[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN113076502A - Parameter control method and system based on request identification - Google Patents

Parameter control method and system based on request identification Download PDF

Info

Publication number
CN113076502A
CN113076502A CN202110439664.8A CN202110439664A CN113076502A CN 113076502 A CN113076502 A CN 113076502A CN 202110439664 A CN202110439664 A CN 202110439664A CN 113076502 A CN113076502 A CN 113076502A
Authority
CN
China
Prior art keywords
request
parameter
service interface
interface
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110439664.8A
Other languages
Chinese (zh)
Inventor
施海明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing Shiyun Network Technology Co ltd
Original Assignee
Nanjing Shiyun Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing Shiyun Network Technology Co ltd filed Critical Nanjing Shiyun Network Technology Co ltd
Priority to CN202110439664.8A priority Critical patent/CN113076502A/en
Publication of CN113076502A publication Critical patent/CN113076502A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/957Browsing optimisation, e.g. caching or content distillation

Landscapes

  • Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a parameter control method and a system based on a request identifier, which realize the control of client access request parameters through a request identifier ID and a request parameter rule related to the request identifier ID, after receiving an access request with the request identifier ID of a client, the method obtains the related request parameter rule according to the ID, and the request identifier ID and the related request parameter rule are configured in advance and stored in a database through a background management page by a developer during development; and responding to the access request of the client according to the acquired pre-configured request parameter rule. The invention can integrally control the parameters, the affairs and the authority of the specific request, effectively prevent malicious tampering and attack and enhance the safety. The invention can page the configuration of the request parameters, so that secondary developers can directly configure the parameters through the pages, and can more finely control the access.

Description

Parameter control method and system based on request identification
Technical Field
The invention relates to a parameter control method and system based on request identification, and belongs to the technical field of networks.
Background
In the construction process of a service platform website, parameters are generally directly transmitted in when a page request or service is called, a background develops an implementation method according to the pertinence of service logic, corresponding service logic is implemented by using the parameters transmitted in the process of accessing/calling the request, and authority and affair control is performed on a method body according to specific service requirements. The existing development mode makes the request parameter difficult to control and is easy to be tampered and attacked maliciously. And when the service requirement changes and needs to be upgraded, the background code needs to be upgraded, the upgrading period is long, and the maintenance cost is high.
Disclosure of Invention
The purpose of the invention is as follows: aiming at the problems that in the existing website platform development mode, developers need to carry out authority and transaction control in the background, the dynamic control of transactions and authorities in the same method for different services cannot be achieved, the management of parameters and authority transactions cannot be carried out in a page configuration mode, the requirements on website platform developers are high, and the like, the invention aims to provide a parameter control method and a system based on request identification.
The technical scheme is as follows: in order to achieve the above object, the present invention provides a parameter control method based on request identification, which includes the following steps:
(1) receiving an access request of a client, wherein the access request comprises a request identification ID;
(2) judging parameters carried by the access request, if carrying a request identification ID, acquiring an associated request parameter rule according to the ID, otherwise, returning an error;
(3) judging whether the request identification ID has a related request parameter rule or not, wherein the request identification ID and the related request parameter rule are pre-configured and stored in a database through a background management page when a developer develops; if the request identification ID does not have the associated request parameter rule, returning an error;
(4) and responding to the access request of the client according to the acquired pre-configured request parameter rule.
Preferably, the items preconfigured in the request parameter rule include one or more of access right setting, transaction management on operation, limitation on parameter participation condition, call of a local service interface or a cloud micro-service interface, and acquisition of a global variable.
Preferably, if the request parameter rule comprises the configuration of the permission setting, the verification of the user access permission is carried out; if the request parameter rule comprises the configuration of the transaction setting, dynamically setting the transaction; if the request parameter rule comprises the configuration of whether the additional parameters are allowed to be added, carrying out corresponding verification according to the configuration condition; wherein the values of the configuration items include use, ignore, disable additional parameters; if the request parameter rule comprises the configuration of calling a local service interface or a cloud micro-service interface, calling a specified interface and acquiring a corresponding execution result; and if the request parameter rule comprises the configuration of obtaining the global variable, dynamically obtaining the value of the specified global variable.
Preferably, if a plurality of configuration items are configured in the request parameter rule, executing each configuration item according to a pre-agreed processing logic; the expression form of the configuration item adopts a fixed parameter form and a dynamic parameter form, and the parameter name and the parameter value of the configuration item in the fixed parameter form are both a preset fixed value or an EL expression; only configuring a dynamic parameter name in a configuration item in a dynamic parameter form, not setting a corresponding parameter value, dynamically acquiring the parameter value from the parameter carried by the access request according to the dynamic parameter name and assigning the value; when the additional parameters are forbidden, if the parameters transmitted by the access request are not in the fixed parameter name and the dynamic parameter name, returning an error; when the extra parameters are ignored, if the access request incoming parameters are not in the fixed parameter name and the dynamic parameter name, the parameters are ignored; when the extra parameters are used, dynamic assignment is carried out according to the parameter values and the dynamic parameter names transmitted by the access request, and parameters which are not in the fixed parameter names and the dynamic parameter names are used.
Preferably, when the access request of the client is a page request or an incoming file request in a page, the request identification ID is not set, and when the page request or the incoming file request in the page is received, the requested page or the incoming file is directly returned to the client by the filter in the single sign-on service.
Preferably, if the request parameter rule configures a specified service interface to be called, or the service interface and the input parameter, and when the result returned by the service interface is the same as the result form required by the client, the request parameter rule is directly routed to the specified service interface to be executed and the execution result is obtained; and when the result returned by the service interface is in a character string form and is different from the file stream result form required by the client, routing to a specified service interface for execution, and then routing to another service interface specified by the parameter for execution according to the feignPath parameter carried in the execution result to obtain the file stream result.
Preferably, the access request of the client is sent to the single sign-on service through the proxy service, and a filter, an interceptor and a controller are arranged in the single sign-on service; the filter is used for processing page requests and incoming file requests of pages, the interceptor is used for dynamically setting transactions, and the controller is used for verifying and assembling parameters and calling a designated service interface.
Based on the same inventive concept, the invention provides an access control system based on request parameter identification, which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the computer program realizes the request parameter identification-based parameter control method when being loaded to the processor.
The invention provides a website platform rapid development system adopting the request identification-based parameter control method, which comprises the following steps:
the request parameter rule management module is used for managing the request identifier ID and the associated request parameter rule by a secondary developer;
the logic function dynamic code management module is used for managing a logic function identifier ID and a related dynamic JavaScript code for realizing a service logic function by a secondary developer;
the request parameter control module judges the request identification ID in the access request of the client and acquires the associated request parameter rule, and responds to the access request of the client according to the pre-configured request parameter rule; the method comprises the following steps:
the parameter checking unit is used for checking whether the parameter configuration conforms to a predefined rule;
the authority or transaction management unit is used for determining whether to check the access authority of the user or dynamically set the transaction according to the items configured in the request parameter rule;
the service interface processing unit is used for calling a specified service interface and acquiring an execution result according to a local service interface or a cloud micro-service interface configured by the request parameter, or the interface and the input parameter; the local service interface or the cloud micro-service interface comprises a background separation function realization interface, when the configuration item in the request parameter rule configures the background separation function realization interface, a logic function identification ID is designated at the same time, and when the background separation function realization interface is executed, the background separation function realization interface acquires a dynamic JavaScript code for realizing a corresponding service logic function according to the logic function identification ID, performs data injection and executes the code.
Preferably, the dynamic JavaScript code includes a call to a local service interface or a cloud micro-service interface for implementing a basic function; the basic function is provided by the self-carried service of the development system or the service uploaded by the secondary development user, and the corresponding function is realized in the form of a service interface.
Has the advantages that: compared with the prior art, the method and the device have the advantages that the parameter rule of the whole request is associated by introducing the request identifier, so that the parameters, the affairs and the authority of the specific request can be integrally controlled, malicious tampering and attack are effectively prevented, and the safety is enhanced. And the introduction of the request identification enables the affairs, the authority control and the like of different request entering methods to be dynamically managed. The parameters, the permission and the affairs of the integrated management are directed to the request of the client instead of the background method, and the method is essentially different from the traditional method of directly adding the control to the background. The invention can perform page configuration on the request parameters, so that secondary developers can directly perform permission, transaction and parameter configuration through the page, and can perform more detailed control on access. In addition, based on the rapid development system provided by the invention, a secondary development user can conveniently configure the request parameter rule and realize rapid development of the service logic function based on the dynamic JavaScript code, thereby reducing the development difficulty and ensuring the development flexibility.
Drawings
FIG. 1 is a flow chart of an embodiment of the present invention.
Fig. 2 is an architecture diagram for implementing an embodiment of the present invention.
Fig. 3 is a schematic diagram illustrating a page/incoming document request flow in the embodiment of the present invention.
Fig. 4 is a schematic flow chart of an interface access request according to an embodiment of the present invention.
Fig. 5 is a schematic diagram of a parameter verification process in the embodiment of the present invention.
Detailed Description
The technical solution of the present invention will be clearly and completely described below with reference to the accompanying drawings and specific embodiments.
As shown in fig. 1, a parameter control method based on a request identifier disclosed in the embodiment of the present invention implements control on a client access request parameter through a request identifier id (requestid) and a request parameter rule associated therewith, and the method includes: the client sends an access request, and the secondary developer configures a request identifier ID and an associated request parameter rule through a background management page during development of the access request; the server side judges parameters carried by the access request after receiving the access request, if the request identification ID is carried, the associated request parameter rule is obtained according to the ID, otherwise, an error is returned; then judging whether the request identification ID has a related request parameter rule, if not, returning an error; and finally responding to the access request of the client according to the acquired pre-configured request parameter rule. Based on the parameter control method, secondary developers can realize various detailed controls supported by the platform only by configuring the rules of the request parameters in a configuration mode, and only one request Identification (ID) is exposed to the client, so that malicious tampering and attack are effectively prevented.
In a specific development platform, items pre-configured in the request parameter rule may include one or more of access authority setting, transaction management on operation (such as database transaction, transaction for accessing the whole interface, and if an error occurs, rollback operation is executed), restriction on parameter participation conditions (such as no more parameters, no less parameters, a parameter name specifying a value that can be transmitted to different values according to different services, whether additional parameters are allowed, keys and values of parameters are fixed and are not allowed to change, and the like), call on a local service interface or a cloud micro-service interface, and acquisition of global variables. If the request parameter rule comprises the configuration of the permission setting, checking the user access permission; if the request parameter rule comprises the configuration of the transaction setting, dynamically setting the transaction; if the request parameter rule comprises the configuration of whether the additional parameters are allowed to be added, carrying out corresponding verification according to the configuration condition; wherein the values of the configuration items include use, ignore, disable additional parameters; if the request parameter rule comprises the configuration of calling a local service interface or a cloud micro-service interface, calling a specified interface and acquiring a corresponding execution result; and if the request parameter rule comprises the configuration of obtaining the global variable, dynamically obtaining the value of the specified global variable.
If a plurality of configuration items are configured in the request parameter rule, executing each configuration item according to a predetermined processing logic, for example, performing permission verification first, then performing transaction setting, obtaining parameters first, then calling service interfaces, and the like, and calling a plurality of service interfaces in sequence according to the sequence of configuration, and the like. The expression form of the configuration item adopts a fixed parameter form and a dynamic parameter form, the parameter name and the parameter value in the configuration item in the fixed parameter form are both preset fixed values (the fixed parameter is set by a developer and cannot be tampered by final client access, and the parameter value can be an EL expression, such as $ { userId }, so that a global variable can be obtained); and only configuring the dynamic parameter name in the configuration items in the dynamic parameter form, not setting the corresponding parameter value, dynamically acquiring the parameter value from the parameters carried by the access request according to the dynamic parameter name and assigning the value (for the condition that the parameter value is different due to different requests). If the extra parameter configuration is allowed or not, whether the extra parameter is transmitted or not is observed according to the fixed parameter and dynamic parameter rules, and the transmitted parameters are not checked to pass if the transmitted parameters are not in the fixed parameter name and the dynamic parameter name. If the configuration is used, redundant parameters can be introduced, and if the configuration is ignored, the redundant parameters are eliminated and then executed downwards.
For example, a local service interface or a cloud micro-service interface supported by a background may be configured by a servicePath parameter name, for example, servicePath = act/startprocessinsenstancebykey represents an interface for starting a workflow instance in a configuration call workflow service, servicePath = base/getUUID represents an interface for obtaining a UUID provided in a configuration call basic service; it can also indicate that the transaction needs to be dynamically set by configuring transaction =1, and configuring auth =0 indicates that no permission is needed, such as that no permission represents that the transaction can be directly accessed without logging in. The request identification is created by a developer on a background management page, and the associated request parameter rule is edited and stored in a database after being configured. When the interface is accessed, the request identification ID of the associated request parameter rule is taken, and parameter setting or verification can be immediately carried out according to the ID in the background, such as user access authority verification, dynamic transaction setting and the like according to the authority and transaction setting conditions contained in the request parameter rule. The parameter condition of the request can be effectively controlled by formulating the request parameter rule, and some illegal requests are prevented from being generated.
When a page request or an incoming file (such as js file, css file and the like) in a page is requested, a request identification ID is not set, and when the page request or the incoming file request in the page is received, a filter in the single sign-on service directly returns the requested page or the incoming file to a client.
In addition, for the calling situation of the service interface, if the request parameter rule configures a service interface for calling and specifying (if a parameter is specified at the same time, if a service for calling and executing a database statement needs to specify a corresponding statement sqlId at the same time, the sqlId is associated with a preconfigured database statement), and the result returned by the service interface is the same as the result form required by the client, the service interface is directly routed to the specified service interface for execution and the execution result is obtained. If the result returned by the service interface is in a character string form and is different from the file stream result form required by the client, the result is routed to the specified service interface for execution and then routed to another appointed service interface for execution so as to obtain the file stream result. The local service interface or cloud microservice interface can be an interface provided by a development platform, such as a system database service (used for receiving SQL and parameters to the database execution and packaging the return result), a file service (file uploading and downloading), an authentication service, a workflow service, a message service, and the like. Or a service interface which is developed and uploaded by a secondary developer, such as a service for realizing specific business logic.
Fig. 2 is an architecture diagram that may be used in an embodiment of the present invention, in which a client requests access to a single sign-on service (sso) via an agent service (nginx), and a filter, an interceptor, and a controller are set in the single sign-on service; the system comprises a filter, an interceptor and a controller, wherein the filter is mainly used for processing page requests and incoming file requests of pages, the interceptor is mainly used for dynamically setting transactions, and the controller is mainly used for verifying and assembling parameters and calling a specified service interface.
Based on the same inventive concept, an access control system based on request parameter identification provided by an embodiment of the present invention includes a memory, a processor, and a computer program stored on the memory and executable on the processor, where the computer program implements the foregoing parameter control method based on request identification when being loaded onto the processor.
Based on the above request identifier-based parameter control method, another embodiment of the present invention discloses a website platform rapid development system, which includes: the request parameter rule management module is used for managing the request identifier ID and the associated request parameter rule by a secondary developer; the logic function dynamic code management module is used for managing a logic function identifier ID and a related dynamic JavaScript code for realizing a service logic function by a secondary developer; and the request parameter control module judges the request identification ID in the access request of the client and acquires the associated request parameter rule, and responds to the access request of the client according to the pre-configured request parameter rule. The request parameter control module comprises: the parameter checking unit is used for checking whether the parameter configuration conforms to a predefined rule; the authority or transaction management unit is used for determining whether to check the access authority of the user or dynamically set the transaction according to the items configured in the request parameter rule; the service interface processing unit is used for calling a specified service interface and acquiring an execution result according to a local service interface or a cloud micro-service interface configured by the request parameter, or the interface and the input parameter; the local service interface or the cloud micro-service interface comprises a background separation function realization interface, when configuration items in the request parameter rules configure the background separation function realization interface, a logic function identification ID is simultaneously appointed, and the background separation function realization interface acquires dynamic JavaScript codes for realizing corresponding business logic functions according to the logic function identification ID during execution, performs data injection and executes the codes. The dynamic JavaScript code can be edited by the secondary development user using an online code editor such as CodeMirror, and the code includes a call to a local service interface or a cloud microservice interface for implementing a basic function. The basic functions are provided by self-carried services of the development system or services uploaded by secondary development users, and corresponding functions such as a mail function, a file uploading and downloading function, an authentication function, a workflow function, a database access function and the like are realized in the form of service interfaces. The service function is automatically realized by a secondary development user according to the application requirement of a specific website platform, such as the verification of service data format and data consistency.
The following describes the specific application of the method of the present invention in detail with reference to several common request scenarios.
1. Request page
As shown in fig. 3, the browser sends a page request, nginx receives the request and then distributes the request to the single sign-on service, and the filter in the single sign-on service finds out the corresponding page from the memory directly and processes the page and then returns the page (directly find out the corresponding page according to the address of the request, where the requestId of the association request parameter rule does not need to be configured).
2. Requesting import files in pages, e.g. js, css files, etc
As shown in fig. 3, similar to the page request, the browser sends a page import file request, nginx receives the request and then distributes the request to the single sign-on service, and the filter in the single sign-on service finds that the import file is requested to directly find the corresponding file from the memory and return the file after processing (directly find the corresponding import file according to the address of the request, where the requestId of the association request parameter rule does not need to be configured).
3. Case of request for return of string result
As shown in fig. 4, the browser sends an interface access request, nginx receives the request and then distributes the request to a single sign-on service, a filter in the single sign-on service directly passes through the filter, the interceptor forwards the request to the interceptor, the interceptor judges whether to dynamically set a transaction according to configuration requirements and then forwards the request to the controller, in this case, an excFun method in the controller is used, a checkParams method (checkParams performs parameter verification and assembly as shown in fig. 5) is called in the excFun method, and then a micro service/local service is called according to the parameters.
4. Case of requesting to return a file stream
The file stream is returned under two conditions, the first condition is that the file stream is returned by the micro service interface specified by the configured servicePath, and the second condition is that the micro service interface specified by the servicePath executes other operations in advance, such as inquiring the storage position of a file, or inserting and recording the file into a database, etc., after the operations are finished, a file is returned to call the micro service interface parameter feignPath, and the micro service is returned according to the feignPath (the micro service interface specified by the feignPath must be the micro service interface for returning the file stream).
a. In the first case: the browser sends an interface access request, nginx receives the request and then distributes the request to single sign-on service, a filter in the single sign-on service directly passes through, an interceptor judges whether to dynamically set a transaction according to configuration requirements and then transfers to a controller, in the situation, an excFunOut method in the controller is used, a checkParams method is called in the excFunOut method, then micro-service/local service is called according to parameters, and the micro-service calling in the method is a micro-service/local service interface which returns a file stream result.
b. In the second case: the method comprises the steps that a browser sends an interface access request, nginx receives the request and then distributes the request to a single sign-on service, a filter in the single sign-on service directly passes through, an interceptor judges whether a transaction is set dynamically according to configuration requirements, then the interceptor is switched to a controller, in this case, an excFunThenOut method in the controller is used, a checkParams method is called in the excFunThenOut method firstly, then a micro-service/local service is called according to parameters, then a servicePath micro-service/local service interface is called to prepare before outputting a file, and finally a feignPath parameter is returned to point to a final file stream to output the micro-service/local service interface.
The calling service interface in cases 3 and 4 above may be any service interface, such as: opening a workflow instance, acquiring a UUID, executing a certain function service interface uploaded by a user, and the like. In this embodiment, it is agreed that base/excBackFun is a name of an interface for implementing a background separation function (the interface names in this embodiment are examples and may be named according to preferences of developers), that is, the interface is used when the servicePath = base/excBackFun is called. The interface edits the business logic in a JavaScript form by a secondary developer at a page management end. Then, a call is made, and at this time, dynamic JavaScript code used by the service is specified by a parameter backFunId (logical function identification ID) is introduced. When the method is called, the dynamic JavaScript code is acquired according to the ID and then executed to complete the service. The business can be logically edited in the dynamic JavaScript, wherein the local or other microservice interface can be called by using the method provided by commonFun.
a. Execution ("Path")// this is an unused parameter case
b. common fun. execute ("path", json. string.)// with parameter case
c. common fun. executive needfile ("path", json. stringfy.)// with file parameter
The three methods provided can call any micro service interface or local interface supported by the system, and can nest and call excBackFun, common Fun. Backfunld is also passed in when called, etc.
The use of the requestId rule of the invention ensures whether the parameter rule, the affair and the authority of the whole request need to be integrally controlled, enhances the safety, and can carry out the configuration on page, so that a secondary developer can directly carry out the configuration on page. In addition, the invention adopts the dynamic JavaScript technology to separate the business logic service from the functional service. The page editing realizes dynamic creation and modification of services, the writing complexity is low, and the platform can realize no BUG in the background as long as the services provided by the system and the secondary developers do not have BUG. And because the service logic codes are all dynamic, the service logic BUG can be directly debugged and checked to see whether the service logic BUG is normal after being modified, so that the processing of the service logic BUG becomes very simple.

Claims (10)

1.一种基于请求标识的参数控制方法,其特征在于,包括如下步骤:1. a parameter control method based on request identification, is characterized in that, comprises the steps: (1)接收客户端的访问请求,所述访问请求中包括请求标识ID;(1) Receive an access request from the client, where the access request includes a request identification ID; (2)对访问请求携带的参数进行判断,若携带请求标识ID,则根据ID获取关联的请求参数规则,否则返回错误;(2) Judging the parameters carried by the access request, if the request ID is carried, obtain the associated request parameter rules according to the ID, otherwise return an error; (3)判断所述请求标识ID是否存在关联的请求参数规则,所述请求标识ID及关联的请求参数规则由开发人员在开发时通过后台管理页面预先配置并保存在数据库中;若所述请求标识ID不存在关联的请求参数规则,则返回错误;(3) Judging whether the request ID has an associated request parameter rule, the request ID and the associated request parameter rule are pre-configured by the developer through the background management page during development and stored in the database; if the request If the ID does not have an associated request parameter rule, an error is returned; (4)根据获取到的预先配置的请求参数规则对客户端的访问请求进行响应。(4) Respond to the client's access request according to the acquired pre-configured request parameter rules. 2.根据权利要求1所述的基于请求标识的参数控制方法,其特征在于,所述请求参数规则中预先配置的项目包括访问权限设定、对操作进行事务管理、对参数参与情况进行限制、对本地服务接口或云端微服务接口的调用、获取全局变量中的一种或多种。2. The parameter control method based on request identification according to claim 1, wherein the items preconfigured in the request parameter rule include access authority setting, transaction management for operations, restriction on parameter participation, One or more of calling the local service interface or cloud microservice interface and obtaining global variables. 3.根据权利要求1所述的基于请求标识的参数控制方法,其特征在于,3. The parameter control method based on request identification according to claim 1, is characterized in that, 若请求参数规则中包括权限设定的配置,则进行用户访问权限的校验;If the request parameter rule includes the configuration of the permission setting, check the user's access permission; 若请求参数规则中包括事务设定的配置,则进行动态设置事务;If the request parameter rule includes the configuration of the transaction setting, the dynamic setting transaction is performed; 若请求参数规则中包括是否允许额外参数加入的配置,则根据配置情况进行相应的校验;其中配置项的值包括使用、忽略、禁止额外参数;If the request parameter rule includes the configuration of whether to allow additional parameters to be added, the corresponding verification is performed according to the configuration; the value of the configuration item includes use, ignore, and prohibit additional parameters; 若请求参数规则中包括调用本地服务接口或云端微服务接口的配置,则调用指定的接口并获取相应的执行结果;If the request parameter rule includes the configuration of calling the local service interface or the cloud microservice interface, the specified interface is called and the corresponding execution result is obtained; 若请求参数规则中包括获取全局变量的配置,则动态获取指定的全局变量的取值。If the request parameter rule includes the configuration for obtaining the global variable, the value of the specified global variable is dynamically obtained. 4.根据权利要求1所述的基于请求标识的参数控制方法,其特征在于,若请求参数规则中配置有多个配置项目,根据预先约定的处理逻辑执行各个配置项目;配置项目的表现形式采用固定参数形式和动态参数形式,固定参数形式的配置项目中参数名和参数值均为预先约定的固定值或EL表达式;动态参数形式的配置项目中只配置动态参数名,不设置对应的参数值,根据动态参数名从访问请求携带的参数中动态获取参数值并进行赋值;4. The parameter control method based on request identification according to claim 1, wherein, if multiple configuration items are configured in the request parameter rule, each configuration item is executed according to a pre-agreed processing logic; Fixed parameter form and dynamic parameter form. The parameter name and parameter value in the configuration item in the fixed parameter form are both pre-agreed fixed values or EL expressions; in the configuration item in the dynamic parameter form, only the dynamic parameter name is configured, and the corresponding parameter value is not set , dynamically obtain the parameter value from the parameter carried by the access request and assign it according to the dynamic parameter name; 当禁止额外参数时,如果访问请求传入参数有不在固定参数名和动态参数名中的,则返回错误;当忽视额外参数时,如果访问请求传入参数有不在固定参数名和动态参数名中的,则忽视;当使用额外参数时,则根据访问请求传入参数值和动态参数名进行动态赋值并使用不在固定参数名和动态参数名以外的参数。When extra parameters are prohibited, if the incoming parameters of the access request are not in the fixed parameter name and dynamic parameter name, an error will be returned; when the extra parameters are ignored, if the incoming parameters of the access request are not in the fixed parameter name and dynamic parameter name, an error will be returned. It is ignored; when additional parameters are used, the parameter values and dynamic parameter names are passed in according to the access request for dynamic assignment, and parameters other than fixed parameter names and dynamic parameter names are used. 5.根据权利要求1所述的基于请求标识的参数控制方法,其特征在于,客户端的访问请求为页面请求或页面中的引入文件请求时,不设置请求标识ID,接收到页面请求或页面中的引入文件请求时,由单点登录服务中过滤器直接向客户端返回所请求的页面或引入的文件。5. the parameter control method based on request identification according to claim 1, is characterized in that, when the access request of client is a page request or the introduction file request in the page, do not set the request identification ID, receive the page request or in the page When importing a file is requested, the filter in the single sign-on service directly returns the requested page or imported file to the client. 6.根据权利要求1所述的基于请求标识的参数控制方法,其特征在于,若请求参数规则配置了调用指定的服务接口,或,服务接口和输入参数,在所述服务接口返回的结果与客户端所要求的结果形式相同时,则直接路由到指定的服务接口执行并获取执行结果;6. The parameter control method based on request identification according to claim 1, is characterized in that, if the request parameter rule is configured to call the specified service interface, or, the service interface and the input parameter, the result returned in the service interface is the same as that of the input parameter. When the result form required by the client is the same, it will directly route to the specified service interface for execution and obtain the execution result; 在所述服务接口返回的结果为字符串形式,与客户端所要求的文件流结果形式不同时,则路由到指定服务接口执行后,再根据执行结果中携带的feignPath参数路由到该参数指定的另一服务接口执行以获取文件流结果。When the result returned by the service interface is in the form of a string, which is different from the file stream result format required by the client, it will be routed to the specified service interface for execution, and then routed to the specified service interface according to the feignPath parameter carried in the execution result. Another service interface executes to get the file stream results. 7.根据权利要求1所述的基于请求标识的参数控制方法,其特征在于,客户端的访问请求经代理服务到单点登录服务,在单点登录服务中设置过滤器、拦截器和控制器;所述过滤器用于处理页面请求和页面的引入文件请求,所述拦截器用于动态设置事务,所述控制器用于对参数进行校验、组装及指定服务接口的调用。7. The parameter control method based on request identification according to claim 1, is characterized in that, the access request of client is sent to single sign-on service through proxy service, and filter, interceptor and controller are set in single sign-on service; The filter is used to process the page request and the import file request of the page, the interceptor is used to dynamically set the transaction, and the controller is used to verify the parameters, assemble and call the specified service interface. 8.一种基于请求参数标识的访问控制系统,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述计算机程序被加载至处理器时实现根据权利要求1-7任一项所述的基于请求标识的参数控制方法。8. An access control system based on request parameter identification, comprising memory, processor and a computer program stored on the memory and running on the processor, characterized in that, when the computer program is loaded into the processor, the The request identifier-based parameter control method according to any one of claims 1-7. 9.一种采用权利要求1-7任一项所述的基于请求标识的参数控制方法的网站平台快速开发系统,其特征在于,包括:9. a website platform rapid development system adopting the parameter control method based on the request identification according to any one of claims 1-7, is characterized in that, comprising: 请求参数规则管理模块,用于二次开发人员管理请求标识ID及关联的请求参数规则;The request parameter rule management module is used for secondary developers to manage the request ID and associated request parameter rules; 逻辑功能动态代码管理模块,用于二次开发人员管理逻辑功能标识ID及关联的实现业务逻辑功能的动态JavaScript代码;The logic function dynamic code management module is used for secondary developers to manage the logic function identification ID and the associated dynamic JavaScript code that realizes the business logic function; 以及,请求参数控制模块,对客户端的访问请求中的请求标识ID进行判断并获取关联的请求参数规则,以及根据预先配置的请求参数规则对客户端的访问请求进行响应;包括:And, the request parameter control module judges the request identifier ID in the client's access request and obtains the associated request parameter rule, and responds to the client's access request according to the preconfigured request parameter rule; including: 参数校验单元,用于校验参数配置是否符合预先定义的规则;The parameter verification unit is used to verify whether the parameter configuration conforms to the predefined rules; 权限或事务管理单元,用于根据请求参数规则中配置的项目确定是否进行用户访问权限的校验或动态设置事务;A permission or transaction management unit, which is used to determine whether to verify user access rights or dynamically set transactions according to the items configured in the request parameter rules; 以及,服务接口处理单元,用于根据请求参数配置的本地服务接口或云端微服务接口,或接口和输入参数,调用指定服务接口并获取执行结果;所述本地服务接口或云端微服务接口包括后台分离功能实现接口,所述请求参数规则中的配置项目配置后台分离功能实现接口时,同时指定逻辑功能标识ID,所述后台分离功能实现接口在执行时根据逻辑功能标识ID获取实现对应业务逻辑功能的动态JavaScript代码,进行数据注入并执行代码。And, the service interface processing unit is used to call the specified service interface and obtain the execution result according to the local service interface or cloud micro-service interface configured according to the request parameters, or the interface and the input parameters; the local service interface or the cloud micro-service interface includes a background Separation function realization interface, when the configuration item in the request parameter rule configures the background separation function realization interface, the logical function identifier ID is specified at the same time, and the background separation function realization interface is obtained according to the logical function identifier ID during execution to realize the corresponding business logic function dynamic JavaScript code that performs data injection and executes the code. 10.根据权利要求9所述的网站平台快速开发系统,其特征在于,所述动态JavaScript代码包含对实现基础功能的本地服务接口或云端微服务接口的调用;所述基础功能由开发系统自带服务或由二次开发用户上传的服务提供,以服务接口的形式实现相应的功能。10. The website platform rapid development system according to claim 9, wherein the dynamic JavaScript code includes a call to a local service interface or a cloud micro-service interface that implements basic functions; the basic functions are carried by the development system The service is provided by the service uploaded by the secondary development user, and the corresponding function is realized in the form of a service interface.
CN202110439664.8A 2021-04-23 2021-04-23 Parameter control method and system based on request identification Pending CN113076502A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110439664.8A CN113076502A (en) 2021-04-23 2021-04-23 Parameter control method and system based on request identification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110439664.8A CN113076502A (en) 2021-04-23 2021-04-23 Parameter control method and system based on request identification

Publications (1)

Publication Number Publication Date
CN113076502A true CN113076502A (en) 2021-07-06

Family

ID=76618667

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110439664.8A Pending CN113076502A (en) 2021-04-23 2021-04-23 Parameter control method and system based on request identification

Country Status (1)

Country Link
CN (1) CN113076502A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113591048A (en) * 2021-08-06 2021-11-02 中国建设银行股份有限公司 Method and device for processing parameter service data
CN113709136A (en) * 2021-08-25 2021-11-26 北京京东振世信息技术有限公司 Access request verification method and device
CN113806104A (en) * 2021-08-02 2021-12-17 北京房江湖科技有限公司 Interface access request processing method, API gateway, server and system
CN113986384A (en) * 2021-10-28 2022-01-28 数字天堂(北京)网络技术有限公司 Processing device, method, equipment and storage medium based on client and cloud
CN114036552A (en) * 2021-10-26 2022-02-11 南方电网深圳数字电网研究院有限公司 Data authority control method and device based on microservice
CN114222401A (en) * 2021-12-23 2022-03-22 长沙力合微智能科技有限公司 Street lamp controller based on electric power thing networking
CN114328446A (en) * 2021-11-24 2022-04-12 北京金山云网络技术有限公司 Database parameter setting method and device and electronic equipment
CN114356483A (en) * 2022-01-05 2022-04-15 北京京航计算通讯研究所 SAP ERP system data processing method
CN114500031A (en) * 2022-01-21 2022-05-13 浙江惠瀜网络科技有限公司 System, method, electronic device and medium for obtaining BI report form based on single sign-on
CN115665255A (en) * 2022-10-24 2023-01-31 国网信息通信产业集团有限公司 A cloud edge service component

Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020069261A1 (en) * 2000-12-01 2002-06-06 Bellare Kiran Gurudutt Methods and systems for rule-based distributed and personlized content delivery
US20080082986A1 (en) * 2006-10-02 2008-04-03 Salesforce.Com, Inc. Api method and system for providing access to an external service via an application services platform
US20110282709A1 (en) * 2010-05-14 2011-11-17 Oracle International Corporation Dynamic human workflow task assignment using business rules
CN103530568A (en) * 2012-07-02 2014-01-22 阿里巴巴集团控股有限公司 Authority control method, device and system
CN103631829A (en) * 2012-08-28 2014-03-12 阿里巴巴集团控股有限公司 Method and device for responding to webpage access request
CN104580210A (en) * 2015-01-04 2015-04-29 杭州华为数字技术有限公司 Hotlinking prevention method, hotlinking prevention assembly and cloud platform under cloud platform environment
CN105516099A (en) * 2015-11-30 2016-04-20 北京奇艺世纪科技有限公司 Business side access method and device, and business side access rule configuration method and device
GB201611517D0 (en) * 2016-06-30 2016-08-17 Mtk Ip Ltd Content management system
CN106713271A (en) * 2016-11-25 2017-05-24 国云科技股份有限公司 A Web System Login Constraint Method Based on Single Sign-On
WO2018006789A1 (en) * 2016-07-04 2018-01-11 中兴通讯股份有限公司 Parameter checking method and apparatus, and network management server and computer storage medium
CN108701201A (en) * 2018-04-08 2018-10-23 深圳大学 Access control method, device, terminal and storage medium of a mobile terminal
CN109344642A (en) * 2018-08-31 2019-02-15 平安科技(深圳)有限公司 Interface rules method of calibration, device, computer equipment and storage medium
CN109587133A (en) * 2018-11-30 2019-04-05 武汉烽火众智智慧之星科技有限公司 A kind of single-node login system and method
CN110801576A (en) * 2019-11-19 2020-02-18 复旦大学附属华山医院 A permanent dual-chamber pacemaker installation method with temporary pacing protection
CN110851274A (en) * 2019-10-29 2020-02-28 深信服科技股份有限公司 Resource access control method, device, equipment and storage medium
CN110941419A (en) * 2019-11-27 2020-03-31 北京天元创新科技有限公司 Operation configuration implementation method and system based on rule engine
CN111414391A (en) * 2020-03-25 2020-07-14 平安资产管理有限责任公司 Method and system for accessing multiple data sources
CN111680068A (en) * 2020-06-02 2020-09-18 深圳乐信软件技术有限公司 A verification method, device, equipment and storage medium
CN112214714A (en) * 2020-11-06 2021-01-12 中国平安财产保险股份有限公司 Request processing method, device and equipment based on configuration file and storage medium

Patent Citations (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020069261A1 (en) * 2000-12-01 2002-06-06 Bellare Kiran Gurudutt Methods and systems for rule-based distributed and personlized content delivery
US20080082986A1 (en) * 2006-10-02 2008-04-03 Salesforce.Com, Inc. Api method and system for providing access to an external service via an application services platform
US20110282709A1 (en) * 2010-05-14 2011-11-17 Oracle International Corporation Dynamic human workflow task assignment using business rules
CN103530568A (en) * 2012-07-02 2014-01-22 阿里巴巴集团控股有限公司 Authority control method, device and system
CN103631829A (en) * 2012-08-28 2014-03-12 阿里巴巴集团控股有限公司 Method and device for responding to webpage access request
CN104580210A (en) * 2015-01-04 2015-04-29 杭州华为数字技术有限公司 Hotlinking prevention method, hotlinking prevention assembly and cloud platform under cloud platform environment
CN105516099A (en) * 2015-11-30 2016-04-20 北京奇艺世纪科技有限公司 Business side access method and device, and business side access rule configuration method and device
GB201611517D0 (en) * 2016-06-30 2016-08-17 Mtk Ip Ltd Content management system
WO2018006789A1 (en) * 2016-07-04 2018-01-11 中兴通讯股份有限公司 Parameter checking method and apparatus, and network management server and computer storage medium
CN106713271A (en) * 2016-11-25 2017-05-24 国云科技股份有限公司 A Web System Login Constraint Method Based on Single Sign-On
CN108701201A (en) * 2018-04-08 2018-10-23 深圳大学 Access control method, device, terminal and storage medium of a mobile terminal
CN109344642A (en) * 2018-08-31 2019-02-15 平安科技(深圳)有限公司 Interface rules method of calibration, device, computer equipment and storage medium
CN109587133A (en) * 2018-11-30 2019-04-05 武汉烽火众智智慧之星科技有限公司 A kind of single-node login system and method
CN110851274A (en) * 2019-10-29 2020-02-28 深信服科技股份有限公司 Resource access control method, device, equipment and storage medium
CN110801576A (en) * 2019-11-19 2020-02-18 复旦大学附属华山医院 A permanent dual-chamber pacemaker installation method with temporary pacing protection
CN110941419A (en) * 2019-11-27 2020-03-31 北京天元创新科技有限公司 Operation configuration implementation method and system based on rule engine
CN111414391A (en) * 2020-03-25 2020-07-14 平安资产管理有限责任公司 Method and system for accessing multiple data sources
CN111680068A (en) * 2020-06-02 2020-09-18 深圳乐信软件技术有限公司 A verification method, device, equipment and storage medium
CN112214714A (en) * 2020-11-06 2021-01-12 中国平安财产保险股份有限公司 Request processing method, device and equipment based on configuration file and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
温蕴;孙亚;曹晓霞;: "将WEB挖掘技术应用于教学网站之实践", 电脑知识与技术, no. 16, 5 June 2009 (2009-06-05), pages 111 - 113 *

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113806104A (en) * 2021-08-02 2021-12-17 北京房江湖科技有限公司 Interface access request processing method, API gateway, server and system
CN113591048A (en) * 2021-08-06 2021-11-02 中国建设银行股份有限公司 Method and device for processing parameter service data
CN113709136A (en) * 2021-08-25 2021-11-26 北京京东振世信息技术有限公司 Access request verification method and device
CN114036552A (en) * 2021-10-26 2022-02-11 南方电网深圳数字电网研究院有限公司 Data authority control method and device based on microservice
CN113986384A (en) * 2021-10-28 2022-01-28 数字天堂(北京)网络技术有限公司 Processing device, method, equipment and storage medium based on client and cloud
CN114328446A (en) * 2021-11-24 2022-04-12 北京金山云网络技术有限公司 Database parameter setting method and device and electronic equipment
CN114222401A (en) * 2021-12-23 2022-03-22 长沙力合微智能科技有限公司 Street lamp controller based on electric power thing networking
CN114356483A (en) * 2022-01-05 2022-04-15 北京京航计算通讯研究所 SAP ERP system data processing method
CN114356483B (en) * 2022-01-05 2023-04-21 北京京航计算通讯研究所 SAP ERP system data processing method
CN114500031A (en) * 2022-01-21 2022-05-13 浙江惠瀜网络科技有限公司 System, method, electronic device and medium for obtaining BI report form based on single sign-on
CN114500031B (en) * 2022-01-21 2024-06-04 浙江惠瀜网络科技有限公司 System, method, electronic equipment and medium for acquiring BI report based on single sign-on
CN115665255A (en) * 2022-10-24 2023-01-31 国网信息通信产业集团有限公司 A cloud edge service component

Similar Documents

Publication Publication Date Title
CN113076502A (en) Parameter control method and system based on request identification
CN110428216B (en) Business process control method, device, computer equipment and storage medium
US9875121B2 (en) API server
US10567485B2 (en) Techniques for coordinating the sharing of content among applications
CN112564916A (en) Access client authentication system applied to micro-service architecture
US11095648B2 (en) Dashboard as remote computing services
US20120331518A1 (en) Flexible security token framework
US10891357B2 (en) Managing the display of hidden proprietary software code to authorized licensed users
JP2004164600A (en) Method and system for applying consent policy of online identity
CN111062028B (en) Authority management method and device, storage medium and electronic equipment
CN110138767B (en) Transaction request processing method, device, equipment and storage medium
US20180285426A1 (en) Systems and methods for package component visualizations
CN113239386A (en) API (application program interface) permission control method and device
KR20160018554A (en) Roaming internet-accessible application state across trusted and untrusted platforms
CN113342543A (en) Authentication center docking method, device, system and storage medium
Pereira Building APIs with Node. js
CN110909290B (en) Method and system for combining multiple systems into large single-page applications
JP2000172646A (en) Application function designating device and storage medium
CN116506136A (en) Cross-domain login authentication method and device for government service
CN112788017B (en) Security verification method, device, equipment and medium
CN113076095A (en) Service implementation method and system based on separation of basic and logic functions
CN112346888A (en) Data communication method and device based on software application and server equipment
CN117762601B (en) Method, system, terminal and storage medium for invoking hydra service
CN117608677B (en) Plug-in generation method, cloud service system and service access method
CN114124571B (en) Multi-path butt joint single sign-on method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned

Effective date of abandoning: 20241213

AD01 Patent right deemed abandoned