CN113076502A - Parameter control method and system based on request identification - Google Patents
Parameter control method and system based on request identification Download PDFInfo
- Publication number
- CN113076502A CN113076502A CN202110439664.8A CN202110439664A CN113076502A CN 113076502 A CN113076502 A CN 113076502A CN 202110439664 A CN202110439664 A CN 202110439664A CN 113076502 A CN113076502 A CN 113076502A
- Authority
- CN
- China
- Prior art keywords
- request
- parameter
- service interface
- service
- rule
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000011161 development Methods 0.000 claims abstract description 23
- 230000006870 function Effects 0.000 claims description 48
- 238000000926 separation method Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 11
- 238000012795 verification Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 6
- 238000002347 injection Methods 0.000 claims description 3
- 239000007924 injection Substances 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 4
- 230000008676 import Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 230000008859 change Effects 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 239000000243 solution Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/957—Browsing optimisation, e.g. caching or content distillation
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a parameter control method and a system based on a request identifier, which realize the control of client access request parameters through a request identifier ID and a request parameter rule related to the request identifier ID, after receiving an access request with the request identifier ID of a client, the method obtains the related request parameter rule according to the ID, and the request identifier ID and the related request parameter rule are configured in advance and stored in a database through a background management page by a developer during development; and responding to the access request of the client according to the acquired pre-configured request parameter rule. The invention can integrally control the parameters, the affairs and the authority of the specific request, effectively prevent malicious tampering and attack and enhance the safety. The invention can page the configuration of the request parameters, so that secondary developers can directly configure the parameters through the pages, and can more finely control the access.
Description
Technical Field
The invention relates to a parameter control method and system based on request identification, and belongs to the technical field of networks.
Background
In the construction process of a service platform website, parameters are generally directly transmitted in when a page request or service is called, a background develops an implementation method according to the pertinence of service logic, corresponding service logic is implemented by using the parameters transmitted in the process of accessing/calling the request, and authority and affair control is performed on a method body according to specific service requirements. The existing development mode makes the request parameter difficult to control and is easy to be tampered and attacked maliciously. And when the service requirement changes and needs to be upgraded, the background code needs to be upgraded, the upgrading period is long, and the maintenance cost is high.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the problems that in the existing website platform development mode, developers need to carry out authority and transaction control in the background, the dynamic control of transactions and authorities in the same method for different services cannot be achieved, the management of parameters and authority transactions cannot be carried out in a page configuration mode, the requirements on website platform developers are high, and the like, the invention aims to provide a parameter control method and a system based on request identification.
The technical scheme is as follows: in order to achieve the above object, the present invention provides a parameter control method based on request identification, which includes the following steps:
(1) receiving an access request of a client, wherein the access request comprises a request identification ID;
(2) judging parameters carried by the access request, if carrying a request identification ID, acquiring an associated request parameter rule according to the ID, otherwise, returning an error;
(3) judging whether the request identification ID has a related request parameter rule or not, wherein the request identification ID and the related request parameter rule are pre-configured and stored in a database through a background management page when a developer develops; if the request identification ID does not have the associated request parameter rule, returning an error;
(4) and responding to the access request of the client according to the acquired pre-configured request parameter rule.
Preferably, the items preconfigured in the request parameter rule include one or more of access right setting, transaction management on operation, limitation on parameter participation condition, call of a local service interface or a cloud micro-service interface, and acquisition of a global variable.
Preferably, if the request parameter rule comprises the configuration of the permission setting, the verification of the user access permission is carried out; if the request parameter rule comprises the configuration of the transaction setting, dynamically setting the transaction; if the request parameter rule comprises the configuration of whether the additional parameters are allowed to be added, carrying out corresponding verification according to the configuration condition; wherein the values of the configuration items include use, ignore, disable additional parameters; if the request parameter rule comprises the configuration of calling a local service interface or a cloud micro-service interface, calling a specified interface and acquiring a corresponding execution result; and if the request parameter rule comprises the configuration of obtaining the global variable, dynamically obtaining the value of the specified global variable.
Preferably, if a plurality of configuration items are configured in the request parameter rule, executing each configuration item according to a pre-agreed processing logic; the expression form of the configuration item adopts a fixed parameter form and a dynamic parameter form, and the parameter name and the parameter value of the configuration item in the fixed parameter form are both a preset fixed value or an EL expression; only configuring a dynamic parameter name in a configuration item in a dynamic parameter form, not setting a corresponding parameter value, dynamically acquiring the parameter value from the parameter carried by the access request according to the dynamic parameter name and assigning the value; when the additional parameters are forbidden, if the parameters transmitted by the access request are not in the fixed parameter name and the dynamic parameter name, returning an error; when the extra parameters are ignored, if the access request incoming parameters are not in the fixed parameter name and the dynamic parameter name, the parameters are ignored; when the extra parameters are used, dynamic assignment is carried out according to the parameter values and the dynamic parameter names transmitted by the access request, and parameters which are not in the fixed parameter names and the dynamic parameter names are used.
Preferably, when the access request of the client is a page request or an incoming file request in a page, the request identification ID is not set, and when the page request or the incoming file request in the page is received, the requested page or the incoming file is directly returned to the client by the filter in the single sign-on service.
Preferably, if the request parameter rule configures a specified service interface to be called, or the service interface and the input parameter, and when the result returned by the service interface is the same as the result form required by the client, the request parameter rule is directly routed to the specified service interface to be executed and the execution result is obtained; and when the result returned by the service interface is in a character string form and is different from the file stream result form required by the client, routing to a specified service interface for execution, and then routing to another service interface specified by the parameter for execution according to the feignPath parameter carried in the execution result to obtain the file stream result.
Preferably, the access request of the client is sent to the single sign-on service through the proxy service, and a filter, an interceptor and a controller are arranged in the single sign-on service; the filter is used for processing page requests and incoming file requests of pages, the interceptor is used for dynamically setting transactions, and the controller is used for verifying and assembling parameters and calling a designated service interface.
Based on the same inventive concept, the invention provides an access control system based on request parameter identification, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the computer program realizes the request parameter identification-based parameter control method when being loaded to the processor.
The invention provides a website platform rapid development system adopting the request identification-based parameter control method, which comprises the following steps:
the request parameter rule management module is used for managing the request identifier ID and the associated request parameter rule by a secondary developer;
the logic function dynamic code management module is used for managing a logic function identifier ID and a related dynamic JavaScript code for realizing a service logic function by a secondary developer;
the request parameter control module judges the request identification ID in the access request of the client and acquires the associated request parameter rule, and responds to the access request of the client according to the pre-configured request parameter rule; the method comprises the following steps:
the parameter checking unit is used for checking whether the parameter configuration conforms to a predefined rule;
the authority or transaction management unit is used for determining whether to check the access authority of the user or dynamically set the transaction according to the items configured in the request parameter rule;
the service interface processing unit is used for calling a specified service interface and acquiring an execution result according to a local service interface or a cloud micro-service interface configured by the request parameter, or the interface and the input parameter; the local service interface or the cloud micro-service interface comprises a background separation function realization interface, when the configuration item in the request parameter rule configures the background separation function realization interface, a logic function identification ID is designated at the same time, and when the background separation function realization interface is executed, the background separation function realization interface acquires a dynamic JavaScript code for realizing a corresponding service logic function according to the logic function identification ID, performs data injection and executes the code.
Preferably, the dynamic JavaScript code includes a call to a local service interface or a cloud micro-service interface for implementing a basic function; the basic function is provided by the self-carried service of the development system or the service uploaded by the secondary development user, and the corresponding function is realized in the form of a service interface.
Has the advantages that: compared with the prior art, the method and the device have the advantages that the parameter rule of the whole request is associated by introducing the request identifier, so that the parameters, the affairs and the authority of the specific request can be integrally controlled, malicious tampering and attack are effectively prevented, and the safety is enhanced. And the introduction of the request identification enables the affairs, the authority control and the like of different request entering methods to be dynamically managed. The parameters, the permission and the affairs of the integrated management are directed to the request of the client instead of the background method, and the method is essentially different from the traditional method of directly adding the control to the background. The invention can perform page configuration on the request parameters, so that secondary developers can directly perform permission, transaction and parameter configuration through the page, and can perform more detailed control on access. In addition, based on the rapid development system provided by the invention, a secondary development user can conveniently configure the request parameter rule and realize rapid development of the service logic function based on the dynamic JavaScript code, thereby reducing the development difficulty and ensuring the development flexibility.
Drawings
FIG. 1 is a flow chart of an embodiment of the present invention.
Fig. 2 is an architecture diagram for implementing an embodiment of the present invention.
Fig. 3 is a schematic diagram illustrating a page/incoming document request flow in the embodiment of the present invention.
Fig. 4 is a schematic flow chart of an interface access request according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of a parameter verification process in the embodiment of the present invention.
Detailed Description
The technical solution of the present invention will be clearly and completely described below with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, a parameter control method based on a request identifier disclosed in the embodiment of the present invention implements control on a client access request parameter through a request identifier id (requestid) and a request parameter rule associated therewith, and the method includes: the client sends an access request, and the secondary developer configures a request identifier ID and an associated request parameter rule through a background management page during development of the access request; the server side judges parameters carried by the access request after receiving the access request, if the request identification ID is carried, the associated request parameter rule is obtained according to the ID, otherwise, an error is returned; then judging whether the request identification ID has a related request parameter rule, if not, returning an error; and finally responding to the access request of the client according to the acquired pre-configured request parameter rule. Based on the parameter control method, secondary developers can realize various detailed controls supported by the platform only by configuring the rules of the request parameters in a configuration mode, and only one request Identification (ID) is exposed to the client, so that malicious tampering and attack are effectively prevented.
In a specific development platform, items pre-configured in the request parameter rule may include one or more of access authority setting, transaction management on operation (such as database transaction, transaction for accessing the whole interface, and if an error occurs, rollback operation is executed), restriction on parameter participation conditions (such as no more parameters, no less parameters, a parameter name specifying a value that can be transmitted to different values according to different services, whether additional parameters are allowed, keys and values of parameters are fixed and are not allowed to change, and the like), call on a local service interface or a cloud micro-service interface, and acquisition of global variables. If the request parameter rule comprises the configuration of the permission setting, checking the user access permission; if the request parameter rule comprises the configuration of the transaction setting, dynamically setting the transaction; if the request parameter rule comprises the configuration of whether the additional parameters are allowed to be added, carrying out corresponding verification according to the configuration condition; wherein the values of the configuration items include use, ignore, disable additional parameters; if the request parameter rule comprises the configuration of calling a local service interface or a cloud micro-service interface, calling a specified interface and acquiring a corresponding execution result; and if the request parameter rule comprises the configuration of obtaining the global variable, dynamically obtaining the value of the specified global variable.
If a plurality of configuration items are configured in the request parameter rule, executing each configuration item according to a predetermined processing logic, for example, performing permission verification first, then performing transaction setting, obtaining parameters first, then calling service interfaces, and the like, and calling a plurality of service interfaces in sequence according to the sequence of configuration, and the like. The expression form of the configuration item adopts a fixed parameter form and a dynamic parameter form, the parameter name and the parameter value in the configuration item in the fixed parameter form are both preset fixed values (the fixed parameter is set by a developer and cannot be tampered by final client access, and the parameter value can be an EL expression, such as $ { userId }, so that a global variable can be obtained); and only configuring the dynamic parameter name in the configuration items in the dynamic parameter form, not setting the corresponding parameter value, dynamically acquiring the parameter value from the parameters carried by the access request according to the dynamic parameter name and assigning the value (for the condition that the parameter value is different due to different requests). If the extra parameter configuration is allowed or not, whether the extra parameter is transmitted or not is observed according to the fixed parameter and dynamic parameter rules, and the transmitted parameters are not checked to pass if the transmitted parameters are not in the fixed parameter name and the dynamic parameter name. If the configuration is used, redundant parameters can be introduced, and if the configuration is ignored, the redundant parameters are eliminated and then executed downwards.
For example, a local service interface or a cloud micro-service interface supported by a background may be configured by a servicePath parameter name, for example, servicePath = act/startprocessinsenstancebykey represents an interface for starting a workflow instance in a configuration call workflow service, servicePath = base/getUUID represents an interface for obtaining a UUID provided in a configuration call basic service; it can also indicate that the transaction needs to be dynamically set by configuring transaction =1, and configuring auth =0 indicates that no permission is needed, such as that no permission represents that the transaction can be directly accessed without logging in. The request identification is created by a developer on a background management page, and the associated request parameter rule is edited and stored in a database after being configured. When the interface is accessed, the request identification ID of the associated request parameter rule is taken, and parameter setting or verification can be immediately carried out according to the ID in the background, such as user access authority verification, dynamic transaction setting and the like according to the authority and transaction setting conditions contained in the request parameter rule. The parameter condition of the request can be effectively controlled by formulating the request parameter rule, and some illegal requests are prevented from being generated.
When a page request or an incoming file (such as js file, css file and the like) in a page is requested, a request identification ID is not set, and when the page request or the incoming file request in the page is received, a filter in the single sign-on service directly returns the requested page or the incoming file to a client.
In addition, for the calling situation of the service interface, if the request parameter rule configures a service interface for calling and specifying (if a parameter is specified at the same time, if a service for calling and executing a database statement needs to specify a corresponding statement sqlId at the same time, the sqlId is associated with a preconfigured database statement), and the result returned by the service interface is the same as the result form required by the client, the service interface is directly routed to the specified service interface for execution and the execution result is obtained. If the result returned by the service interface is in a character string form and is different from the file stream result form required by the client, the result is routed to the specified service interface for execution and then routed to another appointed service interface for execution so as to obtain the file stream result. The local service interface or cloud microservice interface can be an interface provided by a development platform, such as a system database service (used for receiving SQL and parameters to the database execution and packaging the return result), a file service (file uploading and downloading), an authentication service, a workflow service, a message service, and the like. Or a service interface which is developed and uploaded by a secondary developer, such as a service for realizing specific business logic.
Fig. 2 is an architecture diagram that may be used in an embodiment of the present invention, in which a client requests access to a single sign-on service (sso) via an agent service (nginx), and a filter, an interceptor, and a controller are set in the single sign-on service; the system comprises a filter, an interceptor and a controller, wherein the filter is mainly used for processing page requests and incoming file requests of pages, the interceptor is mainly used for dynamically setting transactions, and the controller is mainly used for verifying and assembling parameters and calling a specified service interface.
Based on the same inventive concept, an access control system based on request parameter identification provided by an embodiment of the present invention includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the computer program implements the foregoing parameter control method based on request identification when being loaded onto the processor.
Based on the above request identifier-based parameter control method, another embodiment of the present invention discloses a website platform rapid development system, which includes: the request parameter rule management module is used for managing the request identifier ID and the associated request parameter rule by a secondary developer; the logic function dynamic code management module is used for managing a logic function identifier ID and a related dynamic JavaScript code for realizing a service logic function by a secondary developer; and the request parameter control module judges the request identification ID in the access request of the client and acquires the associated request parameter rule, and responds to the access request of the client according to the pre-configured request parameter rule. The request parameter control module comprises: the parameter checking unit is used for checking whether the parameter configuration conforms to a predefined rule; the authority or transaction management unit is used for determining whether to check the access authority of the user or dynamically set the transaction according to the items configured in the request parameter rule; the service interface processing unit is used for calling a specified service interface and acquiring an execution result according to a local service interface or a cloud micro-service interface configured by the request parameter, or the interface and the input parameter; the local service interface or the cloud micro-service interface comprises a background separation function realization interface, when configuration items in the request parameter rules configure the background separation function realization interface, a logic function identification ID is simultaneously appointed, and the background separation function realization interface acquires dynamic JavaScript codes for realizing corresponding business logic functions according to the logic function identification ID during execution, performs data injection and executes the codes. The dynamic JavaScript code can be edited by the secondary development user using an online code editor such as CodeMirror, and the code includes a call to a local service interface or a cloud microservice interface for implementing a basic function. The basic functions are provided by self-carried services of the development system or services uploaded by secondary development users, and corresponding functions such as a mail function, a file uploading and downloading function, an authentication function, a workflow function, a database access function and the like are realized in the form of service interfaces. The service function is automatically realized by a secondary development user according to the application requirement of a specific website platform, such as the verification of service data format and data consistency.
The following describes the specific application of the method of the present invention in detail with reference to several common request scenarios.
1. Request page
As shown in fig. 3, the browser sends a page request, nginx receives the request and then distributes the request to the single sign-on service, and the filter in the single sign-on service finds out the corresponding page from the memory directly and processes the page and then returns the page (directly find out the corresponding page according to the address of the request, where the requestId of the association request parameter rule does not need to be configured).
2. Requesting import files in pages, e.g. js, css files, etc
As shown in fig. 3, similar to the page request, the browser sends a page import file request, nginx receives the request and then distributes the request to the single sign-on service, and the filter in the single sign-on service finds that the import file is requested to directly find the corresponding file from the memory and return the file after processing (directly find the corresponding import file according to the address of the request, where the requestId of the association request parameter rule does not need to be configured).
3. Case of request for return of string result
As shown in fig. 4, the browser sends an interface access request, nginx receives the request and then distributes the request to a single sign-on service, a filter in the single sign-on service directly passes through the filter, the interceptor forwards the request to the interceptor, the interceptor judges whether to dynamically set a transaction according to configuration requirements and then forwards the request to the controller, in this case, an excFun method in the controller is used, a checkParams method (checkParams performs parameter verification and assembly as shown in fig. 5) is called in the excFun method, and then a micro service/local service is called according to the parameters.
4. Case of requesting to return a file stream
The file stream is returned under two conditions, the first condition is that the file stream is returned by the micro service interface specified by the configured servicePath, and the second condition is that the micro service interface specified by the servicePath executes other operations in advance, such as inquiring the storage position of a file, or inserting and recording the file into a database, etc., after the operations are finished, a file is returned to call the micro service interface parameter feignPath, and the micro service is returned according to the feignPath (the micro service interface specified by the feignPath must be the micro service interface for returning the file stream).
a. In the first case: the browser sends an interface access request, nginx receives the request and then distributes the request to single sign-on service, a filter in the single sign-on service directly passes through, an interceptor judges whether to dynamically set a transaction according to configuration requirements and then transfers to a controller, in the situation, an excFunOut method in the controller is used, a checkParams method is called in the excFunOut method, then micro-service/local service is called according to parameters, and the micro-service calling in the method is a micro-service/local service interface which returns a file stream result.
b. In the second case: the method comprises the steps that a browser sends an interface access request, nginx receives the request and then distributes the request to a single sign-on service, a filter in the single sign-on service directly passes through, an interceptor judges whether a transaction is set dynamically according to configuration requirements, then the interceptor is switched to a controller, in this case, an excFunThenOut method in the controller is used, a checkParams method is called in the excFunThenOut method firstly, then a micro-service/local service is called according to parameters, then a servicePath micro-service/local service interface is called to prepare before outputting a file, and finally a feignPath parameter is returned to point to a final file stream to output the micro-service/local service interface.
The calling service interface in cases 3 and 4 above may be any service interface, such as: opening a workflow instance, acquiring a UUID, executing a certain function service interface uploaded by a user, and the like. In this embodiment, it is agreed that base/excBackFun is a name of an interface for implementing a background separation function (the interface names in this embodiment are examples and may be named according to preferences of developers), that is, the interface is used when the servicePath = base/excBackFun is called. The interface edits the business logic in a JavaScript form by a secondary developer at a page management end. Then, a call is made, and at this time, dynamic JavaScript code used by the service is specified by a parameter backFunId (logical function identification ID) is introduced. When the method is called, the dynamic JavaScript code is acquired according to the ID and then executed to complete the service. The business can be logically edited in the dynamic JavaScript, wherein the local or other microservice interface can be called by using the method provided by commonFun.
a. Execution ("Path")// this is an unused parameter case
b. common fun. execute ("path", json. string.)// with parameter case
c. common fun. executive needfile ("path", json. stringfy.)// with file parameter
The three methods provided can call any micro service interface or local interface supported by the system, and can nest and call excBackFun, common Fun. Backfunld is also passed in when called, etc.
The use of the requestId rule of the invention ensures whether the parameter rule, the affair and the authority of the whole request need to be integrally controlled, enhances the safety, and can carry out the configuration on page, so that a secondary developer can directly carry out the configuration on page. In addition, the invention adopts the dynamic JavaScript technology to separate the business logic service from the functional service. The page editing realizes dynamic creation and modification of services, the writing complexity is low, and the platform can realize no BUG in the background as long as the services provided by the system and the secondary developers do not have BUG. And because the service logic codes are all dynamic, the service logic BUG can be directly debugged and checked to see whether the service logic BUG is normal after being modified, so that the processing of the service logic BUG becomes very simple.
Claims (10)
1. A parameter control method based on request identification is characterized by comprising the following steps:
(1) receiving an access request of a client, wherein the access request comprises a request identification ID;
(2) judging parameters carried by the access request, if carrying a request identification ID, acquiring an associated request parameter rule according to the ID, otherwise, returning an error;
(3) judging whether the request identification ID has a related request parameter rule or not, wherein the request identification ID and the related request parameter rule are pre-configured and stored in a database through a background management page when a developer develops; if the request identification ID does not have the associated request parameter rule, returning an error;
(4) and responding to the access request of the client according to the acquired pre-configured request parameter rule.
2. The method according to claim 1, wherein the items preconfigured in the request parameter rule include one or more of access right setting, transaction management for operation, limitation for parameter participation, call for a local service interface or a cloud micro-service interface, and acquisition of a global variable.
3. The method of claim 1,
if the request parameter rule comprises the configuration of the permission setting, checking the user access permission;
if the request parameter rule comprises the configuration of the transaction setting, dynamically setting the transaction;
if the request parameter rule comprises the configuration of whether the additional parameters are allowed to be added, carrying out corresponding verification according to the configuration condition; wherein the values of the configuration items include use, ignore, disable additional parameters;
if the request parameter rule comprises the configuration of calling a local service interface or a cloud micro-service interface, calling a specified interface and acquiring a corresponding execution result;
and if the request parameter rule comprises the configuration of obtaining the global variable, dynamically obtaining the value of the specified global variable.
4. The method according to claim 1, wherein if a plurality of configuration items are configured in the request parameter rule, each configuration item is executed according to a pre-agreed processing logic; the expression form of the configuration item adopts a fixed parameter form and a dynamic parameter form, and the parameter name and the parameter value of the configuration item in the fixed parameter form are both a preset fixed value or an EL expression; only configuring a dynamic parameter name in a configuration item in a dynamic parameter form, not setting a corresponding parameter value, dynamically acquiring the parameter value from the parameter carried by the access request according to the dynamic parameter name and assigning the value;
when the additional parameters are forbidden, if the parameters transmitted by the access request are not in the fixed parameter name and the dynamic parameter name, returning an error; when the extra parameters are ignored, if the access request incoming parameters are not in the fixed parameter name and the dynamic parameter name, the parameters are ignored; when the extra parameters are used, dynamic assignment is carried out according to the parameter values and the dynamic parameter names transmitted by the access request, and parameters which are not in the fixed parameter names and the dynamic parameter names are used.
5. The parameter control method based on the request identifier as claimed in claim 1, wherein when the access request of the client is a page request or an incoming document request in a page, the request identifier ID is not set, and when the page request or the incoming document request in a page is received, the requested page or the incoming document is directly returned to the client by the filter in the single sign-on service.
6. The method according to claim 1, wherein if the request parameter rule configures a specific service interface for invocation, or the service interface and the input parameter, and when the result returned by the service interface is the same as the result form required by the client, the request parameter rule directly routes to the specific service interface for execution and obtains the execution result;
and when the result returned by the service interface is in a character string form and is different from the file stream result form required by the client, routing to a specified service interface for execution, and then routing to another service interface specified by the parameter for execution according to the feignPath parameter carried in the execution result to obtain the file stream result.
7. The parameter control method based on the request identification as claimed in claim 1, wherein the access request of the client is served to the single sign-on service via the proxy, and the filter, the interceptor and the controller are arranged in the single sign-on service; the filter is used for processing page requests and incoming file requests of pages, the interceptor is used for dynamically setting transactions, and the controller is used for verifying and assembling parameters and calling a designated service interface.
8. An access control system based on request parameter identification, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the computer program, when loaded into the processor, implements a method for request parameter identification based parameter control according to any of claims 1-7.
9. A website platform rapid development system using the request identification-based parameter control method according to any one of claims 1 to 7, comprising:
the request parameter rule management module is used for managing the request identifier ID and the associated request parameter rule by a secondary developer;
the logic function dynamic code management module is used for managing a logic function identifier ID and a related dynamic JavaScript code for realizing a service logic function by a secondary developer;
the request parameter control module judges the request identification ID in the access request of the client and acquires the associated request parameter rule, and responds to the access request of the client according to the pre-configured request parameter rule; the method comprises the following steps:
the parameter checking unit is used for checking whether the parameter configuration conforms to a predefined rule;
the authority or transaction management unit is used for determining whether to check the access authority of the user or dynamically set the transaction according to the items configured in the request parameter rule;
the service interface processing unit is used for calling a specified service interface and acquiring an execution result according to a local service interface or a cloud micro-service interface configured by the request parameter, or the interface and the input parameter; the local service interface or the cloud micro-service interface comprises a background separation function realization interface, when the configuration item in the request parameter rule configures the background separation function realization interface, a logic function identification ID is designated at the same time, and when the background separation function realization interface is executed, the background separation function realization interface acquires a dynamic JavaScript code for realizing a corresponding service logic function according to the logic function identification ID, performs data injection and executes the code.
10. The website platform rapid development system according to claim 9, wherein the dynamic JavaScript code contains a call to a local service interface or a cloud micro-service interface that implements a base function; the basic function is provided by the self-carried service of the development system or the service uploaded by the secondary development user, and the corresponding function is realized in the form of a service interface.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110439664.8A CN113076502A (en) | 2021-04-23 | 2021-04-23 | Parameter control method and system based on request identification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110439664.8A CN113076502A (en) | 2021-04-23 | 2021-04-23 | Parameter control method and system based on request identification |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113076502A true CN113076502A (en) | 2021-07-06 |
Family
ID=76618667
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110439664.8A Pending CN113076502A (en) | 2021-04-23 | 2021-04-23 | Parameter control method and system based on request identification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113076502A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113709136A (en) * | 2021-08-25 | 2021-11-26 | 北京京东振世信息技术有限公司 | Access request verification method and device |
| CN113806104A (en) * | 2021-08-02 | 2021-12-17 | 北京房江湖科技有限公司 | Interface access request processing method, API gateway, server and system |
| CN113986384A (en) * | 2021-10-28 | 2022-01-28 | 数字天堂(北京)网络技术有限公司 | Processing device, method, equipment and storage medium based on client and cloud |
| CN114222401A (en) * | 2021-12-23 | 2022-03-22 | 长沙力合微智能科技有限公司 | Street lamp controller based on electric power thing networking |
| CN114356483A (en) * | 2022-01-05 | 2022-04-15 | 北京京航计算通讯研究所 | SAP ERP system data processing method |
| CN114500031A (en) * | 2022-01-21 | 2022-05-13 | 浙江惠瀜网络科技有限公司 | System, method, electronic device and medium for obtaining BI report form based on single sign-on |
Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020069261A1 (en) * | 2000-12-01 | 2002-06-06 | Bellare Kiran Gurudutt | Methods and systems for rule-based distributed and personlized content delivery |
| US20080082986A1 (en) * | 2006-10-02 | 2008-04-03 | Salesforce.Com, Inc. | Api method and system for providing access to an external service via an application services platform |
| US20110282709A1 (en) * | 2010-05-14 | 2011-11-17 | Oracle International Corporation | Dynamic human workflow task assignment using business rules |
| CN103530568A (en) * | 2012-07-02 | 2014-01-22 | 阿里巴巴集团控股有限公司 | Authority control method, device and system |
| CN103631829A (en) * | 2012-08-28 | 2014-03-12 | 阿里巴巴集团控股有限公司 | Method and device for responding to webpage access request |
| CN104580210A (en) * | 2015-01-04 | 2015-04-29 | 杭州华为数字技术有限公司 | Hotlinking prevention method, hotlinking prevention assembly and cloud platform under cloud platform environment |
| CN105516099A (en) * | 2015-11-30 | 2016-04-20 | 北京奇艺世纪科技有限公司 | Business side access method and device, and business side access rule configuration method and device |
| GB201611517D0 (en) * | 2016-06-30 | 2016-08-17 | Mtk Ip Ltd | Content management system |
| CN106713271A (en) * | 2016-11-25 | 2017-05-24 | 国云科技股份有限公司 | Web system log in constraint method based on single sign-on |
| WO2018006789A1 (en) * | 2016-07-04 | 2018-01-11 | 中兴通讯股份有限公司 | Parameter checking method and apparatus, and network management server and computer storage medium |
| CN108701201A (en) * | 2018-04-08 | 2018-10-23 | 深圳大学 | A kind of access control method of mobile terminal, device, terminal and storage medium |
| CN109344642A (en) * | 2018-08-31 | 2019-02-15 | 平安科技(深圳)有限公司 | Interface rules method of calibration, device, computer equipment and storage medium |
| CN109587133A (en) * | 2018-11-30 | 2019-04-05 | 武汉烽火众智智慧之星科技有限公司 | A kind of single-node login system and method |
| CN110801576A (en) * | 2019-11-19 | 2020-02-18 | 复旦大学附属华山医院 | Permanent dual-cavity pacemaker installation method with temporary pacing protection effect |
| CN110851274A (en) * | 2019-10-29 | 2020-02-28 | 深信服科技股份有限公司 | Resource access control method, device, equipment and storage medium |
| CN110941419A (en) * | 2019-11-27 | 2020-03-31 | 北京天元创新科技有限公司 | Operation configuration implementation method and system based on rule engine |
| CN111414391A (en) * | 2020-03-25 | 2020-07-14 | 平安资产管理有限责任公司 | Method and system for accessing multiple data sources |
| CN111680068A (en) * | 2020-06-02 | 2020-09-18 | 深圳乐信软件技术有限公司 | Verification method, device, equipment and storage medium |
| CN112214714A (en) * | 2020-11-06 | 2021-01-12 | 中国平安财产保险股份有限公司 | Request processing method, device and equipment based on configuration file and storage medium |
-
2021
- 2021-04-23 CN CN202110439664.8A patent/CN113076502A/en active Pending
Patent Citations (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020069261A1 (en) * | 2000-12-01 | 2002-06-06 | Bellare Kiran Gurudutt | Methods and systems for rule-based distributed and personlized content delivery |
| US20080082986A1 (en) * | 2006-10-02 | 2008-04-03 | Salesforce.Com, Inc. | Api method and system for providing access to an external service via an application services platform |
| US20110282709A1 (en) * | 2010-05-14 | 2011-11-17 | Oracle International Corporation | Dynamic human workflow task assignment using business rules |
| CN103530568A (en) * | 2012-07-02 | 2014-01-22 | 阿里巴巴集团控股有限公司 | Authority control method, device and system |
| CN103631829A (en) * | 2012-08-28 | 2014-03-12 | 阿里巴巴集团控股有限公司 | Method and device for responding to webpage access request |
| CN104580210A (en) * | 2015-01-04 | 2015-04-29 | 杭州华为数字技术有限公司 | Hotlinking prevention method, hotlinking prevention assembly and cloud platform under cloud platform environment |
| CN105516099A (en) * | 2015-11-30 | 2016-04-20 | 北京奇艺世纪科技有限公司 | Business side access method and device, and business side access rule configuration method and device |
| GB201611517D0 (en) * | 2016-06-30 | 2016-08-17 | Mtk Ip Ltd | Content management system |
| WO2018006789A1 (en) * | 2016-07-04 | 2018-01-11 | 中兴通讯股份有限公司 | Parameter checking method and apparatus, and network management server and computer storage medium |
| CN106713271A (en) * | 2016-11-25 | 2017-05-24 | 国云科技股份有限公司 | Web system log in constraint method based on single sign-on |
| CN108701201A (en) * | 2018-04-08 | 2018-10-23 | 深圳大学 | A kind of access control method of mobile terminal, device, terminal and storage medium |
| CN109344642A (en) * | 2018-08-31 | 2019-02-15 | 平安科技(深圳)有限公司 | Interface rules method of calibration, device, computer equipment and storage medium |
| CN109587133A (en) * | 2018-11-30 | 2019-04-05 | 武汉烽火众智智慧之星科技有限公司 | A kind of single-node login system and method |
| CN110851274A (en) * | 2019-10-29 | 2020-02-28 | 深信服科技股份有限公司 | Resource access control method, device, equipment and storage medium |
| CN110801576A (en) * | 2019-11-19 | 2020-02-18 | 复旦大学附属华山医院 | Permanent dual-cavity pacemaker installation method with temporary pacing protection effect |
| CN110941419A (en) * | 2019-11-27 | 2020-03-31 | 北京天元创新科技有限公司 | Operation configuration implementation method and system based on rule engine |
| CN111414391A (en) * | 2020-03-25 | 2020-07-14 | 平安资产管理有限责任公司 | Method and system for accessing multiple data sources |
| CN111680068A (en) * | 2020-06-02 | 2020-09-18 | 深圳乐信软件技术有限公司 | Verification method, device, equipment and storage medium |
| CN112214714A (en) * | 2020-11-06 | 2021-01-12 | 中国平安财产保险股份有限公司 | Request processing method, device and equipment based on configuration file and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 温蕴;孙亚;曹晓霞;: "将WEB挖掘技术应用于教学网站之实践", 电脑知识与技术, no. 16, 5 June 2009 (2009-06-05), pages 111 - 113 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113806104A (en) * | 2021-08-02 | 2021-12-17 | 北京房江湖科技有限公司 | Interface access request processing method, API gateway, server and system |
| CN113709136A (en) * | 2021-08-25 | 2021-11-26 | 北京京东振世信息技术有限公司 | Access request verification method and device |
| CN113986384A (en) * | 2021-10-28 | 2022-01-28 | 数字天堂(北京)网络技术有限公司 | Processing device, method, equipment and storage medium based on client and cloud |
| CN114222401A (en) * | 2021-12-23 | 2022-03-22 | 长沙力合微智能科技有限公司 | Street lamp controller based on electric power thing networking |
| CN114356483A (en) * | 2022-01-05 | 2022-04-15 | 北京京航计算通讯研究所 | SAP ERP system data processing method |
| CN114356483B (en) * | 2022-01-05 | 2023-04-21 | 北京京航计算通讯研究所 | SAP ERP system data processing method |
| CN114500031A (en) * | 2022-01-21 | 2022-05-13 | 浙江惠瀜网络科技有限公司 | System, method, electronic device and medium for obtaining BI report form based on single sign-on |
| CN114500031B (en) * | 2022-01-21 | 2024-06-04 | 浙江惠瀜网络科技有限公司 | System, method, electronic equipment and medium for acquiring BI report based on single sign-on |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113076502A (en) | Parameter control method and system based on request identification | |
| CN109885311B (en) | Application program generation method and device | |
| CN111988337B (en) | Authority management method and system | |
| US10891357B2 (en) | Managing the display of hidden proprietary software code to authorized licensed users | |
| US10908971B1 (en) | Method and system for generating a customizable connector | |
| CN111062028B (en) | Authority management method and device, storage medium and electronic equipment | |
| US10891298B2 (en) | Systems and methods for package component visualizations | |
| CN112612452B (en) | API platform realization method, device, equipment and storage medium | |
| CN112035163A (en) | Software development kit configuration method, device and storage medium | |
| US11552868B1 (en) | Collect and forward | |
| CN112543109A (en) | Cloud host creation method, system, server and storage medium | |
| CN112925589A (en) | Calling method and device of expansion interface | |
| CN110909290A (en) | Method and system for combining multiple systems into large single-page application | |
| JP2000172646A (en) | Application function designating device and storage medium | |
| CN113076095A (en) | Service implementation method and system based on separation of basic and logic functions | |
| CN113342543A (en) | Authentication center docking method, device, system and storage medium | |
| CN116107623A (en) | Software development method and device and electronic equipment | |
| CN113691575B (en) | Communication method, device and system | |
| CN115460010A (en) | Access request authentication method and device, electronic equipment and storage medium | |
| CN112346888A (en) | Data communication method and device based on software application and server equipment | |
| CN116991472B (en) | Method for managing global resources and computing device | |
| CN117608677B (en) | Plug-in generation method, cloud service system and service access method | |
| CN117762601B (en) | Method, system, terminal and storage medium for invoking hydra service | |
| Peres | Modern Web Development with ASP. NET Core 3: An end to end guide covering the latest features of Visual Studio 2019, Blazor and Entity Framework | |
| CN112181474B (en) | Block chain service processing method, electronic device and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |