CN113505009B - Application service method and system based on access of multiple subsystems and computer equipment - Google Patents
Application service method and system based on access of multiple subsystems and computer equipment Download PDFInfo
- Publication number
- CN113505009B CN113505009B CN202110846571.7A CN202110846571A CN113505009B CN 113505009 B CN113505009 B CN 113505009B CN 202110846571 A CN202110846571 A CN 202110846571A CN 113505009 B CN113505009 B CN 113505009B
- Authority
- CN
- China
- Prior art keywords
- subsystem
- layer
- interface
- access
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 230000003993 interaction Effects 0.000 claims abstract description 59
- 238000004891 communication Methods 0.000 claims abstract description 39
- 238000011161 development Methods 0.000 claims abstract description 36
- 238000006243 chemical reaction Methods 0.000 claims abstract description 31
- 230000006978 adaptation Effects 0.000 claims description 51
- 238000004590 computer program Methods 0.000 claims description 6
- 238000001514 detection method Methods 0.000 claims description 3
- 230000002452 interceptive effect Effects 0.000 claims description 2
- 230000007474 system interaction Effects 0.000 abstract description 5
- 238000013475 authorization Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 9
- 238000010586 diagram Methods 0.000 description 7
- 230000010354 integration Effects 0.000 description 6
- 230000003287 optical effect Effects 0.000 description 6
- 238000002347 injection Methods 0.000 description 4
- 239000007924 injection Substances 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 239000000243 solution Substances 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000004069 differentiation Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000000630 rising effect Effects 0.000 description 1
- 238000005070 sampling Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/541—Interprogram communication via adapters, e.g. between incompatible applications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/545—Interprogram communication where tasks reside in different layers, e.g. user- and kernel-space
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an application service method and system based on a plurality of subsystem accesses and a computer device, wherein the application service method based on the plurality of subsystem accesses in one embodiment comprises the steps of carrying out data interaction between an access layer and an application layer through a preset first data interface; and the access layer respectively performs data interaction with each subsystem through the authorized second data interface, and performs protocol conversion according to the communication interface of each subsystem. According to the application service method provided by the embodiment of the invention, the access layer is arranged to respectively interact with each subsystem through the authorized second data interface, and the protocol conversion is carried out on the communication interface of each subsystem, so that the complexity of system interaction between the application layer and each subsystem is reduced, the development complexity is reduced, and the application service method has a wide reference prospect.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to an application service method and system based on access of multiple subsystems, and a computer device.
Background
In recent years, with the development of new national infrastructure strategies, the demands for enterprise-level internet of things applications and solutions are rising. For a large-scale Internet of things solution, the subsystem is various, different business scenes involve a plurality of manufacturers and various different protocol subsystems, and the complexity of development and integration is extremely high. Some existing systems have problems of different interface protocols, limited openness and the like, so that complicated work is required for accessing the systems. For large solutions, a unified platform is needed to interface all subsystems to reduce the complexity and development efficiency of the system.
Disclosure of Invention
To solve at least one of the above problems, a first aspect of the present invention provides an application service method based on access of a plurality of subsystems, including:
The access layer and the application layer interact data through a preset first data interface;
The access layer performs data interaction with each subsystem through the authorized second data interface, and performs protocol conversion according to the communication interface of each subsystem.
In some alternative embodiments, the access layer includes a first industry cloud layer and a first access adaptation layer, and the data interaction between the access layer and each subsystem through the authorized second data interface respectively further includes:
The first industrial cloud layer receives input interface parameters of the subsystem and outputs a communication request to the first access adaptation layer according to the interface parameters, wherein the interface parameters at least comprise token data, token validity period, login credentials and injection mode;
The first access adaptation layer transmits a communication request to the subsystem through an adaptation interface corresponding to the subsystem to obtain the authorization of the subsystem, and encapsulates the authorization, the adaptation interface and the interface parameters to form an authorized second data interface corresponding to the subsystem;
The second access adaptation layer identifies the subsystem according to the authorized second data interface and performs protocol conversion on the communication interface of the subsystem.
In some optional embodiments, the access layer includes a second industry cloud layer and a second access adaptation layer, and the data interaction between the access layer and each subsystem through the authorized second data interface respectively further includes:
The second access adaptation layer downloads development certificates from the second industry cloud layer and transmits the development certificates to each subsystem through an adaptation interface corresponding to the subsystem;
The second access adaptation layer downloads the software development kit from the second industry cloud layer and transmits the software development kit to each subsystem through the adaptation interface, so that each subsystem encapsulates the software development kit, the development certificate and the adaptation interface to form an authorized second data interface corresponding to the subsystem;
The second access adaptation layer identifies the subsystem according to the authorized second data interface and performs protocol conversion on the communication interface of the subsystem.
In some optional embodiments, the access layer includes a third industry cloud layer and a third access adaptation layer, and the data interaction between the access layer and each subsystem through the authorized second data interface respectively further includes:
The third access adaptation layer downloads scaffolds and development vouchers from a third industry cloud layer;
The third access adaptation layer updates the credential information of the scaffold according to the development credential, encapsulates the communication interface of the subsystem, and performs protocol conversion on the communication interface of the subsystem to form an authorized second data interface corresponding to the subsystem.
In some optional embodiments, the performing data interaction between the access layer and the application layer through the preset first data interface further includes:
And the access layer and the security interface perform data interaction through the first data interface, so that the security interface performs security detection on interaction data sent by the application layer to protect the subsystem.
In some of the alternative embodiments of the present invention,
The security interface authenticates the interaction data sent by the application layer to protect the subsystem;
Or alternatively
The security interface includes a blacklist and a whitelist of addresses, and detects addresses of application layers transmitting interactive data through the blacklist and the whitelist to protect the subsystem.
In some alternative embodiments, the first interface is an HTTP REST interface.
A second aspect of the present invention provides an application service system implementing the application service method described above, including: an application layer, an access layer, and a plurality of subsystems, wherein,
An access layer configured to:
the data interaction is carried out between the application layer and the application layer through a preset first data interface;
And respectively carrying out data interaction with each subsystem through the authorized second data interface, and carrying out protocol conversion according to the communication interfaces of each subsystem.
A third aspect of the invention provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method as described above.
A fourth aspect of the invention provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing a method as described above when the program is executed.
The beneficial effects of the invention are as follows:
Aiming at the existing problems, the invention establishes an application service method and system based on access of a plurality of subsystems, computer equipment and media, respectively performs data interaction with each subsystem through an authorized second data interface by arranging an access layer, performs protocol conversion on a communication interface of each subsystem, and after the protocol conversion, completes data interaction with each subsystem through the second data interface between the application layer and the access layer, thereby reducing the complexity of system interaction between the application layer and each subsystem, enabling the subsystems to synchronously adapt to each subsystem of a plurality of manufacturers by using a unified protocol, being capable of uniformly accessing and managing a plurality of subsystems, reducing development complexity and having wide application prospect.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 illustrates a flow chart of a method of application services based on multiple subsystem access in accordance with one embodiment of the invention;
fig. 2 shows a schematic block diagram of an application service system implementing an application service method according to an embodiment of the invention;
FIG. 3 shows a schematic block diagram of an application service system implementing an application service method according to another embodiment of the invention;
FIG. 4 shows a flow chart of a method of implementing application services according to another embodiment of the invention;
FIG. 5 shows a flow chart of a method of implementing application services according to another embodiment of the invention;
FIG. 6 shows a flow chart of a method of implementing application services according to another embodiment of the invention;
FIG. 7 shows a schematic block diagram of an application service system implementing an application service method according to another embodiment of the invention; and
Fig. 8 is a schematic structural diagram of a computer device according to another embodiment of the present invention.
Detailed Description
In order to more clearly illustrate the present invention, the present invention will be further described with reference to preferred embodiments and the accompanying drawings. Like parts in the drawings are denoted by the same reference numerals. It is to be understood by persons skilled in the art that the following detailed description is illustrative and not restrictive, and that this invention is not limited to the details given herein.
As shown in fig. 1, an embodiment of the present invention provides an application service method based on multiple subsystem access, including:
The access layer and the application layer interact data through a preset first data interface;
The access layer performs data interaction with each subsystem through the authorized second data interface, and performs protocol conversion according to the communication interface of each subsystem.
In this embodiment, the access layer performs data interaction with each subsystem through the authorized second data interface, and performs protocol conversion on the communication interface of each subsystem, so that after protocol conversion, data interaction between the application layer and the access layer and between each subsystem is completed through the second data interface, thereby reducing complexity of system interaction between the application layer and each subsystem, enabling the subsystems to synchronously adapt to each subsystem of a plurality of manufacturers by using a unified protocol, being capable of uniformly accessing and managing a plurality of subsystems, reducing development complexity, and having a wide application prospect.
In order to better understand the implementation procedure of the application service method based on multiple subsystem access of the present invention, first, the structure of an application service system implementing the application service method is described with reference to fig. 2.
As shown in FIG. 2, the application service system includes an application layer 100, an access layer 200, and a plurality of subsystems 300-1, 300-2, … …, and 300-n (where n is an integer, n.gtoreq.2). In the description herein, a subsystem is indicated by reference numeral 300 when distinction is not required. The application service system can be applied to various Internet of things scenes such as parks, smart cities, traffic and the like.
Wherein the application layer 100 and the access layer 200 are provided in a server. The application layer 100 refers to a service system function layer, and may be an application with an interface management function. The interaction between the access layer 200 and the application layer 100 takes place with a first data interface, which may be, for example, an HTTP REST interface. The HTTP REST interface represents an HTTP REST style interface, and refers to an HTTP-based REST system style interface. The REST is a framework style of Web service, represents representational state transfer (presentation STATE TRANSFER), is a lightweight, cross-platform and cross-language software framework style, is a design and development mode aiming at network application, can reduce development complexity, and provides system scalability.
The plurality of subsystems 300-1, 300-2, … …, and 300-n represent various internet of things management subsystems that can be invoked and managed by the application layer 100, such as a camera management subsystem, which can manage and control the behavior of the camera, such as code rate adjustment, direction adjustment, and the like. In this example, each subsystem may be multiple camera management subsystems produced by different vendors. Of course, the subsystem 300 may also represent other management subsystems, and each subsystem 300-1, 300-2, … …, and 300-N in the subsystem 300 may also represent different kinds of management subsystems of the internet of things manufactured by different manufacturers, for example, the subsystem 300-1 represents a camera management subsystem manufactured by the manufacturer a, the subsystem 300-1 represents an indicator management subsystem manufactured by the manufacturer B, … …, and 300-N represents a display management subsystem manufactured by the manufacturer N, etc., which are not limited in detail herein.
The communication protocols adopted by the communication interfaces of the subsystems produced by different manufacturers may be different, for example, the subsystem 300-1 is a communication interface adopting the HTTP protocol, the subsystem 300-2 is a communication interface adopting the TCP protocol, and the application service system of the embodiment of the present invention authorizes a plurality of subsystems by setting the access layer 200 and performs protocol conversion so as to simply and quickly realize interface adaptation of each subsystem and the application layer. That is, in particular, in the embodiment of the present invention, referring to fig. 1, in step S1, data interaction is performed between the access layer 200 and the application layer 100 through a preset first data interface, and in step S2, the access layer 200 performs data interaction with each subsystem 300 through an authorized second data interface, and performs protocol conversion according to the communication interface of each subsystem 300. When the first data interface is an HTTP REST style interface, the access layer 200 performs data interaction with each subsystem 300 through the authorized second data interface, and converts the data interaction with each subsystem 300 into an HTTP interface protocol of the first data interface according to the communication interface of each subsystem 300.
Through the arrangement, even if the interfaces of the data communication sampling are different among the subsystems 300 because of different manufacturers, when the subsystems 300 are networked to realize unified management of an application layer, the interface capability of each subsystem can be obtained only by compiling service codes for interface call at an access layer, without the need of a developer to interface with each manufacturer one by one, call programs are respectively developed aiming at different subsystems, the integration complexity of the subsystems is reduced, and the development efficiency is improved.
Specific implementations of the application service method of the different embodiments are described in detail below in connection with more specific embodiments.
In some alternative embodiments, as shown in fig. 3, the access layer 200 of the application service system comprises a first industrial cloud layer 201 and a first access adaptation layer 202. An application service method, comprising: s1, carrying out data interaction between an access layer and an application layer through a preset first data interface; s2, the access layer respectively performs data interaction with each subsystem through the authorized second data interface, and performs protocol conversion according to the communication interfaces of each subsystem.
In particular, in this embodiment, and as shown in fig. 4 in particular, the access layer performs data interaction with each subsystem through the authorized second data interface, respectively, further includes the following steps.
Specifically, in this embodiment, in step S21-1, a user interaction page is provided on the first industrial cloud layer 201, and the developer inputs, on the user interaction page, interface parameters of the subsystem 300 to be data interacted with the application layer, the first industrial cloud layer 201 receives the interface parameters of the subsystem 300, and the parallel connection parameters the first industrial cloud layer 201 outputs a communication request to the first access adaptation layer 202. The interface parameters include, for example: token data, token validity period, login credentials, injection mode, etc., the injection mode may specifically be a header injection mode, and the interface parameters may further include an address of the subsystem 300, etc.
These interface parameters are used by the first industrial cloud 201 to obtain authentication in the subsystem 300. Specifically, in step S22-1, the first access adaptation layer 202 transmits a communication request to the subsystem 300 through an adaptation interface corresponding to the subsystem 300 to obtain authorization of the subsystem 300. Specifically, the communication request includes an interface parameter, and the subsystem 300 authorizes the first industrial cloud layer 201 to interact with the first industrial cloud layer according to the received interface parameter. The subsystem 300 packages together the authorization, the adaptation interface, and the interface parameters to form an authorized second data interface corresponding to the subsystem 300.
In step S23-1, the second access adaptation layer 202 identifies the subsystem 300 according to the authorized second data interface, and performs protocol conversion on the communication interface of the subsystem 300, so that it can perform data interaction according to the HTTP REST style of the first data interface.
In this embodiment, by having the first industrial cloud layer 201 obtain authorization at the subsystem 300, when the application layer 100 needs to call the data in the subsystem 300 for unified management deployment, for example, if the subsystem 300 is a camera management subsystem, if the application layer needs to adjust the code rate or direction of the camera, an instruction is given to the first industrial cloud layer 201, and the first industrial cloud layer 201 sends the instruction to the camera management subsystem via the first adaptation layer 202, because the first industrial cloud layer 201 has obtained authorization of the camera management subsystem in advance in the above manner, which is equivalent to that the camera management subsystem automatically exposes the second data interface, the camera management subsystem and the server automatically complete access, and the data transmission that the application layer 100 needs to call is transmitted to the application layer 100 layer by layer via the access adaptation layer 202 and the first industrial cloud layer 201, so that the application layer 100 can adjust the code rate or direction of the camera.
By the code-free access mode, the first industrial cloud layer can be utilized to obtain corresponding authorization in each subsystem to automatically protect the second data interface, and data interaction is achieved. When networking all subsystems of various manufacturers to realize unified management of an application layer, the interface capability of all subsystems can be obtained only by compiling service codes for interface call at an access layer, without the need of a developer to interface with all manufacturers one by one, call programs are respectively developed for different subsystems, the integration complexity of the subsystems is reduced, and the development efficiency is improved.
However, the partial interface capability of the subsystem is integrated in the industry cloud platform in the above manner, and the partial interface is open, so that functions of single sign-on, unified user, organization and the like cannot be realized.
In view of this, in some alternative embodiments, a system-customized data interaction access approach is presented. With continued reference to fig. 3, at this point, the access layer 200 of the application service system includes a second industry cloud layer 201 and a second access adaptation layer 202 (it should be noted that, because the industry cloud layer and the access adaptation layer have different functions and the block diagrams are the same, the same reference numerals are still used in the structure, and different specific step reference numerals are different to distinguish different specific functions). An application service method, comprising: s1, carrying out data interaction between an access layer and an application layer through a preset first data interface; s2, the access layer respectively performs data interaction with each subsystem through the authorized second data interface, and performs protocol conversion according to the communication interfaces of each subsystem.
In particular, in this embodiment, specifically as shown in fig. 5, the access layer performs data interaction with each subsystem through the authorized second data interface, respectively, further includes the following steps.
Specifically, in the present embodiment, in step S21-2, the second access adaptation layer 202 downloads development certificates (ak, sk) from the second industry cloud 201 and transmits the development certificates to each subsystem 300 through the adaptation interface corresponding to the subsystem 300. The development certificates are in one-to-one correspondence with the subsystems, namely each subsystem corresponds to the development certificate which is uniquely corresponding to the subsystem and is used for identity authentication of the subsystem.
Further, in step S22-2, the second access adaptation layer 202 downloads the Software Development Kit (SDK) from the second industry cloud 201 and transmits it to each subsystem 300 through the adaptation interface, so that each subsystem 300 encapsulates the Software Development Kit (SDK), the development certificates (ak, sk) and the adaptation interface to form an authorized second data interface corresponding to the subsystem 300. By this step, by integrating the software development kit into the subsystem 300 and configuring the development certificate in the subsystem 300, the subsystem 300 refers to the software development kit downloaded from the second industry cloud layer 201 in its own code, and by using the software development kit, the access capability of the second industry cloud layer 201 can be obtained, while by configuring the development certificate, that is, the configuration is equivalent to directly registering in the subsystem 300, an authorized second data interface is formed.
It should be noted that, through the software development kit, the second industry cloud layer 201 provides basic contents such as unified users and organizations, and can shield the content of the subsystem, and directly use the capability of the second industry cloud layer 201, so that the users and organizations are unified; in addition, if these capabilities of the subsystem are preserved, it is also necessary to develop mapping procedures for users and organizations, which are not described in detail herein.
In step S23-2, the second access adaptation layer 202 identifies the subsystem 300 according to the authorized second data interface, and performs protocol conversion on the communication interface of the subsystem 300, so that it can perform data interaction according to the HTTP REST style of the first data interface.
Through the arrangement, when the application layer 100 needs to call the data in the subsystem 300 for unified management deployment, for example, if the subsystem 300 is a camera management subsystem, if the application layer 100 needs to adjust the code rate or the direction of the camera, an instruction is given to the second industry cloud layer 201, and the second industry cloud layer 201 sends the instruction to the camera management subsystem via the second adaptation layer 202, because the second industry cloud layer 201 has customized the subsystem to obtain the access capability of the second industry cloud layer 201 in advance in the above manner, which is equivalent to that the camera management subsystem automatically accesses the second industry cloud layer 202, and the data transmission required to be called by the application layer 100 is transmitted to the application layer 100 layer by layer via the access adaptation layer 202 and the second industry cloud layer 201, so that the application layer 100 can adjust the code rate or the direction of the camera.
The software development program and the development certificate are directly issued to the subsystem through the system customization access mode through the second industry cloud layer, and the subsystem is customized and modified through integration in the subsystem, so that development can be performed according to the standards of the industry cloud layer, differentiation is directly performed in the subsystem, and the whole capacity of the subsystem is obtained.
In addition, the method has simple steps and easy realization, so that when the subsystems of various manufacturers are networked to realize unified management of an application layer, the interface capability of each subsystem can be obtained only by compiling service codes for interface call at an access layer, a developer is not required to interface with each manufacturer one by one, call programs are respectively developed aiming at different subsystems, the integration complexity of the subsystems is reduced, and the development efficiency is improved.
In some optional embodiments, the invention further provides an automatic access data interaction access mode. With continued reference to fig. 3, at this point, the access layer 200 of the application service system includes a third industry cloud layer 201 and a third access adaptation layer 202 (it should be noted that, because the industry cloud layer and the access adaptation layer have different functions and the block diagrams are the same, the same reference numerals are still used in the structure, and different specific step reference numerals are different to distinguish different specific functions). An application service method, comprising: s1, carrying out data interaction between an access layer and an application layer through a preset first data interface; s2, the access layer respectively performs data interaction with each subsystem through the authorized second data interface, and performs protocol conversion according to the communication interfaces of each subsystem.
In particular, in this embodiment, specifically as shown in fig. 6, the access layer performs data interaction with each subsystem through the authorized second data interface, respectively, further includes the following steps.
In this embodiment, in step S21-3, the third access adaptation layer 202 downloads scaffolding and development credentials from the third industry cloud. Specifically, in this step, the developer communicates with the third industry cloud 201 via the adaptation layer 202 through its development end, and downloads the scaffold and development credentials (ak, sk) via the third access adaptation layer 202, where the scaffold refers to the original code of the application program that the user implements the second data interface.
In step S22-3, the third access adaptation layer updates the credential information of the scaffold according to the development credential, encapsulates the communication interface of the subsystem 300, and performs protocol conversion on the communication interface of the subsystem to form an authorized second data interface corresponding to the subsystem.
Through the arrangement, when the application layer 100 needs to call the data in the subsystem 300 for unified management deployment, for example, if the subsystem 300 is a camera management subsystem, if the application layer 100 needs to adjust the code rate or the direction of the camera, an instruction is given to the third industry cloud layer 201, because the access layer is already deployed with the second data interface subjected to protocol conversion, which is equivalent to the camera management subsystem automatically accessing the third industry cloud layer 202, the data to be called by the application layer 100 is transmitted to the application layer 100 layer by layer through the access adaptation layer 202 and the second industry cloud layer 201, so that the application layer 100 can adjust the code rate or the direction of the camera.
By the method, an application program of a second data interface which is packaged with the credential information and the communication interface of the subsystem 300 and subjected to protocol conversion can be formed in the third adaptation layer based on the development credential, and can be directly deployed in the third industry cloud layer, so that an automatic access data interaction access mode is realized.
In addition, the method has simple steps and easy realization, so that when the subsystems of various manufacturers are networked to realize unified management of an application layer, the interface capability of each subsystem can be obtained only by compiling service codes for interface call at an access layer, a developer is not required to interface with each manufacturer one by one, call programs are respectively developed aiming at different subsystems, the integration complexity of the subsystems is reduced, and the development efficiency is improved.
Considering that there is a certain security risk of exposing interfaces of the underlying subsystems, in some alternative embodiments, as shown with reference to fig. 7, a service application system implementing the service application method may further include a security structure 400 in addition to the service application system architecture of the access layer 200 and the application layer 100 described in the above embodiments. No matter what the access mode is in fig. 4-6, further security protection can be further provided for the subsystem by adding the setting.
Specifically, in the application service method for the setting, the step of performing data interaction between the S1, the access layer and the application layer through the preset first data interface further includes:
And the access layer and the security interface perform data interaction through the first data interface, so that the security interface performs security detection on interaction data sent by the application layer to protect the subsystem.
More specifically, the application layer 100 that is invoked may be authenticated through the security interface 400, and the authentication manner may include application authorization of the application layer by issuing authorization credentials, that is, the security interface authenticates the interaction data sent by the application layer to protect the subsystem, and may further set a blacklist and a whitelist in the security interface, so that only an application having an IP address existing in the whitelist may invoke the lower subsystem, and reject the application having an IP address existing in the blacklist, that is, the security interface detects the address of the application layer that sends the interaction data through the blacklist and the whitelist to protect the subsystem.
Accordingly, as shown in fig. 2, an embodiment of the present invention provides an application service system implementing the application service method as described above, including: an application layer, an access layer, and a plurality of subsystems, wherein,
An access layer configured to:
the data interaction is carried out between the application layer and the application layer through a preset first data interface;
And respectively carrying out data interaction with each subsystem through the authorized second data interface, and carrying out protocol conversion according to the communication interfaces of each subsystem.
Since this embodiment has been explained in detail in the above description of the service application method, it will not be described in detail here.
In this embodiment, the access layer is configured to perform data interaction with each subsystem via the authorized second data interface, and perform protocol conversion on the communication interface of each subsystem, so that after protocol conversion, data interaction between the application layer and the access layer and between each subsystem is completed by using the second data interface, thereby reducing complexity of system interaction between the application layer and each subsystem, enabling the subsystems to use a unified protocol to perform synchronous adaptation on each subsystem of a plurality of manufacturers, enabling unified access and management on a plurality of subsystems, reducing development complexity, and having a wide application prospect.
Another embodiment of the present invention provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements: the access layer and the application layer interact data through a preset first data interface; the access layer performs data interaction with each subsystem through the authorized second data interface, and performs protocol conversion according to the communication interface of each subsystem.
In practical applications, the computer-readable storage medium may take the form of any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In this embodiment, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, either in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C ++ and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computer (for example, through the Internet using an Internet service provider).
As shown in fig. 8, another embodiment of the present invention provides a schematic structural diagram of a computer device. The computer device 12 shown in fig. 8 is merely an example and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in FIG. 8, the computer device 12 is in the form of a general purpose computing device. Components of computer device 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, a bus 18 that connects the various system components, including the system memory 28 and the processing units 16.
Bus 18 represents one or more of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, a processor, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, micro channel architecture (MAC) bus, enhanced ISA bus, video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus.
Computer device 12 typically includes a variety of computer system readable media. Such media can be any available media that is accessible by computer device 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache memory 32. The computer device 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from or write to non-removable, nonvolatile magnetic media (not shown in FIG. 8, commonly referred to as a "hard disk drive"). Although not shown in fig. 8, a magnetic disk drive for reading from and writing to a removable non-volatile magnetic disk (e.g., a "floppy disk"), and an optical disk drive for reading from or writing to a removable non-volatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In such cases, each drive may be coupled to bus 18 through one or more data medium interfaces. Memory 28 may include at least one program product having a set (e.g., at least one) of program modules configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored in, for example, memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment. Program modules 42 generally perform the functions and/or methods of the embodiments described herein.
The computer device 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), one or more devices that enable a user to interact with the computer device 12, and/or any devices (e.g., network card, modem, etc.) that enable the computer device 12 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 22. Moreover, computer device 12 may also communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet, through network adapter 20. As shown in fig. 8, the network adapter 20 communicates with other modules of the computer device 12 via the bus 18. It should be appreciated that although not shown in fig. 8, other hardware and/or software modules may be used in connection with computer device 12, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
The processor unit 16 executes various functional applications and data processing by running programs stored in the system memory 28, for example, implementing an application service method based on multiple subsystem access provided by an embodiment of the present invention.
Aiming at the existing problems, the invention establishes an application service method and system based on access of a plurality of subsystems, computer equipment and media, respectively performs data interaction with each subsystem through an authorized second data interface by arranging an access layer, performs protocol conversion on a communication interface of each subsystem, and after the protocol conversion, completes data interaction with each subsystem through the second data interface between the application layer and the access layer, thereby reducing the complexity of system interaction between the application layer and each subsystem, enabling the subsystems to synchronously adapt to each subsystem of a plurality of manufacturers by using a unified protocol, being capable of uniformly accessing and managing a plurality of subsystems, reducing development complexity and having wide application prospect.
It should be understood that the foregoing examples of the present invention are provided merely for clearly illustrating the present invention and are not intended to limit the embodiments of the present invention, and that various other changes and modifications may be made therein by one skilled in the art without departing from the spirit and scope of the present invention as defined by the appended claims.
Claims (7)
1. An application service method based on access of a plurality of subsystems, comprising:
The access layer and the application layer interact data through a preset first data interface;
The access layer respectively performs data interaction with each subsystem through an authorized second data interface, and performs protocol conversion according to the communication interface of each subsystem,
The access layer comprises a second industry cloud layer and a second access adaptation layer, and the access layer performs data interaction with each subsystem through an authorized second data interface respectively and further comprises:
the second access adaptation layer downloads development certificates from the second industry cloud layer and transmits the development certificates to all subsystems through the adaptation interfaces corresponding to the subsystems;
The second access adaptation layer downloads a software development kit from the second industry cloud layer and transmits the software development kit to each subsystem through the adaptation interface, so that each subsystem encapsulates the software development kit, the development certificate and the adaptation interface to form an authorized second data interface corresponding to the subsystem;
the second access adaptation layer identifies the subsystem according to the authorized second data interface and performs protocol conversion on the communication interface of the subsystem.
2. The application service method according to claim 1, wherein the data interaction between the access layer and the application layer through the preset first data interface further comprises:
And the access layer and the security interface perform data interaction through the first data interface, so that the security interface performs security detection on interaction data sent by the application layer to protect the subsystem.
3. The application service method according to claim 2, wherein,
The security interface authenticates the interaction data sent by the application layer to protect the subsystem; or alternatively
The security interface comprises a blacklist and a whitelist of addresses, and the security interface detects the addresses of the application layers for sending interactive data through the blacklist and the whitelist so as to protect the subsystem.
4. An application service method according to any of claims 1-3, characterized in that the first data interface is an HTTP REST interface.
5. An application service system implementing the application service method according to any one of claims 1 to 4, comprising: an application layer, an access layer, and a plurality of subsystems, wherein,
The access stratum is configured to:
The data interaction is carried out between the application layer and the application layer through a preset first data interface;
And respectively carrying out data interaction with each subsystem through the authorized second data interface, and carrying out protocol conversion according to the communication interfaces of each subsystem.
6. A computer readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-4.
7. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any of claims 1-4 when the program is executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110846571.7A CN113505009B (en) | 2021-07-26 | 2021-07-26 | Application service method and system based on access of multiple subsystems and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110846571.7A CN113505009B (en) | 2021-07-26 | 2021-07-26 | Application service method and system based on access of multiple subsystems and computer equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113505009A CN113505009A (en) | 2021-10-15 |
| CN113505009B true CN113505009B (en) | 2024-10-18 |
Family
ID=78014587
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110846571.7A Active CN113505009B (en) | 2021-07-26 | 2021-07-26 | Application service method and system based on access of multiple subsystems and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113505009B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103269355A (en) * | 2013-04-23 | 2013-08-28 | 四川天翼网络服务有限公司 | Intelligent skynet application platform |
| CN109150800A (en) * | 2017-06-16 | 2019-01-04 | 中兴通讯股份有限公司 | Login access method, system and storage medium |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103780396B (en) * | 2014-01-27 | 2017-08-25 | 华为软件技术有限公司 | Token acquisition methods and device |
| CN105574783A (en) * | 2015-12-23 | 2016-05-11 | 佛山市云滋味信息科技有限公司 | Intelligent ordering system |
| CA3043678A1 (en) * | 2016-11-16 | 2018-05-24 | Meir GOLAN | System, methods and software for user authentication |
| CN110716956A (en) * | 2018-07-12 | 2020-01-21 | 北京京东尚科信息技术有限公司 | Data request intercepting method and device |
| CN110266434A (en) * | 2019-06-19 | 2019-09-20 | 上海明我信息技术有限公司 | A kind of equipment cut-in method, device, server and storage medium |
| CN111176859B (en) * | 2019-11-26 | 2024-10-15 | 腾讯云计算(北京)有限责任公司 | Service calling method and device and electronic equipment |
| CN110971614A (en) * | 2019-12-17 | 2020-04-07 | 软通动力信息技术(集团)有限公司 | Internet of things adaptation method and system, computer equipment and storage medium |
| CN111488148B (en) * | 2020-03-09 | 2023-07-21 | 北京水滴科技集团有限公司 | Webpage source code generation method and device |
| CN112016106B (en) * | 2020-08-19 | 2023-05-26 | 杭州指令集智能科技有限公司 | Authentication calling method, device and equipment of open interface and readable storage medium |
| CN112947984B (en) * | 2020-09-29 | 2024-05-14 | 深圳市明源云科技有限公司 | Application program development method and device |
| CN113094028B (en) * | 2021-04-29 | 2023-11-28 | 成都星云智联科技有限公司 | Windows desktop program development system, method and related components |
-
2021
- 2021-07-26 CN CN202110846571.7A patent/CN113505009B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103269355A (en) * | 2013-04-23 | 2013-08-28 | 四川天翼网络服务有限公司 | Intelligent skynet application platform |
| CN109150800A (en) * | 2017-06-16 | 2019-01-04 | 中兴通讯股份有限公司 | Login access method, system and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113505009A (en) | 2021-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105393256B (en) | Calculating device and method for the security web guidance based on strategy | |
| US20180262388A1 (en) | Remote device deployment | |
| US12058264B2 (en) | Techniques for using signed nonces to secure cloud shells | |
| US11038874B2 (en) | Authentication and authorization of users in an information handling system between baseboard management controller and host operating system users | |
| CN110365701B (en) | Client terminal equipment management method and device, computing equipment and storage medium | |
| CN109359449B (en) | Authentication method, device, server and storage medium based on micro service | |
| US11777942B2 (en) | Transfer of trust between authentication devices | |
| US8468523B2 (en) | Network apparatus and method for supporting network virtualization | |
| WO2023241060A1 (en) | Data access method and apparatus | |
| CN110717171B (en) | Access token management for state preservation and reuse | |
| CN116170234B (en) | Single sign-on method and system based on virtual account authentication | |
| CN113032805A (en) | Data access method and device, electronic equipment and storage medium | |
| CN111726328B (en) | Method, system and related device for remotely accessing a first device | |
| CN107911357A (en) | A kind of method, apparatus of single-sign-on, server and storage medium | |
| CN113505009B (en) | Application service method and system based on access of multiple subsystems and computer equipment | |
| WO2024212724A1 (en) | Identity authentication method, platform, electronic device and computer-readable medium | |
| CN116018580B (en) | Techniques for instance persistence data across cloud shells | |
| JP2024538626A (en) | Applications as resource or service principals | |
| CA2850114C (en) | Techniques for accessing logical networks via a programmatic service call | |
| US20230040723A1 (en) | Packet authentication in a vxlan system | |
| CN115001701B (en) | Method and device for authorization authentication, storage medium and electronic equipment | |
| US11943221B2 (en) | Preventing masquerading service attacks | |
| CN116896474A (en) | Database access permission determination method and device, electronic equipment and storage medium | |
| CN117459245A (en) | Method, device and system for accessing identity data | |
| JP2024538487A (en) | External identity providers as domain resources |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |