access layer can support simultaneous access of multiple sub-applications and smooth switching between sub-applications.
数据库:存储应用程序进行服务的信息记录。对数据库的具体类型并不 做限定,举例来说,数据库为redis和kafka。Database: Store information records of services performed by applications. The specific types of databases are not limited. For example, the databases are redis and kafka.
运行环境:用于为用户层、代理层、服务层和数据库提供运行基础。举例来说,运行环境中由以下组件组合而成:Linux、springboot1.4和tomcat8。Operating environment: used to provide the operating foundation for the user layer, agent layer, service layer and database. For example, the operating environment is composed of the following components: Linux, springboot1.4 and tomcat8.
上述系统架构中,可以将每个应用程序独立成一个单独的系统或服务,同时把服务层的令牌管理模块和配置管理等独立出来,各模块之间通过消息总线进行通信。这种架构同样可以应用本申请实施例提出的一种应用服务的管理方法,从而各个应用程序相对独立互不影响,模块之间耦合小系统整体模块化程度更高。在实现了快速接入和权限分离功能后,本服务架构能够非常方便的将现有子应用程序的相关服务能力通过应用程序接入的方式提供给应用程序之外的外部业务操作者使用。当外部业务操作者需要将自己的子应用程序托管给原子应用程序的服务时,可以在授权页面时选择需要托管的服务权限即可完成授权操作并使用相关服务。In the above system architecture, each application can be independent into a separate system or service, and at the same time, the token management module and configuration management of the service layer can be separated, and the modules communicate through the message bus. This architecture can also apply the application service management method proposed in the embodiments of the present application, so that each application program is relatively independent and does not affect each other, and the overall modularity of the small system coupled between modules is higher. After realizing the functions of fast access and permission separation, this service architecture can conveniently provide the relevant service capabilities of existing sub-applications to external business operators outside of the application through application access. When external business operators need to host their own sub-applications to the services of atomic applications, they can select the service permissions that need to be managed on the authorization page to complete the authorization operation and use the related services.
下面结合图2,详细介绍本申请实施例中一种应用程序服务的管理方法的步骤流程示意图。In the following, in conjunction with FIG. 2, a schematic flow diagram of the steps of an application service management method in an embodiment of the present application will be described in detail.
步骤201:接收来自应用程序的第一子应用程序的第一消息。Step 201: Receive a first message from a first sub-application of the application.
所述第一消息为所述第一子应用程序请求从所述应用程序获取服务的通信消息。The first message is a communication message for the first sub-application to request service from the application.
步骤202:根据所述第一消息指示的服务,确定调用所述第一消息指示的服务需要的第一子权限。Step 202: According to the service indicated by the first message, determine the first sub-right required to invoke the service indicated by the first message.
所述第一子权限为调用所述应用程序的服务权限中预设的子权限。The first sub-permission is a sub-permission preset in the service permission for calling the application program.
步骤203:若所述第一子应用程序满足预设条件,则根据所述第一子权限,获取第一令牌;所述第一令牌为在所述第一子权限内调用所述服务权限的令牌。Step 203: If the first sub-application meets a preset condition, obtain a first token according to the first sub-authority; the first token is to call the service within the first sub-authority The permission token.
所述第一子权限与所述第一令牌唯一对应。The first sub-authority uniquely corresponds to the first token.
步骤204:根据所述第一令牌,在所述第一子权限内,通过所述应用程序调用所述第一消息指示的服务,并将所述第一令牌设置为锁定状态。Step 204: According to the first token, within the first sub-authority, call the service indicated by the first message through the application program, and set the first token to a locked state.
步骤202中,举例来说,将消息管理授权给子应用程序A,将用户信息 查询管理授权给子应用程序B,获取到子应用程序A的令牌的业务系统只允许进行消息管理操作,而不能查询用户信息。In step 202, for example, the message management is authorized to the sub-application A, and the user information query management is authorized to the sub-application B. The business system that obtains the token of the sub-application A only allows the message management operation, and Cannot query user information.
此外,除了上述步骤201~步骤204,还有一种可选实施方式为:In addition, in addition to the above steps 201 to 204, there is an alternative implementation manner as follows:
所述第一令牌存储在处理设备的第一存储空间,所述第一存储空间还存储了第三令牌,所述第三令牌为预转换的与所述第一令牌存储格式相同的令牌,所述第三令牌与所述服务权限中预设的第二子权限唯一映射;所述第一存储空间中存储的令牌的调用方式相同。The first token is stored in a first storage space of the processing device, the first storage space also stores a third token, and the third token is pre-converted in the same storage format as the first token Token, the third token is uniquely mapped to the second sub-authority preset in the service authority; the calling method of the token stored in the first storage space is the same.
需要说明的是,这里的处理设备可以为任何能运行应用程序的设备,举例来说,计算机设备、终端设备等,不做限定。第一存储空间也不做限定,如计算机设备中的内存等。当分离出的子权限较多时,若不将子权限对应的令牌统一存储,而分别存储,很容易造成多个存储令牌的空间冗余,而且需要频繁切换访问各个存储空间。因此,将预转换的与所述第一令牌存储格式相同的第三令牌与第一令牌共同存储在第一存储空间,可以提升应用服务的管理效率,充分利用调度资源。It should be noted that the processing device here can be any device that can run an application program, for example, a computer device, a terminal device, etc., without limitation. The first storage space is also not limited, such as the memory in a computer device. When there are many separated sub-permissions, if the tokens corresponding to the sub-permissions are not stored uniformly but stored separately, it is easy to cause space redundancy for multiple storage tokens, and frequent switching of access to each storage space is required. Therefore, storing the pre-converted third token and the first token in the same storage format as the first token in the first storage space can improve the management efficiency of application services and make full use of scheduling resources.
上述方法中,第一消息用于请求从所述应用程序获取服务,根据所述第一消息指示的服务,确定调用所述第一消息指示的服务需要的第一子权限,所述第一子权限为调用所述应用程序的服务权限中预设的子权限,若所述第一子应用程序满足预设条件,则根据所述第一子权限,获取第一令牌,由于所述第一令牌为在所述第一子权限内调用所述服务权限的令牌,因此可根据第一令牌,仅在所述第一子权限内,通过所述应用程序进行所述第一消息指示的服务,而不能通过第一令牌在第一子权限之外的调用所述应用程序的服务;另外,由于所述第一子权限与所述第一令牌唯一对应,且进行所述第一消息指示的服务时,已经将所述第一令牌设置为锁定状态,那么进行所述第一消息指示的服务时,所述应用程序的其它子应用程序不能通过发送消息同时获得第一令牌,因此上述方法极大地提升了应用程序进行服务时的安全性,且避免了冲突。In the above method, the first message is used to request to obtain the service from the application, and according to the service indicated by the first message, the first sub-authority required to invoke the service indicated by the first message is determined, and the first sub-right The permission is a sub-permission preset in the service permission for calling the application. If the first sub-application satisfies a preset condition, a first token is obtained according to the first sub-permission. The token is a token for invoking the service authority within the first sub-authority. Therefore, according to the first token, only within the first sub-authority, the first message indication can be performed through the application The service of the application program cannot be invoked through the first token outside the first sub-authority; in addition, because the first sub-authority uniquely corresponds to the first token, and the second When the service indicated by a message, the first token has been set to the locked state, then when the service indicated by the first message is performed, other sub-applications of the application cannot simultaneously obtain the first order by sending the message Therefore, the above method greatly improves the security of the application when performing services and avoids conflicts.
图3为本申请实施例中一种应用程序服务的管理方法中令牌管理的架构 示意图。图3示出的架构中,多个子应用程序同一通过令牌管理服务进行管理,还可以通过令牌管理服务包括更新服务、查询服务和监测服务。Fig. 3 is a schematic diagram of the architecture of token management in an application service management method in an embodiment of the application. In the architecture shown in FIG. 3, multiple sub-applications are managed through the token management service at the same time, and the token management service can also include update services, query services, and monitoring services.
应用程序服务的管理方法还可以包括:The application service management method may also include:
所述第一令牌在获取后的第一预设时长内有效,若在所述通过所述应用程序调用所述第一消息指示的服务的过程中所述第一令牌失效,则中断所述第一消息指示的服务;更新所述第一令牌,并将所述第一令牌更新后的令牌作为第二令牌;根据所述第二令牌,通过所述应用程序重新调用所述第一消息指示的服务。The first token is valid for a first preset time period after being acquired, and if the first token becomes invalid during the process of invoking the service indicated by the first message through the application program, all services are interrupted. The service indicated by the first message; update the first token, and use the updated token of the first token as the second token; according to the second token, recall through the application The service indicated by the first message.
上述方式下,所述第一令牌在获取后的预设时长内有效,若在所述通过所述应用程序调用所述第一消息指示的服务的过程中所述第一令牌失效,则中断所述第一消息指示的服务,通过预设时长和及时中断的方式,控制第一子权限,且更新所述第一令牌,并将所述第一令牌更新后的令牌作为第二令牌,根据所述第二令牌,通过所述应用程序重新调用所述第一消息指示的服务,及时更新令牌,从而提升了应用程序服务的安全性。In the above manner, the first token is valid for a preset period of time after acquisition, and if the first token becomes invalid during the process of invoking the service indicated by the first message through the application, then The service indicated by the first message is interrupted, the first sub-authority is controlled by means of preset duration and timely interruption, and the first token is updated, and the updated token of the first token is used as the first token. The second token, according to the second token, re-invoke the service indicated by the first message through the application, and update the token in time, thereby improving the security of the application service.
下面以一个具体例子来说明上述方式:每个令牌均对应一个有效期,举例来说,2小时;且获取新的令牌后旧令牌会在一定时间段内失效,比如10分钟。更新服务使用应用程序提供给子应用程序的程序接口获取令牌,更新服务获得令牌后将该令牌保存在本地并设置不超过2小时的有效时间,当本地令牌失效后立即更新令牌,保持本地令牌始终有效。查询服务给提供实时查询最新的令牌的接口,任何时刻,通过令牌管理服务查询到的令牌始终是相同且有效的。监测服务定时通过主动调用微信API探测令牌是否有效,发现令牌失效后立即更新,避免因短暂的微信故障或者网络原因导致令牌失效。令牌混合管理同时将从第二子应用程序获取的令牌转换成与第一令牌相同格式的令牌并保存在令牌管理服务中,并对其采用相同的更新、查询和检测策略,在记录令牌的同时增加了类型字段信息,当查询令牌时将令牌类型一并返回。当多个子应用程序同时接入应用程序时,允许令牌管理服务同时保存和维护多个令牌,查询时按需获取即可。The following is a specific example to illustrate the above method: each token corresponds to a validity period, for example, 2 hours; and after acquiring a new token, the old token will expire within a certain period of time, such as 10 minutes. The update service uses the program interface provided by the application to the sub-application to obtain the token. After the update service obtains the token, the token is stored locally and a valid time of no more than 2 hours is set. When the local token fails, the token is updated immediately To keep the local token always valid. The query service provides an interface for real-time querying of the latest tokens. At any time, the tokens queried through the token management service are always the same and valid. The monitoring service regularly checks whether the token is valid by actively calling the WeChat API, and immediately updates the token when it is found to be invalid, so as to avoid the token failure due to short-term WeChat failure or network reasons. The token hybrid management also converts the token obtained from the second sub-application into a token in the same format as the first token and saves it in the token management service, and uses the same update, query and detection strategy for it. The type field information is added while recording the token, and the token type is returned when querying the token. When multiple sub-applications access the application at the same time, the token management service is allowed to save and maintain multiple tokens at the same time, which can be obtained on demand during query.
上述步骤201~步骤203中,另一种可选实施方式为:In the above steps 201 to 203, another optional implementation manner is:
所述预设条件为所述第一子应用程序为所述应用程序的白名单中的子应用程序,所述应用程序的白名单用于指示已授权能够调用所述应用程序的服务的子应用程序。上述方式下,通过预设白名单,指示出了已授权能够调用所述应用程序的服务的子应用程序,在所述第一子应用程序为所述应用程序的白名单中的子应用程序的预设条件下,才能获取第一令牌,从而提升了应用程序服务的安全性。The preset condition is that the first sub-application is a sub-application in the white list of the application, and the white list of the application is used to indicate the sub-applications that are authorized to call the service of the application program. In the above manner, the preset white list indicates the sub-applications authorized to call the service of the application, and the first sub-application is the sub-application in the white list of the application. Under preset conditions, the first token can be obtained, thereby improving the security of application services.
下面结合图4和图5,详细描述子应用程序从应用程序获得授权的过程,图4为本申请实施例中一种应用程序服务的管理方法中为子应用程序授权的步骤流程示意图;图5为本申请实施例中一种应用程序服务的管理方法中授权页面示意图。The following describes in detail the process of obtaining authorization for the sub-application from the application with reference to Figs. 4 and 5. Fig. 4 is a schematic diagram of the steps of authorization for the sub-application in an application service management method in an embodiment of the application; Fig. 5 This is a schematic diagram of an authorization page in an application service management method in an embodiment of this application.
具体实现时有多种方案,因为预授权码需要实时获取,一种比较简洁的方法是提供一个授权跳转页面,当需要给公众号和小程序授权时,通过授权跳转页面获取授权码并跳转三方平台的授权页面进行。There are many schemes for specific implementation. Because the pre-authorization code needs to be obtained in real time, a more concise method is to provide an authorization jump page. When you need to authorize the official account and the applet, you can obtain the authorization code through the authorization jump page and Jump to the authorization page of the third party platform to proceed.
步骤401:用户进入网站。Step 401: The user enters the website.
子应用程序的用户通过点击网站,即可进入应用程序的组件方网站。The user of the sub-application can enter the component side website of the application by clicking on the website.
步骤402:获取预授权码。Step 402: Obtain a pre-authorization code.
组件方网站通过应用程序提供的应用程序接口获取预授权码,从而进入预授权。The component side website obtains the pre-authorization code through the application program interface provided by the application program to enter the pre-authorization.
步骤403:引导用户进入应用程序组件授权页面。Step 403: Guide the user to enter the application component authorization page.
用户可在应用程序组件授权页面进行授权。Users can authorize on the application component authorization page.
步骤404:对用户进行授权。Step 404: Authorize the user.
步骤405:返回验证码。Step 405: Return the verification code.
步骤404授权成功后,应用程序授权网站向组件方网站发送验证码。Step 404 After the authorization is successful, the application program authorizes the website to send a verification code to the component side website.
步骤406:使用授权码获取用户信息。Step 406: Use the authorization code to obtain user information.
组件方网站,通过应用程序的接口使用授权码获取用户信息。The component website uses the authorization code to obtain user information through the application interface.
在上述预设白名单的实施方式下,步骤201中根据所述第一消息,获取 第一令牌的过程可以为:In the foregoing implementation of the preset whitelist, the process of obtaining the first token according to the first message in step 201 may be:
根据所述第一消息指示的服务,确定进行所述第一消息指示的服务需要的所述第一子权限,以及确定所述第一消息来自所述第一子应用程序;确定所述第一子应用程序是通过所述预设白名单验证的子应用程序,获取所述第一子权限唯一映射的所述第一令牌。According to the service indicated by the first message, determine the first sub-authority required to perform the service indicated by the first message, and determine that the first message comes from the first sub-application; determine the first The sub-application is a sub-application verified by the preset whitelist, and obtains the first token uniquely mapped to the first sub-authority.
进一步地,还可以通过以下实施方式增加安全性:Further, security can also be increased through the following implementations:
若所述第一子应用程序不满足所述预设条件,则丢弃所述第一消息,并发送告警信息。If the first sub-application does not meet the preset condition, discard the first message and send alarm information.
上述方式下,通过所述预设条件进行验证,若所述第一子应用程序不满足所述预设条件,也就是没有通过验证,就丢弃所述第一消息,并及时发送告警信息反馈,从而提升了应用程序服务的安全性。In the above manner, the verification is performed through the preset condition, and if the first sub-application does not meet the preset condition, that is, the verification fails, the first message is discarded, and warning information feedback is sent in time, Thereby improving the security of application services.
还可以通过以下实施方式增加灵活性:You can also increase flexibility through the following implementations:
若确定所述应用程序完成了对所述第一消息指示的服务的调用,则通过所述应用程序,解除所述第一令牌的锁定状态。If it is determined that the application program has completed invoking the service indicated by the first message, the application program is used to release the locked state of the first token.
上述方式下,若确定所述应用程序完成了对所述第一消息指示的服务的调用,则通过所述应用程序,解除所述第一令牌的锁定,从而让其他子应用程序也能获取第一令牌,从而提升了应用程序服务的灵活性。In the above manner, if it is determined that the application program has completed the invocation of the service indicated by the first message, the application program is used to unlock the first token, so that other sub-applications can also obtain The first token, thereby enhancing the flexibility of application services.
如图6所示,为本申请实施例中一种应用程序服务的管理装置的结构示意图。As shown in FIG. 6, it is a schematic structural diagram of an application service management apparatus in an embodiment of this application.
本申请实施例提供一种应用程序服务的管理装置,包括:接收模块601,用于接收来自应用程序的第一子应用程序的第一消息,所述第一消息用于请求从所述应用程序获取服务;处理模块602,用于根据所述第一消息指示的服务,确定调用所述第一消息指示的服务需要的第一子权限;所述第一子权限为调用所述应用程序的服务权限中预设的子权限;若所述第一子应用程序满足预设条件,则根据所述第一子权限,获取第一令牌;所述第一令牌为在所述第一子权限内调用所述服务权限的令牌;所述第一子权限与所述第一令牌唯一对应;根据所述第一令牌,在所述第一子权限内,通过所述应用程序调 用所述第一消息指示的服务,并将所述第一令牌设置为锁定状态。An embodiment of the present application provides an application service management apparatus, including: a receiving module 601, configured to receive a first message from a first sub-application of an application, and the first message is used to request a request from the application Obtain service; processing module 602, configured to determine, according to the service indicated by the first message, the first sub-authority required to invoke the service indicated by the first message; the first sub-authority is the service for invoking the application The preset sub-permission in the permission; if the first sub-application meets the preset condition, a first token is obtained according to the first sub-permission; the first token is in the first sub-permission The token that calls the service authority within; the first sub-authority uniquely corresponds to the first token; according to the first token, within the first sub-authority, the application is called The service indicated by the first message, and set the first token to a locked state.
一种可选实施方式中,所述预设条件为所述第一子应用程序为所述应用程序的白名单中的子应用程序,所述应用程序的白名单用于指示已授权能够调用所述应用程序的服务的子应用程序。In an optional implementation manner, the preset condition is that the first sub-application is a sub-application in the white list of the application, and the white list of the application is used to indicate that it is authorized to be able to call all The sub-application of the service of the application.
一种可选实施方式中,所述第一令牌在获取后的预设时长内有效,所述处理模块602还用于:若在所述通过所述应用程序调用所述第一消息指示的服务的过程中所述第一令牌失效,则中断所述第一消息指示的服务;更新所述第一令牌,并将所述第一令牌更新后的令牌作为第二令牌;根据所述第二令牌,通过所述应用程序重新调用所述第一消息指示的服务。In an optional implementation manner, the first token is valid for a preset period of time after being acquired, and the processing module 602 is further configured to: if the first message indicated by the application is called When the first token becomes invalid during the service process, the service indicated by the first message is interrupted; the first token is updated, and the updated token of the first token is used as the second token; According to the second token, the service indicated by the first message is re-invoked through the application.
一种可选实施方式中,所述处理模块602还用于:若所述第一子应用程序不满足所述预设条件,则丢弃所述第一消息,并发送告警信息。In an optional implementation manner, the processing module 602 is further configured to: if the first sub-application does not meet the preset condition, discard the first message and send alarm information.
一种可选实施方式中,所述处理模块602还用于:若确定所述应用程序完成了对所述第一消息指示的服务的调用,则通过所述应用程序,解除所述第一令牌的锁定状态。In an optional implementation manner, the processing module 602 is further configured to: if it is determined that the application program has completed the invocation of the service indicated by the first message, release the first order through the application program The locked state of the card.
本申请实施例提供一种计算机设备,包括程序或指令,当所述程序或指令被执行时,用以执行本申请实施例提供的应用程序服务的管理方法及任一可选方法。An embodiment of the application provides a computer device, including a program or instruction, when the program or instruction is executed, it is used to execute the application service management method and any optional method provided by the embodiment of the application.
本申请实施例提供一种存储介质,包括程序或指令,当所述程序或指令被执行时,用以执行本申请实施例提供的应用程序服务的管理方法及任一可选方法。The embodiment of the present application provides a storage medium including a program or instruction, and when the program or instruction is executed, it is used to execute the application service management method and any optional method provided by the embodiment of the present application.
最后应说明的是:本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、光学存储器等)上实施的计算机程序产品的形式。Finally, it should be noted that those skilled in the art should understand that the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, optical storage, etc.) containing computer-usable program codes.
本申请是参照根据本申请的方法、设备(系统)、和计算机程序产品的流 程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个和/或方框图一个方框或多个方框中指定的功能的装置。This application is described with reference to the flow chart and/or block diagram of the method, device (system), and computer program product according to the application. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple blocks in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the application without departing from the scope of the application. In this way, if these modifications and variations of this application fall within the scope of the claims of this application and their equivalent technologies, this application also intends to include these modifications and variations.

Claims (10)

  1. 一种应用程序服务的管理方法,其特征在于,包括:An application service management method, characterized in that it includes:
    接收来自应用程序的第一子应用程序的第一消息,所述第一消息用于请求从所述应用程序获取服务;Receiving a first message from a first sub-application of the application, where the first message is used to request to obtain a service from the application;
    根据所述第一消息指示的服务,确定调用所述第一消息指示的服务需要的第一子权限;所述第一子权限为调用所述应用程序的服务权限中预设的子权限;Determine, according to the service indicated by the first message, the first sub-authority required for invoking the service indicated by the first message; the first sub-authority is a preset sub-authority in the service permission for invoking the application;
    若所述第一子应用程序满足预设条件,则根据所述第一子权限,获取第一令牌;所述第一令牌为在所述第一子权限内调用所述服务权限的令牌;所述第一子权限与所述第一令牌唯一对应;If the first sub-application meets a preset condition, a first token is obtained according to the first sub-authority; the first token is a command to invoke the service authority within the first sub-authority Card; the first sub-authority uniquely corresponds to the first token;
    根据所述第一令牌,在所述第一子权限内,通过所述应用程序调用所述第一消息指示的服务,并将所述第一令牌设置为锁定状态。According to the first token, within the first sub-authority, call the service indicated by the first message through the application program, and set the first token to a locked state.
  2. 如权利要求1所述的方法,其特征在于,所述预设条件为所述第一子应用程序为所述应用程序的白名单中的子应用程序,所述应用程序的白名单用于指示已授权能够调用所述应用程序的服务的子应用程序。The method of claim 1, wherein the preset condition is that the first sub-application is a sub-application in a white list of the application, and the white list of the application is used to indicate A sub-application that is authorized to be able to call the service of the application.
  3. 如权利要求1或2所述的方法,其特征在于,所述第一令牌在获取后的预设时长内有效,所述方法还包括:The method according to claim 1 or 2, wherein the first token is valid for a preset period of time after acquisition, and the method further comprises:
    若在所述通过所述应用程序调用所述第一消息指示的服务的过程中所述第一令牌失效,则中断所述第一消息指示的服务;If the first token becomes invalid during the process of invoking the service indicated by the first message through the application program, interrupt the service indicated by the first message;
    更新所述第一令牌,并将所述第一令牌更新后的令牌作为第二令牌;Updating the first token, and using the updated token of the first token as the second token;
    根据所述第二令牌,通过所述应用程序重新调用所述第一消息指示的服务。According to the second token, the service indicated by the first message is re-invoked through the application.
  4. 如权利要求1或2所述的方法,其特征在于,所述方法还包括:The method according to claim 1 or 2, wherein the method further comprises:
    若所述第一子应用程序不满足所述预设条件,则丢弃所述第一消息,并发送告警信息。If the first sub-application does not meet the preset condition, discard the first message and send alarm information.
  5. 如权利要求1或2所述的方法,其特征在于,所述将所述第一令牌设 置为锁定状态之后,还包括:The method according to claim 1 or 2, wherein after setting the first token to the locked state, the method further comprises:
    若确定所述应用程序完成了对所述第一消息指示的服务的调用,则通过所述应用程序,解除所述第一令牌的锁定状态。If it is determined that the application program has completed invoking the service indicated by the first message, the application program is used to release the locked state of the first token.
  6. 一种应用程序服务的管理装置,其特征在于,包括:An application service management device, characterized in that it comprises:
    接收模块,用于接收来自应用程序的第一子应用程序的第一消息,所述第一消息用于请求从所述应用程序获取服务;A receiving module, configured to receive a first message from a first sub-application of the application, the first message being used to request to obtain a service from the application;
    处理模块,用于根据所述第一消息指示的服务,确定调用所述第一消息指示的服务需要的第一子权限;所述第一子权限为调用所述应用程序的服务权限中预设的子权限;若所述第一子应用程序满足预设条件,则根据所述第一子权限,获取第一令牌;所述第一令牌为在所述第一子权限内调用所述服务权限的令牌;所述第一子权限与所述第一令牌唯一对应;根据所述第一令牌,在所述第一子权限内,通过所述应用程序调用所述第一消息指示的服务,并将所述第一令牌设置为锁定状态。The processing module is configured to determine, according to the service indicated by the first message, the first sub-authority required to invoke the service indicated by the first message; the first sub-authority is preset in the service authority for invoking the application If the first sub-application meets a preset condition, obtain a first token according to the first sub-authority; the first token is to call the first sub-authority within the The token of the service authority; the first sub-authority uniquely corresponds to the first token; according to the first token, within the first sub-authority, the first message is called by the application Indicates the service and sets the first token to the locked state.
  7. 如权利要求6所述的装置,其特征在于,所述预设条件为所述第一子应用程序为所述应用程序的白名单中的子应用程序,所述应用程序的白名单用于指示已授权能够调用所述应用程序的服务的子应用程序。The device according to claim 6, wherein the preset condition is that the first sub-application is a sub-application in a white list of the application, and the white list of the application is used to indicate A sub-application that is authorized to be able to call the service of the application.
  8. 如权利要求6或7所述的装置,其特征在于,所述第一令牌在获取后的预设时长内有效,所述处理模块还用于:The device according to claim 6 or 7, wherein the first token is valid for a preset period of time after acquisition, and the processing module is further configured to:
    若在所述通过所述应用程序调用所述第一消息指示的服务的过程中所述第一令牌失效,则中断所述第一消息指示的服务;If the first token becomes invalid during the process of invoking the service indicated by the first message through the application program, interrupt the service indicated by the first message;
    更新所述第一令牌,并将所述第一令牌更新后的令牌作为第二令牌;Updating the first token, and using the updated token of the first token as the second token;
    根据所述第二令牌,通过所述应用程序重新调用所述第一消息指示的服务。According to the second token, the service indicated by the first message is re-invoked through the application.
  9. 一种计算机设备,其特征在于,包括程序或指令,当所述程序或指令被执行时,如权利要求1至5中任意一项所述的方法被执行。A computer device characterized by comprising a program or an instruction, and when the program or an instruction is executed, the method according to any one of claims 1 to 5 is executed.
  10. 一种存储介质,其特征在于,包括程序或指令,当所述程序或指令被执行时,如权利要求1至5中任意一项所述的方法被执行。A storage medium, characterized by comprising a program or instruction, and when the program or instruction is executed, the method according to any one of claims 1 to 5 is executed.
PCT/CN2020/090687 2019-06-11 2020-05-15 Method and apparatus for managing application program service WO2020248768A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910499812.8 2019-06-11
CN201910499812.8A CN110289965B (en) 2019-06-11 2019-06-11 Application program service management method and device

Publications (1)

Publication Number Publication Date
WO2020248768A1 true WO2020248768A1 (en) 2020-12-17

Family

ID=68003707

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/090687 WO2020248768A1 (en) 2019-06-11 2020-05-15 Method and apparatus for managing application program service

Country Status (2)

Country Link
CN (1) CN110289965B (en)
WO (1) WO2020248768A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110289965B (en) * 2019-06-11 2023-06-09 深圳前海微众银行股份有限公司 Application program service management method and device
CN111859418A (en) * 2020-06-24 2020-10-30 华为技术有限公司 Atomic capability calling method and terminal equipment
CN112698929A (en) * 2020-12-14 2021-04-23 联想(北京)有限公司 Information acquisition method and device
TWI803836B (en) * 2021-03-05 2023-06-01 玉山商業銀行股份有限公司 Mobile device monitoring system and method
CN113468605B (en) * 2021-09-02 2021-11-30 江苏荣泽信息科技股份有限公司 File offline storage system based on block chain

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105488208A (en) * 2015-12-11 2016-04-13 北京奇虎科技有限公司 Data search method and device
CN106534356A (en) * 2016-12-12 2017-03-22 腾讯科技(深圳)有限公司 Method and apparatus for processing template data, requesting template data and displaying template data
CN107277082A (en) * 2016-04-06 2017-10-20 泰康之家(北京)投资有限公司 A kind of method and device for obtaining application service
CN107450991A (en) * 2017-07-24 2017-12-08 无锡江南计算技术研究所 A kind of efficiently distributed global lock coordination approach
US20180052718A1 (en) * 2016-08-22 2018-02-22 Amplidata N.V. Non-Process Identifier Based Service Manager
CN110289965A (en) * 2019-06-11 2019-09-27 深圳前海微众银行股份有限公司 A kind of management method and device of application program service

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5634122A (en) * 1994-12-30 1997-05-27 International Business Machines Corporation System and method for multi-level token management for distributed file systems
US8639940B2 (en) * 2007-02-28 2014-01-28 Red Hat, Inc. Methods and systems for assigning roles on a token
CN106331575A (en) * 2015-06-23 2017-01-11 中兴通讯股份有限公司 Realization method, device and system for mixing double flow in video conference
US20180083971A1 (en) * 2016-09-21 2018-03-22 Telefonaktiebolaget Lm Ericsson (Publ) Authorization with container application issued token

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105488208A (en) * 2015-12-11 2016-04-13 北京奇虎科技有限公司 Data search method and device
CN107277082A (en) * 2016-04-06 2017-10-20 泰康之家(北京)投资有限公司 A kind of method and device for obtaining application service
US20180052718A1 (en) * 2016-08-22 2018-02-22 Amplidata N.V. Non-Process Identifier Based Service Manager
CN106534356A (en) * 2016-12-12 2017-03-22 腾讯科技(深圳)有限公司 Method and apparatus for processing template data, requesting template data and displaying template data
CN107450991A (en) * 2017-07-24 2017-12-08 无锡江南计算技术研究所 A kind of efficiently distributed global lock coordination approach
CN110289965A (en) * 2019-06-11 2019-09-27 深圳前海微众银行股份有限公司 A kind of management method and device of application program service

Also Published As

Publication number Publication date
CN110289965A (en) 2019-09-27
CN110289965B (en) 2023-06-09

Similar Documents

Publication Publication Date Title
WO2020248768A1 (en) Method and apparatus for managing application program service
US9864868B2 (en) Method and apparatus for process enforced configuration management
CA3026781C (en) A method for tee access control and a mobile terminal for implementing the method
CN111552936B (en) Cross-system access right control method and system based on scheduling mechanism level
US20060294103A1 (en) Security and authorization in management agents
CN105187372A (en) Method for data processing based on mobile application entrance, device and system
CN111061685B (en) Log query method and device, node equipment and storage medium
US8365261B2 (en) Implementing organization-specific policy during establishment of an autonomous connection between computer resources
CN111526111B (en) Control method, device and equipment for logging in light application and computer storage medium
CN104135378A (en) Method of management control of Internet of Things gateways and management control entity for Internet of Things gateways
CN104639650A (en) Fine granularity distributive interface access control method and device
CN110430180A (en) A kind of platform of internet of things and implementation method based on hot plug
CN105376198A (en) Access control method and device
CN113765701A (en) Gateway control method based on permanent memory cache
CN109614822A (en) A kind of Information Resource Access method, apparatus and system based on block chain
US10333939B2 (en) System and method for authentication
CN111147496B (en) Data processing method and device
CN117149884A (en) Data processing transaction method
CN111475802B (en) Authority control method and device
CN113691539A (en) Enterprise internal unified function authority management method and system
CN116305218B (en) Data link tracking and data updating method, device and data management system
CN112016115B (en) Event subscription system based on block chain
WO2023173796A1 (en) Communication management method, apparatus and system
CN117353975B (en) Multi-terminal security unified login authorization system and method based on enterprise WeChat
CN117932633A (en) Sensitive data encryption method based on ODPS offline data bins

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20823389

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20823389

Country of ref document: EP

Kind code of ref document: A1

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 16.03.2022)

122 Ep: pct application non-entry in european phase

Ref document number: 20823389

Country of ref document: EP

Kind code of ref document: A1