WO2021035708A1 - Method and apparatus for accessing collection resources, device and storage medium - Google Patents

Method and apparatus for accessing collection resources, device and storage medium Download PDF

Info

Publication number
WO2021035708A1
WO2021035708A1 PCT/CN2019/103782 CN2019103782W WO2021035708A1 WO 2021035708 A1 WO2021035708 A1 WO 2021035708A1 CN 2019103782 W CN2019103782 W CN 2019103782W WO 2021035708 A1 WO2021035708 A1 WO 2021035708A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
resource
request
link resource
terminal
Prior art date
Application number
PCT/CN2019/103782
Other languages
French (fr)
Chinese (zh)
Inventor
吕小强
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Priority to PCT/CN2019/103782 priority Critical patent/WO2021035708A1/en
Priority to CN201980093841.2A priority patent/CN113615140B/en
Publication of WO2021035708A1 publication Critical patent/WO2021035708A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor

Definitions

  • the embodiments of the present application relate to the technical field of the Internet of Things, and particularly relate to a method, device, device, and storage medium for accessing collective resources.
  • IoT device management methods based on REST Representational State Transfer
  • REST Representational State Transfer
  • things such as devices
  • CURDN including create (create), update (modify/update), retrieve (acquire), delete) Delete
  • notification notification
  • a collection resource named collection is defined.
  • the collective resource may include one or more linked resources (linked resources).
  • the linked resources included can include collective resources and/or non-collective resources.
  • a method for accessing collection resources through batch (batch processing) is defined.
  • the terminal sends a first collection resource access request to the first device, where the first collection resource access request is used to request access to the first collection resource saved by the first device. Assume that the first set of resources includes the first link resource. After receiving the first collection resource access request, the first device verifies whether the terminal has the right to access the first collection resource.
  • the first device decomposes the first collection resource access request , Generating a first link resource access request, where the first link resource access request is used to request access to the first link resource. Then, the first device sends the first link resource access request to the second device, and the second device stores the first link resource. After receiving the first link resource access request, the second device verifies whether the first device has permission to access the first link resource. If the first device has the permission to access the first link resource, the second device executes the first link resource Access the request, and feed back the corresponding execution result to the first device, and then the first device sends the execution result to the terminal.
  • the second device verifies the access authority of the first device to the first link resource before executing the first link resource access request, instead of the terminal's access authority to the first link resource, it saves the first link resource.
  • the first device of a collection of resources must have the right to access the link resources (including the above-mentioned first link resources) in the first collection of resources.
  • the terminal does not mean that the terminal must have the authority to access the first link resource, and therefore there are security loopholes.
  • the embodiments of the present application provide a method, device, device, and storage medium for accessing collective resources, which can be used to solve the above technical problems.
  • the technical solution is as follows:
  • an embodiment of the present application provides a method for accessing a collective resource, which is applied to a first device, and the method includes:
  • a first link resource access request is sent to a second device, where the second device stores the first link resource included in the first set of resources, and the first link resource access request is the request from the first device to the Request for access to the first link resource;
  • an embodiment of the present application provides a method for accessing a collective resource, which is applied to a second device, and the method includes:
  • first link resource access request sent by a first device, where the first link resource access request is a request by the first device to access a first link resource in a first set of resources, wherein the first link
  • the resource access request is generated by the first device after receiving the first collection resource access request sent by the terminal, and the first collection resource access request is the first collection saved by the terminal to the first device
  • a request for access to a resource, the first link resource is stored in the second device
  • an embodiment of the present application provides a method for accessing collective resources, which is applied to a terminal, and the method includes:
  • the result is sent to the terminal when it is determined that the terminal has the right to access the first link resource.
  • an embodiment of the present application provides an apparatus for accessing a collective resource, which is applied to a first device, and the apparatus includes:
  • a request receiving module configured to receive a first collection resource access request sent by a terminal, where the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device;
  • the request sending module is configured to send a first link resource access request to a second device, where the second device stores the first link resource included in the first set of resources, and the first link resource access request is the A request for the first device to access the first link resource;
  • a result receiving module configured to receive the access result of the first link resource sent by the second device
  • the response sending module is configured to send a first collection resource access response to the terminal, where the first collection resource access response includes the access result of the first link resource, wherein the access result of the first link resource is In a case where it is determined that the terminal has the authority to access the first link resource, it is generated after the second device executes the first link resource access request.
  • an embodiment of the present application provides a device for accessing a collective resource, which is applied to a second device, and the device includes:
  • the request receiving module is configured to receive a first link resource access request sent by a first device, where the first link resource access request is a request by the first device to access the first link resource in the first set of resources, where The first link resource access request is generated by the first device after receiving the first collection resource access request sent by the terminal, and the first collection resource access request is stored by the terminal on the first device Request for access to the first set of resources, the first link resource is stored in the second device;
  • the result sending module is configured to send the access result of the first link resource to the first device, where the access result of the first link resource is used when it is determined that the terminal has the right to access the first link resource In this case, send to the terminal.
  • an embodiment of the present application provides a device for accessing a collection of resources, which is applied to a terminal, and the device includes:
  • a request sending module configured to send a first collection resource access request to a first device, where the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device;
  • the response receiving module is configured to receive a first collection resource access response sent by the first device, where the first collection resource access response includes an access result of a first link resource in the first collection resource, wherein the The access result of the first link resource is sent to the terminal when it is determined that the terminal has the authority to access the first link resource.
  • an embodiment of the present application provides a network device, the network device includes a processor and a memory, the memory stores a computer program, and the computer program is used to be executed by the processor to implement the foregoing A method for accessing a collection of resources on the side of a device or a second device.
  • an embodiment of the present application provides a terminal, the terminal includes a processor and a memory, the memory stores a computer program, and the computer program is used to be executed by the processor to implement the foregoing terminal side The access method of the collection resource.
  • an embodiment of the present application provides a computer-readable storage medium in which a computer program is stored, and the computer program is used to be executed by a processor to implement the collective resource described in any of the above aspects. Access method.
  • Figure 1 is a flow chart of a method for accessing collective resources provided by related technologies
  • Figure 2 is a schematic diagram of an implementation environment provided by an embodiment of the present application.
  • Fig. 3 is a flowchart of a method for accessing a collective resource provided by an embodiment of the present application
  • FIG. 4 is a flowchart of a method for accessing collective resources provided by another embodiment of the present application.
  • Fig. 5 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application.
  • Fig. 6 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application.
  • FIG. 7 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application.
  • Fig. 8 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application.
  • Fig. 9 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application.
  • Fig. 10 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application.
  • Fig. 11 is a block diagram of a device for accessing a collective resource provided by an embodiment of the present application.
  • FIG. 12 is a block diagram of a device for accessing collective resources provided by another embodiment of the present application.
  • Fig. 13 is a block diagram of a device for accessing a collective resource provided by another embodiment of the present application.
  • FIG. 14 is a schematic structural diagram of a network device provided by an embodiment of the present application.
  • FIG. 15 is a schematic structural diagram of a terminal provided by an embodiment of the present application.
  • a collective resource may include one or more linked resources, and the linked resource may be a collective resource or a non-collective resource.
  • the link resource in the collective resource is only a link, and the link points to the real address of the link resource in the network.
  • the link resource may be on the same physical device as the collection resource, or it may not be on the same physical device.
  • resource type referred to as "rt”
  • if interface
  • the rt attribute is used to indicate the type of the resource.
  • a resource type is defined in an IoT technology system, and then different fields, different devices, and different resources can instantiate the resource type.
  • the if attribute is used to indicate how the resource can be accessed, for example, through different interfaces such as read (read), readwrite (read and write), linklist (link operation), and batch (batch processing).
  • the function of the batch interface is to recurse to each link resource included in a collection resource to obtain the attribute value of the resource.
  • the house resource includes two link resources, namely the door resource and the light resource.
  • device A saves the house resource
  • device B saves the door resource
  • C If the light resource is stored in the device, the terminal can obtain the status of the door resource and the light resource, or modify the status of the door resource and the light resource by sending a collection resource access request with a batch interface to the A device.
  • the implementation process is: when the A device (denoted as “hostdevice”) receives the above-mentioned collective resource access request with the batch interface, it will decompose the collective resource access request to generate the first link resource access request and the second link resource access request , Where the first link resource access request is used to request access to the door resource, and the second link resource access request is used to request access to the light resource; after that, hostdevice sends the first link to the B device (denoted as "linkdevice1") For the resource access request, linkdevice1 processes the first link resource access request accordingly; hostdevice also sends a second link resource access request to the C device (denoted as "linkdevice2”), and linkdevice2 processes the second link resource access request accordingly.
  • the terminal can obtain the status information of all the link resources in the collective resource at one time.
  • the purpose of the batch interface is to access all the link resources in the collection resource at one time. If there is no batch interface, the terminal needs to first obtain the address of the link resource in the collection resource (ie, the "link" described above), and then obtain the address of the link resource, and then send the access to the device based on the address to the device used to save the link resource. Link resource request.
  • the batch interface fully simplifies the process of accessing the link resource in the collection resource, and omits the step of obtaining the address of the link resource.
  • the process of accessing the collection resource through the batch interface is introduced. As shown in Figure 1, the process can include the following steps (11-18):
  • Step 11 The terminal sends a first collection resource access request to the first device
  • the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device.
  • the client can send an update request with a batch interface to the hostdevice.
  • the collection resource access request indicates that the collection resource is accessed through the batch interface, that is, the collection resource access request includes a batch interface
  • the collection resource access request can be called a batch request.
  • Step 12 The first device verifies whether the terminal has permission to access the first set of resources
  • hostdevice After hostdevice receives the above update request, it verifies whether the client has permission to access house resources.
  • Step 13 If the terminal has the authority to access the first collection of resources, the first device decomposes the first collection of resource access requests to generate a first link resource access request;
  • the first link resource access request is a request used by the first device to access the first link resource included in the first set of resources.
  • the default interface can be any of different interfaces such as read interface, readwrite interface, linklist interface, batch interface, etc. .
  • the hostdevice decomposes the above update request, and generates an access request corresponding to the door resource and an access request corresponding to the light resource.
  • the first device sends an error response to the terminal.
  • Step 14 The first device sends a first link resource access request to a second device, and the second device stores the first link resource;
  • the hostdevice sends the above-mentioned access request corresponding to the door resource to linkdevice1; the first device also sends the above-mentioned access request corresponding to the light resource to linkdevice2.
  • Step 15 The second device verifies whether the first device has permission to access the first link resource
  • linkdevice1 After linkdevice1 receives the above-mentioned access request corresponding to the door resource, it will verify whether the hostdevice has the authority to access the door resource; linkdevice2 will verify whether the hostdevice has the authority to access the light resource after receiving the above-mentioned access request corresponding to the light resource.
  • Step 16 If the first device has the permission to access the first link resource, the second device executes the first link resource access request;
  • linkdevice1 when hostdevice has the permission to access the door resource, linkdevice1 will execute the above-mentioned access request corresponding to the door resource; when the hostdevice has the permission to access the light resource, linkdevice2 will execute the above-mentioned access request corresponding to the light resource.
  • the second device sends an error response to the first device.
  • Step 17 the second device sends the execution result corresponding to the first link resource access request to the first device
  • linkdevice1 executes the access request corresponding to the door resource, it sends the corresponding execution result to hostdevice; linkdevice2 sends the corresponding execution result to the hostdevice after executing the access request corresponding to the light resource.
  • Step 18 The first device sends an execution result corresponding to the first set of resource access requests to the terminal.
  • hostdevice After receiving the execution results fed back by linkdevice1 and linkdevice2, hostdevice sends the execution results to the client.
  • linkdevice checks the hostdevice's access rights to the link resources, not the client's access rights to the link resources. What needs to be explained here is that the hostdevice that saves the collection resource must have the authority to access the link resource in the collection resource.
  • the client directly accesses the link resource in the collection resource, it can go through the following process: Taking access to the door resource as an example, the client obtains the address of the door resource, and based on the address, sends an access request corresponding to the door resource to linkdevice1.
  • linkdevice1 will not execute the request and feedback an error response to the client.
  • the client accesses the door resource by batch requesting the house resource, and it may get different results from directly accessing the door resource.
  • the terminal after receiving the terminal's access request for the collective resource, the terminal will verify the access authority of the link resource included in the collective resource, thereby solving the above-mentioned problem and improving security.
  • FIG. 2 shows a schematic diagram of an implementation environment provided by an embodiment of the present application.
  • the implementation environment may include: a terminal 21, a first device 22, and a second device 23.
  • the implementation environment may be an Internet of Things system.
  • the terminal 21 may include various handheld devices (such as mobile phones, tablet computers, etc.) with wireless communication functions, in-vehicle devices, wearable devices, computing devices or other processing devices connected to wireless modems, as well as various forms of user equipment (User Equipment, UE), mobile station (Mobile Station, MS), terminal device (terminal device), etc.
  • UE User Equipment
  • MS Mobile Station
  • terminal device terminal device
  • the first device 22 may store a collective resource, and the collective resource includes a link of the link resource stored on the second device 23.
  • the specific implementation form of the first device 22 may also be different.
  • the first device 22 may be a router; for another example, in a cloud platform-based Internet of Things system, the first device 22 may be a server in the cloud.
  • the specific implementation form of the first device 22 is not limited, and any device that stores collective resources can be used as the first device 22.
  • Link resources may be stored in the second device 23.
  • a collection resource can include one or more link resources, and the link resource can be a collection resource or a non-collection resource.
  • the second device 23 may be an access device in the Internet of Things system.
  • the second device 23 may be a terminal device, a smart home device, or other devices with network access capabilities, which is not limited in the embodiment of the present application.
  • the terminal 21 may communicate with the first device 22 through a wireless or wired network, and the first device 22 may communicate with the second device 23 through a wireless or wired network.
  • the number of the second device 23 may be one or more.
  • the link resource may be on the same physical device as the collective resource, or it may not be on the same physical device. That is, the above-mentioned first device 22 and second device 23 may be the same physical device, or may be two different physical devices. However, regardless of whether the first device 22 and the second device 23 are the same physical device or two different physical devices, the following method procedures provided in the embodiments of the present application are applicable.
  • the terminal 21 may be a mobile phone used by the user
  • the first device 22 may be a router
  • the second device 23 may be a smart TV, a smart speaker, a smart air conditioner, a smart light, or a smart door and window. , Smart curtains, smart sockets and other smart home appliances.
  • the terminal 21 may be installed and running with a client (client), which can initiate a collection resource access request to the first device 22, such as a batch request for the collection resource, to access each link resource contained in the collection resource, such as Perform operations such as create (create), update (modify/update), retrieve (acquire), delete (delete), notification (notification), etc.
  • client client
  • clients can initiate a collection resource access request to the first device 22, such as a batch request for the collection resource, to access each link resource contained in the collection resource, such as Perform operations such as create (create), update (modify/update), retrieve (acquire), delete (delete), notification (notification), etc.
  • clients can initiate a collection resource access request to the first device 22, such as a batch request for the collection resource, to access each link resource contained in the collection resource, such as Perform operations such as create (create), update (modify/update), retrieve (acquire), delete (delete), notification (notification), etc.
  • operations such as create (create),
  • FIG. 3 shows a flowchart of a method for accessing a collective resource provided by another embodiment of the present application.
  • the method can be applied to the implementation environment shown in FIG. 2.
  • the method can include the following steps (301-304):
  • Step 301 The terminal sends a first collection resource access request to the first device.
  • the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device.
  • the first collection resource access request is a batch request, that is, the first collection resource access request has a batch interface for requesting access to all link resources in the first collection resource through the batch interface, such as obtaining the first collection of resources.
  • the state of all the link resources in a set of resources, or the state of all the link resources in the first set of resources is modified.
  • the first collection resource may include one or more link resources, and the link resource may be a collection resource or a non-collection resource.
  • the first collection resource includes two link resources, and these two link resources are all non-collection resources.
  • the first collection resource includes two link resources, one of the link resources is a collection resource, and the other link resource is a non-collection resource.
  • the first collection resource includes two link resources, and these two link resources are all collection resources.
  • collective resources refer to resources that include at least one link resource
  • non-collective resources refer to resources that no longer include link resources
  • the first set of resource access requests include operation mode information, resource name information, and interface attribute information.
  • the operation mode information included in the first collection resource access request is used to indicate the operation mode of the first collection resource, such as create (create), update (modify/update), retrieve (acquire), delete (delete), Any of notifications.
  • the resource name information included in the first collection resource access request is the name of the first collection resource.
  • the interface attribute information included in the first collection resource access request is used to indicate the interface used to access the first collection resource, such as read (read), readwrite (read and write), linklist (link operation) and batch (batch processing) ).
  • the aforementioned batch processing interface may also be referred to as a collective operation interface.
  • Step 302 The first device sends a first link resource access request to the second device.
  • the first device may decompose the first collection resource access request to generate at least one link resource access request.
  • each link resource access request corresponds to a link resource in the first set of resources, and is used to request access to this link resource.
  • the first link resource may be any link resource in the first collection resource.
  • the first link resource may be a collective resource or a non-collective resource.
  • the second device stores the first link resource included in the first set of resources.
  • the first device decomposes the first set of resource access requests to generate a first link resource access request, where the first link resource access request is a request for the first device to access the first link resource.
  • the first link resource access request includes operation mode information, resource name information, and interface attribute information.
  • the operation mode information included in the first link resource access request is used to indicate the operation mode of the first link resource, such as create (create), update (modify/update), retrieve (acquire), delete (delete), Any of notifications.
  • the operation mode information included in the first link resource access request is the same as the operation mode information included in the first collection resource access request.
  • the resource name information included in the first link resource access request is the name of the first link resource.
  • the interface attribute information included in the first link resource access request is used to indicate the interface used to access the first link resource, such as read (read), readwrite (read and write), linklist (link operation), and batch (batch processing). ).
  • the indicated interface is the default interface of the first link resource.
  • the interface indicated by the interface attribute information included in the first link resource access request is the read interface; for another example, if the default interface of the first link resource is the readwrite interface, Then the interface indicated by the interface attribute information included in the first link resource access request is the readwrite interface; for another example, if the default interface of the first link resource is the batch interface, the interface attribute information included in the first link resource access request is The indicated interface is a batch interface.
  • the first device stores the address corresponding to each link resource included in the first set of resources. Taking the first link resource as an example, the address of the first link resource points to the device that saves the first link resource (that is, " The second device"). The first device sends the first link resource access request to the second device according to the address of the first link resource.
  • the first set of resources may include one or more link resources, and for each link resource, the same way can be used to generate a corresponding link resource access request.
  • the first link resource is mainly taken as an example for introduction and description.
  • Step 303 The second device sends the access result of the first link resource to the first device.
  • the access result of the first link resource is that the second device executes the first link resource when it is determined that the terminal has the right to access the first link resource. Generated after link resource access request.
  • the second device After receiving the first link resource access request, the second device will detect whether the first device has the permission to access the first link resource. For example, the second device may store the identification of each device that is authorized to access the first link resource and/or the identification of each device that is not authorized to access the first link resource, and the second device may store the above-mentioned information based on the stored information and the device identification of the first device. , Perform permission verification on the first device.
  • the terminal's permission to access the first link resource is also verified.
  • the verification process may be performed by the second device or the first device. For these two methods, they will be separately introduced and explained in the following embodiments.
  • the second device will execute the first link resource access request and generate the access result of the first link resource. Then, the second device sends the access result of the first link resource to the first device, and the first device sends the access result of the first link resource to the terminal.
  • the second device will not execute the first link resource access request.
  • the first link resource can be a non-collective resource or a collective resource
  • the second device executes the first link resource access request, which may include obtaining the first link resource And/or modify the status of the first link resource; if the first link resource is a collective resource, the second device needs to further decompose the request.
  • the first link resource access request may include obtaining the first link resource And/or modify the status of the first link resource; if the first link resource is a collective resource, the second device needs to further decompose the request.
  • Step 304 The first device sends a first collection resource access response to the terminal, where the first collection resource access response includes the access result of the first link resource.
  • the access response to the first collection resource may also include access results of other link resources.
  • the second device may simultaneously send the access results of multiple link resources in the first set of resources to the terminal, or may also send to the terminal separately, which is not limited in the embodiment of the present application.
  • the embodiment of the present application provides two different implementation solutions to verify the terminal's access authority to the connection resource included in the collective resource.
  • the second device that is, the device storing the link resource
  • the first device that is, the device storing the collective resource
  • the second possible implementation solution verifies the terminal.
  • the first possible implementation scheme is mainly introduced; in the following embodiments shown in Figs. 6 to 8, the second possible implementation scheme is mainly introduced.
  • FIG. 4 shows a flowchart of a method for accessing a collective resource provided by an embodiment of the present application, and the method can be applied to the implementation environment shown in FIG. 2.
  • the method can include the following steps (401-405):
  • Step 401 The first device receives the first collection resource access request sent by the terminal.
  • the first collection resource access request is used to request access to the first collection resource saved by the first device.
  • the first collection resource access request is a batch request, that is, the first collection resource access request has a batch interface for requesting access to all link resources in the first collection resource through the batch interface, such as obtaining the first collection of resources.
  • the state of all the link resources in a set of resources, or the state of all the link resources in the first set of resources is modified.
  • the first collection resource may include one or more link resources, and the link resource may be a collection resource or a non-collection resource.
  • Step 402 The first device decomposes the first set of resource access requests, and generates a first link resource access request.
  • the first link resource access request includes the device identifier of the terminal.
  • the first device may first detect whether the terminal has the right to access the first set of resources. For example, the first device may query a rights configuration table, the rights configuration table including a first collection of resources, and permission information corresponding to the first collection of resources, and the permission information can include the identification of each device that has access to the first collection of resources. If the authority information corresponding to the first set of resources includes the device identifier of the above-mentioned terminal, it is determined that the terminal has the authority to access the first set of resources.
  • the first device decomposes the first collection of resource access requests, and generates at least one link resource access request.
  • each link resource access request corresponds to a link resource in the first set of resources, and is used to request access to this link resource.
  • the first link resource access request is used to request access to the first link resource included in the first set of resources.
  • the first link resource may be any link resource in the first set of resources.
  • the first link resource may be a collective resource or a non-collective resource.
  • the first link resource access request also includes the device identification of the terminal.
  • the device identifier of the terminal is the unique identifier of the terminal, and is used to uniquely identify the terminal.
  • the request source attribute information is added to the first link resource access request, and the request source attribute information is used to indicate the device identifier of the source device (that is, the aforementioned terminal) of the first link resource access request.
  • the request source attribute information may be represented by the batchfrom attribute, and the value corresponding to the batchfrom attribute is the device identification of the terminal.
  • the first link resource access request further includes a request identifier, and the request identifier is used to indicate that the first link resource access request is a decomposition request of the batch request.
  • a batch request refers to a collective resource access request carrying a batch interface
  • a decomposition request refers to a request generated based on the link resources included in the collective resource included in the batch request.
  • the request identifier may be represented by the batchflag attribute, and the value corresponding to the batchflag attribute indicates whether the current request is a decomposition request of the batch request.
  • the value corresponding to the batchflag attribute is 1; if the current request is not a decomposition request of a batch request, the value corresponding to the batchflag attribute is 0.
  • the first set of resources may include one or more link resources, and for each link resource, the same way can be used to generate a corresponding link resource access request.
  • the first link resource is mainly taken as an example for introduction and description.
  • Step 403 The first device sends a first link resource access request to the second device.
  • the first link resource is stored in the second device.
  • Step 404 The second device detects whether the terminal has the authority to access the first link resource.
  • the second device After receiving the first link resource access request, the second device needs to detect whether the first device has the authority to access the first link resource on the one hand, and on the other hand, it also needs to detect whether the terminal has the authority to access the first link resource.
  • the second device may store the identification of each device that is authorized to access the first link resource and/or the identification of each device that is not authorized to access the first link resource, and the second device may store the above-mentioned information based on the stored information and the device identification of the first device. , The device identification of the terminal, to verify the authority of the first device and the terminal respectively.
  • the second device reads the request identifier in the first link resource access request, and if the request identifier is used to indicate that the first link resource access request is a batch request If the decomposition request is made, the second device executes the above step 404. Otherwise, if the request identifier is used to indicate that the first link resource access request is not a decomposition request of the batch request, the second device may not perform authorization verification on the terminal or execute other pre-configured processing logic, which is not limited in this embodiment of the application.
  • Step 405 If the terminal has the authority to access the first link resource, the second device executes the first link resource access request.
  • the second device executes the first link resource access request to obtain the access result of the first link resource, and then sends the access result of the first link resource To the first device, the first device sends the access result of the first link resource to the terminal.
  • the second device sends an error response to the first device, and the first device sends the error response to the terminal.
  • the error response is used to indicate that the access to the first link resource fails.
  • the first link resource can be a non-collective resource or a collective resource
  • the second device executes the first link resource access request, which may include obtaining the first link resource And/or modify the status of the first link resource; if the first link resource is a collective resource, the second device needs to further decompose the request.
  • the first link resource access request may include obtaining the first link resource And/or modify the status of the first link resource; if the first link resource is a collective resource, the second device needs to further decompose the request.
  • the following steps can be used to implement the authorization verification of the terminal by the device for saving the link resource:
  • Step 51 The terminal sends a first collection resource access request to the first device
  • the client sends a batch request for requesting to update the collection resource mycollection1 to the hostdevice
  • the interface attribute information included in the request is used to indicate that the interface used to access the collection resource mycollection1 is the batch interface
  • the request includes
  • the operation mode information of is used to indicate that the operation mode of the collection resource mycollection1 is update (modification/update).
  • Step 52 The first device detects whether the terminal has the authority to access the first set of resources
  • Hostdevice detects whether the client has the permission to access the collection resource mycollection1.
  • Step 53 If the terminal has the authority to access the first collection of resources, the first device decomposes the first collection of resource access requests to generate a first link resource access request, and the first link resource access request includes the device identification of the terminal;
  • the hostdevice decomposes the batch request and generates the first link resource access request.
  • the interface indicated by the interface attribute information included in the first link resource access request is the default interface of the first link resource link1; the operation mode information included in the first link resource access request is used to indicate that the first link resource access request
  • the operation mode of the link resource link1 is update (modification/update); the value corresponding to the batchfrom attribute included in the first link resource access request is the device identifier corresponding to the client.
  • the first link resource access request further includes a batchflag attribute, and its corresponding value is 1, indicating that the current request is a decomposition request of the batch request.
  • Step 54 The first device sends the first link resource access request to the second device;
  • linkdevice1 stores the first link resource link
  • hostdevice sends the above-mentioned first link resource access request to linkdevice1.
  • Step 55 The second device detects whether the first device has the permission to access the first link resource
  • Linkdevice1 detects whether hostdevice has the permission to access the first link resource link1.
  • Step 56 If the first device has the authority to access the first link resource, the second device detects whether the terminal has the authority to access the first link resource;
  • linkdevice1 further detects whether the client has the permission to access the first link resource link1.
  • linkdevice1 reads the value corresponding to the batchflag attribute. If it is determined according to the value corresponding to the batchflag attribute that the current request is a decomposition request of the batch request, linkdevice1 further reads the value corresponding to the batchfrom attribute to obtain the device ID corresponding to the client, and then Based on this, it is detected whether the client has the permission to access the first link resource link1.
  • Step 57 If the terminal has the authority to access the first link resource, the second device executes the first link resource access request;
  • linkdevice1 executes the first link resource access request and obtains the corresponding execution result.
  • Step 58 the second device sends the execution result corresponding to the first link resource access request to the first device
  • Linkdevice1 sends the execution result corresponding to the first link resource access request to hostdevice.
  • Step 59 The first device sends an execution result corresponding to the first set of resource access requests to the terminal.
  • the Hostdevice sends the execution result corresponding to the first set of resource access requests to the client, including the execution result corresponding to the first link resource access request.
  • the device identification of the terminal is added to the link resource access request generated by decomposing the aggregate resource access request, so that the device storing the link resource receives the link resource access request After that, based on the device identification of the terminal, it can be detected whether the terminal has the authority to access the link resource, which realizes the verification of the terminal's access authority to the link resource, thereby overcoming the security loopholes in the related technology and improving the security.
  • the device that saves the link resource can determine the current request based on the request identifier. Whether it is the decomposition request of the batch request, and then determine whether to verify the authority of the terminal, which improves the standardization of the entire process and avoids performing unnecessary operations.
  • the verification of the terminal by the second device that is, the device that stores the link resource
  • the first device that is, the device that stores the collective resource
  • FIG. 6 shows a flowchart of a method for accessing a collective resource provided by another embodiment of the present application.
  • the method can be applied to the implementation environment shown in FIG. 2.
  • the method can include the following steps (601-605):
  • Step 601 The first device receives the first set of resource access request sent by the terminal.
  • the first collection resource access request is used to request access to the first collection resource saved by the first device.
  • the first collection resource access request is a batch request, that is, the first collection resource access request has a batch interface for requesting access to all link resources in the first collection resource through the batch interface, such as obtaining the first collection of resources.
  • the state of all the link resources in a set of resources, or the state of all the link resources in the first set of resources is modified.
  • the first collection resource may include one or more link resources, and the link resource may be a collection resource or a non-collection resource.
  • step 601 For other introduction and description of step 601, please refer to the introduction and description of step 301 in the embodiment of FIG. 3, which will not be repeated here.
  • Step 602 The first device obtains first permission information from the second device, where the first permission information is used to indicate the access permission of the terminal to the first link resource included in the first set of resources.
  • the first device may first detect whether the terminal has the right to access the first set of resources. In the case that the terminal has the authority to access the first set of resources, the first device obtains the first authority information to further verify the terminal's access authority to the first link resource.
  • the first link resource may be any link resource in the first set of resources.
  • the first link resource may be a collective resource or a non-collective resource.
  • the first authority information is used to indicate the operation authority that the terminal has and/or does not possess for the first link resource.
  • the first device can determine which operation permissions the terminal includes on the first link resource, for example, determine that the terminal’s operation permissions on the first link resource include create (create), update (modify/update) ), retrieve (acquisition), delete (delete), notification (notification) which types.
  • step 602 includes the following sub-steps:
  • the first device sends a first permission acquisition request to the second device, and the first permission acquisition request is a request for the first device to obtain the terminal's access permission to the first link resource;
  • the first link resource is stored in the second device. After receiving the first permission obtaining request, the second device obtains the terminal's access permission to the first link resource, and sends the first permission information to the first device.
  • the first device receives the first permission information sent by the second device.
  • step 602 includes the following sub-steps:
  • the first device sends a second permission acquisition request to the second device through the configuration device, and the second permission acquisition request is a request for the configuration device to obtain the terminal's access permission to the first link resource;
  • the configuration device is also called OBT device, which refers to the device running the OBT (On Boarding Tool) configuration tool, which is used to realize the configuration and management of each device in the Internet of Things system, such as the authority and authority of each device in the Internet of Things system. Subordination relationship, etc. for configuration management.
  • OBT device can obtain the resource access rights of any device it configures.
  • the configuration device receives the first permission acquisition request sent by the first device, it sends the second permission acquisition request to the second device, obtains the terminal's access permission to the first link resource from the second device, and then configures the device to transfer the A device sends first permission information.
  • the configuration device is used to request the first permission information from the second device, and then send the first permission information to the first device.
  • the first device receives the first permission information sent by the configuration device.
  • Step 603 If it is determined according to the first permission information that the terminal has the permission to access the first link resource, the first device decomposes the first collection resource access request, and generates the first link resource access request.
  • the first device After obtaining the first authority information, the first device determines whether the terminal has the authority to access the first link resource. Optionally, if the access authority to the first link resource refers to the authority to access the first link resource through the batch interface, then according to the first authority information, the first device determines that the terminal has the right to modify and obtain the first link resource In the case of permission, the first device can determine that the terminal has the permission to access the first link resource through the batch interface.
  • the first device decomposes the first collection resource access request and generates a first link resource access request.
  • the first link resource access request is used to request the access to the first link resource. access.
  • the first link resource access request does not have to carry the device identification and request identification of the terminal introduced in the embodiment of FIG. 4 .
  • the first device determines that the terminal does not have the authority to access the first link resource, the first device sends an error response to the terminal to inform the terminal that it has failed to access the first link resource.
  • the first link resource is mainly taken as an example for introduction and description.
  • the first set of resources may include one or more link resources.
  • For each link resource the same method may be used to verify the terminal's access authority to the link resource, and generate a corresponding link resource access request.
  • Step 604 The first device sends a first link resource access request to the second device.
  • Step 605 The second device executes the first link resource access request.
  • the second device After receiving the first link resource access request, the second device can detect whether the first device has the permission to access the first link resource. If it is confirmed that the first device has the permission to access the first link resource, the second device executes the first link resource. Link the resource access request, and then send the execution result to the first device, and the first device sends the execution result to the terminal.
  • the second device sends an error response to the first device.
  • the first link resource can be a non-collective resource or a collective resource
  • the second device executes the first link resource access request, which may include obtaining the first link resource And/or modify the status of the first link resource; if the first link resource is a collective resource, the second device needs to further decompose the request.
  • the first link resource access request may include obtaining the first link resource And/or modify the status of the first link resource; if the first link resource is a collective resource, the second device needs to further decompose the request.
  • Step 701 The terminal sends a first collection resource access request to the first device
  • the client sends a batch request for requesting to update the collection resource mycollection1 to the hostdevice
  • the interface attribute information included in the request is used to indicate that the interface used to access the collection resource mycollection1 is the batch interface
  • the request includes
  • the operation mode information of is used to indicate that the operation mode of the collection resource mycollection1 is update (modification/update).
  • Step 702 The first device detects whether the terminal has the authority to access the first set of resources
  • Hostdevice detects whether the client has the permission to access the collection resource mycollection1.
  • Step 703 If the terminal has the permission to access the first set of resources, the first device sends a permission acquisition request to the second device;
  • the second device stores the first link resource included in the first set of resources, and the permission acquisition request is used to request the terminal to acquire the access permission of the first link resource.
  • the hostdevice sends a permission acquisition request to the linkdevice1.
  • Step 704 The second device sends the first permission information to the first device.
  • Linkdevice1 After Linkdevice1 receives the above permission acquisition request, it acquires the client's access permission to the first link resource/link1, and then sends the first permission information to the hostdevice.
  • the first authority information is used to indicate the operation authority that the terminal has and/or does not possess for the first link resource link1.
  • the hostdevice can determine which operation permissions the client includes on the first link resource link1, for example, determine that the client’s operation permissions on the first link resource link1 include create (create), update (modify/update) ), retrieve (acquisition), delete (delete), notification (notification) which types.
  • Step 705 The first device detects whether the terminal has the permission to access the first link resource according to the first permission information.
  • Hostdevice Based on the received first permission information, Hostdevice detects whether the client has the permission to access the first link resource/link1 through the batch interface. Because the permissions related to the batch interface are update (modify/update) and retrieve (acquisition) permissions, so If the client has the update (modify/update) and retrieve (obtain) permissions for the first link resource/link1, it can be determined that the client has the permission to access the first link resource/link1 through the batch interface.
  • Step 706 If the terminal has the authority to access the first link resource, the first device decomposes the first collection resource access request, and generates the first link resource access request.
  • the hostdevice decomposes the batch request and generates the first link resource access request.
  • the interface indicated by the interface attribute information included in the first link resource access request is the default interface of the first link resource link1; the operation mode information included in the first link resource access request is used to indicate that the first link resource access request
  • the operation mode of the link resource link1 is update (modify/update).
  • Step 707 The first device sends a first link resource access request to the second device.
  • Hostdevice sends the above-mentioned first link resource access request to linkdevice1.
  • Step 708 The second device detects whether the first device has the permission to access the first link resource
  • Linkdevice1 detects whether hostdevice has the permission to access the first link resource link1.
  • Step 709 If the first device has the permission to access the first link resource, the second device executes the first link resource access request;
  • linkdevice1 executes the first link resource access request and obtains the corresponding execution result.
  • Step 710 The second device sends an execution result corresponding to the first link resource access request to the first device.
  • Linkdevice1 sends the execution result corresponding to the first link resource access request to hostdevice.
  • Step 711 The first device sends an execution result corresponding to the first set of resource access requests to the terminal.
  • the Hostdevice sends the execution result corresponding to the first set of resource access requests to the client, including the execution result corresponding to the first link resource access request.
  • Step 801 The terminal sends a first collection resource access request to the first device
  • Step 802 The first device detects whether the terminal has the authority to access the first set of resources
  • steps 801-802 are the same as the steps 701-702 in the embodiment of FIG. 7.
  • steps 701-702 in the embodiment of FIG. 7.
  • Step 803 If the terminal has the permission to access the first set of resources, the first device sends a permission acquisition request to the management device;
  • hostdevice sends a permission acquisition request to the OBT device.
  • Step 804 The management device forwards the permission acquisition request to the second device
  • the OBT device forwards the permission acquisition request to linkdevice1, and the first link resource link1 is stored in the linkdevice1.
  • Step 805 The second device sends the first permission information to the management device.
  • Linkdevice1 After Linkdevice1 receives the above permission acquisition request, it acquires the client's access permission to the first link resource/link1, and then sends the first permission information to the OBT device.
  • Step 806 The management device forwards the first permission information to the first device
  • the OBT device forwards the first permission information to the hostdevice.
  • Step 807 The first device detects whether the terminal has the permission to access the first link resource according to the first permission information
  • Step 808 If the terminal has the authority to access the first link resource, the first device decomposes the first set of resource access requests, and generates the first link resource access request.
  • Step 809 The first device sends the first link resource access request to the second device;
  • Step 810 The second device detects whether the first device has the permission to access the first link resource
  • Step 811 If the first device has the permission to access the first link resource, the second device executes the first link resource access request;
  • Step 812 The second device sends the execution result corresponding to the first link resource access request to the first device.
  • Step 813 The first device sends an execution result corresponding to the first set of resource access requests to the terminal.
  • steps 807-813 are the same as steps 705-711 in the embodiment of FIG. 7.
  • steps 705-711 in the embodiment of FIG. 7.
  • the device that saves the collection resource verifies the terminal's access authority to the link resource before decomposing the link resource access request generated by the collection resource access request, thereby overcoming the related problems.
  • the security loopholes in the technology have improved security.
  • the embodiment of the present application provides two ways to obtain the access authority of the terminal to the link resource, which improves the flexibility of the solution.
  • the device used to save the link resource verifies the authority of the terminal; in the embodiment of FIG. 10, the device used to save the collective resource verifies the authority of the terminal.
  • FIG. 9 shows a flowchart of a method for accessing a collective resource provided by another embodiment of the present application.
  • the method can be applied to the implementation environment shown in FIG. 2.
  • the method can include the following steps (901 ⁇ 906):
  • Step 901 The first device receives the first collection resource access request sent by the terminal.
  • Step 902 The first device decomposes the first set of resource access requests, and generates a first link resource access request.
  • the first link resource access request includes the device identifier of the terminal.
  • Step 903 The first device sends a first link resource access request to the second device.
  • Step 904 The second device detects whether the terminal has the authority to access the first link resource.
  • steps 901 to 904 are the same as the steps 401 to 404 in the embodiment of FIG. 4.
  • steps 401 to 404 in the embodiment of FIG. 4.
  • Step 905 If the terminal has the authority to access the first link resource, and the first link resource is a second collection resource, the second device decomposes the first link resource access request to generate a second link resource access request, and the second link resource
  • the access request includes the device identification of the terminal.
  • the second device decomposes the first link resource access request to generate a second link resource access request.
  • the second link resource access request is used to request access to the second link resource included in the second set of resources.
  • the second link resource access request includes the device identifier of the terminal, so that the third device storing the second link resource can perform authority verification on the terminal after receiving the second link resource access request.
  • the second link resource access request further includes the device identification of the first device, so that the third device storing the second link resource can also perform authorization verification on the first device after receiving the second link resource access request .
  • the second link resource access request further includes a request identifier, and the request identifier is used to indicate that the second link resource access request is a decomposition request of the batch request.
  • the second link resource can also be a collective resource or a non-collective resource.
  • the second set of resources may include one or more link resources, and for each link resource, the same method may be used to generate a corresponding link resource access request.
  • the second link resource is mainly taken as an example for introduction and description.
  • Step 906 The second device sends a second link resource access request to the third device.
  • the third device stores the second link resource. After receiving the second link resource access request, the third device detects whether the terminal has the authority to access the second link resource. In the case that the terminal has the authority to access the second link resource, the third device executes the second link resource access request.
  • the third device also detects whether the first device and the second device have permission to access the second link resource. In the case that the terminal, the first device, and the second device all have the authority to access the second link resource, the third device executes the second link resource access request.
  • FIG. 10 shows a flowchart of a method for accessing a collective resource provided by another embodiment of the present application.
  • the method can be applied to the implementation environment shown in FIG. 2.
  • the method can include the following steps (1001-1007):
  • Step 1001 The first device receives the first set of resource access request sent by the terminal.
  • Step 1002 The first device obtains first permission information, where the first permission information is used to indicate the access permission of the terminal to the first link resource included in the first set of resources.
  • Step 1003 If it is determined according to the first permission information that the terminal has the permission to access the first link resource, the first device decomposes the first collection resource access request, and generates the first link resource access request.
  • Step 1004 The first device sends a first link resource access request to the second device.
  • steps 1001-1004 are the same as steps 601-604 in the embodiment of FIG. 6.
  • steps 601-604 are the same as steps 601-604 in the embodiment of FIG. 6.
  • steps 1001-1004 are the same as steps 601-604 in the embodiment of FIG. 6.
  • Step 1005 If the first link resource is the second collection resource, the second device obtains second permission information, where the second permission information is used to indicate the terminal's access permission to the second link resource included in the second collection resource.
  • the second device obtains the second authority information to further access the terminal's access authority to the second link resource.
  • the second link resource may be any link resource in the second set of resources.
  • the second link resource may be a collective resource or a non-collective resource.
  • the first link resource access request sent by the first device to the second device may include the device identifier of the terminal, so that the second device can access the terminal Permission to verify.
  • Step 1006 If it is determined according to the second authority information that the terminal has the authority to access the second link resource, the second device decomposes the first link resource access request to generate a second link resource access request.
  • the second link resource access request is used to request access to the second link resource included in the second set of resources.
  • the second device determines that the terminal has the right to modify and obtain the second link resource In the case of permission, the second device can determine that the terminal has the permission to access the second link resource through the batch interface.
  • the second device also detects whether the first device has the authority to access the second link resource. In the case that both the terminal and the first device have the authority to access the second link resource, the second device decomposes the access to the first link resource. Request to generate a second link resource access request.
  • Step 1007 The second device sends a second link resource access request to the third device.
  • the third device stores the second link resource.
  • the technical solution of the present application is introduced and explained mainly from the perspective of interaction between the terminal, the first device, and the second device.
  • the above-mentioned steps related to the execution of the first device can be separately implemented as a method for accessing the collective resources on the first device side;
  • the aforementioned steps related to the execution of the second device can be separately implemented as the method for accessing collective resources on the second device side;
  • the steps executed by the terminal can be individually implemented as a method for accessing collective resources on the terminal side.
  • FIG. 11 shows a block diagram of an apparatus for accessing a collective resource provided by an embodiment of the present application.
  • the device has the function of realizing the above-mentioned method example on the first device side, and the function can be realized by hardware, or by hardware executing corresponding software.
  • the device may be the first device described above, or it may be set in the first device.
  • the apparatus 1100 may include: a request receiving module 1110, a request sending module 1120, a result receiving module 1130, and a response sending module 1140.
  • the request receiving module 1110 is configured to receive a first collection resource access request sent by a terminal, where the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device.
  • the request sending module 1120 is configured to send a first link resource access request to a second device, where the second device stores the first link resource included in the first set of resources, and the first link resource access request is all The request of the first device to access the first link resource.
  • the result receiving module 1130 is configured to receive the access result of the first link resource sent by the second device.
  • the response sending module 1140 is configured to send a first collection resource access response to the terminal, where the first collection resource access response includes the access result of the first link resource, wherein the access result of the first link resource is In a case where it is determined that the terminal has the permission to access the first link resource, it is generated after the second device executes the first link resource access request.
  • the first link resource access request includes the device identifier of the terminal.
  • the first link resource access request further includes a request identifier, and the request identifier is used to indicate that the first link resource access request is a decomposition request of a batch processing batch request, and the batch request is Refers to a collective resource access request carrying a batch interface, and the decomposition request refers to a request generated according to the link resources included in the collective resource included in the batch request.
  • the apparatus 1100 further includes: an information obtaining module, configured to obtain first permission information from the second device, and the first permission information is used to instruct the terminal to respond to the first link Access to resources;
  • the request sending module 1120 is further configured to send a first link resource access request to the second device when it is determined that the terminal has the permission to access the first link resource according to the first permission information.
  • the information acquisition module is configured to: send a first permission acquisition request to the second device, where the first permission acquisition request is that the first device acquires the terminal's access to the second device. A request for access permission of a link resource; receiving the first permission information sent by the second device.
  • the information acquisition module is configured to: send a second permission acquisition request to the second device through a configuration device, where the second permission acquisition request is that the configuration device acquires the terminal's The request for the access authority of the first link resource; receiving the first authority information sent by the configuration device, where the first authority information is sent by the second device to the configuration device.
  • the access authority to the first link resource refers to the authority to access the first link resource through a batch interface.
  • the device 1100 further includes: a permission determination module, configured to, when it is determined that the terminal has the right to modify and obtain the first link resource according to the first permission information, determine that the terminal has the ability to pass the batch The permission of the interface to access the first link resource.
  • the first link resource is a collective resource, or the first link resource is a non-collective resource.
  • FIG. 12 shows a block diagram of an apparatus for accessing a collective resource provided by another embodiment of the present application.
  • the device has the function of realizing the above-mentioned method example on the second device side, and the function can be realized by hardware, or by hardware executing corresponding software.
  • the device can be the second device described above, or it can be set in the second device.
  • the apparatus 1200 may include: a request receiving module 1210 and a result sending module 1220.
  • the request receiving module 1210 is configured to receive a first link resource access request sent by a first device, where the first link resource access request is a request by the first device to access the first link resource in the first set of resources, wherein, the first link resource access request is generated by the first device after receiving a first aggregate resource access request sent by the terminal, and the first aggregate resource access request is a request from the terminal to the first device. A request for accessing the saved first set of resources, and the first link resource is saved in the second device.
  • the result sending module 1220 is configured to send the access result of the first link resource to the first device, where the access result of the first link resource is used to determine that the terminal has the authority to access the first link resource In the case of sending to the terminal.
  • the first link resource access request includes the device identifier of the terminal; the apparatus 1200 further includes:
  • a permission detection module configured to detect whether the terminal has the permission to access the first link resource according to the device identifier of the terminal
  • the request execution module is configured to execute the first link resource access request when the terminal has the authority to access the first link resource, and generate an access result of the first link resource.
  • the device 1200 further includes:
  • An identifier reading module configured to read the request identifier in the first link resource access request
  • the permission detection module is configured to, when the request identifier is used to indicate that the first link resource access request is a disassembly request of a batch processing batch request, detect whether the terminal has access to the terminal according to the device identifier of the terminal. State the authority of the first link resource.
  • the device 1200 further includes:
  • the error response module is configured to send an error response to the first device when the terminal does not have the authority to access the first link resource.
  • the request execution module is configured to:
  • a second link resource access request is generated, and the second link resource access request is for the second device to request a second link resource included in the second collection resource. Request for access, where the second link resource access request includes the device identifier of the terminal;
  • the device 1200 further includes a permission providing module for:
  • the device 1200 further includes a permission providing module for:
  • FIG. 13 shows a block diagram of an apparatus for accessing a collective resource provided by an embodiment of the present application.
  • the device has the function of realizing the above-mentioned method example on the terminal side, and the function can be realized by hardware, or by hardware executing corresponding software.
  • the device can be the terminal described above, or it can be set in the terminal.
  • the apparatus 1300 may include: a request sending module 1310 and a response receiving module 1320.
  • the request sending module 1310 is configured to send a first collection resource access request to a first device, where the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device.
  • the response receiving module 1320 is configured to receive a first collection resource access response sent by the first device, where the first collection resource access response includes the access result of the first link resource in the first collection resource, where all The access result of the first link resource is sent to the terminal when it is determined that the terminal has the right to access the first link resource.
  • the first link resource is a collective resource, or the first link resource is a non-collective resource.
  • the device provided in the above embodiment realizes its functions, only the division of the above-mentioned functional modules is used as an example for illustration. In actual applications, the above-mentioned functions can be allocated by different functional modules according to actual needs. That is, the content structure of the device is divided into different functional modules to complete all or part of the functions described above.
  • FIG. 14 shows a schematic structural diagram of a network device 140 provided by an embodiment of the present application.
  • the network device 140 may be the first device, the second device, or the third device described above. That is, the network device 140 may be a device for storing collective resources and/or non-collective resources in the Internet of Things system.
  • the network device 140 may include a processor 141, a receiver 142, a transmitter 143, a memory 144, and a bus 145.
  • the processor 141 includes one or more processing cores, and the processor 141 executes various functional applications and information processing by running software programs and modules.
  • the receiver 142 and the transmitter 143 may be implemented as a communication component, and the communication component may be a communication chip.
  • the memory 144 is connected to the processor 141 through a bus 145.
  • the memory 144 may be used to store a computer program, and the processor 141 is used to execute the computer program to implement each step performed by the first device in the foregoing method embodiment, or implement each step performed by the second device in the foregoing method embodiment.
  • the memory 144 can be implemented by any type of volatile or non-volatile storage device or a combination thereof.
  • the volatile or non-volatile storage device includes, but is not limited to: magnetic disks or optical disks, electrically erasable and programmable Read-only memory (EEPROM), erasable programmable read-only memory (EPROM), static anytime access memory (SRAM), read-only memory (ROM), magnetic memory, flash memory, programmable read-only memory (PROM) .
  • FIG. 15 shows a schematic structural diagram of a terminal 150 provided by an embodiment of the present application.
  • the terminal 150 may include a processor 151, a receiver 152, a transmitter 153, a memory 154, and a bus 155.
  • the processor 151 includes one or more processing cores, and the processor 151 executes various functional applications and information processing by running software programs and modules.
  • the receiver 152 and the transmitter 153 may be implemented as a communication component, and the communication component may be a communication chip.
  • the memory 154 is connected to the processor 151 through a bus 155.
  • the memory 154 may be used to store a computer program, and the processor 151 is used to execute the computer program to implement each step executed by the terminal in the foregoing method embodiment.
  • the memory 154 can be implemented by any type of volatile or non-volatile storage device or a combination thereof.
  • the volatile or non-volatile storage device includes, but is not limited to: magnetic disks or optical disks, electrically erasable and programmable Read-only memory (EEPROM), erasable programmable read-only memory (EPROM), static anytime access memory (SRAM), read-only memory (ROM), magnetic memory, flash memory, programmable read-only memory (PROM) .
  • the embodiment of the present application also provides a computer-readable storage medium in which a computer program is stored, and the computer program is loaded and executed by a processor to implement the above-mentioned method for accessing the collective resource on the first device side, and /Or, implement the above-mentioned method for accessing the collective resource on the second device side.
  • An embodiment of the present application also provides a computer-readable storage medium, in which a computer program is stored, and the computer program is loaded and executed by a processor to implement the foregoing method for accessing collective resources on the terminal side.
  • This application also provides a computer program product, which when the computer program product runs on the processor of the network device, causes the network device to execute the above-mentioned method for accessing the collective resources on the first device side, and/or execute the above-mentioned second device Access method of the collection resource on the side.
  • This application also provides a computer program product, which when the computer program product runs on the processor of the terminal, causes the terminal to execute the above-mentioned method for accessing the collective resources on the terminal side.
  • Computer-readable media include computer storage media and communication media, where communication media includes any media that facilitates the transfer of computer programs from one place to another.
  • the storage medium may be any available medium that can be accessed by a general-purpose or special-purpose computer.

Abstract

A method and apparatus for accessing collection resources, a device and a storage medium, relating to the technical field of an Internet of Things. The method comprises: a terminal sending a first collection resource access request to a first device; the first device sending a first link resource access request to the second device; the second device sending an access result of a first link resource to the first device, wherein the access result of the first link resource is generated after the second device executes the first link resource access request when it is determined that the terminal has the right to access the first link resource; and the first device sending a first collection resource access response to the terminal, wherein the first collection resource access response comprises the access result of the first link resource.

Description

集合资源的访问方法、装置、设备及存储介质Method, device, equipment and storage medium for accessing collective resources 技术领域Technical field
本申请实施例涉及物联网技术领域,特别涉及一种集合资源的访问方法、装置、设备及存储介质。The embodiments of the present application relate to the technical field of the Internet of Things, and particularly relate to a method, device, device, and storage medium for accessing collective resources.
背景技术Background technique
基于REST(Representational State Transfer,表现层状态转移)架构的物联网设备管理方法越来越流行。在REST架构下,物理世界中的事物(如设备)均可以使用资源(resource)的方式来描述,并且使用CURDN(包括create(创建)、update(修改/更新)、retrieve(获取)、delete(删除)、notification(通知))的方式来操作资源。IoT device management methods based on REST (Representational State Transfer) architecture are becoming more and more popular. Under the REST architecture, things (such as devices) in the physical world can be described in the form of resources, and CURDN (including create (create), update (modify/update), retrieve (acquire), delete) Delete), notification (notification)) to manipulate resources.
在资源描述过程中,定义了一种名称为collection的集合资源。集合资源可以包括一个或多个链接资源(linked resource)。对于一个集合资源来说,其包括的链接资源可以包括集合资源和/或非集合资源。在相关技术中,定义了一种通过batch(批处理)方式来访问集合资源的方法。终端向第一设备发送第一集合资源访问请求,该第一集合资源访问请求用于请求对第一设备保存的第一集合资源进行访问。假设该第一集合资源中包括第一链接资源。第一设备在接收到上述第一集合资源访问请求之后,会验证终端是否有权限访问第一集合资源,如果终端具备访问第一集合资源的权限,则第一设备分解该第一集合资源访问请求,生成第一链接资源访问请求,该第一链接资源访问请求用于请求对第一链接资源进行访问。然后,第一设备向第二设备发送该第一链接资源访问请求,该第二设备保存有第一链接资源。第二设备接收到第一链接资源访问请求之后,会验证第一设备是否有权限访问第一链接资源,如果第一设备具备访问第一链接资源的权限,则第二设备执行该第一链接资源访问请求,并向第一设备反馈相应的执行结果,再由第一设备将执行结果发送给终端。In the process of resource description, a collection resource named collection is defined. The collective resource may include one or more linked resources (linked resources). For a collective resource, the linked resources included can include collective resources and/or non-collective resources. In related technologies, a method for accessing collection resources through batch (batch processing) is defined. The terminal sends a first collection resource access request to the first device, where the first collection resource access request is used to request access to the first collection resource saved by the first device. Assume that the first set of resources includes the first link resource. After receiving the first collection resource access request, the first device verifies whether the terminal has the right to access the first collection resource. If the terminal has the right to access the first collection resource, the first device decomposes the first collection resource access request , Generating a first link resource access request, where the first link resource access request is used to request access to the first link resource. Then, the first device sends the first link resource access request to the second device, and the second device stores the first link resource. After receiving the first link resource access request, the second device verifies whether the first device has permission to access the first link resource. If the first device has the permission to access the first link resource, the second device executes the first link resource Access the request, and feed back the corresponding execution result to the first device, and then the first device sends the execution result to the terminal.
在上述相关技术中,由于第二设备在执行第一链接资源访问请求之前,验证的是第一设备对第一链接资源的访问权限,而不是终端对第一链接资源的访问权限,而保存第一集合资源的第一设备是肯定具备访问第一集合资源内的链接资源(包括上述第一链接资源)的权限的。但在这种情况下,并不代表终端就一定具备访问第一链接资源的权限,因此存在安全漏洞。In the above-mentioned related art, since the second device verifies the access authority of the first device to the first link resource before executing the first link resource access request, instead of the terminal's access authority to the first link resource, it saves the first link resource. The first device of a collection of resources must have the right to access the link resources (including the above-mentioned first link resources) in the first collection of resources. However, in this case, it does not mean that the terminal must have the authority to access the first link resource, and therefore there are security loopholes.
发明内容Summary of the invention
本申请实施例提供了一种集合资源的访问方法、装置、设备及存储介质,可用于解决上述技术问题。所述技术方案如下:The embodiments of the present application provide a method, device, device, and storage medium for accessing collective resources, which can be used to solve the above technical problems. The technical solution is as follows:
一方面,本申请实施例提供了一种集合资源的访问方法,应用于第一设备,所述方法包括:On the one hand, an embodiment of the present application provides a method for accessing a collective resource, which is applied to a first device, and the method includes:
接收终端发送的第一集合资源访问请求,所述第一集合资源访问请求是所述终端对所述第一设备保存的第一集合资源进行访问的请求;Receiving a first collection resource access request sent by a terminal, where the first collection resource access request is a request for the terminal to access a first collection resource saved by the first device;
向第二设备发送第一链接资源访问请求,所述第二设备保存有所述第一集合资源中包括的第一链接资源,所述第一链接资源访问请求是所述第一设备对所述第一链接资源进行访问的请求;A first link resource access request is sent to a second device, where the second device stores the first link resource included in the first set of resources, and the first link resource access request is the request from the first device to the Request for access to the first link resource;
接收所述第二设备发送的所述第一链接资源的访问结果;Receiving the access result of the first link resource sent by the second device;
向所述终端发送第一集合资源访问响应,所述第一集合资源访问响应包括所述第一链接资源的访问结果,其中,所述第一链接资源的访问结果是在确定所述终端具备访问所述第一链接资源的权限的情况下,由所述第二设备执行所述第一链接资源访问请求后生成的。Send a first collection resource access response to the terminal, where the first collection resource access response includes the access result of the first link resource, wherein the access result of the first link resource is determined when the terminal has access In the case of the authority of the first link resource, it is generated after the second device executes the first link resource access request.
另一方面,本申请实施例提供了一种集合资源的访问方法,应用于第二设备,所述方法包括:On the other hand, an embodiment of the present application provides a method for accessing a collective resource, which is applied to a second device, and the method includes:
接收第一设备发送的第一链接资源访问请求,所述第一链接资源访问请求是所述第一设备对第一集合资源中的第一链接资源进行访问的请求,其中,所述第一链接资源访问请求是所述第一设备在接收到终端发送的第一集合资源访问请求之后生成的,所述第一集合资源访问请求是所述终端对所述第一设备保存的所述第一集合资源进行访问的请求,所述第一链接资源保存在所述第二设备中;Receive a first link resource access request sent by a first device, where the first link resource access request is a request by the first device to access a first link resource in a first set of resources, wherein the first link The resource access request is generated by the first device after receiving the first collection resource access request sent by the terminal, and the first collection resource access request is the first collection saved by the terminal to the first device A request for access to a resource, the first link resource is stored in the second device;
向所述第一设备发送所述第一链接资源的访问结果,所述第一链接资源的访问结果用于在确定所述终端具备访问所述第一链接资源的权限的情况下向所述终端发送。Send the access result of the first link resource to the first device, where the access result of the first link resource is used to send the access to the terminal when it is determined that the terminal has the right to access the first link resource send.
另一方面,本申请实施例提供了一种集合资源的访问方法,应用于终端,所述方法包括:On the other hand, an embodiment of the present application provides a method for accessing collective resources, which is applied to a terminal, and the method includes:
向第一设备发送第一集合资源访问请求,所述第一集合资源访问请求是所述终端对所述第一设备保存的第一集合资源进行访问的请求;Sending a first set of resource access request to the first device, where the first set of resource access request is a request for the terminal to access the first set of resources saved by the first device;
接收所述第一设备发送的第一集合资源访问响应,所述第一集合资源访问响应包括所述第一集合资源中的第一链接资源的访问结果,其中,所述第一链接资源的访问结果是在确定所述终端具备访问所述第一 链接资源的权限的情况下向所述终端发送的。Receive a first collection resource access response sent by the first device, where the first collection resource access response includes an access result of a first link resource in the first collection resource, wherein the access of the first link resource The result is sent to the terminal when it is determined that the terminal has the right to access the first link resource.
再一方面,本申请实施例提供了一种集合资源的访问装置,应用于第一设备,所述装置包括:In another aspect, an embodiment of the present application provides an apparatus for accessing a collective resource, which is applied to a first device, and the apparatus includes:
请求接收模块,用于接收终端发送的第一集合资源访问请求,所述第一集合资源访问请求是所述终端对所述第一设备保存的第一集合资源进行访问的请求;A request receiving module, configured to receive a first collection resource access request sent by a terminal, where the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device;
请求发送模块,用于向第二设备发送第一链接资源访问请求,所述第二设备保存有所述第一集合资源中包括的第一链接资源,所述第一链接资源访问请求是所述第一设备对所述第一链接资源进行访问的请求;The request sending module is configured to send a first link resource access request to a second device, where the second device stores the first link resource included in the first set of resources, and the first link resource access request is the A request for the first device to access the first link resource;
结果接收模块,用于接收所述第二设备发送的所述第一链接资源的访问结果;A result receiving module, configured to receive the access result of the first link resource sent by the second device;
响应发送模块,用于向所述终端发送第一集合资源访问响应,所述第一集合资源访问响应包括所述第一链接资源的访问结果,其中,所述第一链接资源的访问结果是在确定所述终端具备访问所述第一链接资源的权限的情况下,由所述第二设备执行所述第一链接资源访问请求后生成的。The response sending module is configured to send a first collection resource access response to the terminal, where the first collection resource access response includes the access result of the first link resource, wherein the access result of the first link resource is In a case where it is determined that the terminal has the authority to access the first link resource, it is generated after the second device executes the first link resource access request.
再一方面,本申请实施例提供了一种集合资源的访问装置,应用于第二设备,所述装置包括:In another aspect, an embodiment of the present application provides a device for accessing a collective resource, which is applied to a second device, and the device includes:
请求接收模块,用于接收第一设备发送的第一链接资源访问请求,所述第一链接资源访问请求是所述第一设备对第一集合资源中的第一链接资源进行访问的请求,其中,所述第一链接资源访问请求是所述第一设备在接收到终端发送的第一集合资源访问请求之后生成的,所述第一集合资源访问请求是所述终端对所述第一设备保存的所述第一集合资源进行访问的请求,所述第一链接资源保存在所述第二设备中;The request receiving module is configured to receive a first link resource access request sent by a first device, where the first link resource access request is a request by the first device to access the first link resource in the first set of resources, where The first link resource access request is generated by the first device after receiving the first collection resource access request sent by the terminal, and the first collection resource access request is stored by the terminal on the first device Request for access to the first set of resources, the first link resource is stored in the second device;
结果发送模块,用于向所述第一设备发送所述第一链接资源的访问结果,所述第一链接资源的访问结果用于在确定所述终端具备访问所述第一链接资源的权限的情况下向所述终端发送。The result sending module is configured to send the access result of the first link resource to the first device, where the access result of the first link resource is used when it is determined that the terminal has the right to access the first link resource In this case, send to the terminal.
再一方面,本申请实施例提供了一种集合资源的访问装置,应用于终端,所述装置包括:On the other hand, an embodiment of the present application provides a device for accessing a collection of resources, which is applied to a terminal, and the device includes:
请求发送模块,用于向第一设备发送第一集合资源访问请求,所述第一集合资源访问请求是所述终端对所述第一设备保存的第一集合资源进行访问的请求;A request sending module, configured to send a first collection resource access request to a first device, where the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device;
响应接收模块,用于接收所述第一设备发送的第一集合资源访问响应,所述第一集合资源访问响应包括所述第一集合资源中的第一链接资源的访问结果,其中,所述第一链接资源的访问结果是在确定所述终端具备访问所述第一链接资源的权限的情况下向所述终端发送的。The response receiving module is configured to receive a first collection resource access response sent by the first device, where the first collection resource access response includes an access result of a first link resource in the first collection resource, wherein the The access result of the first link resource is sent to the terminal when it is determined that the terminal has the authority to access the first link resource.
还一方面,本申请实施例提供了一种网络设备,所述网络设备包括处理器和存储器,所述存储器存储有计算机程序,所述计算机程序用于被所述处理器执行,以实现上述第一设备或第二设备侧的集合资源的访问方法。In yet another aspect, an embodiment of the present application provides a network device, the network device includes a processor and a memory, the memory stores a computer program, and the computer program is used to be executed by the processor to implement the foregoing A method for accessing a collection of resources on the side of a device or a second device.
还一方面,本申请实施例提供了一种终端,所述终端包括处理器和存储器,所述存储器存储有计算机程序,所述计算机程序用于被所述处理器执行,以实现上述终端侧的集合资源的访问方法。In yet another aspect, an embodiment of the present application provides a terminal, the terminal includes a processor and a memory, the memory stores a computer program, and the computer program is used to be executed by the processor to implement the foregoing terminal side The access method of the collection resource.
又一方面,本申请实施例提供了一种计算机可读存储介质,所述存储介质中存储有计算机程序,所述计算机程序用于被处理器执行,以实现上述任一方面所述的集合资源的访问方法。In another aspect, an embodiment of the present application provides a computer-readable storage medium in which a computer program is stored, and the computer program is used to be executed by a processor to implement the collective resource described in any of the above aspects. Access method.
本申请实施例提供的技术方案可以包括如下有益效果:The technical solutions provided by the embodiments of the present application may include the following beneficial effects:
通过在接收到终端对于集合资源的访问请求之后,验证终端对该集合资源中包含的链接资源的访问权限,在确认终端具备访问链接资源的权限的情况下,再对该链接资源执行相应的操作,避免没有权限的终端对链接资源进行访问,提升了系统的安全性。After receiving the terminal's request for access to the collective resource, verify the terminal's access authority to the link resource contained in the collective resource, and after confirming that the terminal has the authority to access the linked resource, perform corresponding operations on the link resource , To prevent unauthorized terminals from accessing link resources, and improve the security of the system.
附图说明Description of the drawings
图1是相关技术提供的一种集合资源的访问方法的流程图;Figure 1 is a flow chart of a method for accessing collective resources provided by related technologies;
图2是本申请一个实施例提供的实施环境的示意图;Figure 2 is a schematic diagram of an implementation environment provided by an embodiment of the present application;
图3是本申请一个实施例提供的集合资源的访问方法的流程图;Fig. 3 is a flowchart of a method for accessing a collective resource provided by an embodiment of the present application;
图4是本申请另一个实施例提供的集合资源的访问方法的流程图;FIG. 4 is a flowchart of a method for accessing collective resources provided by another embodiment of the present application;
图5是本申请另一个实施例提供的集合资源的访问方法的流程图;Fig. 5 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application;
图6是本申请另一个实施例提供的集合资源的访问方法的流程图;Fig. 6 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application;
图7是本申请另一个实施例提供的集合资源的访问方法的流程图;FIG. 7 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application;
图8是本申请另一个实施例提供的集合资源的访问方法的流程图;Fig. 8 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application;
图9是本申请另一个实施例提供的集合资源的访问方法的流程图;Fig. 9 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application;
图10是本申请另一个实施例提供的集合资源的访问方法的流程图;Fig. 10 is a flowchart of a method for accessing a collective resource provided by another embodiment of the present application;
图11是本申请一个实施例提供的集合资源的访问装置的框图;Fig. 11 is a block diagram of a device for accessing a collective resource provided by an embodiment of the present application;
图12是本申请另一个实施例提供的集合资源的访问装置的框图;FIG. 12 is a block diagram of a device for accessing collective resources provided by another embodiment of the present application;
图13是本申请另一个实施例提供的集合资源的访问装置的框图;Fig. 13 is a block diagram of a device for accessing a collective resource provided by another embodiment of the present application;
图14是本申请一个实施例提供的网络设备的结构示意图;FIG. 14 is a schematic structural diagram of a network device provided by an embodiment of the present application;
图15是本申请一个实施例提供的终端的结构示意图。FIG. 15 is a schematic structural diagram of a terminal provided by an embodiment of the present application.
具体实施方式detailed description
为使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请实施方式作进一步地详细描述。In order to make the objectives, technical solutions, and advantages of the present application clearer, the implementation manners of the present application will be further described in detail below with reference to the accompanying drawings.
在上文背景技术部分已经介绍,一个集合资源中可以包括一个或者多个链接资源,该链接资源可以是集合资源,也可以是非集合资源。一般在集合资源中的链接资源仅是一个链接(link),该链接指向了链接资源在网络中的真实地址。链接资源有可能与集合资源在同一台物理设备上,也有可能不在同一台物理设备上。As described in the background technology section above, a collective resource may include one or more linked resources, and the linked resource may be a collective resource or a non-collective resource. Generally, the link resource in the collective resource is only a link, and the link points to the real address of the link resource in the network. The link resource may be on the same physical device as the collection resource, or it may not be on the same physical device.
无论是集合资源还是非集合资源,都包含资源类型(resource type,简称为“rt”)和接口(interface,简称为“if”)这两个属性。其中,rt属性用于指示该资源的类型。一般来说,一个物联网技术体系内定义一个资源类型,然后不同的领域、不同的设备、不同的资源可以实例化该资源类型。if属性用于指示该资源可以通过哪些方式来访问,例如通过read(读)、readwrite(读写)、linklist(链接操作)和batch(批处理)等不同接口来访问。Regardless of whether it is a collective resource or a non-collective resource, it contains two attributes of resource type (resource type, referred to as "rt") and interface (referred to as "if"). Among them, the rt attribute is used to indicate the type of the resource. Generally speaking, a resource type is defined in an IoT technology system, and then different fields, different devices, and different resources can instantiate the resource type. The if attribute is used to indicate how the resource can be accessed, for example, through different interfaces such as read (read), readwrite (read and write), linklist (link operation), and batch (batch processing).
其中,batch接口的作用是可以递归到一个集合资源所包括的各个链接资源中去获取资源的属性值。例如,假设存在一个名为“house”的集合资源,该house资源中包括2个链接资源,分别为door资源和light资源,假设A设备中保存有house资源,B设备中保存有door资源,C设备中保存有light资源,则终端可以通过向A设备发送带batch接口的集合资源访问请求,来获取door资源和light资源的状态,或者修改door资源和light资源的状态。其实现过程是:当A设备(记为“hostdevice”)接收到上述带batch接口的集合资源访问请求之后,会分解该集合资源访问请求,生成第一链接资源访问请求和第二链接资源访问请求,其中,第一链接资源访问请求用于请求对door资源进行访问,第二链接资源访问请求用于请求对light资源进行访问;之后,hostdevice向B设备(记为“linkdevice1”)发送第一链接资源访问请求,linkdevice1对该第一链接资源访问请求进行相应处理;hostdevice还向C设备(记为“linkdevice2”)发送第二链接资源访问请求,linkdevice2对该第二链接资源访问请求进行相应处理。Among them, the function of the batch interface is to recurse to each link resource included in a collection resource to obtain the attribute value of the resource. For example, suppose there is a collection resource named "house". The house resource includes two link resources, namely the door resource and the light resource. Assume that device A saves the house resource, device B saves the door resource, and C If the light resource is stored in the device, the terminal can obtain the status of the door resource and the light resource, or modify the status of the door resource and the light resource by sending a collection resource access request with a batch interface to the A device. The implementation process is: when the A device (denoted as "hostdevice") receives the above-mentioned collective resource access request with the batch interface, it will decompose the collective resource access request to generate the first link resource access request and the second link resource access request , Where the first link resource access request is used to request access to the door resource, and the second link resource access request is used to request access to the light resource; after that, hostdevice sends the first link to the B device (denoted as "linkdevice1") For the resource access request, linkdevice1 processes the first link resource access request accordingly; hostdevice also sends a second link resource access request to the C device (denoted as "linkdevice2"), and linkdevice2 processes the second link resource access request accordingly.
从上述例子可以看出,通过batch接口,终端可以一次性获取到集合资源内所有的链接资源的状态信息。由此可见,batch接口的目的是一次性访问集合资源内所有的链接资源。如果没有batch接口,终端需要先获取集合资源中链接资源的地址(即上文介绍的“link”),得到链接资源的地址之后,再基于该地址向用于保存该链接资源的设备发送访问该链接资源的请求。batch接口充分简化了访问集合资源内的链接资源的流程,省略掉了获取链接资源的地址的步骤。It can be seen from the above example that through the batch interface, the terminal can obtain the status information of all the link resources in the collective resource at one time. It can be seen that the purpose of the batch interface is to access all the link resources in the collection resource at one time. If there is no batch interface, the terminal needs to first obtain the address of the link resource in the collection resource (ie, the "link" described above), and then obtain the address of the link resource, and then send the access to the device based on the address to the device used to save the link resource. Link resource request. The batch interface fully simplifies the process of accessing the link resource in the collection resource, and omits the step of obtaining the address of the link resource.
在一个示例中,仍然以house资源为例,对通过batch接口访问该集合资源的流程进行介绍说明,如图1所示,该流程可以包括如下几个步骤(11~18):In an example, still taking the house resource as an example, the process of accessing the collection resource through the batch interface is introduced. As shown in Figure 1, the process can include the following steps (11-18):
步骤11,终端向第一设备发送第一集合资源访问请求;Step 11. The terminal sends a first collection resource access request to the first device;
第一集合资源访问请求是终端对第一设备保存的第一集合资源进行访问的请求。例如,当client请求对hostdevice保存的house资源进行修改/更新(update)时,client可以向hostdevice发送带batch接口的update请求,该update请求的示例如下:Update/house?if=oic.if.b{content}。其中,b表示batch接口。The first collection resource access request is a request for the terminal to access the first collection resource saved by the first device. For example, when the client requests to modify/update (update) the house resource saved by the hostdevice, the client can send an update request with a batch interface to the hostdevice. An example of the update request is as follows: Update/house? if=oic.if.b{content}. Among them, b represents the batch interface.
如果在集合资源访问请求中指示通过batch接口对集合资源进行访问,也即在集合资源访问请求中带有batch接口,则该集合资源访问请求可以称为batch请求。If the collection resource access request indicates that the collection resource is accessed through the batch interface, that is, the collection resource access request includes a batch interface, the collection resource access request can be called a batch request.
步骤12,第一设备验证终端是否有权限访问第一集合资源;Step 12: The first device verifies whether the terminal has permission to access the first set of resources;
例如,hostdevice在接收到上述update请求之后,验证client是否有权限访问house资源。For example, after hostdevice receives the above update request, it verifies whether the client has permission to access house resources.
步骤13,如果终端具备访问第一集合资源的权限,则第一设备分解该第一集合资源访问请求,生成第一链接资源访问请求; Step 13. If the terminal has the authority to access the first collection of resources, the first device decomposes the first collection of resource access requests to generate a first link resource access request;
其中,第一链接资源访问请求是第一设备用于对第一集合资源中包含的第一链接资源进行访问的请求。第一链接资源访问请求的示例如下:Update/link1?if=default interface;其中,/link1表示第一链接资源,default interface表示/link1对应的默认接口,该默认接口可以是read接口、readwrite接口、linklist接口、batch接口等不同接口中的任意一种接口。The first link resource access request is a request used by the first device to access the first link resource included in the first set of resources. An example of the first link resource access request is as follows: Update/link1? if = default interface; where /link1 represents the first link resource, and default interface represents the default interface corresponding to /link1. The default interface can be any of different interfaces such as read interface, readwrite interface, linklist interface, batch interface, etc. .
仍然以上述house资源的示例为例,如果client具备访问house资源的权限,则hostdevice分解上述update请求,生成对应于door资源的访问请求以及对应于light资源的访问请求。其中,对应于door资源的访问请求的示例如下:Update/door?if=oic.if.rw,表示通过readwrite接口对door资源请求进行update操作;对应于light资源的访问请求的示例如下:Update/light?if=oic.if.r,表示通过read接口对light资源请求进行update操作。Still taking the example of the above house resource as an example, if the client has the permission to access the house resource, the hostdevice decomposes the above update request, and generates an access request corresponding to the door resource and an access request corresponding to the light resource. Among them, an example of an access request corresponding to the door resource is as follows: Update/door? if=oic.if.rw, it means to update the door resource request through the readwrite interface; the example of the access request corresponding to the light resource is as follows: Update/light? if=oic.if.r, it means to update the light resource request through the read interface.
另外,如果终端不具备访问第一集合资源的权限,则第一设备向终端发送错误应答。In addition, if the terminal does not have the authority to access the first set of resources, the first device sends an error response to the terminal.
步骤14,第一设备向第二设备发送第一链接资源访问请求,该第二设备保存有第一链接资源;Step 14. The first device sends a first link resource access request to a second device, and the second device stores the first link resource;
假设linkdevice1中保存有door资源,linkdevice2中保存有light资源,则hostdevice向linkdevice1发送上述对应于door资源的访问请求;第一设备还向linkdevice2发送上述对应于light资源的访问请求。Assuming that the door resource is stored in linkdevice1 and the light resource is stored in linkdevice2, the hostdevice sends the above-mentioned access request corresponding to the door resource to linkdevice1; the first device also sends the above-mentioned access request corresponding to the light resource to linkdevice2.
步骤15,第二设备验证第一设备是否有权限访问第一链接资源;Step 15. The second device verifies whether the first device has permission to access the first link resource;
linkdevice1在接收到上述对应于door资源的访问请求之后,会验证hostdevice是否有权限访问door资源;linkdevice2在接收到上述对应于light资源的访问请求之后,会验证hostdevice是否有权限访问light资源。After linkdevice1 receives the above-mentioned access request corresponding to the door resource, it will verify whether the hostdevice has the authority to access the door resource; linkdevice2 will verify whether the hostdevice has the authority to access the light resource after receiving the above-mentioned access request corresponding to the light resource.
步骤16,如果第一设备具备访问第一链接资源的权限,则第二设备执行该第一链接资源访问请求;Step 16. If the first device has the permission to access the first link resource, the second device executes the first link resource access request;
例如,当hostdevice具备访问door资源的权限时,linkdevice1会执行上述对应于door资源的访问请求;当hostdevice具备访问light资源的权限时,linkdevice2会执行上述对应于light资源的访问请求。For example, when hostdevice has the permission to access the door resource, linkdevice1 will execute the above-mentioned access request corresponding to the door resource; when the hostdevice has the permission to access the light resource, linkdevice2 will execute the above-mentioned access request corresponding to the light resource.
另外,如果第一设备不具备访问第一链接资源的权限,则第二设备向第一设备发送错误应答。In addition, if the first device does not have the authority to access the first link resource, the second device sends an error response to the first device.
步骤17,第二设备向第一设备发送第一链接资源访问请求对应的执行结果;Step 17, the second device sends the execution result corresponding to the first link resource access request to the first device;
例如,linkdevice1在执行上述对应于door资源的访问请求之后,将相应的执行结果发送给hostdevice;linkdevice2在执行上述对应于light资源的访问请求之后,将相应的执行结果发送给hostdevice。For example, after linkdevice1 executes the access request corresponding to the door resource, it sends the corresponding execution result to hostdevice; linkdevice2 sends the corresponding execution result to the hostdevice after executing the access request corresponding to the light resource.
步骤18,第一设备向终端发送第一集合资源访问请求对应的执行结果。Step 18: The first device sends an execution result corresponding to the first set of resource access requests to the terminal.
例如,hostdevice在接收到linkdevice1和linkdevice2反馈的执行结果之后,将上述执行结果发送给client。For example, after receiving the execution results fed back by linkdevice1 and linkdevice2, hostdevice sends the execution results to the client.
上述就是一个集合资源的batch请求的处理流程,从中可以看出,hostdevice在将client发送的原始请求分解之后,linkdevice检查的是hostdevice对于链接资源的访问权限,而不是client对于链接资源的访问权限。这里需要说明的是,保存集合资源的hostdevice是肯定有权限访问该集合资源内的链接资源的。The above is the processing flow of a batch request for a collection of resources. It can be seen that after hostdevice decomposes the original request sent by the client, linkdevice checks the hostdevice's access rights to the link resources, not the client's access rights to the link resources. What needs to be explained here is that the hostdevice that saves the collection resource must have the authority to access the link resource in the collection resource.
但是,如果client直接访问集合资源中的链接资源,则可以通过如下流程:以访问door资源为例,client获取door资源的地址,基于该地址向linkdevice1发送对应于door资源的访问请求,请求示例为update/door?if=oic.if.rw;linkdevice1接收到上述请求之后,验证client是否有权限访问door资源;如果client具备访问door资源的权限,则linkdevice1执行该请求并向client反馈执行结果;如果client不具备访问door资源的权限,则linkdevice1不执行该请求并向client反馈错误应答。显然,理论上存在client不具备访问door资源的权限的可能。However, if the client directly accesses the link resource in the collection resource, it can go through the following process: Taking access to the door resource as an example, the client obtains the address of the door resource, and based on the address, sends an access request corresponding to the door resource to linkdevice1. The request example is update/door? if=oic.if.rw; after linkdevice1 receives the above request, it verifies whether the client has the permission to access the door resource; if the client has the permission to access the door resource, linkdevice1 executes the request and returns the execution result to the client; if the client does not have access If you have the permission of the door resource, linkdevice1 will not execute the request and feedback an error response to the client. Obviously, in theory, there is a possibility that the client does not have the authority to access the door resource.
基于上述示例可以看出,client通过batch请求house资源的方式来访问door资源,与直接访问door资源,有可能得到不同的结果。也即,通过对集合资源的batch请求有可能会扩大终端的访问权限,这是一个安全漏洞。Based on the above example, it can be seen that the client accesses the door resource by batch requesting the house resource, and it may get different results from directly accessing the door resource. In other words, it is possible to expand the access rights of the terminal through batch requests for collective resources, which is a security hole.
在本申请实施例提供的技术方案中,当接收到终端对于集合资源的访问请求之后,会验证终端对该集合资源中包含的链接资源的访问权限,从而解决上述问题,提升安全性。In the technical solution provided by the embodiments of the present application, after receiving the terminal's access request for the collective resource, the terminal will verify the access authority of the link resource included in the collective resource, thereby solving the above-mentioned problem and improving security.
下面,将通过几个实施例,对本申请技术方案进行介绍说明。In the following, several embodiments will be used to introduce and explain the technical solution of the present application.
请参考图2,其示出了本申请一个实施例提供的实施环境的示意图,该实施环境可以包括:终端21、第一设备22和第二设备23。该实施环境可以是一个物联网系统。Please refer to FIG. 2, which shows a schematic diagram of an implementation environment provided by an embodiment of the present application. The implementation environment may include: a terminal 21, a first device 22, and a second device 23. The implementation environment may be an Internet of Things system.
终端21可以包括各种具有无线通信功能的手持设备(如手机、平板电脑等)、车载设备、可穿戴设备、计算设备或连接到无线调制解调器的其它处理设备,以及各种形式的用户设备(User Equipment,UE),移动台(Mobile Station,MS),终端设备(terminal device)等等。为方便描述,本申请实施例中,上面提到的设备统称为终端。The terminal 21 may include various handheld devices (such as mobile phones, tablet computers, etc.) with wireless communication functions, in-vehicle devices, wearable devices, computing devices or other processing devices connected to wireless modems, as well as various forms of user equipment (User Equipment, UE), mobile station (Mobile Station, MS), terminal device (terminal device), etc. For ease of description, in the embodiments of the present application, the devices mentioned above are collectively referred to as terminals.
第一设备22中可以保存有集合资源,该集合资源中包含了第二设备23上保存的链接资源的链接(link)。在不同的应用场景中,第一设备22的具体实现形式也可能有所不同。例如,在家庭物联网系统中,第一设备22可以是路由器;又例如,在基于云平台的物联网系统中,第一设备22可以是云端的服务器。在本申请实施例中,对第一设备22的具体实现形式不作限定,任何保存有集合资源的设备均可以作为第一设备22。The first device 22 may store a collective resource, and the collective resource includes a link of the link resource stored on the second device 23. In different application scenarios, the specific implementation form of the first device 22 may also be different. For example, in a home Internet of Things system, the first device 22 may be a router; for another example, in a cloud platform-based Internet of Things system, the first device 22 may be a server in the cloud. In the embodiment of the present application, the specific implementation form of the first device 22 is not limited, and any device that stores collective resources can be used as the first device 22.
第二设备23中可以保存有链接资源。一个集合资源中可以包括一个或者多个链接资源,该链接资源可以是集合资源,也可以是非集合资源。第二设备23可以是物联网系统中的接入设备,如第二设备23可以是终端设备、智能家居设备、或者其它具备网络接入能力的设备,本申请实施例对此不作限定。Link resources may be stored in the second device 23. A collection resource can include one or more link resources, and the link resource can be a collection resource or a non-collection resource. The second device 23 may be an access device in the Internet of Things system. For example, the second device 23 may be a terminal device, a smart home device, or other devices with network access capabilities, which is not limited in the embodiment of the present application.
终端21可以通过无线或者有线网络与第一设备22进行通信,第一设备22可以通过无线或者有线网络与第二设备23进行通信。此外,第二设备23的数量可以是一个,也可以是多个。The terminal 21 may communicate with the first device 22 through a wireless or wired network, and the first device 22 may communicate with the second device 23 through a wireless or wired network. In addition, the number of the second device 23 may be one or more.
需要说明的是,链接资源有可能与集合资源在同一台物理设备上,也有可能不在同一台物理设备上。也即,上述第一设备22和第二设备23可以是同一台物理设备,也可以是两台不同的物理设备。但不论第一设备22和第二设备23是同一台物理设备,还是两台不同的物理设备,均适用于本申请实施例提供的下述方法流程。It should be noted that the link resource may be on the same physical device as the collective resource, or it may not be on the same physical device. That is, the above-mentioned first device 22 and second device 23 may be the same physical device, or may be two different physical devices. However, regardless of whether the first device 22 and the second device 23 are the same physical device or two different physical devices, the following method procedures provided in the embodiments of the present application are applicable.
在一个示例中,以家庭物联网系统为例,终端21可以是用户使用的手机,第一设备22可以是路由器,第二设备23可以是智能电视、智能音箱、智能空调、智能电灯、智能门窗、智能窗帘、智能插座等智能家居设备。In an example, taking a home Internet of Things system as an example, the terminal 21 may be a mobile phone used by the user, the first device 22 may be a router, and the second device 23 may be a smart TV, a smart speaker, a smart air conditioner, a smart light, or a smart door and window. , Smart curtains, smart sockets and other smart home appliances.
终端21中可以安装运行有客户端(client),该客户端能够向第一设备22发起集合资源访问请求,如 对集合资源的batch请求,以对集合资源中包含的各个链接资源进行访问,如执行create(创建)、update(修改/更新)、retrieve(获取)、delete(删除)、notification(通知)等操作。在本申请实施例中,对资源的“访问”也可以称为“操作”,但本领域技术人员可以理解其含义。对资源的访问方式,包括上文介绍的CURDN等方式。The terminal 21 may be installed and running with a client (client), which can initiate a collection resource access request to the first device 22, such as a batch request for the collection resource, to access each link resource contained in the collection resource, such as Perform operations such as create (create), update (modify/update), retrieve (acquire), delete (delete), notification (notification), etc. In the embodiments of the present application, "access" to resources may also be referred to as "operation", but those skilled in the art can understand its meaning. Access to resources, including CURDN and other methods introduced above.
请参考图3,其示出了本申请另一个实施例提供的集合资源的访问方法的流程图,该方法可以应用于图2所示的实施环境中。该方法可以包括如下几个步骤(301~304):Please refer to FIG. 3, which shows a flowchart of a method for accessing a collective resource provided by another embodiment of the present application. The method can be applied to the implementation environment shown in FIG. 2. The method can include the following steps (301-304):
步骤301,终端向第一设备发送第一集合资源访问请求。Step 301: The terminal sends a first collection resource access request to the first device.
第一集合资源访问请求是终端对第一设备保存的第一集合资源进行访问的请求。可选地,第一集合资源访问请求为batch请求,也即第一集合资源访问请求中带有batch接口,用于请求通过batch接口对第一集合资源内所有的链接资源进行访问,如获取第一集合资源内所有的链接资源的状态,或者修改第一集合资源内所有的链接资源的状态等。The first collection resource access request is a request for the terminal to access the first collection resource saved by the first device. Optionally, the first collection resource access request is a batch request, that is, the first collection resource access request has a batch interface for requesting access to all link resources in the first collection resource through the batch interface, such as obtaining the first collection of resources. The state of all the link resources in a set of resources, or the state of all the link resources in the first set of resources is modified.
第一集合资源中可以包括一个或多个链接资源,链接资源可以是集合资源,也可以是非集合资源。例如,第一集合资源包括2个链接资源,且这2个链接资源均为非集合资源。又例如,第一集合资源包括2个链接资源,其中一个链接资源为集合资源,另一个链接资源为非集合资源。再例如,第一集合资源包括2个链接资源,且这2个链接资源均为集合资源。The first collection resource may include one or more link resources, and the link resource may be a collection resource or a non-collection resource. For example, the first collection resource includes two link resources, and these two link resources are all non-collection resources. For another example, the first collection resource includes two link resources, one of the link resources is a collection resource, and the other link resource is a non-collection resource. For another example, the first collection resource includes two link resources, and these two link resources are all collection resources.
在本申请实施例中,集合资源是指包括至少一个链接资源的资源,非集合资源是指不再包括链接资源的资源。In the embodiments of the present application, collective resources refer to resources that include at least one link resource, and non-collective resources refer to resources that no longer include link resources.
可选地,第一集合资源访问请求中包括操作方式信息、资源名称信息和接口属性信息。其中,第一集合资源访问请求中包括的操作方式信息,用于指示对第一集合资源的操作方式,如create(创建)、update(修改/更新)、retrieve(获取)、delete(删除)、notification(通知)中的任意一种。第一集合资源访问请求中包括的资源名称信息,即为第一集合资源的名称。第一集合资源访问请求中包括的接口属性信息,用于指示对第一集合资源进行访问所使用的接口,如read(读)、readwrite(读写)、linklist(链接操作)和batch(批处理)中的任意一种。其中,上述批处理接口也可以称为集合操作接口。Optionally, the first set of resource access requests include operation mode information, resource name information, and interface attribute information. Among them, the operation mode information included in the first collection resource access request is used to indicate the operation mode of the first collection resource, such as create (create), update (modify/update), retrieve (acquire), delete (delete), Any of notifications. The resource name information included in the first collection resource access request is the name of the first collection resource. The interface attribute information included in the first collection resource access request is used to indicate the interface used to access the first collection resource, such as read (read), readwrite (read and write), linklist (link operation) and batch (batch processing) ). Among them, the aforementioned batch processing interface may also be referred to as a collective operation interface.
步骤302,第一设备向第二设备发送第一链接资源访问请求。Step 302: The first device sends a first link resource access request to the second device.
第一设备在接收到第一集合资源访问请求之后,可以分解该第一集合资源访问请求,生成至少一个链接资源访问请求。其中,每个链接资源访问请求对应于第一集合资源中的一个链接资源,用于请求对这一个链接资源进行访问。After receiving the first collection resource access request, the first device may decompose the first collection resource access request to generate at least one link resource access request. Wherein, each link resource access request corresponds to a link resource in the first set of resources, and is used to request access to this link resource.
在本申请实施例中,以第一集合资源中包括的第一链接资源为例,第一链接资源可以是第一集合资源中的任意一个链接资源。第一链接资源可以是集合资源,也可以是非集合资源。第二设备保存有第一集合资源中包括的第一链接资源。第一设备分解第一集合资源访问请求,生成第一链接资源访问请求,该第一链接资源访问请求是第一设备对第一链接资源进行访问的请求。In the embodiment of the present application, taking the first link resource included in the first collection resource as an example, the first link resource may be any link resource in the first collection resource. The first link resource may be a collective resource or a non-collective resource. The second device stores the first link resource included in the first set of resources. The first device decomposes the first set of resource access requests to generate a first link resource access request, where the first link resource access request is a request for the first device to access the first link resource.
第一链接资源访问请求中包括操作方式信息、资源名称信息和接口属性信息。其中,第一链接资源访问请求中包括的操作方式信息,用于指示对第一链接资源的操作方式,如create(创建)、update(修改/更新)、retrieve(获取)、delete(删除)、notification(通知)中的任意一种。可选地,第一链接资源访问请求中包括的操作方式信息,与第一集合资源访问请求中包括的操作方式信息相同。第一链接资源访问请求中包括的资源名称信息,即为第一链接资源的名称。第一链接资源访问请求中包括的接口属性信息,用于指示对第一链接资源进行访问所使用的接口,如read(读)、readwrite(读写)、linklist(链接操作)和batch(批处理)中的任意一种。另外,第一链接资源访问请求中包括的接口属性信息,其所指示的接口是第一链接资源的默认接口(default interface)。例如,如果第一链接资源的默认接口为read接口,则第一链接资源访问请求中包括的接口属性信息所指示的接口为read接口;又例如,如果第一链接资源的默认接口为readwrite接口,则第一链接资源访问请求中包括的接口属性信息所指示的接口为readwrite接口;再例如,如果第一链接资源的默认接口为batch接口,则第一链接资源访问请求中包括的接口属性信息所指示的接口为batch接口。The first link resource access request includes operation mode information, resource name information, and interface attribute information. Among them, the operation mode information included in the first link resource access request is used to indicate the operation mode of the first link resource, such as create (create), update (modify/update), retrieve (acquire), delete (delete), Any of notifications. Optionally, the operation mode information included in the first link resource access request is the same as the operation mode information included in the first collection resource access request. The resource name information included in the first link resource access request is the name of the first link resource. The interface attribute information included in the first link resource access request is used to indicate the interface used to access the first link resource, such as read (read), readwrite (read and write), linklist (link operation), and batch (batch processing). ). In addition, for the interface attribute information included in the first link resource access request, the indicated interface is the default interface of the first link resource. For example, if the default interface of the first link resource is the read interface, the interface indicated by the interface attribute information included in the first link resource access request is the read interface; for another example, if the default interface of the first link resource is the readwrite interface, Then the interface indicated by the interface attribute information included in the first link resource access request is the readwrite interface; for another example, if the default interface of the first link resource is the batch interface, the interface attribute information included in the first link resource access request is The indicated interface is a batch interface.
另外,第一设备中存储有第一集合资源中包含的各个链接资源对应的地址,以第一链接资源为例,第一链接资源的地址指向了保存该第一链接资源的设备(也即“第二设备”)。第一设备根据第一链接资源的地址,向第二设备发送第一链接资源访问请求。In addition, the first device stores the address corresponding to each link resource included in the first set of resources. Taking the first link resource as an example, the address of the first link resource points to the device that saves the first link resource (that is, " The second device"). The first device sends the first link resource access request to the second device according to the address of the first link resource.
另外,第一集合资源中可以包括一个或多个链接资源,对于每一个链接资源,都可以采用同样的方式,生成相应的链接资源访问请求。在本实施例中,主要以第一链接资源为例,进行介绍说明。In addition, the first set of resources may include one or more link resources, and for each link resource, the same way can be used to generate a corresponding link resource access request. In this embodiment, the first link resource is mainly taken as an example for introduction and description.
步骤303,第二设备向第一设备发送第一链接资源的访问结果,该第一链接资源的访问结果是在确定终端具备访问第一链接资源的权限的情况下,由第二设备执行第一链接资源访问请求后生成的。Step 303: The second device sends the access result of the first link resource to the first device. The access result of the first link resource is that the second device executes the first link resource when it is determined that the terminal has the right to access the first link resource. Generated after link resource access request.
第二设备在接收到第一链接资源访问请求之后,会检测第一设备是否具备访问第一链接资源的权限。例如,第二设备中可以存储有权限访问第一链接资源的各个设备标识和/或无权限访问第一链接资源的各个 设备标识,第二设备根据存储的上述信息,以及第一设备的设备标识,对第一设备进行权限验证。After receiving the first link resource access request, the second device will detect whether the first device has the permission to access the first link resource. For example, the second device may store the identification of each device that is authorized to access the first link resource and/or the identification of each device that is not authorized to access the first link resource, and the second device may store the above-mentioned information based on the stored information and the device identification of the first device. , Perform permission verification on the first device.
在本申请实施例提供的技术方案中,还会对终端访问第一链接资源的权限进行验证,该验证过程可以由第二设备执行,也可以由第一设备执行。针对这两种方式,将在下文实施例中分别进行介绍说明。In the technical solution provided by the embodiment of the present application, the terminal's permission to access the first link resource is also verified. The verification process may be performed by the second device or the first device. For these two methods, they will be separately introduced and explained in the following embodiments.
在确定终端具备访问第一链接资源的权限的情况下,第二设备会执行第一链接资源访问请求,生成第一链接资源的访问结果。然后,第二设备将第一链接资源的访问结果发送给第一设备,由第一设备将第一链接资源的访问结果发送给终端。In the case where it is determined that the terminal has the authority to access the first link resource, the second device will execute the first link resource access request and generate the access result of the first link resource. Then, the second device sends the access result of the first link resource to the first device, and the first device sends the access result of the first link resource to the terminal.
另外,若终端不具备访问第一链接资源的权限,则第二设备不会执行该第一链接资源访问请求。In addition, if the terminal does not have the authority to access the first link resource, the second device will not execute the first link resource access request.
需要说明的一点是,由于第一链接资源可以是非集合资源,也可以是集合资源,如果第一链接资源是非集合资源,则第二设备执行第一链接资源访问请求,可以包括获取第一链接资源的状态和/或修改第一链接资源的状态;如果第一链接资源是集合资源,则第二设备还需要进一步分解该请求,相关介绍说明可参见下文实施例。It should be noted that since the first link resource can be a non-collective resource or a collective resource, if the first link resource is a non-collective resource, the second device executes the first link resource access request, which may include obtaining the first link resource And/or modify the status of the first link resource; if the first link resource is a collective resource, the second device needs to further decompose the request. For related introduction, please refer to the following embodiments.
步骤304,第一设备向终端发送第一集合资源访问响应,第一集合资源访问响应包括第一链接资源的访问结果。Step 304: The first device sends a first collection resource access response to the terminal, where the first collection resource access response includes the access result of the first link resource.
可选地,如果第一集合资源中除了包括第一链接资源之外,还包括其它链接资源,则第一集合资源访问响应中还可以包括其它链接资源的访问结果。另外,第二设备可以将第一集合资源中的多个链接资源的访问结果同时发送给终端,也可以分别发送给终端,本申请实施例对此不作限定。Optionally, if the first collection resource includes other link resources in addition to the first link resource, the access response to the first collection resource may also include access results of other link resources. In addition, the second device may simultaneously send the access results of multiple link resources in the first set of resources to the terminal, or may also send to the terminal separately, which is not limited in the embodiment of the present application.
综上所述,本申请实施例提供的技术方案中,通过在接收到终端对于集合资源的访问请求之后,验证终端对该集合资源中包含的链接资源的访问权限,在确认终端具备访问链接资源的权限的情况下,再对该链接资源执行相应的操作,避免没有权限的终端对链接资源进行访问,提升了系统的安全性。In summary, in the technical solution provided by the embodiments of the present application, after receiving the terminal's access request for the collective resource, verifying the terminal's access authority to the link resource contained in the collective resource, confirming that the terminal has access to the link resource In the case of the permission, the corresponding operation is performed on the link resource to prevent the terminal without permission from accessing the link resource, and the security of the system is improved.
本申请实施例提供了两种不同的实现方案,以实现对终端对于集合资源中包含的连接资源的访问权限进行验证。在第一种可能的实现方案中,由第二设备(也即保存有链接资源的设备)对终端进行验证。在第二种可能的实现方案中,由第一设备(也即保存有集合资源的设备)对终端进行验证。在下面的图4和图5所示实施例中,主要介绍第一种可能的实现方案;在下面的图6至图8所示实施例中,主要介绍第二种可能的实现方案。The embodiment of the present application provides two different implementation solutions to verify the terminal's access authority to the connection resource included in the collective resource. In the first possible implementation solution, the second device (that is, the device storing the link resource) verifies the terminal. In the second possible implementation solution, the first device (that is, the device storing the collective resource) verifies the terminal. In the following embodiments shown in Figs. 4 and 5, the first possible implementation scheme is mainly introduced; in the following embodiments shown in Figs. 6 to 8, the second possible implementation scheme is mainly introduced.
请参考图4,其示出了本申请一个实施例提供的集合资源的访问方法的流程图,该方法可以应用于图2所示的实施环境中。该方法可以包括如下几个步骤(401~405):Please refer to FIG. 4, which shows a flowchart of a method for accessing a collective resource provided by an embodiment of the present application, and the method can be applied to the implementation environment shown in FIG. 2. The method can include the following steps (401-405):
步骤401,第一设备接收终端发送的第一集合资源访问请求。Step 401: The first device receives the first collection resource access request sent by the terminal.
第一集合资源访问请求用于请求对第一设备保存的第一集合资源进行访问。可选地,第一集合资源访问请求为batch请求,也即第一集合资源访问请求中带有batch接口,用于请求通过batch接口对第一集合资源内所有的链接资源进行访问,如获取第一集合资源内所有的链接资源的状态,或者修改第一集合资源内所有的链接资源的状态等。第一集合资源中可以包括一个或多个链接资源,链接资源可以是集合资源,也可以是非集合资源。The first collection resource access request is used to request access to the first collection resource saved by the first device. Optionally, the first collection resource access request is a batch request, that is, the first collection resource access request has a batch interface for requesting access to all link resources in the first collection resource through the batch interface, such as obtaining the first collection of resources. The state of all the link resources in a set of resources, or the state of all the link resources in the first set of resources is modified. The first collection resource may include one or more link resources, and the link resource may be a collection resource or a non-collection resource.
有关第一集合资源访问请求的介绍说明,可参见上文图3实施例,本实施例对此不再赘述。For the introduction and description of the first set of resource access requests, please refer to the embodiment in FIG. 3 above, which will not be repeated in this embodiment.
步骤402,第一设备分解第一集合资源访问请求,生成第一链接资源访问请求,该第一链接资源访问请求中包括终端的设备标识。Step 402: The first device decomposes the first set of resource access requests, and generates a first link resource access request. The first link resource access request includes the device identifier of the terminal.
第一设备在接收到上述第一集合资源访问请求之后,可以先检测终端是否具备访问第一集合资源的权限。例如,第一设备可以查询权限配置表,该权限配置表中包括第一集合资源,以及与该第一集合资源对应的权限信息,权限信息可以包括具备访问该第一集合资源的各个设备标识。如果第一集合资源对应的权限信息中包括上述终端的设备标识,则确定终端具备访问第一集合资源的权限。After receiving the above-mentioned first set of resource access request, the first device may first detect whether the terminal has the right to access the first set of resources. For example, the first device may query a rights configuration table, the rights configuration table including a first collection of resources, and permission information corresponding to the first collection of resources, and the permission information can include the identification of each device that has access to the first collection of resources. If the authority information corresponding to the first set of resources includes the device identifier of the above-mentioned terminal, it is determined that the terminal has the authority to access the first set of resources.
在终端具备访问第一集合资源的权限的情况下,第一设备分解第一集合资源访问请求,生成至少一个链接资源访问请求。其中,每个链接资源访问请求对应于第一集合资源中的一个链接资源,用于请求对这一个链接资源进行访问。可选地,第一链接资源访问请求用于请求对第一集合资源中包括的第一链接资源进行访问。第一链接资源可以是第一集合资源中的任意一个链接资源。第一链接资源可以是集合资源,也可以是非集合资源。When the terminal has the authority to access the first collection of resources, the first device decomposes the first collection of resource access requests, and generates at least one link resource access request. Wherein, each link resource access request corresponds to a link resource in the first set of resources, and is used to request access to this link resource. Optionally, the first link resource access request is used to request access to the first link resource included in the first set of resources. The first link resource may be any link resource in the first set of resources. The first link resource may be a collective resource or a non-collective resource.
有关第一链接资源访问请求的介绍说明,可参见上文图3实施例,本实施例对此不再赘述。For the introduction and description of the first link resource access request, please refer to the embodiment in FIG. 3 above, which will not be repeated in this embodiment.
在本实施例中,第一链接资源访问请求中还包括终端的设备标识。终端的设备标识是该终端的唯一标识符,用于对该终端起到唯一标识的作用。例如,在第一链接资源访问请求中增加请求源属性信息,该请求源属性信息用于指示该第一链接资源访问请求的源设备(也即上述终端)的设备标识。例如,请求源属性信息可以采用batchfrom属性表示,该batchfrom属性对应的值即为终端的设备标识。In this embodiment, the first link resource access request also includes the device identification of the terminal. The device identifier of the terminal is the unique identifier of the terminal, and is used to uniquely identify the terminal. For example, the request source attribute information is added to the first link resource access request, and the request source attribute information is used to indicate the device identifier of the source device (that is, the aforementioned terminal) of the first link resource access request. For example, the request source attribute information may be represented by the batchfrom attribute, and the value corresponding to the batchfrom attribute is the device identification of the terminal.
可选地,第一链接资源访问请求中还包括请求标识,该请求标识用于指示第一链接资源访问请求是batch请求的分解请求。batch请求是指携带batch接口的集合资源访问请求,分解请求是指根据batch请求 中包含的集合资源所包括的链接资源生成的请求。有关对集合资源访问请求进行分解,生成链接资源访问请求的介绍说明,可参见上文实施例。例如,请求标识可以采用batchflag属性表示,该batchflag属性对应的值即表示当前请求是否为batch请求的分解请求。例如,如果当前请求是batch请求的分解请求,则batchflag属性对应的值为1;如果当前请求不是batch请求的分解请求,则batchflag属性对应的值为0。Optionally, the first link resource access request further includes a request identifier, and the request identifier is used to indicate that the first link resource access request is a decomposition request of the batch request. A batch request refers to a collective resource access request carrying a batch interface, and a decomposition request refers to a request generated based on the link resources included in the collective resource included in the batch request. For an introduction to decomposing a collection resource access request and generating a link resource access request, please refer to the above embodiment. For example, the request identifier may be represented by the batchflag attribute, and the value corresponding to the batchflag attribute indicates whether the current request is a decomposition request of the batch request. For example, if the current request is a decomposition request of a batch request, the value corresponding to the batchflag attribute is 1; if the current request is not a decomposition request of a batch request, the value corresponding to the batchflag attribute is 0.
另外,第一集合资源中可以包括一个或多个链接资源,对于每一个链接资源,都可以采用同样的方式,生成相应的链接资源访问请求。在本实施例中,主要以第一链接资源为例,进行介绍说明。In addition, the first set of resources may include one or more link resources, and for each link resource, the same way can be used to generate a corresponding link resource access request. In this embodiment, the first link resource is mainly taken as an example for introduction and description.
步骤403,第一设备向第二设备发送第一链接资源访问请求。Step 403: The first device sends a first link resource access request to the second device.
第二设备中保存有第一链接资源。The first link resource is stored in the second device.
步骤404,第二设备检测终端是否具备访问第一链接资源的权限。Step 404: The second device detects whether the terminal has the authority to access the first link resource.
第二设备在接收到第一链接资源访问请求之后,一方面要检测第一设备是否具备访问第一链接资源的权限,另一方面还要检测终端是否具备访问第一链接资源的权限。例如,第二设备中可以存储有权限访问第一链接资源的各个设备标识和/或无权限访问第一链接资源的各个设备标识,第二设备根据存储的上述信息,以及第一设备的设备标识、终端的设备标识,分别对第一设备和终端进行权限验证。After receiving the first link resource access request, the second device needs to detect whether the first device has the authority to access the first link resource on the one hand, and on the other hand, it also needs to detect whether the terminal has the authority to access the first link resource. For example, the second device may store the identification of each device that is authorized to access the first link resource and/or the identification of each device that is not authorized to access the first link resource, and the second device may store the above-mentioned information based on the stored information and the device identification of the first device. , The device identification of the terminal, to verify the authority of the first device and the terminal respectively.
可选地,如果第一链接资源访问请求中还包括请求标识,则第二设备读取第一链接资源访问请求中的请求标识,若该请求标识用于指示第一链接资源访问请求是batch请求的分解请求,则第二设备执行上述步骤404。否则,如果请求标识用于指示第一链接资源访问请求不是batch请求的分解请求,则第二设备可以不对终端进行权限验证,或者执行其它预配置的处理逻辑,本申请实施例对此不作限定。Optionally, if the first link resource access request also includes a request identifier, the second device reads the request identifier in the first link resource access request, and if the request identifier is used to indicate that the first link resource access request is a batch request If the decomposition request is made, the second device executes the above step 404. Otherwise, if the request identifier is used to indicate that the first link resource access request is not a decomposition request of the batch request, the second device may not perform authorization verification on the terminal or execute other pre-configured processing logic, which is not limited in this embodiment of the application.
步骤405,若终端具备访问第一链接资源的权限,则第二设备执行第一链接资源访问请求。Step 405: If the terminal has the authority to access the first link resource, the second device executes the first link resource access request.
在第一设备和终端均具备访问第一链接资源的权限的情况下,第二设备执行第一链接资源访问请求,得到第一链接资源的访问结果,然后将该第一链接资源的访问结果发送给第一设备,由第一设备将该第一链接资源的访问结果发送给终端。In the case that both the first device and the terminal have the authority to access the first link resource, the second device executes the first link resource access request to obtain the access result of the first link resource, and then sends the access result of the first link resource To the first device, the first device sends the access result of the first link resource to the terminal.
另外,若终端不具备访问第一链接资源的权限,则第二设备向第一设备发送错误应答,再由第一设备将错误应答发送给终端。其中,错误应答用于指示对第一链接资源访问失败。In addition, if the terminal does not have the authority to access the first link resource, the second device sends an error response to the first device, and the first device sends the error response to the terminal. Wherein, the error response is used to indicate that the access to the first link resource fails.
需要说明的一点是,由于第一链接资源可以是非集合资源,也可以是集合资源,如果第一链接资源是非集合资源,则第二设备执行第一链接资源访问请求,可以包括获取第一链接资源的状态和/或修改第一链接资源的状态;如果第一链接资源是集合资源,则第二设备还需要进一步分解该请求,相关介绍说明可参见下文实施例。It should be noted that since the first link resource can be a non-collective resource or a collective resource, if the first link resource is a non-collective resource, the second device executes the first link resource access request, which may include obtaining the first link resource And/or modify the status of the first link resource; if the first link resource is a collective resource, the second device needs to further decompose the request. For related introduction, please refer to the following embodiments.
在一个示例中,结合参考图5,可以通过如下几个步骤,实现由用于保存链接资源的设备对终端进行权限验证:In an example, referring to FIG. 5, the following steps can be used to implement the authorization verification of the terminal by the device for saving the link resource:
步骤51,终端向第一设备发送第一集合资源访问请求;Step 51: The terminal sends a first collection resource access request to the first device;
示例性地,client向hostdevice发送用于请求对集合资源mycollection1进行更新的batch请求,该请求中包括的接口属性信息用于指示对集合资源mycollection1进行访问所使用的接口为batch接口,该请求中包括的操作方式信息用于指示对集合资源mycollection1的操作方式为update(修改/更新)。Exemplarily, the client sends a batch request for requesting to update the collection resource mycollection1 to the hostdevice, and the interface attribute information included in the request is used to indicate that the interface used to access the collection resource mycollection1 is the batch interface, and the request includes The operation mode information of is used to indicate that the operation mode of the collection resource mycollection1 is update (modification/update).
步骤52,第一设备检测终端是否具备访问第一集合资源的权限;Step 52: The first device detects whether the terminal has the authority to access the first set of resources;
Hostdevice检测client是否具备访问集合资源mycollection1的权限。Hostdevice detects whether the client has the permission to access the collection resource mycollection1.
步骤53,若终端具备访问第一集合资源的权限,则第一设备分解第一集合资源访问请求,生成第一链接资源访问请求,该第一链接资源访问请求中包括终端的设备标识;Step 53: If the terminal has the authority to access the first collection of resources, the first device decomposes the first collection of resource access requests to generate a first link resource access request, and the first link resource access request includes the device identification of the terminal;
若client具备访问集合资源mycollection1的权限,则hostdevice分解上述batch请求,生成第一链接资源访问请求。示例性地,第一链接资源访问请求中包括的接口属性信息所指示的接口,是第一链接资源link1的默认接口;第一链接资源访问请求中包括的操作方式信息,用于指示对第一链接资源link1的操作方式为update(修改/更新);第一链接资源访问请求中包括的batchfrom属性对应的值,即为client对应的设备标识。可选地,第一链接资源访问请求中还包括batchflag属性,其对应的值为1,表示当前请求是batch请求的分解请求。If the client has the permission to access the collection resource mycollection1, the hostdevice decomposes the batch request and generates the first link resource access request. Exemplarily, the interface indicated by the interface attribute information included in the first link resource access request is the default interface of the first link resource link1; the operation mode information included in the first link resource access request is used to indicate that the first link resource access request The operation mode of the link resource link1 is update (modification/update); the value corresponding to the batchfrom attribute included in the first link resource access request is the device identifier corresponding to the client. Optionally, the first link resource access request further includes a batchflag attribute, and its corresponding value is 1, indicating that the current request is a decomposition request of the batch request.
步骤54,第一设备向第二设备发送第一链接资源访问请求;Step 54: The first device sends the first link resource access request to the second device;
假设linkdevice1保存有第一链接资源link1,则hostdevice向linkdevice1发送上述第一链接资源访问请求。Assuming that linkdevice1 stores the first link resource link1, hostdevice sends the above-mentioned first link resource access request to linkdevice1.
步骤55,第二设备检测第一设备是否具备访问第一链接资源的权限;Step 55: The second device detects whether the first device has the permission to access the first link resource;
Linkdevice1检测hostdevice是否具备访问第一链接资源link1的权限。Linkdevice1 detects whether hostdevice has the permission to access the first link resource link1.
步骤56,若第一设备具备访问第一链接资源的权限,则第二设备检测终端是否具备访问第一链接资源的权限;Step 56: If the first device has the authority to access the first link resource, the second device detects whether the terminal has the authority to access the first link resource;
若hostdevice具备访问第一链接资源link1的权限,则linkdevice1进一步检测client是否具备访问第一链接资源link1的权限。If the hostdevice has the permission to access the first link resource link1, linkdevice1 further detects whether the client has the permission to access the first link resource link1.
可选地,linkdevice1读取batchflag属性对应的值,如果根据batchflag属性对应的值确定当前请求是 batch请求的分解请求,则linkdevice1进一步读取batchfrom属性对应的值,以获取client对应的设备标识,然后据此检测client是否具备访问第一链接资源link1的权限。Optionally, linkdevice1 reads the value corresponding to the batchflag attribute. If it is determined according to the value corresponding to the batchflag attribute that the current request is a decomposition request of the batch request, linkdevice1 further reads the value corresponding to the batchfrom attribute to obtain the device ID corresponding to the client, and then Based on this, it is detected whether the client has the permission to access the first link resource link1.
步骤57,若终端具备访问第一链接资源的权限,则第二设备执行第一链接资源访问请求;Step 57: If the terminal has the authority to access the first link resource, the second device executes the first link resource access request;
若client具备访问第一链接资源link1的权限,则linkdevice1执行第一链接资源访问请求,得到相应的执行结果。If the client has the permission to access the first link resource link1, linkdevice1 executes the first link resource access request and obtains the corresponding execution result.
步骤58,第二设备向第一设备发送第一链接资源访问请求对应的执行结果;Step 58, the second device sends the execution result corresponding to the first link resource access request to the first device;
Linkdevice1向hostdevice发送第一链接资源访问请求对应的执行结果。Linkdevice1 sends the execution result corresponding to the first link resource access request to hostdevice.
步骤59,第一设备向终端发送第一集合资源访问请求对应的执行结果。Step 59: The first device sends an execution result corresponding to the first set of resource access requests to the terminal.
Hostdevice向client发送第一集合资源访问请求对应的执行结果,其中包括第一链接资源访问请求对应的执行结果。The Hostdevice sends the execution result corresponding to the first set of resource access requests to the client, including the execution result corresponding to the first link resource access request.
综上所述,本实施例提供的技术方案中,通过在分解集合资源访问请求生成的链接资源访问请求中,添加终端的设备标识,以使得保存链接资源的设备在接收到该链接资源访问请求之后,能够基于终端的设备标识,检测终端是否具备访问链接资源的权限,实现了对终端对于链接资源的访问权限进行验证,从而克服了相关技术所存在的安全漏洞,提升了安全性。In summary, in the technical solution provided by this embodiment, the device identification of the terminal is added to the link resource access request generated by decomposing the aggregate resource access request, so that the device storing the link resource receives the link resource access request After that, based on the device identification of the terminal, it can be detected whether the terminal has the authority to access the link resource, which realizes the verification of the terminal's access authority to the link resource, thereby overcoming the security loopholes in the related technology and improving the security.
另外,还通过在链接资源访问请求中添加用于指示是否为batch请求的分解请求的请求标识,使得保存链接资源的设备在接收到该链接资源访问请求之后,能够基于该请求标识,确定当前请求是否为batch请求的分解请求,进而确定是否要对终端进行权限验证,提升了整个流程的规范化,避免执行不必要的操作。In addition, by adding a request identifier to indicate whether it is a disassembly request of a batch request in the link resource access request, after receiving the link resource access request, the device that saves the link resource can determine the current request based on the request identifier. Whether it is the decomposition request of the batch request, and then determine whether to verify the authority of the terminal, which improves the standardization of the entire process and avoids performing unnecessary operations.
在上文图4和图5所示的实施例中,介绍了由第二设备(也即保存有链接资源的设备)对终端进行验证;下面,通过几个实施例对另一种可能的实现方案进行介绍说明,即由第一设备(也即保存有集合资源的设备)对终端进行验证。In the embodiments shown in Figures 4 and 5 above, the verification of the terminal by the second device (that is, the device that stores the link resource) is introduced; the following is another possible implementation through several embodiments The solution is introduced and explained, that is, the first device (that is, the device that stores the collective resource) verifies the terminal.
请参考图6,其示出了本申请另一个实施例提供的集合资源的访问方法的流程图,该方法可以应用于图2所示的实施环境中。该方法可以包括如下几个步骤(601~605):Please refer to FIG. 6, which shows a flowchart of a method for accessing a collective resource provided by another embodiment of the present application. The method can be applied to the implementation environment shown in FIG. 2. The method can include the following steps (601-605):
步骤601,第一设备接收终端发送的第一集合资源访问请求。Step 601: The first device receives the first set of resource access request sent by the terminal.
第一集合资源访问请求用于请求对第一设备保存的第一集合资源进行访问。可选地,第一集合资源访问请求为batch请求,也即第一集合资源访问请求中带有batch接口,用于请求通过batch接口对第一集合资源内所有的链接资源进行访问,如获取第一集合资源内所有的链接资源的状态,或者修改第一集合资源内所有的链接资源的状态等。第一集合资源中可以包括一个或多个链接资源,链接资源可以是集合资源,也可以是非集合资源。The first collection resource access request is used to request access to the first collection resource saved by the first device. Optionally, the first collection resource access request is a batch request, that is, the first collection resource access request has a batch interface for requesting access to all link resources in the first collection resource through the batch interface, such as obtaining the first collection of resources. The state of all the link resources in a set of resources, or the state of all the link resources in the first set of resources is modified. The first collection resource may include one or more link resources, and the link resource may be a collection resource or a non-collection resource.
有关步骤601的其它介绍说明可参见图3实施例中关于步骤301的介绍说明,此处不再赘述。For other introduction and description of step 601, please refer to the introduction and description of step 301 in the embodiment of FIG. 3, which will not be repeated here.
步骤602,第一设备向第二设备获取第一权限信息,该第一权限信息用于指示终端对第一集合资源中包括的第一链接资源的访问权限。Step 602: The first device obtains first permission information from the second device, where the first permission information is used to indicate the access permission of the terminal to the first link resource included in the first set of resources.
第一设备在接收到上述第一集合资源访问请求之后,可以先检测终端是否具备访问第一集合资源的权限。在终端具备访问第一集合资源的权限的情况下,第一设备获取第一权限信息,以进一步对终端对于第一链接资源的访问权限进行验证。第一链接资源可以是第一集合资源中的任意一个链接资源。第一链接资源可以是集合资源,也可以是非集合资源。After receiving the above-mentioned first set of resource access request, the first device may first detect whether the terminal has the right to access the first set of resources. In the case that the terminal has the authority to access the first set of resources, the first device obtains the first authority information to further verify the terminal's access authority to the first link resource. The first link resource may be any link resource in the first set of resources. The first link resource may be a collective resource or a non-collective resource.
可选地,第一权限信息用于指示终端对于第一链接资源所具备的和/或不具备的操作权限。第一设备根据该第一权限信息,能够确定出终端对第一链接资源包括哪种或哪些操作权限,例如确定出终端对第一链接资源的操作权限包括create(创建)、update(修改/更新)、retrieve(获取)、delete(删除)、notification(通知)中的哪几种。Optionally, the first authority information is used to indicate the operation authority that the terminal has and/or does not possess for the first link resource. According to the first permission information, the first device can determine which operation permissions the terminal includes on the first link resource, for example, determine that the terminal’s operation permissions on the first link resource include create (create), update (modify/update) ), retrieve (acquisition), delete (delete), notification (notification) which types.
在一种可能的实施方式中,步骤602包括如下几个子步骤:In a possible implementation manner, step 602 includes the following sub-steps:
1、第一设备向第二设备发送第一权限获取请求,该第一权限获取请求是第一设备获取终端对第一链接资源的访问权限的请求;1. The first device sends a first permission acquisition request to the second device, and the first permission acquisition request is a request for the first device to obtain the terminal's access permission to the first link resource;
第二设备中保存有第一链接资源。第二设备在接收到上述第一权限获取请求之后,获取终端对第一链接资源的访问权限,并向第一设备发送第一权限信息。The first link resource is stored in the second device. After receiving the first permission obtaining request, the second device obtains the terminal's access permission to the first link resource, and sends the first permission information to the first device.
2、第一设备接收第二设备发送的第一权限信息。2. The first device receives the first permission information sent by the second device.
在另一种可能的实施方式中,步骤602包括如下几个子步骤:In another possible implementation manner, step 602 includes the following sub-steps:
1、第一设备通过配置设备向第二设备发送第二权限获取请求,该第二权限获取请求是配置设备获取终端对第一链接资源的访问权限的请求;1. The first device sends a second permission acquisition request to the second device through the configuration device, and the second permission acquisition request is a request for the configuration device to obtain the terminal's access permission to the first link resource;
配置设备也称为OBT设备,是指运行有OBT(On Boarding Tool)配置工具的设备,用于实现对物联网系统中的各个设备进行配置管理,如对物联网系统中的各个设备的权限、从属关系等进行配置管理。理论上,配置设备可以获取其配置的任何设备的资源访问权限。The configuration device is also called OBT device, which refers to the device running the OBT (On Boarding Tool) configuration tool, which is used to realize the configuration and management of each device in the Internet of Things system, such as the authority and authority of each device in the Internet of Things system. Subordination relationship, etc. for configuration management. In theory, the configuration device can obtain the resource access rights of any device it configures.
例如,配置设备在接收到第一设备发送的第一权限获取请求之后,向第二设备发送第二权限获取请求,从第二设备获取终端对第一链接资源的访问权限,然后配置设备向第一设备发送第一权限信息。可选地,配置设备用于从第二设备请求获取第一权限信息,然后再将第一权限信息发送给第一设备。For example, after the configuration device receives the first permission acquisition request sent by the first device, it sends the second permission acquisition request to the second device, obtains the terminal's access permission to the first link resource from the second device, and then configures the device to transfer the A device sends first permission information. Optionally, the configuration device is used to request the first permission information from the second device, and then send the first permission information to the first device.
2、第一设备接收配置设备发送的第一权限信息。2. The first device receives the first permission information sent by the configuration device.
步骤603,若根据第一权限信息,确定终端具备访问第一链接资源的权限,则第一设备分解第一集合资源访问请求,生成第一链接资源访问请求。Step 603: If it is determined according to the first permission information that the terminal has the permission to access the first link resource, the first device decomposes the first collection resource access request, and generates the first link resource access request.
第一设备在获取到第一权限信息之后,确定终端是否具备访问第一链接资源的权限。可选地,如果对第一链接资源的访问权限,是指通过batch接口访问第一链接资源的权限,那么当第一设备根据第一权限信息,确定终端对第一链接资源具备修改权限和获取权限时,第一设备便可确定终端具备通过batch接口访问第一链接资源的权限。After obtaining the first authority information, the first device determines whether the terminal has the authority to access the first link resource. Optionally, if the access authority to the first link resource refers to the authority to access the first link resource through the batch interface, then according to the first authority information, the first device determines that the terminal has the right to modify and obtain the first link resource In the case of permission, the first device can determine that the terminal has the permission to access the first link resource through the batch interface.
在确定终端具备访问第一链接资源的权限的情况下,第一设备分解第一集合资源访问请求,生成第一链接资源访问请求,该第一链接资源访问请求用于请求对第一链接资源进行访问。In the case of determining that the terminal has the authority to access the first link resource, the first device decomposes the first collection resource access request and generates a first link resource access request. The first link resource access request is used to request the access to the first link resource. access.
有关分解第一集合资源访问请求,生成第一链接资源访问请求的具体过程,可参见图4实施例中的介绍说明,本实施例对此不再赘述。另外,在本实施例中,由于第一设备已经完成了对终端对于第一链接资源的权限验证,因此第一链接资源访问请求中不必携带图4实施例中介绍的终端的设备标识以及请求标识。For the specific process of decomposing the first collection resource access request and generating the first link resource access request, please refer to the introduction in the embodiment of FIG. 4, which will not be repeated in this embodiment. In addition, in this embodiment, since the first device has completed the authority verification of the terminal for the first link resource, the first link resource access request does not have to carry the device identification and request identification of the terminal introduced in the embodiment of FIG. 4 .
另外,若第一设备确定终端不具备访问第一链接资源的权限,则第一设备向终端发送错误应答,以此告知终端其对第一链接资源访问失败。In addition, if the first device determines that the terminal does not have the authority to access the first link resource, the first device sends an error response to the terminal to inform the terminal that it has failed to access the first link resource.
在本实施例中,主要以第一链接资源为例,进行介绍说明。第一集合资源中可以包括一个或多个链接资源,对于每一个链接资源,都可以采用同样的方式,对终端对于该链接资源的访问权限进行验证,生成相应的链接资源访问请求。In this embodiment, the first link resource is mainly taken as an example for introduction and description. The first set of resources may include one or more link resources. For each link resource, the same method may be used to verify the terminal's access authority to the link resource, and generate a corresponding link resource access request.
步骤604,第一设备向第二设备发送第一链接资源访问请求。Step 604: The first device sends a first link resource access request to the second device.
步骤605,第二设备执行第一链接资源访问请求。Step 605: The second device executes the first link resource access request.
第二设备在接收到第一链接资源访问请求之后,可以检测第一设备是否具备访问第一链接资源的权限,如果确认第一设备具备访问第一链接资源的权限,则第二设备执行第一链接资源访问请求,然后将执行结果发送给第一设备,由第一设备将执行结果发送给终端。After receiving the first link resource access request, the second device can detect whether the first device has the permission to access the first link resource. If it is confirmed that the first device has the permission to access the first link resource, the second device executes the first link resource. Link the resource access request, and then send the execution result to the first device, and the first device sends the execution result to the terminal.
另外,若第一设备不具备访问第一链接资源的权限,则第二设备向第一设备发送错误应答。In addition, if the first device does not have the authority to access the first link resource, the second device sends an error response to the first device.
需要说明的一点是,由于第一链接资源可以是非集合资源,也可以是集合资源,如果第一链接资源是非集合资源,则第二设备执行第一链接资源访问请求,可以包括获取第一链接资源的状态和/或修改第一链接资源的状态;如果第一链接资源是集合资源,则第二设备还需要进一步分解该请求,相关介绍说明可参见下文实施例。It should be noted that since the first link resource can be a non-collective resource or a collective resource, if the first link resource is a non-collective resource, the second device executes the first link resource access request, which may include obtaining the first link resource And/or modify the status of the first link resource; if the first link resource is a collective resource, the second device needs to further decompose the request. For related introduction, please refer to the following embodiments.
在一个示例中,结合参考图7,以第一设备从第二设备获取第一权限信息为例,可以包括如下几个步骤:In an example, with reference to FIG. 7, taking the first device obtaining the first permission information from the second device as an example, the following steps may be included:
步骤701,终端向第一设备发送第一集合资源访问请求;Step 701: The terminal sends a first collection resource access request to the first device;
示例性地,client向hostdevice发送用于请求对集合资源mycollection1进行更新的batch请求,该请求中包括的接口属性信息用于指示对集合资源mycollection1进行访问所使用的接口为batch接口,该请求中包括的操作方式信息用于指示对集合资源mycollection1的操作方式为update(修改/更新)。Exemplarily, the client sends a batch request for requesting to update the collection resource mycollection1 to the hostdevice, and the interface attribute information included in the request is used to indicate that the interface used to access the collection resource mycollection1 is the batch interface, and the request includes The operation mode information of is used to indicate that the operation mode of the collection resource mycollection1 is update (modification/update).
步骤702,第一设备检测终端是否具备访问第一集合资源的权限;Step 702: The first device detects whether the terminal has the authority to access the first set of resources;
Hostdevice检测client是否具备访问集合资源mycollection1的权限。Hostdevice detects whether the client has the permission to access the collection resource mycollection1.
步骤703,若终端具备访问第一集合资源的权限,则第一设备向第二设备发送权限获取请求;Step 703: If the terminal has the permission to access the first set of resources, the first device sends a permission acquisition request to the second device;
第二设备中保存有第一集合资源中包含的第一链接资源,该权限获取请求用于请求获取终端对第一链接资源的访问权限。The second device stores the first link resource included in the first set of resources, and the permission acquisition request is used to request the terminal to acquire the access permission of the first link resource.
假设集合资源mycollection1中包括第一链接资源link1,linkdevice1中保存有该第一链接资源link1,则hostdevice向linkdevice1发送权限获取请求。示例性地,权限获取请求的示例如下:Get/acl2?subject=client&resource=/link1;其中,/acl2为所有设备保存访问权限的资源,subject=client&resource=/link1是一个限制条件,这条请求的含义就是获取client对第一链接资源/link1的访问权限。Assuming that the collection resource mycollection1 includes the first link resource link1, and the first link resource link1 is stored in the linkdevice1, the hostdevice sends a permission acquisition request to the linkdevice1. Illustratively, an example of a permission acquisition request is as follows: Get/acl2? subject=client&resource=/link1; among them, /acl2 is the resource for all devices to save access rights, subject=client&resource=/link1 is a restriction condition, and the meaning of this request is to obtain the client's access right to the first link resource /link1.
步骤704,第二设备向第一设备发送第一权限信息;Step 704: The second device sends the first permission information to the first device.
Linkdevice1接收到上述权限获取请求之后,获取client对第一链接资源/link1的访问权限,然后向hostdevice发送第一权限信息。可选地,第一权限信息用于指示终端对于第一链接资源link1所具备的和/或不具备的操作权限。hostdevice根据该第一权限信息,能够确定出client对第一链接资源link1包括哪种或哪些操作权限,例如确定出client对第一链接资源link1的操作权限包括create(创建)、update(修改/更新)、retrieve(获取)、delete(删除)、notification(通知)中的哪几种。After Linkdevice1 receives the above permission acquisition request, it acquires the client's access permission to the first link resource/link1, and then sends the first permission information to the hostdevice. Optionally, the first authority information is used to indicate the operation authority that the terminal has and/or does not possess for the first link resource link1. Based on the first permission information, the hostdevice can determine which operation permissions the client includes on the first link resource link1, for example, determine that the client’s operation permissions on the first link resource link1 include create (create), update (modify/update) ), retrieve (acquisition), delete (delete), notification (notification) which types.
步骤705,第一设备根据第一权限信息,检测终端是否具备访问第一链接资源的权限;Step 705: The first device detects whether the terminal has the permission to access the first link resource according to the first permission information.
Hostdevice根据接收到的上述第一权限信息,检测client是否具备通过batch接口访问第一链接资源 /link1的权限,由于与batch接口相关的权限是update(修改/更新)和retrieve(获取)权限,因此如果client具备对于第一链接资源/link1的update(修改/更新)和retrieve(获取)权限,则可以确定client具备通过batch接口访问第一链接资源/link1的权限。Based on the received first permission information, Hostdevice detects whether the client has the permission to access the first link resource/link1 through the batch interface. Because the permissions related to the batch interface are update (modify/update) and retrieve (acquisition) permissions, so If the client has the update (modify/update) and retrieve (obtain) permissions for the first link resource/link1, it can be determined that the client has the permission to access the first link resource/link1 through the batch interface.
步骤706,若终端具备访问第一链接资源的权限,则第一设备分解第一集合资源访问请求,生成第一链接资源访问请求。Step 706: If the terminal has the authority to access the first link resource, the first device decomposes the first collection resource access request, and generates the first link resource access request.
若client具备通过batch接口访问第一链接资源/link1的权限,则hostdevice分解上述batch请求,生成第一链接资源访问请求。示例性地,第一链接资源访问请求中包括的接口属性信息所指示的接口,是第一链接资源link1的默认接口;第一链接资源访问请求中包括的操作方式信息,用于指示对第一链接资源link1的操作方式为update(修改/更新)。If the client has the permission to access the first link resource/link1 through the batch interface, the hostdevice decomposes the batch request and generates the first link resource access request. Exemplarily, the interface indicated by the interface attribute information included in the first link resource access request is the default interface of the first link resource link1; the operation mode information included in the first link resource access request is used to indicate that the first link resource access request The operation mode of the link resource link1 is update (modify/update).
步骤707,第一设备向第二设备发送第一链接资源访问请求;Step 707: The first device sends a first link resource access request to the second device.
Hostdevice向linkdevice1发送上述第一链接资源访问请求。Hostdevice sends the above-mentioned first link resource access request to linkdevice1.
步骤708,第二设备检测第一设备是否具备访问第一链接资源的权限;Step 708: The second device detects whether the first device has the permission to access the first link resource;
Linkdevice1检测hostdevice是否具备访问第一链接资源link1的权限。Linkdevice1 detects whether hostdevice has the permission to access the first link resource link1.
步骤709,若第一设备具备访问第一链接资源的权限,则第二设备执行第一链接资源访问请求;Step 709: If the first device has the permission to access the first link resource, the second device executes the first link resource access request;
若hostdevice具备访问第一链接资源link1的权限,则linkdevice1执行第一链接资源访问请求,得到相应的执行结果。If the hostdevice has the permission to access the first link resource link1, then linkdevice1 executes the first link resource access request and obtains the corresponding execution result.
步骤710,第二设备向第一设备发送第一链接资源访问请求对应的执行结果;Step 710: The second device sends an execution result corresponding to the first link resource access request to the first device.
Linkdevice1向hostdevice发送第一链接资源访问请求对应的执行结果。Linkdevice1 sends the execution result corresponding to the first link resource access request to hostdevice.
步骤711,第一设备向终端发送第一集合资源访问请求对应的执行结果。Step 711: The first device sends an execution result corresponding to the first set of resource access requests to the terminal.
Hostdevice向client发送第一集合资源访问请求对应的执行结果,其中包括第一链接资源访问请求对应的执行结果。The Hostdevice sends the execution result corresponding to the first set of resource access requests to the client, including the execution result corresponding to the first link resource access request.
在另一个示例中,结合参考图8,以第一设备从管理设备获取第一权限信息为例,可以包括如下几个步骤:In another example, with reference to FIG. 8, taking the first device obtaining the first permission information from the management device as an example, the following steps may be included:
步骤801,终端向第一设备发送第一集合资源访问请求;Step 801: The terminal sends a first collection resource access request to the first device;
步骤802,第一设备检测终端是否具备访问第一集合资源的权限;Step 802: The first device detects whether the terminal has the authority to access the first set of resources;
上述步骤801-802与图7实施例中的步骤701-702相同,具体参见图7实施例中的介绍说明,此处不再赘述。The above steps 801-802 are the same as the steps 701-702 in the embodiment of FIG. 7. For details, refer to the introduction and description in the embodiment of FIG. 7, which will not be repeated here.
步骤803,若终端具备访问第一集合资源的权限,则第一设备向管理设备发送权限获取请求;Step 803: If the terminal has the permission to access the first set of resources, the first device sends a permission acquisition request to the management device;
在此示例中,hostdevice向OBT设备发送权限获取请求。示例性地,权限获取请求的示例如下:Get/acl2?subject=client&resource=/link1;其中,/acl2为所有设备保存访问权限的资源,subject=client&resource=/link1是一个限制条件,这条请求的含义就是获取client对第一链接资源/link1的访问权限。In this example, hostdevice sends a permission acquisition request to the OBT device. Illustratively, an example of a permission acquisition request is as follows: Get/acl2? subject=client&resource=/link1; among them, /acl2 is the resource for all devices to save access rights, subject=client&resource=/link1 is a restriction condition, and the meaning of this request is to obtain the client's access right to the first link resource /link1.
步骤804,管理设备向第二设备转发权限获取请求;Step 804: The management device forwards the permission acquisition request to the second device;
OBT设备向linkdevice1转发权限获取请求,该linkdevice1中保存有第一链接资源link1。The OBT device forwards the permission acquisition request to linkdevice1, and the first link resource link1 is stored in the linkdevice1.
步骤805,第二设备向管理设备发送第一权限信息;Step 805: The second device sends the first permission information to the management device.
Linkdevice1接收到上述权限获取请求之后,获取client对第一链接资源/link1的访问权限,然后向OBT设备发送第一权限信息。After Linkdevice1 receives the above permission acquisition request, it acquires the client's access permission to the first link resource/link1, and then sends the first permission information to the OBT device.
步骤806,管理设备向第一设备转发第一权限信息;Step 806: The management device forwards the first permission information to the first device;
OBT设备向hostdevice转发第一权限信息。The OBT device forwards the first permission information to the hostdevice.
步骤807,第一设备根据第一权限信息,检测终端是否具备访问第一链接资源的权限;Step 807: The first device detects whether the terminal has the permission to access the first link resource according to the first permission information;
步骤808,若终端具备访问第一链接资源的权限,则第一设备分解第一集合资源访问请求,生成第一链接资源访问请求。Step 808: If the terminal has the authority to access the first link resource, the first device decomposes the first set of resource access requests, and generates the first link resource access request.
步骤809,第一设备向第二设备发送第一链接资源访问请求;Step 809: The first device sends the first link resource access request to the second device;
步骤810,第二设备检测第一设备是否具备访问第一链接资源的权限;Step 810: The second device detects whether the first device has the permission to access the first link resource;
步骤811,若第一设备具备访问第一链接资源的权限,则第二设备执行第一链接资源访问请求;Step 811: If the first device has the permission to access the first link resource, the second device executes the first link resource access request;
步骤812,第二设备向第一设备发送第一链接资源访问请求对应的执行结果;Step 812: The second device sends the execution result corresponding to the first link resource access request to the first device.
步骤813,第一设备向终端发送第一集合资源访问请求对应的执行结果。Step 813: The first device sends an execution result corresponding to the first set of resource access requests to the terminal.
上述步骤807-813与图7实施例中的步骤705-711相同,具体参见图7实施例中的介绍说明,此处不再赘述。The foregoing steps 807-813 are the same as steps 705-711 in the embodiment of FIG. 7. For details, refer to the introduction and description in the embodiment of FIG. 7 and will not be repeated here.
综上所述,本实施例提供的技术方案中,通过在分解集合资源访问请求生成的链接资源访问请求之前,由保存集合资源的设备对终端对于链接资源的访问权限进行验证,从而克服了相关技术所存在的安全漏洞,提升了安全性。To sum up, in the technical solution provided in this embodiment, the device that saves the collection resource verifies the terminal's access authority to the link resource before decomposing the link resource access request generated by the collection resource access request, thereby overcoming the related problems. The security loopholes in the technology have improved security.
另外,本申请实施例提供了两种获取终端对链接资源的访问权限的方式,提升了方案的灵活性。In addition, the embodiment of the present application provides two ways to obtain the access authority of the terminal to the link resource, which improves the flexibility of the solution.
下面,通过图9和图10两个实施例,对第一链接资源为集合资源时,相应的处理流程进行介绍说明。在图9实施例中,由用于保存链接资源的设备对终端进行权限验证;在图10实施例中,由用于保存集合资源的设备对终端进行权限验证。Hereinafter, through the two embodiments of FIG. 9 and FIG. 10, the corresponding processing flow when the first link resource is a collective resource is introduced and explained. In the embodiment of FIG. 9, the device used to save the link resource verifies the authority of the terminal; in the embodiment of FIG. 10, the device used to save the collective resource verifies the authority of the terminal.
请参考图9,其示出了本申请另一个实施例提供的集合资源的访问方法的流程图,该方法可以应用于图2所示的实施环境中。该方法可以包括如下几个步骤(901~906):Please refer to FIG. 9, which shows a flowchart of a method for accessing a collective resource provided by another embodiment of the present application. The method can be applied to the implementation environment shown in FIG. 2. The method can include the following steps (901~906):
步骤901,第一设备接收终端发送的第一集合资源访问请求。Step 901: The first device receives the first collection resource access request sent by the terminal.
步骤902,第一设备分解第一集合资源访问请求,生成第一链接资源访问请求,该第一链接资源访问请求中包括终端的设备标识。Step 902: The first device decomposes the first set of resource access requests, and generates a first link resource access request. The first link resource access request includes the device identifier of the terminal.
步骤903,第一设备向第二设备发送第一链接资源访问请求。Step 903: The first device sends a first link resource access request to the second device.
步骤904,第二设备检测终端是否具备访问第一链接资源的权限。Step 904: The second device detects whether the terminal has the authority to access the first link resource.
上述步骤901-904与图4实施例中的步骤401-404相同,具体参见图4实施例中的介绍说明,此处不再赘述。The above steps 901 to 904 are the same as the steps 401 to 404 in the embodiment of FIG. 4. For details, please refer to the introduction and description in the embodiment of FIG.
步骤905,若终端具备访问第一链接资源的权限,且第一链接资源为第二集合资源,则第二设备分解第一链接资源访问请求,生成第二链接资源访问请求,该第二链接资源访问请求中包括终端的设备标识。Step 905: If the terminal has the authority to access the first link resource, and the first link resource is a second collection resource, the second device decomposes the first link resource access request to generate a second link resource access request, and the second link resource The access request includes the device identification of the terminal.
如果第一链接资源是一个集合资源,如第二集合资源,则第二设备分解第一链接资源访问请求,生成第二链接资源访问请求。该第二链接资源访问请求用于请求对第二集合资源中包括的第二链接资源进行访问。If the first link resource is a collective resource, such as a second collective resource, the second device decomposes the first link resource access request to generate a second link resource access request. The second link resource access request is used to request access to the second link resource included in the second set of resources.
有关第二链接资源访问请求的生成过程,可以参考对于第一链接资源访问请求的生成过程的介绍说明,此处不再赘述。For the generation process of the second link resource access request, you can refer to the introduction to the generation process of the first link resource access request, which will not be repeated here.
第二链接资源访问请求中包括终端的设备标识,以便保存第二链接资源的第三设备在接收到第二链接资源访问请求之后,能够对终端进行权限验证。The second link resource access request includes the device identifier of the terminal, so that the third device storing the second link resource can perform authority verification on the terminal after receiving the second link resource access request.
可选地,第二链接资源访问请求中还包括第一设备的设备标识,以便保存第二链接资源的第三设备在接收到第二链接资源访问请求之后,还能够对第一设备进行权限验证。Optionally, the second link resource access request further includes the device identification of the first device, so that the third device storing the second link resource can also perform authorization verification on the first device after receiving the second link resource access request .
可选地,第二链接资源访问请求中还包括请求标识,该请求标识用于指示第二链接资源访问请求是batch请求的分解请求。Optionally, the second link resource access request further includes a request identifier, and the request identifier is used to indicate that the second link resource access request is a decomposition request of the batch request.
第二链接资源同样可以是集合资源,也可以是非集合资源。另外,第二集合资源中可以包括一个或多个链接资源,对于每一个链接资源,都可以采用同样的方式,生成相应的链接资源访问请求。在本实施例中,主要以第二链接资源为例,进行介绍说明。The second link resource can also be a collective resource or a non-collective resource. In addition, the second set of resources may include one or more link resources, and for each link resource, the same method may be used to generate a corresponding link resource access request. In this embodiment, the second link resource is mainly taken as an example for introduction and description.
步骤906,第二设备向第三设备发送第二链接资源访问请求。Step 906: The second device sends a second link resource access request to the third device.
第三设备保存有第二链接资源。第三设备在接收到第二链接资源访问请求之后,会检测终端是否具备访问第二链接资源的权限。在终端具备访问第二链接资源的权限的情况下,第三设备执行第二链接资源访问请求。The third device stores the second link resource. After receiving the second link resource access request, the third device detects whether the terminal has the authority to access the second link resource. In the case that the terminal has the authority to access the second link resource, the third device executes the second link resource access request.
可选地,第三设备还检测第一设备以及第二设备是否具备访问第二链接资源的权限。在终端、第一设备以及第二设备均具备访问第二链接资源的权限的情况下,第三设备执行第二链接资源访问请求。Optionally, the third device also detects whether the first device and the second device have permission to access the second link resource. In the case that the terminal, the first device, and the second device all have the authority to access the second link resource, the third device executes the second link resource access request.
请参考图10,其示出了本申请另一个实施例提供的集合资源的访问方法的流程图,该方法可以应用于图2所示的实施环境中。该方法可以包括如下几个步骤(1001~1007):Please refer to FIG. 10, which shows a flowchart of a method for accessing a collective resource provided by another embodiment of the present application. The method can be applied to the implementation environment shown in FIG. 2. The method can include the following steps (1001-1007):
步骤1001,第一设备接收终端发送的第一集合资源访问请求。Step 1001: The first device receives the first set of resource access request sent by the terminal.
步骤1002,第一设备获取第一权限信息,该第一权限信息用于指示终端对第一集合资源中包括的第一链接资源的访问权限。Step 1002: The first device obtains first permission information, where the first permission information is used to indicate the access permission of the terminal to the first link resource included in the first set of resources.
步骤1003,若根据第一权限信息,确定终端具备访问第一链接资源的权限,则第一设备分解第一集合资源访问请求,生成第一链接资源访问请求。Step 1003: If it is determined according to the first permission information that the terminal has the permission to access the first link resource, the first device decomposes the first collection resource access request, and generates the first link resource access request.
步骤1004,第一设备向第二设备发送第一链接资源访问请求。Step 1004: The first device sends a first link resource access request to the second device.
上述步骤1001-1004与图6实施例中的步骤601-604相同,具体参见图6实施例中的介绍说明,此处不再赘述。The foregoing steps 1001-1004 are the same as steps 601-604 in the embodiment of FIG. 6. For details, refer to the introduction and description in the embodiment of FIG. 6, which will not be repeated here.
步骤1005,若第一链接资源为第二集合资源,则第二设备获取第二权限信息,该第二权限信息用于指示终端对第二集合资源中包括的第二链接资源的访问权限。Step 1005: If the first link resource is the second collection resource, the second device obtains second permission information, where the second permission information is used to indicate the terminal's access permission to the second link resource included in the second collection resource.
如果第一链接资源是一个集合资源,如第二集合资源,则第二设备获取第二权限信息,以进一步对终端对于第二链接资源的访问权限。第二链接资源可以是第二集合资源中的任意一个链接资源。第二链接资源可以是集合资源,也可以是非集合资源。If the first link resource is a collective resource, such as a second collective resource, the second device obtains the second authority information to further access the terminal's access authority to the second link resource. The second link resource may be any link resource in the second set of resources. The second link resource may be a collective resource or a non-collective resource.
可选地,当第一链接资源为第二集合资源时,第一设备向用于第二设备发送的第一链接资源访问请求中可以包括终端的设备标识,以便于第二设备对终端的访问权限进行验证。Optionally, when the first link resource is a second set of resources, the first link resource access request sent by the first device to the second device may include the device identifier of the terminal, so that the second device can access the terminal Permission to verify.
另外,有关第二权限信息的相关介绍说明,可参考上文实施例中对于第一权限信息的介绍说明,本实施例对此不再赘述。In addition, for the related introduction and description of the second permission information, please refer to the introduction and description of the first permission information in the above embodiment, which will not be repeated in this embodiment.
步骤1006,若根据第二权限信息,确定终端具备访问第二链接资源的权限,则第二设备分解第一链接资源访问请求,生成第二链接资源访问请求。Step 1006: If it is determined according to the second authority information that the terminal has the authority to access the second link resource, the second device decomposes the first link resource access request to generate a second link resource access request.
第二链接资源访问请求用于请求对第二集合资源中包括的第二链接资源进行访问。The second link resource access request is used to request access to the second link resource included in the second set of resources.
可选地,如果对第二链接资源的访问权限,是指通过batch接口访问第二链接资源的权限,那么当第二设备根据第二权限信息,确定终端对第二链接资源具备修改权限和获取权限时,第二设备便可确定终端具备通过batch接口访问第二链接资源的权限。Optionally, if the access authority to the second link resource refers to the authority to access the second link resource through the batch interface, then according to the second authority information, the second device determines that the terminal has the right to modify and obtain the second link resource In the case of permission, the second device can determine that the terminal has the permission to access the second link resource through the batch interface.
可选地,第二设备还检测第一设备是否具备访问第二链接资源的权限,在终端和第一设备均具备访问第二链接资源的权限的情况下,第二设备分解第一链接资源访问请求,生成第二链接资源访问请求。Optionally, the second device also detects whether the first device has the authority to access the second link resource. In the case that both the terminal and the first device have the authority to access the second link resource, the second device decomposes the access to the first link resource. Request to generate a second link resource access request.
步骤1007,第二设备向第三设备发送第二链接资源访问请求。Step 1007: The second device sends a second link resource access request to the third device.
第三设备保存有第二链接资源。The third device stores the second link resource.
综上所述,在上述图9和图10所示的实施例中,对第一链接资源为集合资源时,相应的处理流程进行了介绍说明,在这种一个集合资源嵌套另一个集合资源的情形下,实现了对发起batch请求的终端对于每一个链接资源的访问权限进行验证,充分确保了安全性。In summary, in the embodiments shown in Figs. 9 and 10, when the first link resource is a collective resource, the corresponding processing flow is introduced and explained. In this kind of collective resource, another collective resource is nested. Under the circumstance, it realizes the verification of the access authority of each link resource of the terminal that initiates the batch request, which fully ensures the security.
需要说明的是,在上述方法实施例中,主要从终端、第一设备和第二设备之间交互的角度,对本申请技术方案进行了介绍说明。上述有关第一设备执行的步骤,可以单独实现成为第一设备侧的集合资源的访问方法;上述有关第二设备执行的步骤,可以单独实现成为第二设备侧的集合资源的访问方法;上述有关终端执行的步骤,可以单独实现成为终端侧的集合资源的访问方法。It should be noted that, in the foregoing method embodiment, the technical solution of the present application is introduced and explained mainly from the perspective of interaction between the terminal, the first device, and the second device. The above-mentioned steps related to the execution of the first device can be separately implemented as a method for accessing the collective resources on the first device side; the aforementioned steps related to the execution of the second device can be separately implemented as the method for accessing collective resources on the second device side; The steps executed by the terminal can be individually implemented as a method for accessing collective resources on the terminal side.
下述为本申请装置实施例,可以用于执行本申请方法实施例。对于本申请装置实施例中未披露的细节,请参照本申请方法实施例。The following are device embodiments of this application, which can be used to implement the method embodiments of this application. For details that are not disclosed in the device embodiments of this application, please refer to the method embodiments of this application.
请参考图11,其示出了本申请一个实施例提供的集合资源的访问装置的框图。该装置具有实现上述第一设备侧的方法示例的功能,所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该装置可以是上文介绍的第一设备,也可以设置在第一设备中。如图11所示,该装置1100可以包括:请求接收模块1110、请求发送模块1120、结果接收模块1130和响应发送模块1140。Please refer to FIG. 11, which shows a block diagram of an apparatus for accessing a collective resource provided by an embodiment of the present application. The device has the function of realizing the above-mentioned method example on the first device side, and the function can be realized by hardware, or by hardware executing corresponding software. The device may be the first device described above, or it may be set in the first device. As shown in FIG. 11, the apparatus 1100 may include: a request receiving module 1110, a request sending module 1120, a result receiving module 1130, and a response sending module 1140.
请求接收模块1110,用于接收终端发送的第一集合资源访问请求,所述第一集合资源访问请求是所述终端对所述第一设备保存的第一集合资源进行访问的请求。The request receiving module 1110 is configured to receive a first collection resource access request sent by a terminal, where the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device.
请求发送模块1120,用于向第二设备发送第一链接资源访问请求,所述第二设备保存有所述第一集合资源中包括的第一链接资源,所述第一链接资源访问请求是所述第一设备对所述第一链接资源进行访问的请求。The request sending module 1120 is configured to send a first link resource access request to a second device, where the second device stores the first link resource included in the first set of resources, and the first link resource access request is all The request of the first device to access the first link resource.
结果接收模块1130,用于接收所述第二设备发送的所述第一链接资源的访问结果。The result receiving module 1130 is configured to receive the access result of the first link resource sent by the second device.
响应发送模块1140,用于向所述终端发送第一集合资源访问响应,所述第一集合资源访问响应包括所述第一链接资源的访问结果,其中,所述第一链接资源的访问结果是在确定所述终端具备访问所述第一链接资源的权限的情况下,由所述第二设备执行所述第一链接资源访问请求后生成的。The response sending module 1140 is configured to send a first collection resource access response to the terminal, where the first collection resource access response includes the access result of the first link resource, wherein the access result of the first link resource is In a case where it is determined that the terminal has the permission to access the first link resource, it is generated after the second device executes the first link resource access request.
在示例性实施例中,所述第一链接资源访问请求中包括所述终端的设备标识。In an exemplary embodiment, the first link resource access request includes the device identifier of the terminal.
在示例性实施例中,所述第一链接资源访问请求中还包括请求标识,所述请求标识用于指示所述第一链接资源访问请求是批处理batch请求的分解请求,所述batch请求是指携带batch接口的集合资源访问请求,所述分解请求是指根据所述batch请求中包含的集合资源所包括的链接资源生成的请求。In an exemplary embodiment, the first link resource access request further includes a request identifier, and the request identifier is used to indicate that the first link resource access request is a decomposition request of a batch processing batch request, and the batch request is Refers to a collective resource access request carrying a batch interface, and the decomposition request refers to a request generated according to the link resources included in the collective resource included in the batch request.
在示例性实施例中,所述装置1100还包括:信息获取模块,用于向所述第二设备获取第一权限信息,所述第一权限信息用于指示所述终端对所述第一链接资源的访问权限;In an exemplary embodiment, the apparatus 1100 further includes: an information obtaining module, configured to obtain first permission information from the second device, and the first permission information is used to instruct the terminal to respond to the first link Access to resources;
所述请求发送模块1120,还用于当根据所述第一权限信息,确定所述终端具备访问所述第一链接资源的权限时,向第二设备发送第一链接资源访问请求。The request sending module 1120 is further configured to send a first link resource access request to the second device when it is determined that the terminal has the permission to access the first link resource according to the first permission information.
在示例性实施例中,所述信息获取模块,用于:向所述第二设备发送第一权限获取请求,所述第一权限获取请求是所述第一设备获取所述终端对所述第一链接资源的访问权限的请求;接收所述第二设备发送的所述第一权限信息。In an exemplary embodiment, the information acquisition module is configured to: send a first permission acquisition request to the second device, where the first permission acquisition request is that the first device acquires the terminal's access to the second device. A request for access permission of a link resource; receiving the first permission information sent by the second device.
在示例性实施例中,所述信息获取模块,用于:通过配置设备向所述第二设备发送第二权限获取请求,所述第二权限获取请求是所述配置设备获取所述终端对所述第一链接资源的访问权限的请求;接收所述配置设备发送的所述第一权限信息,所述第一权限信息是所述第二设备发送给所述配置设备的。In an exemplary embodiment, the information acquisition module is configured to: send a second permission acquisition request to the second device through a configuration device, where the second permission acquisition request is that the configuration device acquires the terminal's The request for the access authority of the first link resource; receiving the first authority information sent by the configuration device, where the first authority information is sent by the second device to the configuration device.
在示例性实施例中,对所述第一链接资源的访问权限,是指通过batch接口访问所述第一链接资源的权限。所述装置1100还包括:权限确定模块,用于当根据所述第一权限信息,确定所述终端对所述第一链接资源具备修改权限和获取权限时,确定所述终端具备通过所述batch接口访问所述第一链接资源的权限。In an exemplary embodiment, the access authority to the first link resource refers to the authority to access the first link resource through a batch interface. The device 1100 further includes: a permission determination module, configured to, when it is determined that the terminal has the right to modify and obtain the first link resource according to the first permission information, determine that the terminal has the ability to pass the batch The permission of the interface to access the first link resource.
在示例性实施例中,所述第一链接资源为集合资源,或者,所述第一链接资源为非集合资源。In an exemplary embodiment, the first link resource is a collective resource, or the first link resource is a non-collective resource.
请参考图12,其示出了本申请另一个实施例提供的集合资源的访问装置的框图。该装置具有实现上述第二设备侧的方法示例的功能,所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该装置可以是上文介绍的第二设备,也可以设置在第二设备中。如图12所示,该装置1200可以包括:请求接收模块1210和结果发送模块1220。Please refer to FIG. 12, which shows a block diagram of an apparatus for accessing a collective resource provided by another embodiment of the present application. The device has the function of realizing the above-mentioned method example on the second device side, and the function can be realized by hardware, or by hardware executing corresponding software. The device can be the second device described above, or it can be set in the second device. As shown in FIG. 12, the apparatus 1200 may include: a request receiving module 1210 and a result sending module 1220.
请求接收模块1210,用于接收第一设备发送的第一链接资源访问请求,所述第一链接资源访问请求是所述第一设备对第一集合资源中的第一链接资源进行访问的请求,其中,所述第一链接资源访问请求是所述第一设备在接收到终端发送的第一集合资源访问请求之后生成的,所述第一集合资源访问请求是所述终端对所述第一设备保存的所述第一集合资源进行访问的请求,所述第一链接资源保存在所述第二设备中。The request receiving module 1210 is configured to receive a first link resource access request sent by a first device, where the first link resource access request is a request by the first device to access the first link resource in the first set of resources, Wherein, the first link resource access request is generated by the first device after receiving a first aggregate resource access request sent by the terminal, and the first aggregate resource access request is a request from the terminal to the first device. A request for accessing the saved first set of resources, and the first link resource is saved in the second device.
结果发送模块1220,用于向所述第一设备发送所述第一链接资源的访问结果,所述第一链接资源的访问结果用于在确定所述终端具备访问所述第一链接资源的权限的情况下向所述终端发送。The result sending module 1220 is configured to send the access result of the first link resource to the first device, where the access result of the first link resource is used to determine that the terminal has the authority to access the first link resource In the case of sending to the terminal.
在示例性实施例中,所述第一链接资源访问请求中包括所述终端的设备标识;所述装置1200还包括:In an exemplary embodiment, the first link resource access request includes the device identifier of the terminal; the apparatus 1200 further includes:
权限检测模块,用于根据所述终端的设备标识,检测所述终端是否具备访问所述第一链接资源的权限;A permission detection module, configured to detect whether the terminal has the permission to access the first link resource according to the device identifier of the terminal;
请求执行模块,用于当所述终端具备访问所述第一链接资源的权限时,执行所述第一链接资源访问请求,生成所述第一链接资源的访问结果。The request execution module is configured to execute the first link resource access request when the terminal has the authority to access the first link resource, and generate an access result of the first link resource.
在示例性实施例中,所述装置1200还包括:In an exemplary embodiment, the device 1200 further includes:
标识读取模块,用于读取所述第一链接资源访问请求中的请求标识;An identifier reading module, configured to read the request identifier in the first link resource access request;
所述权限检测模块,用于当所述请求标识用于指示所述第一链接资源访问请求是批处理batch请求的分解请求时,根据所述终端的设备标识,检测所述终端是否具备访问所述第一链接资源的权限。The permission detection module is configured to, when the request identifier is used to indicate that the first link resource access request is a disassembly request of a batch processing batch request, detect whether the terminal has access to the terminal according to the device identifier of the terminal. State the authority of the first link resource.
在示例性实施例中,所述装置1200还包括:In an exemplary embodiment, the device 1200 further includes:
错误应答模块,用于当所述终端不具备访问所述第一链接资源的权限时,向所述第一设备发送错误应答。The error response module is configured to send an error response to the first device when the terminal does not have the authority to access the first link resource.
在示例性实施例中,所述请求执行模块,用于:In an exemplary embodiment, the request execution module is configured to:
当所述第一链接资源为第二集合资源时,生成第二链接资源访问请求,所述第二链接资源访问请求是所述第二设备对所述第二集合资源中包括的第二链接资源进行访问的请求,所述第二链接资源访问请求中包括所述终端的设备标识;When the first link resource is a second collection resource, a second link resource access request is generated, and the second link resource access request is for the second device to request a second link resource included in the second collection resource. Request for access, where the second link resource access request includes the device identifier of the terminal;
向第三设备发送所述第二链接资源访问请求,所述第三设备保存有所述第二链接资源。Sending the second link resource access request to a third device, where the third device stores the second link resource.
在示例性实施例中,所述装置1200还包括权限提供模块,用于:In an exemplary embodiment, the device 1200 further includes a permission providing module for:
接收所述第一设备发送的第一权限获取请求,所述第一权限获取请求是所述第一设备获取所述终端对所述第一链接资源的访问权限的请求;Receiving a first permission acquisition request sent by the first device, where the first permission acquisition request is a request by the first device to obtain the terminal's access permission to the first link resource;
向所述第一设备发送第一权限信息,所述第一权限信息用于指示所述终端对所述第一链接资源的访问权限。Send first permission information to the first device, where the first permission information is used to indicate the access permission of the terminal to the first link resource.
在示例性实施例中,所述装置1200还包括权限提供模块,用于:In an exemplary embodiment, the device 1200 further includes a permission providing module for:
接收配置设备发送的第二权限获取请求,所述第二权限获取请求是所述配置设备获取所述终端对所述第一链接资源的访问权限的请求;Receiving a second permission acquisition request sent by a configuration device, where the second permission acquisition request is a request for the configuration device to obtain an access permission of the terminal to the first link resource;
向所述配置设备发送第一权限信息,所述第一权限信息用于指示所述终端对所述第一链接资源的访问权限,所述第一权限信息由所述配置设备发送给所述第一设备。Send first permission information to the configuration device, where the first permission information is used to indicate the terminal's access permission to the first link resource, and the first permission information is sent by the configuration device to the first link resource. One device.
请参考图13,其示出了本申请一个实施例提供的集合资源的访问装置的框图。该装置具有实现上述终端侧的方法示例的功能,所述功能可以通过硬件实现,也可以通过硬件执行相应的软件实现。该装置可以是上文介绍的终端,也可以设置在终端中。如图13所示,该装置1300可以包括:请求发送模块1310和响应接收模块1320。Please refer to FIG. 13, which shows a block diagram of an apparatus for accessing a collective resource provided by an embodiment of the present application. The device has the function of realizing the above-mentioned method example on the terminal side, and the function can be realized by hardware, or by hardware executing corresponding software. The device can be the terminal described above, or it can be set in the terminal. As shown in FIG. 13, the apparatus 1300 may include: a request sending module 1310 and a response receiving module 1320.
请求发送模块1310,用于向第一设备发送第一集合资源访问请求,所述第一集合资源访问请求是所述终端对所述第一设备保存的第一集合资源进行访问的请求。The request sending module 1310 is configured to send a first collection resource access request to a first device, where the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device.
响应接收模块1320,用于接收所述第一设备发送的第一集合资源访问响应,所述第一集合资源访问响应包括所述第一集合资源中的第一链接资源的访问结果,其中,所述第一链接资源的访问结果是在确定所述终端具备访问所述第一链接资源的权限的情况下向所述终端发送的。The response receiving module 1320 is configured to receive a first collection resource access response sent by the first device, where the first collection resource access response includes the access result of the first link resource in the first collection resource, where all The access result of the first link resource is sent to the terminal when it is determined that the terminal has the right to access the first link resource.
在示例性实施例中,所述第一链接资源为集合资源,或者,所述第一链接资源为非集合资源。In an exemplary embodiment, the first link resource is a collective resource, or the first link resource is a non-collective resource.
需要说明的一点是,上述实施例提供的装置在实现其功能时,仅以上述各个功能模块的划分进行举例说明,实际应用中,可以根据实际需要而将上述功能分配由不同的功能模块完成,即将设备的内容结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。It should be noted that, when the device provided in the above embodiment realizes its functions, only the division of the above-mentioned functional modules is used as an example for illustration. In actual applications, the above-mentioned functions can be allocated by different functional modules according to actual needs. That is, the content structure of the device is divided into different functional modules to complete all or part of the functions described above.
关于上述实施例中的装置,其中各个模块执行操作的具体方式已经在有关该方法的实施例中进行了详 细描述,此处将不做详细阐述说明。Regarding the device in the above-mentioned embodiment, the specific manner in which each module performs operations has been described in detail in the embodiment of the method, and will not be elaborated here.
请参考图14,其示出了本申请一个实施例提供的网络设备140的结构示意图。该网络设备140可以是上文介绍的第一设备、第二设备或第三设备。也即,该网络设备140可以是物联网系统中,用于保存集合资源和/或非集合资源的设备。该网络设备140可以包括:处理器141、接收器142、发射器143、存储器144和总线145。Please refer to FIG. 14, which shows a schematic structural diagram of a network device 140 provided by an embodiment of the present application. The network device 140 may be the first device, the second device, or the third device described above. That is, the network device 140 may be a device for storing collective resources and/or non-collective resources in the Internet of Things system. The network device 140 may include a processor 141, a receiver 142, a transmitter 143, a memory 144, and a bus 145.
处理器141包括一个或者一个以上处理核心,处理器141通过运行软件程序以及模块,从而执行各种功能应用以及信息处理。The processor 141 includes one or more processing cores, and the processor 141 executes various functional applications and information processing by running software programs and modules.
接收器142和发射器143可以实现为一个通信组件,该通信组件可以是一块通信芯片。The receiver 142 and the transmitter 143 may be implemented as a communication component, and the communication component may be a communication chip.
存储器144通过总线145与处理器141相连。The memory 144 is connected to the processor 141 through a bus 145.
存储器144可用于存储计算机程序,处理器141用于执行该计算机程序,以实现上述方法实施例中的第一设备执行的各个步骤,或者实现上述方法实施例中的第二设备执行的各个步骤。The memory 144 may be used to store a computer program, and the processor 141 is used to execute the computer program to implement each step performed by the first device in the foregoing method embodiment, or implement each step performed by the second device in the foregoing method embodiment.
此外,存储器144可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,易失性或非易失性存储设备包括但不限于:磁盘或光盘,电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),静态随时存取存储器(SRAM),只读存储器(ROM),磁存储器,快闪存储器,可编程只读存储器(PROM)。In addition, the memory 144 can be implemented by any type of volatile or non-volatile storage device or a combination thereof. The volatile or non-volatile storage device includes, but is not limited to: magnetic disks or optical disks, electrically erasable and programmable Read-only memory (EEPROM), erasable programmable read-only memory (EPROM), static anytime access memory (SRAM), read-only memory (ROM), magnetic memory, flash memory, programmable read-only memory (PROM) .
请参考图15,其示出了本申请一个实施例提供的终端150的结构示意图,该终端150可以包括:处理器151、接收器152、发射器153、存储器154和总线155。Please refer to FIG. 15, which shows a schematic structural diagram of a terminal 150 provided by an embodiment of the present application. The terminal 150 may include a processor 151, a receiver 152, a transmitter 153, a memory 154, and a bus 155.
处理器151包括一个或者一个以上处理核心,处理器151通过运行软件程序以及模块,从而执行各种功能应用以及信息处理。The processor 151 includes one or more processing cores, and the processor 151 executes various functional applications and information processing by running software programs and modules.
接收器152和发射器153可以实现为一个通信组件,该通信组件可以是一块通信芯片。The receiver 152 and the transmitter 153 may be implemented as a communication component, and the communication component may be a communication chip.
存储器154通过总线155与处理器151相连。The memory 154 is connected to the processor 151 through a bus 155.
存储器154可用于存储计算机程序,处理器151用于执行该计算机程序,以实现上述方法实施例中的终端执行的各个步骤。The memory 154 may be used to store a computer program, and the processor 151 is used to execute the computer program to implement each step executed by the terminal in the foregoing method embodiment.
此外,存储器154可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,易失性或非易失性存储设备包括但不限于:磁盘或光盘,电可擦除可编程只读存储器(EEPROM),可擦除可编程只读存储器(EPROM),静态随时存取存储器(SRAM),只读存储器(ROM),磁存储器,快闪存储器,可编程只读存储器(PROM)。In addition, the memory 154 can be implemented by any type of volatile or non-volatile storage device or a combination thereof. The volatile or non-volatile storage device includes, but is not limited to: magnetic disks or optical disks, electrically erasable and programmable Read-only memory (EEPROM), erasable programmable read-only memory (EPROM), static anytime access memory (SRAM), read-only memory (ROM), magnetic memory, flash memory, programmable read-only memory (PROM) .
本申请实施例还提供了一种计算机可读存储介质,所述存储介质中存储有计算机程序,所述计算机程序由处理器加载并执行以实现上述第一设备侧的集合资源的访问方法,和/或,实现上述第二设备侧的集合资源的访问方法。The embodiment of the present application also provides a computer-readable storage medium in which a computer program is stored, and the computer program is loaded and executed by a processor to implement the above-mentioned method for accessing the collective resource on the first device side, and /Or, implement the above-mentioned method for accessing the collective resource on the second device side.
本申请实施例还提供了一种计算机可读存储介质,所述存储介质中存储有计算机程序,所述计算机程序由处理器加载并执行以实现上述终端侧的集合资源的访问方法。An embodiment of the present application also provides a computer-readable storage medium, in which a computer program is stored, and the computer program is loaded and executed by a processor to implement the foregoing method for accessing collective resources on the terminal side.
本申请还提供了一种计算机程序产品,当计算机程序产品在网络设备的处理器上运行时,使得网络设备执行上述第一设备侧的集合资源的访问方法,和/或,执行上述第二设备侧的集合资源的访问方法。This application also provides a computer program product, which when the computer program product runs on the processor of the network device, causes the network device to execute the above-mentioned method for accessing the collective resources on the first device side, and/or execute the above-mentioned second device Access method of the collection resource on the side.
本申请还提供了一种计算机程序产品,当计算机程序产品在终端的处理器上运行时,使得终端执行上述终端侧的集合资源的访问方法。This application also provides a computer program product, which when the computer program product runs on the processor of the terminal, causes the terminal to execute the above-mentioned method for accessing the collective resources on the terminal side.
本领域技术人员应该可以意识到,在上述一个或多个示例中,本申请实施例所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是通用或专用计算机能够存取的任何可用介质。Those skilled in the art should be aware that, in one or more of the foregoing examples, the functions described in the embodiments of the present application may be implemented by hardware, software, firmware, or any combination thereof. When implemented by software, these functions can be stored in a computer-readable medium or transmitted as one or more instructions or codes on the computer-readable medium. Computer-readable media include computer storage media and communication media, where communication media includes any media that facilitates the transfer of computer programs from one place to another. The storage medium may be any available medium that can be accessed by a general-purpose or special-purpose computer.
以上所述仅为本申请的示例性实施例,并不用以限制本申请,凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above are only exemplary embodiments of this application and are not intended to limit this application. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included in the protection of this application. Within range.

Claims (37)

  1. 一种集合资源的访问方法,其特征在于,应用于第一设备,所述方法包括:A method for accessing collective resources, characterized in that it is applied to a first device, and the method includes:
    接收终端发送的第一集合资源访问请求,所述第一集合资源访问请求是所述终端对所述第一设备保存的第一集合资源进行访问的请求;Receiving a first collection resource access request sent by a terminal, where the first collection resource access request is a request for the terminal to access a first collection resource saved by the first device;
    向第二设备发送第一链接资源访问请求,所述第二设备保存有所述第一集合资源中包括的第一链接资源,所述第一链接资源访问请求是所述第一设备对所述第一链接资源进行访问的请求;A first link resource access request is sent to a second device, where the second device stores the first link resource included in the first set of resources, and the first link resource access request is the request from the first device to the Request for access to the first link resource;
    接收所述第二设备发送的所述第一链接资源的访问结果;Receiving the access result of the first link resource sent by the second device;
    向所述终端发送第一集合资源访问响应,所述第一集合资源访问响应包括所述第一链接资源的访问结果,其中,所述第一链接资源的访问结果是在确定所述终端具备访问所述第一链接资源的权限的情况下,由所述第二设备执行所述第一链接资源访问请求后生成的。Send a first collection resource access response to the terminal, where the first collection resource access response includes the access result of the first link resource, wherein the access result of the first link resource is determined when the terminal has access In the case of the authority of the first link resource, it is generated after the second device executes the first link resource access request.
  2. 根据权利要求1所述的方法,其特征在于,所述第一链接资源访问请求中包括所述终端的设备标识。The method according to claim 1, wherein the first link resource access request includes a device identifier of the terminal.
  3. 根据权利要求2所述的方法,其特征在于,所述第一链接资源访问请求中还包括请求标识,所述请求标识用于指示所述第一链接资源访问请求是批处理batch请求的分解请求,所述batch请求是指携带batch接口的集合资源访问请求,所述分解请求是指根据所述batch请求中包含的集合资源所包括的链接资源生成的请求。The method according to claim 2, wherein the first link resource access request further includes a request identifier, and the request identifier is used to indicate that the first link resource access request is a decomposition request of a batch request The batch request refers to a collective resource access request carrying a batch interface, and the decomposition request refers to a request generated according to the link resources included in the collective resource included in the batch request.
  4. 根据权利要求1所述的方法,其特征在于,所述接收终端发送的第一集合资源访问请求之后,还包括:The method according to claim 1, wherein after the receiving the first set of resource access request sent by the terminal, the method further comprises:
    向所述第二设备获取第一权限信息,所述第一权限信息用于指示所述终端对所述第一链接资源的访问权限;Acquiring first permission information from the second device, where the first permission information is used to indicate the access permission of the terminal to the first link resource;
    若根据所述第一权限信息,确定所述终端具备访问所述第一链接资源的权限,则执行所述向第二设备发送第一链接资源访问请求的步骤。If it is determined according to the first authority information that the terminal has the authority to access the first link resource, the step of sending the first link resource access request to the second device is performed.
  5. 根据权利要求4所述的方法,其特征在于,所述向所述第二设备获取第一权限信息,包括:The method according to claim 4, wherein the obtaining first permission information from the second device comprises:
    向所述第二设备发送第一权限获取请求,所述第一权限获取请求是所述第一设备获取所述终端对所述第一链接资源的访问权限的请求;Sending a first permission acquisition request to the second device, where the first permission acquisition request is a request by the first device to acquire the terminal's access permission to the first link resource;
    接收所述第二设备发送的所述第一权限信息。Receiving the first permission information sent by the second device.
  6. 根据权利要求4所述的方法,其特征在于,所述向所述第二设备获取第一权限信息,包括:The method according to claim 4, wherein the obtaining first permission information from the second device comprises:
    通过配置设备向所述第二设备发送第二权限获取请求,所述第二权限获取请求是所述配置设备获取所述终端对所述第一链接资源的访问权限的请求;Sending a second permission acquisition request to the second device through a configuration device, where the second permission acquisition request is a request for the configuration device to obtain the terminal's access permission to the first link resource;
    接收所述配置设备发送的所述第一权限信息,所述第一权限信息是所述第二设备发送给所述配置设备的。Receiving the first permission information sent by the configuration device, where the first permission information is sent by the second device to the configuration device.
  7. 根据权利要求4至6任一项所述的方法,其特征在于,对所述第一链接资源的访问权限,是指通过batch接口访问所述第一链接资源的权限;The method according to any one of claims 4 to 6, wherein the access authority to the first link resource refers to the authority to access the first link resource through a batch interface;
    所述向所述第二设备获取第一权限信息之后,还包括:After obtaining the first permission information from the second device, the method further includes:
    若根据所述第一权限信息,确定所述终端对所述第一链接资源具备修改权限和获取权限,则确定所述终端具备通过所述batch接口访问所述第一链接资源的权限。If it is determined according to the first authority information that the terminal has the modification authority and the acquisition authority for the first link resource, it is determined that the terminal has the authority to access the first link resource through the batch interface.
  8. 根据权利要求1至7任一项所述的方法,其特征在于,所述第一链接资源为集合资源,或者,所述第一链接资源为非集合资源。The method according to any one of claims 1 to 7, wherein the first link resource is a collective resource, or the first link resource is a non-collective resource.
  9. 一种集合资源的访问方法,其特征在于,应用于第二设备,所述方法包括:A method for accessing collective resources, characterized in that it is applied to a second device, and the method includes:
    接收第一设备发送的第一链接资源访问请求,所述第一链接资源访问请求是所述第一设备对第一集合资源中的第一链接资源进行访问的请求,其中,所述第一链接资源访问请求是所述第一设备在接收到终端发送的第一集合资源访问请求之后生成的,所述第一集合资源访问请求是所述终端对所述第一设备保存的所述第一集合资源进行访问的请求,所述第一链接资源保存在所述第二设备中;Receive a first link resource access request sent by a first device, where the first link resource access request is a request by the first device to access a first link resource in a first set of resources, wherein the first link The resource access request is generated by the first device after receiving the first collection resource access request sent by the terminal, and the first collection resource access request is the first collection saved by the terminal to the first device A request for access to a resource, the first link resource is stored in the second device;
    向所述第一设备发送所述第一链接资源的访问结果,所述第一链接资源的访问结果用于在确定所述终端具备访问所述第一链接资源的权限的情况下向所述终端发送。Send the access result of the first link resource to the first device, where the access result of the first link resource is used to send the access to the terminal when it is determined that the terminal has the right to access the first link resource send.
  10. 根据权利要求9所述的方法,其特征在于,所述第一链接资源访问请求中包括所述终端的设备标识;The method according to claim 9, wherein the first link resource access request includes the device identifier of the terminal;
    所述接收第一设备发送的第一链接资源访问请求之后,还包括:After receiving the first link resource access request sent by the first device, the method further includes:
    根据所述终端的设备标识,检测所述终端是否具备访问所述第一链接资源的权限;According to the device identifier of the terminal, detecting whether the terminal has the authority to access the first link resource;
    若所述终端具备访问所述第一链接资源的权限,则执行所述第一链接资源访问请求,生成所述第一链 接资源的访问结果。If the terminal has the authority to access the first link resource, execute the first link resource access request to generate an access result of the first link resource.
  11. 根据权利要求10所述的方法,其特征在于,所述接收第一设备发送的第一链接资源访问请求之后,还包括:The method according to claim 10, wherein after receiving the first link resource access request sent by the first device, the method further comprises:
    读取所述第一链接资源访问请求中的请求标识;Reading the request identifier in the first link resource access request;
    若所述请求标识用于指示所述第一链接资源访问请求是批处理batch请求的分解请求,则执行所述根据所述终端的设备标识,检测所述终端是否具备访问所述第一链接资源的权限的步骤。If the request identifier is used to indicate that the first link resource access request is a disassembly request of a batch request, then execute the device identification of the terminal to detect whether the terminal has access to the first link resource The steps of the permissions.
  12. 根据权利要求10或11所述的方法,其特征在于,所述根据所述终端的设备标识,检测所述终端是否具备访问所述第一链接资源的权限之后,还包括:The method according to claim 10 or 11, wherein after detecting whether the terminal has the authority to access the first link resource according to the device identifier of the terminal, the method further comprises:
    若所述终端不具备访问所述第一链接资源的权限,则向所述第一设备发送错误应答。If the terminal does not have the authority to access the first link resource, sending an error response to the first device.
  13. 根据权利要求10至12任一项所述的方法,其特征在于,所述执行所述第一链接资源访问请求,包括:The method according to any one of claims 10 to 12, wherein the executing the first link resource access request comprises:
    若所述第一链接资源为第二集合资源,则生成第二链接资源访问请求,所述第二链接资源访问请求是所述第二设备对所述第二集合资源中包括的第二链接资源进行访问的请求,所述第二链接资源访问请求中包括所述终端的设备标识;If the first link resource is a second collection resource, a second link resource access request is generated, and the second link resource access request is the second link resource included in the second collection resource by the second device Request for access, where the second link resource access request includes the device identifier of the terminal;
    向第三设备发送所述第二链接资源访问请求,所述第三设备保存有所述第二链接资源。Sending the second link resource access request to a third device, where the third device stores the second link resource.
  14. 根据权利要求9所述的方法,其特征在于,所述接收第一设备发送的第一链接资源访问请求之前,还包括:The method according to claim 9, wherein before the receiving the first link resource access request sent by the first device, the method further comprises:
    接收所述第一设备发送的第一权限获取请求,所述第一权限获取请求是所述第一设备获取所述终端对所述第一链接资源的访问权限的请求;Receiving a first permission acquisition request sent by the first device, where the first permission acquisition request is a request by the first device to obtain the terminal's access permission to the first link resource;
    向所述第一设备发送第一权限信息,所述第一权限信息用于指示所述终端对所述第一链接资源的访问权限。Sending first permission information to the first device, where the first permission information is used to indicate the access permission of the terminal to the first link resource.
  15. 根据权利要求9所述的方法,其特征在于,所述接收第一设备发送的第一链接资源访问请求之前,还包括:The method according to claim 9, wherein before the receiving the first link resource access request sent by the first device, the method further comprises:
    接收配置设备发送的第二权限获取请求,所述第二权限获取请求是所述配置设备获取所述终端对所述第一链接资源的访问权限的请求;Receiving a second permission acquisition request sent by a configuration device, where the second permission acquisition request is a request for the configuration device to obtain an access permission of the terminal to the first link resource;
    向所述配置设备发送第一权限信息,所述第一权限信息用于指示所述终端对所述第一链接资源的访问权限,所述第一权限信息由所述配置设备发送给所述第一设备。Send first permission information to the configuration device, where the first permission information is used to indicate the terminal's access permission to the first link resource, and the first permission information is sent by the configuration device to the first link resource. One device.
  16. 一种集合资源的访问方法,其特征在于,应用于终端,所述方法包括:A method for accessing collective resources, characterized in that it is applied to a terminal, and the method includes:
    向第一设备发送第一集合资源访问请求,所述第一集合资源访问请求是所述终端对所述第一设备保存的第一集合资源进行访问的请求;Sending a first set of resource access request to the first device, where the first set of resource access request is a request for the terminal to access the first set of resources saved by the first device;
    接收所述第一设备发送的第一集合资源访问响应,所述第一集合资源访问响应包括所述第一集合资源中的第一链接资源的访问结果,其中,所述第一链接资源的访问结果是在确定所述终端具备访问所述第一链接资源的权限的情况下向所述终端发送的。Receive a first collection resource access response sent by the first device, where the first collection resource access response includes an access result of a first link resource in the first collection resource, wherein the access of the first link resource The result is sent to the terminal when it is determined that the terminal has the right to access the first link resource.
  17. 根据权利要求16所述的方法,其特征在于,所述第一链接资源为集合资源,或者,所述第一链接资源为非集合资源。The method according to claim 16, wherein the first link resource is a collective resource, or the first link resource is a non-collective resource.
  18. 一种集合资源的访问装置,其特征在于,应用于第一设备,所述装置包括:A device for accessing collective resources, which is characterized in that it is applied to a first device, and the device includes:
    请求接收模块,用于接收终端发送的第一集合资源访问请求,所述第一集合资源访问请求是所述终端对所述第一设备保存的第一集合资源进行访问的请求;A request receiving module, configured to receive a first collection resource access request sent by a terminal, where the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device;
    请求发送模块,用于向第二设备发送第一链接资源访问请求,所述第二设备保存有所述第一集合资源中包括的第一链接资源,所述第一链接资源访问请求是所述第一设备对所述第一链接资源进行访问的请求;The request sending module is configured to send a first link resource access request to a second device, where the second device stores the first link resource included in the first set of resources, and the first link resource access request is the A request for the first device to access the first link resource;
    结果接收模块,用于接收所述第二设备发送的所述第一链接资源的访问结果;A result receiving module, configured to receive the access result of the first link resource sent by the second device;
    响应发送模块,用于向所述终端发送第一集合资源访问响应,所述第一集合资源访问响应包括所述第一链接资源的访问结果,其中,所述第一链接资源的访问结果是在确定所述终端具备访问所述第一链接资源的权限的情况下,由所述第二设备执行所述第一链接资源访问请求后生成的。The response sending module is configured to send a first collection resource access response to the terminal, where the first collection resource access response includes the access result of the first link resource, wherein the access result of the first link resource is In a case where it is determined that the terminal has the authority to access the first link resource, it is generated after the second device executes the first link resource access request.
  19. 根据权利要求18所述的装置,其特征在于,所述第一链接资源访问请求中包括所述终端的设备标识。The apparatus according to claim 18, wherein the first link resource access request includes a device identifier of the terminal.
  20. 根据权利要求19所述的装置,其特征在于,所述第一链接资源访问请求中还包括请求标识,所述请求标识用于指示所述第一链接资源访问请求是批处理batch请求的分解请求,所述batch请求是指携带batch接口的集合资源访问请求,所述分解请求是指根据所述batch请求中包含的集合资源所包括的链接资源生成的请求。The apparatus according to claim 19, wherein the first link resource access request further includes a request identifier, and the request identifier is used to indicate that the first link resource access request is a decomposition request of a batch request The batch request refers to a collective resource access request carrying a batch interface, and the decomposition request refers to a request generated according to the link resources included in the collective resource included in the batch request.
  21. 根据权利要求18所述的装置,其特征在于,所述装置还包括:The device according to claim 18, wherein the device further comprises:
    信息获取模块,用于向所述第二设备获取第一权限信息,所述第一权限信息用于指示所述终端对所述第一链接资源的访问权限;An information acquisition module, configured to acquire first permission information from the second device, where the first permission information is used to indicate the terminal's access permission to the first link resource;
    所述请求发送模块,还用于当根据所述第一权限信息,确定所述终端具备访问所述第一链接资源的权限时,向第二设备发送第一链接资源访问请求。The request sending module is further configured to send a first link resource access request to the second device when it is determined that the terminal has the permission to access the first link resource according to the first permission information.
  22. 根据权利要求21所述的装置,其特征在于,所述信息获取模块,用于:The device according to claim 21, wherein the information acquisition module is configured to:
    向所述第二设备发送第一权限获取请求,所述第一权限获取请求是所述第一设备获取所述终端对所述第一链接资源的访问权限的请求;Sending a first permission acquisition request to the second device, where the first permission acquisition request is a request by the first device to acquire the terminal's access permission to the first link resource;
    接收所述第二设备发送的所述第一权限信息。Receiving the first permission information sent by the second device.
  23. 根据权利要求21所述的装置,其特征在于,所述信息获取模块,用于:The device according to claim 21, wherein the information acquisition module is configured to:
    通过配置设备向所述第二设备发送第二权限获取请求,所述第二权限获取请求是所述配置设备获取所述终端对所述第一链接资源的访问权限的请求;Sending a second permission acquisition request to the second device through a configuration device, where the second permission acquisition request is a request for the configuration device to obtain the terminal's access permission to the first link resource;
    接收所述配置设备发送的所述第一权限信息,所述第一权限信息是所述第二设备发送给所述配置设备的。Receiving the first permission information sent by the configuration device, where the first permission information is sent by the second device to the configuration device.
  24. 根据权利要求21至23任一项所述的装置,其特征在于,对所述第一链接资源的访问权限,是指通过batch接口访问所述第一链接资源的权限;The device according to any one of claims 21 to 23, wherein the access authority to the first link resource refers to the authority to access the first link resource through a batch interface;
    所述装置还包括:The device also includes:
    权限确定模块,用于当根据所述第一权限信息,确定所述终端对所述第一链接资源具备修改权限和获取权限时,确定所述终端具备通过所述batch接口访问所述第一链接资源的权限。The permission determination module is configured to determine that the terminal has the permission to access the first link through the batch interface when it is determined that the terminal has the permission to modify and obtain the first link resource according to the first permission information The permissions of the resource.
  25. 根据权利要求18至24任一项所述的装置,其特征在于,所述第一链接资源为集合资源,或者,所述第一链接资源为非集合资源。The apparatus according to any one of claims 18 to 24, wherein the first link resource is a collective resource, or the first link resource is a non-collective resource.
  26. 一种集合资源的访问装置,其特征在于,应用于第二设备,所述装置包括:A device for accessing collective resources, which is characterized in that it is applied to a second device, and the device includes:
    请求接收模块,用于接收第一设备发送的第一链接资源访问请求,所述第一链接资源访问请求是所述第一设备对第一集合资源中的第一链接资源进行访问的请求,其中,所述第一链接资源访问请求是所述第一设备在接收到终端发送的第一集合资源访问请求之后生成的,所述第一集合资源访问请求是所述终端对所述第一设备保存的所述第一集合资源进行访问的请求,所述第一链接资源保存在所述第二设备中;The request receiving module is configured to receive a first link resource access request sent by a first device, where the first link resource access request is a request by the first device to access the first link resource in the first set of resources, where The first link resource access request is generated by the first device after receiving the first collection resource access request sent by the terminal, and the first collection resource access request is stored by the terminal on the first device Request for access to the first set of resources, the first link resource is stored in the second device;
    结果发送模块,用于向所述第一设备发送所述第一链接资源的访问结果,所述第一链接资源的访问结果用于在确定所述终端具备访问所述第一链接资源的权限的情况下向所述终端发送。The result sending module is configured to send the access result of the first link resource to the first device, where the access result of the first link resource is used when it is determined that the terminal has the right to access the first link resource In this case, send to the terminal.
  27. 根据权利要求26所述的装置,其特征在于,所述第一链接资源访问请求中包括所述终端的设备标识;The apparatus according to claim 26, wherein the first link resource access request includes a device identifier of the terminal;
    所述装置还包括:The device also includes:
    权限检测模块,用于根据所述终端的设备标识,检测所述终端是否具备访问所述第一链接资源的权限;A permission detection module, configured to detect whether the terminal has the permission to access the first link resource according to the device identifier of the terminal;
    请求执行模块,用于当所述终端具备访问所述第一链接资源的权限时,执行所述第一链接资源访问请求,生成所述第一链接资源的访问结果。The request execution module is configured to execute the first link resource access request when the terminal has the authority to access the first link resource, and generate an access result of the first link resource.
  28. 根据权利要求27所述的装置,其特征在于,所述装置还包括:The device according to claim 27, wherein the device further comprises:
    标识读取模块,用于读取所述第一链接资源访问请求中的请求标识;An identifier reading module, configured to read the request identifier in the first link resource access request;
    所述权限检测模块,用于当所述请求标识用于指示所述第一链接资源访问请求是批处理batch请求的分解请求时,根据所述终端的设备标识,检测所述终端是否具备访问所述第一链接资源的权限。The permission detection module is configured to, when the request identifier is used to indicate that the first link resource access request is a disassembly request of a batch processing batch request, detect whether the terminal has access to the terminal according to the device identifier of the terminal. State the authority of the first link resource.
  29. 根据权利要求27或28所述的装置,其特征在于,所述装置还包括:The device according to claim 27 or 28, wherein the device further comprises:
    错误应答模块,用于当所述终端不具备访问所述第一链接资源的权限时,向所述第一设备发送错误应答。The error response module is configured to send an error response to the first device when the terminal does not have the authority to access the first link resource.
  30. 根据权利要求27至29任一项所述的装置,其特征在于,所述请求执行模块,用于:The device according to any one of claims 27 to 29, wherein the request execution module is configured to:
    当所述第一链接资源为第二集合资源时,生成第二链接资源访问请求,所述第二链接资源访问请求是所述第二设备对所述第二集合资源中包括的第二链接资源进行访问的请求,所述第二链接资源访问请求中包括所述终端的设备标识;When the first link resource is a second collection resource, a second link resource access request is generated, and the second link resource access request is for the second device to request a second link resource included in the second collection resource. Request for access, where the second link resource access request includes the device identifier of the terminal;
    向第三设备发送所述第二链接资源访问请求,所述第三设备保存有所述第二链接资源。Sending the second link resource access request to a third device, where the third device stores the second link resource.
  31. 根据权利要求26所述的装置,其特征在于,所述装置还包括权限提供模块,用于:The device according to claim 26, wherein the device further comprises a permission providing module for:
    接收所述第一设备发送的第一权限获取请求,所述第一权限获取请求是所述第一设备获取所述终端对所述第一链接资源的访问权限的请求;Receiving a first permission acquisition request sent by the first device, where the first permission acquisition request is a request by the first device to obtain the terminal's access permission to the first link resource;
    向所述第一设备发送第一权限信息,所述第一权限信息用于指示所述终端对所述第一链接资源的访问权限。Sending first permission information to the first device, where the first permission information is used to indicate the access permission of the terminal to the first link resource.
  32. 根据权利要求26所述的装置,其特征在于,所述装置还包括权限提供模块,用于:The device according to claim 26, wherein the device further comprises a permission providing module for:
    接收配置设备发送的第二权限获取请求,所述第二权限获取请求是所述配置设备获取所述终端对所述 第一链接资源的访问权限的请求;Receiving a second permission acquisition request sent by a configuration device, where the second permission acquisition request is a request for the configuration device to obtain an access permission of the terminal to the first link resource;
    向所述配置设备发送第一权限信息,所述第一权限信息用于指示所述终端对所述第一链接资源的访问权限,所述第一权限信息由所述配置设备发送给所述第一设备。Send first permission information to the configuration device, where the first permission information is used to indicate the terminal's access permission to the first link resource, and the first permission information is sent by the configuration device to the first link resource. One device.
  33. 一种集合资源的访问装置,其特征在于,应用于终端,所述装置包括:A device for accessing collective resources, which is characterized in that it is applied to a terminal, and the device includes:
    请求发送模块,用于向第一设备发送第一集合资源访问请求,所述第一集合资源访问请求是所述终端对所述第一设备保存的第一集合资源进行访问的请求;A request sending module, configured to send a first collection resource access request to a first device, where the first collection resource access request is a request for the terminal to access the first collection resource saved by the first device;
    响应接收模块,用于接收所述第一设备发送的第一集合资源访问响应,所述第一集合资源访问响应包括所述第一集合资源中的第一链接资源的访问结果,其中,所述第一链接资源的访问结果是在确定所述终端具备访问所述第一链接资源的权限的情况下向所述终端发送的。The response receiving module is configured to receive a first collection resource access response sent by the first device, where the first collection resource access response includes an access result of a first link resource in the first collection resource, wherein the The access result of the first link resource is sent to the terminal when it is determined that the terminal has the authority to access the first link resource.
  34. 根据权利要求33所述的装置,其特征在于,所述第一链接资源为集合资源,或者,所述第一链接资源为非集合资源。The apparatus according to claim 33, wherein the first link resource is a collective resource, or the first link resource is a non-collective resource.
  35. 一种网络设备,其特征在于,所述网络设备包括处理器和存储器,所述存储器存储有计算机程序,所述计算机程序用于被所述处理器执行,以实现如权利要求1至8任一项所述的集合资源的访问方法,或者实现如权利要求9至15任一项所述的集合资源的访问方法。A network device, wherein the network device includes a processor and a memory, the memory stores a computer program, and the computer program is used to be executed by the processor to implement any one of claims 1 to 8 The method for accessing the collective resource as described in item, or the method for accessing the collective resource as described in any one of claims 9 to 15.
  36. 一种终端,其特征在于,所述终端包括处理器和存储器,所述存储器存储有计算机程序,所述计算机程序用于被所述处理器执行,以实现如权利要求16或17所述的集合资源的访问方法。A terminal, characterized in that the terminal includes a processor and a memory, the memory stores a computer program, and the computer program is used to be executed by the processor to implement the set according to claim 16 or 17. The access method of the resource.
  37. 一种计算机可读存储介质,其特征在于,所述存储介质中存储有计算机程序,所述计算机程序用于被处理器执行,以实现如权利要求1至8任一项所述的集合资源的访问方法,或者实现如权利要求9至15任一项所述的集合资源的访问方法,或者实现如权利要求16或17所述的集合资源的访问方法。A computer-readable storage medium, characterized in that a computer program is stored in the storage medium, and the computer program is used to be executed by a processor to realize the collection of resources according to any one of claims 1 to 8. The access method, or implements the access method of the collective resource according to any one of claims 9 to 15, or implements the access method of the collective resource according to claim 16 or 17.
PCT/CN2019/103782 2019-08-30 2019-08-30 Method and apparatus for accessing collection resources, device and storage medium WO2021035708A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2019/103782 WO2021035708A1 (en) 2019-08-30 2019-08-30 Method and apparatus for accessing collection resources, device and storage medium
CN201980093841.2A CN113615140B (en) 2019-08-30 2019-08-30 Access method, device and equipment of collection resource and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/103782 WO2021035708A1 (en) 2019-08-30 2019-08-30 Method and apparatus for accessing collection resources, device and storage medium

Publications (1)

Publication Number Publication Date
WO2021035708A1 true WO2021035708A1 (en) 2021-03-04

Family

ID=74684464

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/103782 WO2021035708A1 (en) 2019-08-30 2019-08-30 Method and apparatus for accessing collection resources, device and storage medium

Country Status (2)

Country Link
CN (1) CN113615140B (en)
WO (1) WO2021035708A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080319758A1 (en) * 2007-06-20 2008-12-25 International Business Machines Corporation Speech-enabled application that uses web 2.0 concepts to interface with speech engines
CN102447677A (en) * 2010-09-30 2012-05-09 北大方正集团有限公司 Resource access control method, system and equipment
CN103166829A (en) * 2011-12-12 2013-06-19 中国移动通信集团北京有限公司 Network information page providing method, system, network information platform and service system
US9258279B1 (en) * 2012-04-27 2016-02-09 Google Inc. Bookmarking content for users associated with multiple devices

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104954330B (en) * 2014-03-27 2018-03-16 华为软件技术有限公司 A kind of methods, devices and systems to be conducted interviews to data resource
CN106559454B (en) * 2015-09-29 2020-09-29 中兴通讯股份有限公司 Resource access method, device and system
CN106559453A (en) * 2015-09-29 2017-04-05 中兴通讯股份有限公司 The external resource management method of cloud intercommunication, apparatus and system
US10924467B2 (en) * 2016-11-04 2021-02-16 Microsoft Technology Licensing, Llc Delegated authorization for isolated collections
CN107480555B (en) * 2017-08-01 2020-03-13 中国联合网络通信集团有限公司 Database access authority control method and device based on block chain
CN108737505A (en) * 2018-04-27 2018-11-02 厦门理工学院 A kind of method of resource downloading, system and terminal device
CN109246080B (en) * 2018-08-03 2021-08-27 广东工业大学 Resource sharing method, device, equipment and computer readable storage medium
CN109635558B (en) * 2018-11-28 2021-05-28 天津字节跳动科技有限公司 Access control method, device and system
CN109617896B (en) * 2018-12-28 2021-07-13 浙江省公众信息产业有限公司 Internet of things access control method and system based on intelligent contract

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080319758A1 (en) * 2007-06-20 2008-12-25 International Business Machines Corporation Speech-enabled application that uses web 2.0 concepts to interface with speech engines
CN102447677A (en) * 2010-09-30 2012-05-09 北大方正集团有限公司 Resource access control method, system and equipment
CN103166829A (en) * 2011-12-12 2013-06-19 中国移动通信集团北京有限公司 Network information page providing method, system, network information platform and service system
US9258279B1 (en) * 2012-04-27 2016-02-09 Google Inc. Bookmarking content for users associated with multiple devices

Also Published As

Publication number Publication date
CN113615140A (en) 2021-11-05
CN113615140B (en) 2023-04-04

Similar Documents

Publication Publication Date Title
US10091127B2 (en) Enrolling a mobile device with an enterprise mobile device management environment
US20230319534A1 (en) Cross-resource subscription for m2m service layer
US11689516B2 (en) Application program as key for authorizing access to resources
CN108810006B (en) Resource access method, device, equipment and storage medium
CN108923908B (en) Authorization processing method, device, equipment and storage medium
EP3342125B1 (en) Service layer dynamic authorization
WO2020168984A1 (en) Network configuration method and apparatus, device, and system
JP6599341B2 (en) Method, device and system for dynamic network access management
JP5981662B2 (en) Method and apparatus for access authorization authentication in a wireless communication system
US9769801B2 (en) Method and apparatus for updating information regarding specific resource in wireless communication system
US20170187831A1 (en) Universal Abstraction Layer and Management of Resource Devices
US11240031B2 (en) System and method for delegating authority through coupled devices
WO2019019646A1 (en) Method and apparatus for platform to login to website, computer device, and readable storage medium
US20180212945A1 (en) Authenticator plugin interface
US20210097476A1 (en) Container Management Method, Apparatus, and Device
KR20190061060A (en) Profile-based content and services
WO2023115913A1 (en) Authentication method and system, and electronic device and computer-readable storage medium
CN107396362B (en) Method and equipment for carrying out wireless connection pre-authorization on user equipment
WO2021035708A1 (en) Method and apparatus for accessing collection resources, device and storage medium
US11765226B2 (en) Method for provisioning internet of things device and internet of things device
WO2021155529A1 (en) Resource deletion method, apparatus, and device, and storage medium
WO2022006825A1 (en) Device access method in internet of things, apparatus, computer device, and storage medium
CN115250186B (en) Network connection authentication method, device, computer equipment and storage medium
WO2022116110A1 (en) Access authentication method and apparatus, device, and storage medium
WO2022147843A1 (en) Access authentication method and apparatus

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19943162

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19943162

Country of ref document: EP

Kind code of ref document: A1