CN109460654B - Service control method, service control system, server and computer storage medium - Google Patents
Service control method, service control system, server and computer storage medium Download PDFInfo
- Publication number
- CN109460654B CN109460654B CN201811076447.1A CN201811076447A CN109460654B CN 109460654 B CN109460654 B CN 109460654B CN 201811076447 A CN201811076447 A CN 201811076447A CN 109460654 B CN109460654 B CN 109460654B
- Authority
- CN
- China
- Prior art keywords
- server
- information
- service
- client
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000004891 communication Methods 0.000 claims abstract description 21
- 238000002955 isolation Methods 0.000 claims description 4
- 238000012544 monitoring process Methods 0.000 claims 1
- 230000006870 function Effects 0.000 description 47
- 238000010586 diagram Methods 0.000 description 14
- 230000008569 process Effects 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 230000003068 static effect Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 238000002513 implantation Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004883 computer application Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2209/00—Indexing scheme relating to G06F9/00
- G06F2209/54—Indexing scheme relating to G06F9/54
- G06F2209/541—Client-server
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Telephonic Communication Services (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a service control method, a service control system, a server and a computer storage medium. The service control method is applied to a service system, and the service system at least comprises a client, a first server and a second server; the client establishes communication connection with a first server, and the first server establishes communication connection with a second server; the service control method comprises the following steps: the client sends a service request instruction to the first server, wherein the service request instruction at least comprises service function information and user information; the first server sends a service request instruction to the second server; the second server obtains first authority information according to the service function information and the user information and sends the first authority information to the first server; and the first server controls the service authority of the client according to the first authority information. By the service control method, the load of the server can be reduced, and the practicability and the safety of a service system are improved.
Description
Technical Field
The present application relates to the field of computer application technologies, and in particular, to a service control method, a service control system, a server, and a computer storage medium.
Background
When a service request calls a certain target object in an application system, the service request can be intercepted, and then the service logic preset in the interceptor is executed before or after calling a certain method of the target object. After the interceptor is used, the functional modules in the application system are decoupled to a certain degree, so that the coupling degree of the functional modules is reduced.
However, the declaration type of the interceptor in the conventional service control method is a static type, and only the target object with the declaration type being the static type can be intercepted. Therefore, the static type target object and interceptor intelligently correspond to a class of service request, and the target object, interceptor and service request have strong association, so that the expansibility of the service management system is low.
Meanwhile, the traditional interceptors are deployed on one server, and one server needs to store a large amount of static data, so that the load requirement on one server is high.
Disclosure of Invention
The application provides a service control method, a service control system, a server and a computer storage medium, and mainly solves the technical problem of how to reduce the load pressure of the server and improve the practicability of a service system.
In order to solve the technical problem, the present application provides a service control method, which is applied to a service system, where the service system at least includes a client, a first server and a second server; the client establishes communication connection with the first server, and the first server establishes communication connection with the second server;
the service control method comprises the following steps:
the client sends a service request instruction to the first server, wherein the service request instruction at least comprises service function information and user information;
the first server sends the service request instruction to the second server;
the second server obtains first authority information according to the service function information and the user information, and sends the first authority information to the first server;
and the first server controls the service authority of the client according to the first authority information.
In order to solve the technical problem, the application further provides a service system, wherein the service system at least comprises a client, a first server and a second server; the client establishes communication connection with the first server, and the first server establishes communication connection with the second server;
the client is used for sending a service request instruction to the first server, wherein the service request instruction at least comprises service function information and user information;
the first server is used for sending the service request instruction to the second server;
the second server is used for obtaining first authority information according to the service function information and the user information and sending the first authority information to the first server;
and the first server is also used for controlling the service authority of the client according to the first authority information.
In order to solve the above technical problem, the present application further provides another service control method, where the service control method is applied to a second server, and the second server establishes a communication connection with the first server;
the service control method comprises the following steps:
the second server receives a service request instruction from the first server;
the second server obtains first authority information according to the service request instruction;
and the second server sends the first authority information to the first server so that the first server controls the service authority of the client according to the first authority information.
In order to solve the above technical problem, the present application further provides a server, including a communicator and a processor, wherein the communicator is coupled to the processor;
the communicator is used for being in communication connection with the first server;
the processor is configured to:
receiving a service request instruction from the first server;
obtaining first authority information according to the service request instruction;
and sending the first authority information to the first server so that the first server controls the service authority of the client according to the first authority information.
To solve the above technical problem, the present application also provides a computer storage medium storing program data that can be executed to implement the above-mentioned service control method.
Compared with the prior art, the beneficial effects of this application are: the client sends a service request instruction to the first server, wherein the service request instruction at least comprises service function information and user information, and the client requests to realize a service function; the first server sends a service request instruction to the second server, and the first server forwards the request instruction to the second server; the second server obtains first authority information according to the service function information and the user information, and sends the first authority information to the first server, and the second server judges the authority of the client according to the prestored authority information; the first server controls the service authority of the client according to the first authority information, the first server sets the authority information in the second server, and the first server is responsible for controlling the authority of the client. Through the service control method, the authority information is stored in the second server, so that the load of the first server is reduced, and the practicability and the safety of a service system are improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts. Wherein:
fig. 1 is a schematic flow chart of a first embodiment of a service control method according to the present application;
FIG. 2 is a schematic diagram of the architecture of the business system of FIG. 1;
fig. 3 is a flowchart illustrating a second embodiment of a service control method according to the present application;
fig. 4 is a flowchart illustrating a third embodiment of the service control method of the present application;
FIG. 5 is a schematic diagram of the architecture of the business system of FIG. 4;
fig. 6 is a schematic flow chart of a fourth embodiment of the service control method of the present application;
FIG. 7 is a block diagram of an embodiment of the business system of the present application;
FIG. 8 is a block diagram of an embodiment of a server of the present application;
FIG. 9 is a schematic structural diagram of another embodiment of a server of the present application;
FIG. 10 is a schematic structural diagram of an embodiment of a computer storage medium according to the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The present application provides a service control method, and please refer to fig. 1 and fig. 2 specifically, where fig. 1 is a schematic flow diagram of a first embodiment of the service control method of the present application; fig. 2 is a schematic diagram of the structure of the business system in fig. 1.
The service control method of the present embodiment is applied to a service system 20, as shown in fig. 2, the service system 20 at least includes a client 21, a first server 22 and a second server 23. The client 21 establishes a communication connection with the first server 22, and the first server 22 establishes a communication connection with the second server 23.
In this embodiment, the client 21 may be a mobile phone, a computer, a palm computer or other intelligent devices. The user selects the required service function through the client 21 and implements the service function on the client 21.
The first server 22 may be a function server or a service server, and the first server 22 is configured to receive a service request from the client 21.
The second server 23 may be a background server, the second server 23 is configured to store a plurality of preset authority information, and the authority information may be updated by the second server 23 according to an input instruction of a user. The first server 22 obtains the service authority of the client 21 by calling the authority information of the second server 23, and controls the service authority that can be realized by the client 21 according to the service authority.
As shown in fig. 1, the service control method includes the following steps:
s11: the client sends a service request instruction to the first server, wherein the service request instruction at least comprises service function information and user information.
The operation interface displayed by the client 21 includes a plurality of interfaces (not shown in the figure), and each interface corresponds to a service function. When the interface is selected, the corresponding service function is implemented on the client 21, for example, the service function may include charging, charging or unsubscribing.
For example, if the user needs to implement the recharge service through the client 21, the user selects an interface corresponding to the recharge service through an operation interface of the client 21. At this time, the client 21 receives the selection instruction and sends a corresponding service request instruction to the first server 22 according to the selection instruction.
The service request instruction at least comprises service function information and user information, wherein the service function information can be a service function content type and an implementation mode selected by a user, and the user information can be an account number, an IP address and/or a service record and the like of the user. Furthermore, the service request instruction may further include a selection time and/or a client 21 type, etc.
S12: the first server sends a service request instruction to the second server.
The first server 22 may be a control center of the service system 20, and is configured to control service permissions of the client 21. Compared with the prior art, the service system 20 of the embodiment stores the authority information in the second server 23, and this storage manner can reduce the load pressure of the first server 22 and improve the working efficiency and stability of the first server 22.
The first server 22 forwards the service request instructions of the client 21 to the second server 23. The service request instruction forwarded by the first server 22 at least includes service function information and user information.
S13: and the second server obtains the first authority information according to the service function information and the user information and sends the first authority information to the first server.
The second server 23 stores a plurality of pieces of authority information in advance. The second server 23 receives the service request instruction from the first server 22, and searches for corresponding permission information according to the service function information and the user information of the service request instruction.
Specifically, the second server 23 searches for a plurality of right information related to the service function information according to the service function information, and screens out first right information corresponding to the user information according to the user information; the second server 23 transmits the first right information to the first server 22.
The first server 22 obtains the first right information from the second server 23, that is, the first server 22 can call the first right information from the second server 23, and controls the service right of the client 21 according to the first right information.
S14: and the first server controls the service authority of the client according to the first authority information.
The first server 22 receives the first permission information from the second server 23, and controls the service permission of the client 21 according to the first permission information, where the service permission may at least include: allowing access or denying access.
Specifically, when the first server 22 sets the service authority of the client 21 to allow access according to the first authority information, the client 21 can implement a service function corresponding to the service request instruction; when the first server 22 sets the service authority of the client 21 to deny access according to the first authority information, the client 21 cannot implement the service function corresponding to the service request instruction.
By the service control method of the embodiment, the service system 20 automatically sets the service authority of the client 21 according to the authority information; wherein the second server 23 is used for storing the rights information. In the prior art, the first server 22 needs to store multiple sets of authority information, and therefore, the load of the first server 22 is more stressed. When the client 21 calls the authority corresponding to the authority information, the first server 22 needs to run the code corresponding to the authority information, so as to check whether the call of the client 21 meets the condition. Further, when the authority information needs to be updated, the first server 22 needs to rewrite the code to update the authority information. In the process of writing the code, the first server cannot normally check whether the call of the client 21 is qualified. In the service control method of this embodiment, the second server 23 stores the authority information, so that the load pressure of the first server 22 can be effectively reduced, and further, when the authority information needs to be updated, the second server 23 writes the updated authority information to update the authority information, and the first server 22 does not need to perform operations such as code re-implantation or server restart. During this time, the first server 22 normally checks whether the call of the client 21 is qualified, thereby improving the work efficiency and the work capacity of the first server 22.
Through the service control method of the above embodiment, the service system 20 can automatically set the service authority of the client 21 sending the service function request according to the authority information, and control the service function of the client 21 according to the service authority. Further, when the authority information of the second server 23 is updated, the service system 20 can timely reset the service authority of the client 21 sending the service function request, specifically refer to the following embodiments of the service control method.
Another service control method is proposed in the present application, please refer to fig. 3 specifically, and fig. 3 is a schematic flow diagram of a second embodiment of the service control method in the present application. The service control method of the present embodiment is also applied to the service system 20, please refer to fig. 2 specifically, which is not described herein again.
As shown in fig. 3, on the basis of the service control method disclosed in the first embodiment, the step S14 further includes the following steps:
s141: and the first server judges whether the client has the service authority or not according to the first authority information and the service function information.
The first server 22 receives the first permission information, and determines whether the client 21 has a service permission according to the first permission information and the service function information, where the service permission at least includes a first service permission and a second service permission.
When the first server 22 determines that the client 21 has the first service right, the first server 22 sends the data of the first operation interface to the client 21 according to the first service right, so that the client 21 receives and displays the first operation interface according to the data of the first operation interface.
For example, when the first server 22 determines that the client 21 has the first service right, the first operation interface displayed by the client 21 may include at least a "member center" option, a "determine" option, and a "cancel" option.
When the first server 22 determines that the client 21 has the second service right, the first server 22 sends the data of the second operation interface to the client 21 according to the second service right, so that the client 21 receives and displays the second operation interface according to the data of the second operation interface.
For example, when the first server 22 determines that the client 21 has the second service right, the second operation interface displayed by the client 21 at least includes a "confirm" option and a "cancel" option; the second operation interface is not provided with a 'member center' option relative to the first operation interface.
When the first server 22 determines that the client 21 does not have the first service right and the second service right, that is, the client 21 is not allowed to implement the corresponding service function, the process proceeds to step S142.
S142: the first server sends the interception information to the client.
Wherein the client 21 is not allowed to implement the requested service function, the first server 22 sends the interception information to the client 21, so that the client 21 displays the interception information. The interception information may include an interception reason or an interception time.
Further, when the authority information stored in advance by the second server 23 is updated, the service authority set by the first server 22 for the client 21 also needs to be updated correspondingly. Therefore, after step S142, the service control method in this embodiment may further include the following steps:
s15: and the second server detects whether the first authority information is updated according to the user information of the client.
Wherein the second server 23 detects whether the pre-stored first right information is updated. If the second server 23 detects that the first right information is not updated, the first server 22 maintains the service right of the client 21.
If the second server 23 detects that the first right information is updated, the process proceeds to step S16.
S16: and the second server obtains second authority information according to the updated first authority information and sends the second authority information to the first server.
If the second server 23 detects that the first right information is updated, the second server 23 obtains second right information according to the updated first right information, and the second server 23 sends the second right information to the first server 22.
S17: and the first server judges whether the client has the service authority or not according to the second authority information and the service function information.
Step S17 is the same as step S141, and is not described herein again.
In a real application scenario, the service system 20 needs to update the authority information at any time, so as to flexibly control the service authority of the client 21. Through the service control method of the above embodiment, when the client 21 is not allowed to implement the requested service function, the first server 22 sends the interception information to the client 21, so that the client 21 can timely obtain the interception information and select the subsequent operation, thereby improving the practicability of the service system 20. Further, the service system 20 may also actively detect whether the pre-stored first permission information is updated; if yes, the service system 20 updates the first permission information in time, so that the first server 22 updates the service permission of the control client 21, and the flexibility of the service system 20 is improved. The method for updating the service authority in time is applied to management of various time-limited activity authorities, for example, in a "618" time-limited robbery activity, the service system 20 updates the first authority information and then updates the service authority, and the client 21 can acquire the service authority for the robbery after a preset time.
The present application provides another service control method, specifically please refer to fig. 4 and fig. 5, fig. 4 is a schematic flow diagram of a third embodiment of the service control method of the present application, and fig. 5 is a schematic structural diagram of a service system in fig. 4.
The service control method of the present embodiment is applied to a service system 30, as shown in fig. 5, the service system 30 at least includes a client 31, a first server 32, a third server 33, and a fourth server 34. The client 31 establishes a communication connection with the first server 32, the first server 32 establishes a communication connection with the third server 33, and the third server 33 establishes a communication connection with the fourth server 34.
The second server 23 of the business system 20 may include the third server 33 and the fourth server 34 of the business system 30 in this embodiment. The third server 33 may be a business backend server and the fourth server 34 may be a configuration backend server. The service background server is a core server for controlling all service access, and a user can not operate the functions of the service background server without intervening and knowing the operation mechanism of the service background server. The configuration background server is an administrator or an administrator with related roles, and is a scheduling center for performing resource configuration and optimization on the capacity expected to be achieved by the service function.
The administrator fourth server 34 is used to configure the authority information and may transmit the authority information to the third server 33. The third server 33 is used for storing the configured authority information and processing the service request instruction sent by the client terminal 31. Specifically, the third server 33 allocates the corresponding permission information according to the service request instruction of the client 31, and sends the permission information to the first server 32, so that the first server 32 controls the service permission of the client 31 according to the permission information. As shown in fig. 4, the service control method includes the following steps:
s41: the client sends a service request to the first server, wherein the service request instruction at least comprises service function information and user information.
Step S41 of the present embodiment is the same as step S11 of the above embodiments, and is not repeated herein.
S42: the first server sends a service request instruction to the third server.
Step S42 of the present embodiment is the same as step S12 of the above embodiments, and is not repeated herein.
S43: and the third server receives the service request instruction and acquires the configuration information from the fourth server.
Wherein, the third server 33 obtains the configuration information from the fourth server 34 according to the service request instruction. The configuration information at least comprises authority information. The configuration information may be stored in the fourth server 34 or the third server 33 in advance.
S44: and the third server obtains the first authority information according to the service request instruction and the configuration information and sends the first authority information to the first server.
The third server 33 obtains the first permission information according to the configuration information, the service function information and the user information.
The third server 33 may further identify whether the service request instruction carries a dangerous malicious attack, such as ddos (distributed denial of service attack), xss (cross site scripting attack), or injection. If yes, the third server 33 may monitor the client 31 according to the user information in the service request instruction, and may also control the access frequency of the client 31, so as to improve the security of the service system 30.
After the fourth server 34 inputs the configuration information, the third server 33 obtains the configuration information in real time, performs policy analysis on the client 31 according to the user information, and forms the first permission information. For example, the configuration information may include: the client terminal 31 can only send the service request command including the user information once in five minutes, and the third server 33 will intercept other service commands sent by the client terminal 31 in 5 minutes. The third server 33 may determine that the service request instruction sent more than once by the client 31 in five minutes is a malicious request instruction, and intercept the relevant malicious request instruction.
In this embodiment, the third server 33 has strong business background capability, supports various access controls, and dynamically takes effect, flexibly controls, and improves the practicability and security of the business system 30.
S45: and the first server controls the service authority of the client according to the first authority information.
Wherein, the first server 32 controls the service authority of the client 31 according to the first authority information. First server 32 includes, but is not limited to, access control to media such as the functionality, user, IP, etc. of client 31.
Through the service control method of the above embodiment, the service system 30 can automatically determine and set the service authority of the client terminal 31 that sends the service function request, and control the service function of the client terminal 31 according to the service authority. In the service control method of the present embodiment, the authority information is stored in the third server 33 or the fourth server 34, so that the load pressure of the first server 32 can be effectively reduced. Further, the third server 33 and/or the fourth server 34 may be used as middleware such as class interceptors, so that the traffic is more concentrated and is less affected by additional intrusion, thereby ensuring the robustness of the authority function.
Further, the fourth server 34 is configured to update the configuration information, and further send the updated configuration information to the third server 33. The third server 33 obtains the updated first permission information according to the updated configuration information, and sends the updated first permission information to the first server 32. The first server 32 resets the service right of the client 31 sending the service function request according to the updated first right information, which refers to the following embodiments of the service control method.
The present application provides another service control method, please refer to fig. 6 specifically, and fig. 6 is a schematic flow chart of a fourth embodiment of the service control method according to the present application.
The service control method of the present embodiment is also applied to the service system 30, please refer to fig. 5 for details, which are not described herein again.
As shown in fig. 6, on the basis of the third embodiment of the traffic control method, step S45 is further followed by the following steps:
s46: and when the fourth server receives the input instruction, updating the configuration information according to the input instruction.
The configuration information at least comprises access refusal time interval information, access frequency information, function isolation information and/or blacklist information and the like.
For example, the administrator adds, modifies or deletes the denial authority of the client 31 through the fourth server 34, and the denial authority generally includes denial period control, access frequency control, function isolation, blacklist entry, and the like. After the administrator finishes updating the refused permission, the administrator clicks 'start control', and then the input of the configuration information can be finished.
When the user applies for the service function through the client terminal 31, the service system 30 performs access control on the client terminal 31 according to the configuration information without operations such as code re-implantation or service restart.
Further, when the administrator needs to release the access control to the client 31, the administrator can close the control function or delete the control record through the fourth server 34, the configuration is simple and flexible, and the operation threshold is low.
Upon receiving the input instruction, the fourth server 34 starts receiving one or more sets of configuration information input by the user. Alternatively, the input instruction received by the fourth server 31 includes one or more sets of configuration information input by the user.
Specifically, the administrator can input the configuration information through the fourth server 34 at any time, and the third server 33 can acquire the latest configuration information.
S47: and the third server receives the service request instruction again and acquires the updated configuration information from the fourth server.
Wherein the third server 33 re-receives the service request instruction. The third server 33 may receive the original service request command forwarded by the first server 32, or may receive the latest service request command forwarded by the first server 32.
The third server 33 obtains the updated configuration information from the fourth server 34 according to the service request instruction.
S48: and the third server obtains second authority information according to the service request instruction and the updated configuration information, and sends the second authority information to the first server.
Step S48 of the present embodiment is the same as step S13 of the above embodiments, and is not repeated herein.
S49: and the first server controls the service authority of the client according to the second authority information.
Step S49 of the present embodiment is the same as step S14 of the above embodiments, and is not repeated herein.
Through the service control method of the above embodiment, the service system 30 can update the service authority controlled by the client terminal 31 in real time by acquiring the updated configuration information through the fourth server 34, so as to improve the flexibility of the service system 30; furthermore, the service authority can be started, modified or deleted by the administrator through the fourth server 34, the configuration is simple and flexible, and the operation threshold is low. Because the type and the content of the configuration information can be input by an administrator, the configuration information can be suitable for multiple industries or multiple fields, and the application range is wide.
The present application provides a service system, please refer to fig. 7 specifically, and fig. 7 is a schematic structural diagram of an embodiment of the service system of the present application. The business system 40 of the present embodiment includes at least a client 41, a first server 42, and a second server 43. The client 41 establishes a communication connection with the first server 42, and the first server 42 also establishes a communication connection with the second server 43.
The client 41 is configured to send a service request instruction to the first server 42, where the service request instruction at least includes service function information and user information;
the first server 42 is configured to send a service request instruction to the second server 43;
the second server 43 is configured to obtain first right information according to the service function information and the user information, and send the first right information to the first server 42;
the first server 42 is further configured to control the service right of the client 41 according to the first right information.
The present application further provides a server, please refer to fig. 8 specifically, and fig. 8 is a schematic structural diagram of an embodiment of the server according to the present application.
The server 700 is a second server disclosed in the above embodiment, and the server 700 establishes a communication connection with the first server. As shown in fig. 8, the server 700 includes a transceiver module 71 and a processing module 72, wherein the transceiver module 71 establishes a connection with the processing module 72.
The transceiver module 71 is configured to receive a service request instruction from a first server.
The processing module 72 is configured to obtain the first permission information according to the service request instruction.
The transceiver module 71 is further configured to send the first permission information to the first server, so that the first server controls the service permission of the client according to the first permission information.
The present application further provides another server, specifically please refer to fig. 9, and fig. 9 is a schematic structural diagram of another embodiment of the server of the present application. The server 800 is a second server disclosed in the above embodiments, and the server 800 establishes a communication connection with the first server. As shown in fig. 9, the server 800 includes a communicator 81 and a processor 82, wherein the communicator 81 establishes a connection with the processor 82.
The communicator 81 is configured to be communicatively connected to a first server;
the processor 82 is configured to:
receiving a service request instruction from a first server;
obtaining first authority information according to the service request instruction;
and sending the first authority information to the first server so that the first server controls the service authority of the client according to the first authority information.
In the present embodiment, the processor 82 may also be referred to as a CPU (Central Processing Unit). The processor 82 may be an integrated circuit chip having signal processing capabilities. The processor 82 may also be a general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components. A general purpose processor may be a microprocessor or the processor 82 may be any conventional processor or the like.
The present application also provides a computer storage medium, as shown in fig. 10, a computer storage medium 900 stores program data, which can be executed to implement the method described in the embodiment of the service control method of the present application.
The method involved in the embodiments of the service control method of the present application, when implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in the apparatus 900, for example, in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a processor (processor) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the purpose of illustrating embodiments of the present application and is not intended to limit the scope of the present application, and all modifications of equivalent structures and equivalent processes, which are made by the contents of the specification and the drawings of the present application or are directly or indirectly applied to other related technical fields, are also included in the scope of the present application.
Claims (5)
1. A service control method is characterized in that the service control method is applied to a service system, and the service system at least comprises a client, a first server and a second server; the client establishes communication connection with the first server, and the first server establishes communication connection with the second server, wherein the second server further comprises a third server and a fourth server;
the service control method comprises the following steps:
the client sends a service request instruction to the first server, wherein the service request instruction at least comprises service function information and user information;
the first server sends the service request instruction to the second server;
the third server receives the service request instruction, identifies whether the service request instruction carries dangerous malicious attack, and if so, monitors the client and acquires configuration information from the fourth server, wherein the configuration information comprises access refusal time interval information, access frequency control information, function isolation information and/or blacklist information;
the third server obtains first authority information according to the service request instruction and the configuration information, and sends the first authority information to the first server;
the first server controls the service authority of the client according to the first authority information;
after the step of obtaining, by the third server, the first permission information according to the service request instruction and the configuration information, and sending the first permission information to the first server, the method includes:
the third server receives the service request instruction again and acquires the updated configuration information from the fourth server;
the third server obtains second authority information according to the service request instruction and the updated configuration information, and sends the second authority information to the first server;
and the first server controls the service authority of the client according to the second authority information.
2. The service control method according to claim 1, wherein the step of the first server controlling the service right of the client according to the first right information further comprises:
the first server judges whether the client has the service authority or not according to the first authority information and the service function information;
and if not, the first server sends interception information to the client.
3. The traffic control method according to claim 2, wherein the step of the first server sending the interception information to the client is followed by:
the second server detects whether the first authority information is updated according to the user information of the client;
if so, the second server obtains second permission information according to the updated first permission information, sends the second permission information to the first server, and executes the step that the first server judges whether the client has the service permission according to the second permission information and the service function information.
4. A business system, characterized in that the business system comprises at least a client, a first server and a second server; the client establishes communication connection with the first server, and the first server establishes communication connection with the second server, wherein the second server further comprises a third server and a fourth server;
the client is used for sending a service request instruction to the first server, wherein the service request instruction at least comprises service function information and user information;
the first server is used for sending the service request instruction to the second server;
the third server is used for receiving the service request instruction, identifying whether the service request instruction carries dangerous malicious attack or not, monitoring the client if the service request instruction carries dangerous malicious attack, and acquiring configuration information from the fourth server, wherein the configuration information comprises access refusal time period information, access frequency control information, function isolation information and/or blacklist information;
the third server is further configured to obtain first permission information according to the service request instruction and the configuration information, and send the first permission information to the first server;
the first server is also used for controlling the service authority of the client according to the first authority information;
after the step of obtaining, by the third server, the first permission information according to the service request instruction and the configuration information, and sending the first permission information to the first server, the method includes:
the third server receives the service request instruction again and acquires the updated configuration information from the fourth server;
the third server obtains second authority information according to the service request instruction and the updated configuration information, and sends the second authority information to the first server;
and the first server controls the service authority of the client according to the second authority information.
5. A computer storage medium, characterized in that the computer storage medium stores program data executable to implement the traffic control method of any of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811076447.1A CN109460654B (en) | 2018-09-14 | 2018-09-14 | Service control method, service control system, server and computer storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811076447.1A CN109460654B (en) | 2018-09-14 | 2018-09-14 | Service control method, service control system, server and computer storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109460654A CN109460654A (en) | 2019-03-12 |
| CN109460654B true CN109460654B (en) | 2021-05-14 |
Family
ID=65606684
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811076447.1A Active CN109460654B (en) | 2018-09-14 | 2018-09-14 | Service control method, service control system, server and computer storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109460654B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111160861B (en) * | 2019-12-27 | 2022-06-03 | 蚂蚁胜信(上海)信息技术有限公司 | Method, device and equipment for renewing service authority |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355478B (en) * | 2008-09-05 | 2011-03-16 | 中兴通讯股份有限公司 | Unified video signal system and method with separated business management and business control |
| CN104243154A (en) * | 2013-06-07 | 2014-12-24 | 腾讯科技(深圳)有限公司 | Server user authority centralized control system and server use authority centralized control method |
| CN107645508A (en) * | 2017-10-16 | 2018-01-30 | 深圳市买买提乐购金融服务有限公司 | A kind of data handling system, method, client and server |
-
2018
- 2018-09-14 CN CN201811076447.1A patent/CN109460654B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101355478B (en) * | 2008-09-05 | 2011-03-16 | 中兴通讯股份有限公司 | Unified video signal system and method with separated business management and business control |
| CN104243154A (en) * | 2013-06-07 | 2014-12-24 | 腾讯科技(深圳)有限公司 | Server user authority centralized control system and server use authority centralized control method |
| CN107645508A (en) * | 2017-10-16 | 2018-01-30 | 深圳市买买提乐购金融服务有限公司 | A kind of data handling system, method, client and server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109460654A (en) | 2019-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101380966B1 (en) | Apparatus and Method for Security in Mobile Terminal | |
| US7889684B2 (en) | Method for managing a terminal device | |
| KR101359324B1 (en) | System for enforcing security policies on mobile communications devices | |
| EP3522475A1 (en) | Apparatus, method and device for encapsulating heterogeneous function equivalent bodies | |
| US20070266422A1 (en) | Centralized Dynamic Security Control for a Mobile Device Network | |
| JP4856246B2 (en) | Method for performing management operation by communication terminal, terminal, and system thereof | |
| US11983266B2 (en) | Systems and methods for event-based application control | |
| CN103108320A (en) | Method and system for monitoring application program of mobile device | |
| US9971902B2 (en) | Terminal device, method for protecting terminal device, and terminal management server | |
| CN105550584A (en) | RBAC based malicious program interception and processing method in Android platform | |
| CN109460654B (en) | Service control method, service control system, server and computer storage medium | |
| US11457046B2 (en) | Distributed network resource security access management system and user portal | |
| GB2353918A (en) | Access rights in a mobile communications system | |
| CN110417615B (en) | Check switch control method, device and equipment and computer readable storage medium | |
| CN109992298B (en) | Examination and approval platform expansion method and device, examination and approval platform and readable storage medium | |
| CN101039324B (en) | Method, system and apparatus for defending network virus | |
| CN112395020A (en) | Safety protection method of intranet, client, target server and storage medium | |
| CN113728318A (en) | Remote management of user devices | |
| KR100642998B1 (en) | Policy message transmission method for upgrade policy of mobile | |
| CN109800580B (en) | Permission control method and device of system process, storage medium and computer equipment | |
| CN111143857B (en) | Data sharing method, robot controller and storage medium | |
| CN116390096A (en) | Mobile hotspot access method, device, equipment and storage medium | |
| CN107819787B (en) | System and method for preventing illegal external connection of local area network computer | |
| US12107845B2 (en) | Remote access computer security | |
| US20240338200A1 (en) | Product update management using mobile device management accounts and role accounts |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |