Nothing Special   »   [go: up one dir, main page]

CN114745164B - Service processing method, device, electronic equipment and computer readable medium - Google Patents

Service processing method, device, electronic equipment and computer readable medium Download PDF

Info

Publication number
CN114745164B
CN114745164B CN202210299671.7A CN202210299671A CN114745164B CN 114745164 B CN114745164 B CN 114745164B CN 202210299671 A CN202210299671 A CN 202210299671A CN 114745164 B CN114745164 B CN 114745164B
Authority
CN
China
Prior art keywords
subsystem
security credentials
identifier
user
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210299671.7A
Other languages
Chinese (zh)
Other versions
CN114745164A (en
Inventor
郭明泽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
CCB Finetech Co Ltd
Original Assignee
China Construction Bank Corp
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp, CCB Finetech Co Ltd filed Critical China Construction Bank Corp
Priority to CN202210299671.7A priority Critical patent/CN114745164B/en
Publication of CN114745164A publication Critical patent/CN114745164A/en
Application granted granted Critical
Publication of CN114745164B publication Critical patent/CN114745164B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0815Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application discloses a business processing method, a device, electronic equipment and a computer readable medium, and relates to the technical field of computers, wherein the method comprises the steps of receiving a business processing request and acquiring a corresponding subsystem identifier and a subsystem access address corresponding to the subsystem identifier; acquiring a state identifier of a corresponding subsystem according to the access address of the subsystem; the method comprises the steps of responding to a state that the state identification corresponds to an unregistered state, jumping to a unified portal page to log in, responding to successful login, generating temporary security credentials, and further jumping to a login page of each subsystem corresponding to the subsystem identification with the temporary security credentials so as to acquire corresponding permanent security credentials based on the temporary security credentials; and acquiring corresponding user information based on the permanent security credentials, and logging in each subsystem based on the user information. The working efficiency of staff is improved, the safety of service processing is guaranteed, and the robustness and usability of a service system are enhanced.

Description

Service processing method, device, electronic equipment and computer readable medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a service processing method, a device, an electronic apparatus, and a computer readable medium.
Background
At present, many administrative service system user systems are not opened, basic data are maintained respectively, the maintenance workload is large after the basic data are changed, login operation is needed to be performed respectively for entering each system, the relevance among the systems is not strong, the working efficiency of staff is low, and repeated work is often performed.
In the process of implementing the present application, the inventor finds that at least the following problems exist in the prior art:
the service system has poor robustness and usability, and the working efficiency of the system user is low.
Disclosure of Invention
In view of the above, embodiments of the present application provide a service processing method, apparatus, electronic device, and computer readable medium, which can solve the problems of poor robustness and usability of the existing service system, and low working efficiency of the system user.
To achieve the above object, according to an aspect of an embodiment of the present application, there is provided a service processing method, including:
Receiving a service processing request, and acquiring a corresponding subsystem identifier and a subsystem access address corresponding to the subsystem identifier;
acquiring a state identifier of a corresponding subsystem according to the access address of the subsystem;
The method comprises the steps of responding to a state that the state identification corresponds to an unregistered state, jumping to a unified portal page to log in, responding to successful login, generating temporary security credentials, and further jumping to a login page of each subsystem corresponding to the subsystem identification with the temporary security credentials so as to acquire corresponding permanent security credentials based on the temporary security credentials;
and acquiring corresponding user information based on the permanent security credentials, and logging in each subsystem based on the user information.
Optionally, after logging in each subsystem based on the user information, the method further comprises:
responding to the operation of the subsystem by the user, and determining a corresponding target subsystem;
And displaying the function menu of the target subsystem to a user.
Optionally, presenting the function menu of the target subsystem to the user includes:
acquiring a role identifier of a user, and determining a target function menu corresponding to the role identifier and target data in the target function menu corresponding to the role identifier;
and displaying the target function menu and the target data item user.
Optionally, before the step of carrying the temporary security credentials to the login page of each subsystem corresponding to the subsystem identifier, the method further includes:
And calling the white list to verify the subsystem identification, and rejecting the subsystem identification with verification failure in response to the subsystem identification with verification failure, so as to update the subsystem identification.
Optionally, before the step of carrying the temporary security credentials to the login page of each subsystem corresponding to the subsystem identifier, the method further includes:
the temporary security credentials are generated while the permanent security credentials are generated, and the permanent security credentials are stored in a background service for invocation.
Optionally, after logging in each subsystem based on the user information, the method further comprises:
And in response to detecting that the user logs out any one of the subsystems corresponding to the subsystem identifiers, logging out all the subsystems corresponding to the subsystem identifiers at the same time.
Optionally, before acquiring the corresponding user information based on the permanent security credentials, the method includes:
and synchronizing the user information to each subsystem corresponding to the subsystem identification.
In addition, the application also provides a service processing device, which comprises:
The receiving unit is configured to receive the service processing request and acquire the corresponding subsystem identifier and the subsystem access address corresponding to the subsystem identifier;
The acquisition unit is configured to acquire the state identification of the corresponding subsystem according to the subsystem access address;
The jump unit is configured to jump to a unified portal page for logging in response to the state that the state identifier corresponds to an unregistered state, generate temporary security credentials in response to successful logging in, and further jump to the login page of each subsystem corresponding to the subsystem identifier with the temporary security credentials so as to acquire corresponding permanent security credentials based on the temporary security credentials;
And the login unit is configured to acquire corresponding user information based on the permanent security credentials and further perform login of each subsystem based on the user information.
Optionally, the service processing device further comprises a display unit configured to:
responding to the operation of the subsystem by the user, and determining a corresponding target subsystem;
And displaying the function menu of the target subsystem to a user.
Optionally, the display unit is further configured to:
acquiring a role identifier of a user, and determining a target function menu corresponding to the role identifier and target data in the target function menu corresponding to the role identifier;
and displaying the target function menu and the target data item user.
Optionally, the service processing device further includes a verification unit configured to:
And calling the white list to verify the subsystem identification, and rejecting the subsystem identification with verification failure in response to the subsystem identification with verification failure, so as to update the subsystem identification.
Optionally, the jumping unit is further configured to:
the temporary security credentials are generated while the permanent security credentials are generated, and the permanent security credentials are stored in a background service for invocation.
Optionally, the service processing device further comprises a log-out unit configured to:
And in response to detecting that the user logs out any one of the subsystems corresponding to the subsystem identifiers, logging out all the subsystems corresponding to the subsystem identifiers at the same time.
Optionally, the service processing device further comprises a synchronization unit configured to:
and synchronizing the user information to each subsystem corresponding to the subsystem identification.
In addition, the application also provides a service processing electronic device, which comprises: one or more processors; and a storage device for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the service processing method as described above.
In addition, the application also provides a computer readable medium, on which a computer program is stored, which when executed by a processor implements the service processing method as described above.
To achieve the above object, according to still another aspect of an embodiment of the present application, there is provided a computer program product.
The computer program product of the embodiment of the application comprises a computer program, and the service processing method provided by the embodiment of the application is realized when the program is executed by a processor.
One embodiment of the above application has the following advantages or benefits: the application obtains the corresponding subsystem identification and the subsystem access address corresponding to the subsystem identification by receiving the service processing request; acquiring a state identifier of a corresponding subsystem according to the access address of the subsystem; the method comprises the steps of responding to a state that the state identification corresponds to an unregistered state, jumping to a unified portal page to log in, responding to successful login, generating temporary security credentials, and further jumping to a login page of each subsystem corresponding to the subsystem identification with the temporary security credentials so as to acquire corresponding permanent security credentials based on the temporary security credentials; and acquiring corresponding user information based on the permanent security credentials, and logging in each subsystem based on the user information. When each subsystem is in an unregistered state, the unified portal page is jumped to log in, and after the unified portal page is successfully logged in, the temporary security credentials are carried to jump to each subsystem login page, and then the temporary security credentials are replaced by the permanent security credentials to obtain corresponding user information, so that the working efficiency of staff is improved, the safety of service processing is ensured, and the robustness and usability of the service system are enhanced.
Further effects of the above-described non-conventional alternatives are described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the application and are not to be construed as unduly limiting the application. Wherein:
fig. 1 is a schematic diagram of the main flow of a service processing method according to a first embodiment of the present application;
Fig. 2 is a schematic diagram of the main flow of a service processing method according to a second embodiment of the present application;
fig. 3 is a schematic view of an application scenario of a service processing method according to a third embodiment of the present application;
FIG. 4 is a schematic diagram of core functions provided by a background management system of a service processing method according to an embodiment of the present application;
fig. 5 is a schematic diagram of main units of a service processing apparatus according to an embodiment of the present application;
FIG. 6 is an exemplary system architecture diagram in which embodiments of the present application may be applied;
fig. 7 is a schematic diagram of a computer system suitable for use in implementing an embodiment of the application.
Detailed Description
Exemplary embodiments of the present application will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present application are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the application. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness. The technical scheme of the application obtains, stores, uses, processes and the like the data, which all meet the relevant regulations of national laws and regulations.
Fig. 1 is a schematic diagram of main flow of a service processing method according to a first embodiment of the present application, and as shown in fig. 1, the service processing method includes:
Step S101, receiving a service processing request, and obtaining a corresponding subsystem identifier and a subsystem access address corresponding to the subsystem identifier.
In this embodiment, the execution body (for example, may be a server) of the service processing method may receive the service processing request by means of a wired connection or a wireless connection. The service handling request may be, for example, a request to log in to one or several subsystems. In the service processing request, one or more subsystem identifiers may be included, which represents that the request needs to log in to one or more subsystems. After receiving the service processing request, the executing body can acquire the corresponding subsystem identifier. Each subsystem identifier has a corresponding subsystem access address, and the execution body can acquire the subsystem access address corresponding to each subsystem identifier from the service processing request after acquiring the corresponding subsystem identifier. Of course, the execution body may also obtain the subsystem access address corresponding to each subsystem identifier from the basic data maintained by the background management system. The source of the subsystem access address in the embodiments of the present application is not particularly limited.
Step S102, according to the access address of the subsystem, the state identification of the corresponding subsystem is obtained.
After acquiring the subsystem access address corresponding to each subsystem identifier, the executing body may open one or more subsystem access addresses, and then acquire the state identifier of the corresponding subsystem. The status identifier may be DL or WDL to characterize whether the logging status of the subsystem is logged in or not logged in.
Step S103, in response to the state identification corresponding to the unregistered state, jumping to a unified portal page for logging, in response to successful logging, generating temporary security credentials, and further jumping to the login page of each subsystem corresponding to the subsystem identification with the temporary security credentials to acquire corresponding permanent security credentials based on the temporary security credentials.
After acquiring the subsystem access address corresponding to each subsystem identifier, the executing body can open one or more subsystem access addresses to acquire the state identifier of the corresponding subsystem, further judge whether the opened subsystem access address is in a logged-in state, and if so, the executing body can directly enter the subsystem to be accessed; if the state is not logged in, the execution body can jump to the unified portal page to log in. The unified portal page refers to a page where a unified login/logout interface is located.
When the execution main body jumps to the same portal page to log in successfully, a temporary security credential, namely a temporary token, can be generated, the front end carries the temporary token and jumps to each subsystem, and after the front end of the subsystem takes the temporary token, the front end firstly calls a related interface to replace the temporary security credential to be a permanent security credential, namely a formal token.
Specifically, before the temporary security credentials are carried to jump to the login page of each subsystem corresponding to the subsystem identifier, the method further comprises: and calling the white list to verify the subsystem identification, and rejecting the subsystem identification with verification failure in response to the subsystem identification with verification failure, so as to update the subsystem identification.
The background management system of the execution body has a function of managing the access system. Specifically, when the unified portal page is jumped to each subsystem to log in, checking the data maintained by the background management system as a white list, if all the subsystem identifiers are maintained, directly jumped, otherwise, not directly jumped, and executing the jump after eliminating the subsystem identifiers which are not maintained. If the white list verification is not added when the unified portal jumps to each subsystem for login, the executive main body cannot clearly manage and control all subsystems accessed into the background management system, so that the operation and maintenance are relatively disordered and are not easy.
Specifically, before the temporary security credentials are carried to jump to the login page of each subsystem corresponding to the subsystem identifier, the service processing method further includes:
the temporary security credentials are generated while the permanent security credentials are generated, and the permanent security credentials are stored in a background service for invocation.
For example, after the user inputs the user name and password to log in the unified portal, the execution body may call the login interface to store the generated formal token (i.e. the permanent security credential) in the background service (in the gateway or the authentication service), and simultaneously generate a temporary token (i.e. the temporary security credential is dynamically generated) and return the temporary token to the front end of the unified portal.
Step S104, obtaining corresponding user information based on the permanent security credentials, and further logging in each subsystem based on the user information.
When the front end of the subsystem receives the temporary token to call the related interface to replace the related interface with a permanent security certificate (namely a formal token), the formal token is used for calling the corresponding interface to exchange user information; the front end of the subsystem can log in to the subsystem after receiving the data such as user information, menus authorized by the user and the like, and the corresponding function menus of the subsystem are displayed for the user to use.
Specifically, before acquiring corresponding user information based on the permanent security credentials, the method includes: and synchronizing the user information to each subsystem corresponding to the subsystem identification.
The execution body can maintain basic data such as users, roles, organizations, administrative division and the like in the background management system, and finally, the basic data is used for each subsystem, so that the data needs to be synchronized into each subsystem, and specific synchronization modes comprise: the method of synchronization is not particularly limited in the embodiment of the present application, through database table synchronization, message middleware (such as kafka, rabbitMQ, etc.) synchronization, or synchronization by means of real-time acquisition through an interface.
Specifically, after logging in each subsystem based on the user information, the service processing method further includes: and in response to detecting that the user logs out any one of the subsystems corresponding to the subsystem identifiers, logging out all the subsystems corresponding to the subsystem identifiers at the same time.
By way of example, the logout logic in the embodiments of the present application: the login state of the user in each system is uniformly controlled by a formal token (namely a permanent security credential) generated during login, so that after uniform login is achieved, the user logs out in one subsystem and logs out in other subsystems simultaneously.
In the embodiment, a corresponding subsystem identifier and a subsystem access address corresponding to the subsystem identifier are obtained by receiving a service processing request; acquiring a state identifier of a corresponding subsystem according to the access address of the subsystem; the method comprises the steps of responding to a state that the state identification corresponds to an unregistered state, jumping to a unified portal page to log in, responding to successful login, generating temporary security credentials, and further jumping to a login page of each subsystem corresponding to the subsystem identification with the temporary security credentials so as to acquire corresponding permanent security credentials based on the temporary security credentials; and acquiring corresponding user information based on the permanent security credentials, and logging in each subsystem based on the user information. When each subsystem is in an unregistered state, the unified portal page is jumped to log in, and after the unified portal page is successfully logged in, the temporary security credentials are carried to jump to each subsystem login page, and then the temporary security credentials are replaced by the permanent security credentials to obtain corresponding user information, so that the working efficiency of staff is improved, the safety of service processing is ensured, and the robustness and usability of the service system are enhanced.
Fig. 2 is a schematic flow chart of a service processing method according to a second embodiment of the present application, and as shown in fig. 2, the service processing method includes:
step S201, receiving a service processing request, and obtaining a corresponding subsystem identifier and a subsystem access address corresponding to the subsystem identifier.
The execution body can specifically receive the service processing request in a mode of spaced delivery. And acquiring a subsystem identifier in the service processing request and a subsystem access address corresponding to the subsystem identifier. The subsystem identifier may specifically be FWSXBL, DZZZ, JFXT, which represents subsystems such as a service transaction system, an electronic license system, an integration system, and the like.
Step S202, according to the access address of the subsystem, the state identification of the corresponding subsystem is obtained.
Step S203, in response to the state identification corresponding to the unregistered state, jumping to a unified portal page for logging, in response to the successful logging, generating a temporary security credential, and further jumping to the login page of each subsystem corresponding to the subsystem identification with the temporary security credential, so as to obtain a corresponding permanent security credential based on the temporary security credential.
The page corresponding to the background unified login portal is a unified portal page, specifically, a page where a unified login/logout interface is located, all subsystems are logged in the unified portal, and all the systems are not logged in independently. The execution body may first construct a unified portal, where a premise of constructing a unified portal is to first construct a unified user system, that is, user unified management of each subsystem (e.g., service transaction system, electronic license system, point system, etc.).
By way of example, unified portal login logic is as follows: each subsystem has own access address, when the address of each subsystem is opened, judging that if the subsystem is in a logged-in state, the subsystem is directly accessed; if the state is not logged in, the system jumps to the unified portal page to log in, and after logging in, the system jumps back to each system with token.
To ensure security, a token spliced after a jump url at the time of logging in does not use a formal token (i.e., a permanent security credential), but rather uses a temporary token (i.e., a temporary security credential).
By way of example, login jump logic is as follows: 1) After a user inputs a user name and password to log in a unified portal, a login interface stores the generated formal token in a background service (a gateway or authentication service), and simultaneously generates a temporary token which is returned to the front end of the unified portal (the temporary token corresponds to the formal token one by one), 2) the front end jumps to each subsystem with the temporary token, after the front end of the subsystem is taken up to the temporary token, the related interface is called to replace the formal token, and then the formal token calls the corresponding interface to exchange user information; 3) The front end of the subsystem receives user information, menus authorized by the user and other data, and can enter the system to display the corresponding function menus of the system for the user to use.
Log-out logic: the login state of the user in each system is uniformly controlled by the token generated during login, so that after uniform login is achieved, the user logs out in one system and logs out in other systems simultaneously.
Step S204, corresponding user information is obtained based on the permanent security credentials, and login of each subsystem is further performed based on the user information.
In step S205, in response to the user operation on the subsystem, a corresponding target subsystem is determined.
The user's operation of the subsystem includes clicking on an icon control of the subsystem in order to access the corresponding subsystem. For example, after the user clicks the icon control of the subsystem 1, the executing body obtains the identifier of the corresponding subsystem, that is, the subsystem code, for example, 01 after detecting the operation of the user, and the subsystem corresponding to the subsystem code 01 is the target subsystem, that is, the subsystem that the user wants to access.
Step S206, the function menu of the target subsystem is displayed to the user.
The subsystem code (i.e. subsystem identifier) can be associated with the subsystem access address, the execution subject can acquire the corresponding subsystem access address through the subsystem identifier, and then jump to the subsystem access address to access the function menu of the corresponding subsystem, and after detecting that the user successfully logs in the target subsystem, the execution subject can display the function menu of the target subsystem and the data which can be provided by the function menu for the user to the user.
Specifically, the method for displaying the function menu of the target subsystem to the user comprises the following steps:
Acquiring a role identifier of a user, and determining a target function menu corresponding to the role identifier and target data in the target function menu corresponding to the role identifier; and displaying the target function menu and the target data item user.
By way of example, the executing body may perform role management through a background management system. Specifically, the role is used for controlling the user permission, the role is associated with the function menu and is associated with the data, a user can see which function menu is logged into the system, and which data can be seen in each menu and is controlled by the function menu and the role associated with the data, and the function menu and the data which are not associated with the role are not displayed to the user of the role, so that the safety of data access can be ensured.
Fig. 3 is an application scenario diagram of a service processing method according to a third embodiment of the present application. The business processing method of the embodiment of the application is applied to a scene of switching among a plurality of sub-business systems to realize business processing. As shown in fig. 3, the constructed background management system pair can be internally implemented to interface with each service system, where each service system may include a transaction system, an integration system, an electronic license system, and the like. The constructed background management system can be externally connected with a third party system, and the third party system comprises an upstream system and a downstream system of the background management system. Background management systems are various in all regions of the country, and developers are different, and sometimes, in order to communicate with each other, a docking work between systems is required, including user system docking, administrative division docking, organization docking, unified single sign-on docking, and the like. The background management system constructed in the embodiment of the application plays the role of docking. Because the basic data of users, organizations, administrative division and the like are uniformly managed by the background management system, external docking is also required to be uniformly docked by the background management system. The single sign-on docking is achieved by directly calling the constructed unified login portal, and each service system does not need to care about the docking work.
Fig. 4 is a schematic diagram of core functions provided by a background management system of a service processing method according to an embodiment of the present application. As shown in fig. 4, core functions that may be implemented by the background management system include: unified interface specification, specifically providing administrative area interface, organization interface, user interface; unified authentication login; unified registration of user views; unifying organization and user systems; the method can avoid repeated construction, provide personalized standard service, provide portrait modeling service, provide intelligent recommendation hot spot service and provide unique identity for each user.
The execution main body builds a background management system for uniformly managing basic data of users, roles, administrative organizations, administrative regions and the like. Specifically, the background management system is used for constructing a unified user system and uniformly managing the basic data which can be used by each subsystem. Several essential components of this system are described below: user management: basic information such as login account numbers, passwords, names, identification card numbers, mobile phone numbers, organizations to which the users belong, administrative regions to which the users belong and the like is managed; role management: roles are generally used for controlling user rights, the roles are associated with menus and are associated with data, a user can see which function menus after logging in, and which data can be seen in each menu and are controlled by the associated roles; organization management: the government authorities in each province have own organization and definite function division (such as a province XXX management committee, a B province XXX comprehensive law enforcement bureau and the like), and the organization data is essential basic data when each business system processes business; administrative division management: the organization is affiliated to a certain administrative division, such as the A province XXX administration Committee affiliated to the A province, and the B city XXX comprehensive law enforcement affiliated to the B city. Thus, administrative division data is also one of the indispensable basic data. Access system management: the module is used for managing each subsystem accessed to the background management system, such as a system jump URL, a system name, a system number and the like. The significance of access system management is that: 1) An administrator can clearly know which business systems are accessed in, so that management is convenient, basic data maintained by a background management system is checked as a white list when a unified portal is jumped, and the maintenance can be jumped, otherwise, the business systems cannot be jumped (if the white list check is not added when the unified portal is jumped, all subsystems accessed into a government background system can not be clearly managed, and the business systems are chaotic and are not easy to operate and maintain); 2) Roles may be associated with an access system, such that a role may belong to multiple systems, or a system may have multiple roles, such that after association, a role is created that may be used in multiple business systems.
The users, roles, organizations, administrative divisions maintained in the background management system are ultimately for use by the various subsystems into which the data needs to be synchronized. The synchronization method comprises the following steps: the method can be realized by database table synchronization, message middleware (such as kafka, rabbitMQ and the like) synchronization or interface real-time acquisition.
When the business processing method provided by the embodiment of the application is applied to business processing related to government affairs, a unified user system can be constructed based on the common business scene of government staff, single sign-on is realized, the basic data related to government affairs are managed in a unified way, the robustness and usability of the whole set of background management system are enhanced, the repeated work of system users and system developers is reduced, and the working efficiency is improved.
The background management system construction scheme provided by the embodiment of the application integrates the basic data of users, roles, administrative organization, administrative division and the like of each business system, uniformly manages the basic data, synchronizes the data into each subsystem, and reduces the maintenance workload of the basic data; on the premise of opening the user system, the unified login portal of the background management system is realized, and a worker can freely switch among all subsystems by logging in once without logging in again. The background management system constructed by the embodiment of the application is easy to expand in service and technology and is easy to maintain.
Fig. 5 is a schematic diagram of main units of a service processing apparatus according to an embodiment of the present application. As shown in fig. 5, the service processing apparatus 500 includes a receiving unit 501, an acquiring unit 502, a jumping unit 503, and a login unit 504.
A receiving unit 501 configured to receive a service processing request, and obtain a corresponding subsystem identifier and a subsystem access address corresponding to the subsystem identifier;
An obtaining unit 502, configured to obtain a state identifier of a corresponding subsystem according to the subsystem access address;
A jumping unit 503, configured to jump to a unified portal page for logging in response to the state identification corresponding to the unregistered state, generate temporary security credentials in response to successful logging in, and further jump to the logging page of each subsystem corresponding to the subsystem identification with the temporary security credentials, so as to obtain corresponding permanent security credentials based on the temporary security credentials;
a login unit 504, configured to obtain corresponding user information based on the permanent security credentials, and further perform login of each subsystem based on the user information.
In some embodiments, the apparatus further comprises a presentation unit, not shown in fig. 5, configured to: responding to the operation of the subsystem by the user, and determining a corresponding target subsystem; and displaying the function menu of the target subsystem to a user.
In some embodiments, the display unit is further configured to: acquiring a role identifier of a user, and determining a target function menu corresponding to the role identifier and target data in the target function menu corresponding to the role identifier; and displaying the target function menu and the target data item user.
In some embodiments, the apparatus further comprises a verification unit, not shown in fig. 5, configured to: and calling the white list to verify the subsystem identification, and rejecting the subsystem identification with verification failure in response to the subsystem identification with verification failure, so as to update the subsystem identification.
In some embodiments, the jumping unit 503 is further configured to: the temporary security credentials are generated while the permanent security credentials are generated, and the permanent security credentials are stored in a background service for invocation.
In some embodiments, the apparatus further comprises a logout unit, not shown in fig. 5, configured to: and in response to detecting that the user logs out any one of the subsystems corresponding to the subsystem identifiers, logging out all the subsystems corresponding to the subsystem identifiers at the same time.
In some embodiments, the service processing apparatus further comprises a synchronization unit, not shown in fig. 5, configured to: and synchronizing the user information to each subsystem corresponding to the subsystem identification.
In addition, in the service processing method and the service processing apparatus of the present application, there is a corresponding relation between the specific implementation contents, so the repetitive contents will not be described.
Fig. 6 illustrates an exemplary system architecture 600 to which a business processing method or business processing apparatus of embodiments of the present application may be applied.
As shown in fig. 6, the system architecture 600 may include terminal devices 601, 602, 603, a network 604, and a server 605. The network 604 is used as a medium to provide communication links between the terminal devices 601, 602, 603 and the server 605. The network 604 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 605 via the network 604 using the terminal devices 601, 602, 603 to receive or send messages, etc. Various communication client applications such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 601, 602, 603.
The terminal devices 601, 602, 603 may be various electronic devices having a business processing screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 605 may be a server providing various services, such as a background management server (by way of example only) providing support for business process requests submitted by users using the terminal devices 601, 602, 603. The background management server can receive the service processing request and acquire the corresponding subsystem identifier and the subsystem access address corresponding to the subsystem identifier; acquiring a state identifier of a corresponding subsystem according to the access address of the subsystem; the method comprises the steps of responding to a state that the state identification corresponds to an unregistered state, jumping to a unified portal page to log in, responding to successful login, generating temporary security credentials, and further jumping to a login page of each subsystem corresponding to the subsystem identification with the temporary security credentials so as to acquire corresponding permanent security credentials based on the temporary security credentials; and acquiring corresponding user information based on the permanent security credentials, and logging in each subsystem based on the user information. When each subsystem is in an unregistered state, the unified portal page is jumped to log in, and after the unified portal page is successfully logged in, the temporary security credentials are carried to jump to each subsystem login page, and then the temporary security credentials are replaced by the permanent security credentials to obtain corresponding user information, so that the working efficiency of staff is improved, the safety of service processing is ensured, and the robustness and usability of the service system are enhanced.
It should be noted that, the service processing method provided in the embodiment of the present application is generally executed by the server 605, and accordingly, the service processing apparatus is generally disposed in the server 605.
It should be understood that the number of terminal devices, networks and servers in fig. 6 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 7, there is illustrated a schematic diagram of a computer system 700 suitable for use in implementing an embodiment of the present application. The terminal device shown in fig. 7 is only an example, and should not impose any limitation on the functions and the scope of use of the embodiment of the present application.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU) 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM703, various programs and data required for the operation of the computer system 700 are also stored. The CPU701, ROM702, and RAM703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input section 706 including a keyboard, a mouse, and the like; an output section 707 including a Cathode Ray Tube (CRT), a liquid crystal credit authorization query processor (LCD), and the like, and a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. The above-described functions defined in the system of the present application are performed when the computer program is executed by a Central Processing Unit (CPU) 701.
The computer readable medium shown in the present application may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium may include, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present application, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units involved in the embodiments of the present application may be implemented in software or in hardware. The described units may also be provided in a processor, for example, described as: a processor includes a receiving unit, an obtaining unit, a jumping unit, and a logging unit. Wherein the names of the units do not constitute a limitation of the units themselves in some cases.
As another aspect, the present application also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs, which when executed by the device, cause the device to receive a service processing request, and obtain a corresponding subsystem identifier and a subsystem access address corresponding to the subsystem identifier; acquiring a state identifier of a corresponding subsystem according to the access address of the subsystem; the method comprises the steps of responding to a state that the state identification corresponds to an unregistered state, jumping to a unified portal page to log in, responding to successful login, generating temporary security credentials, and further jumping to a login page of each subsystem corresponding to the subsystem identification with the temporary security credentials so as to acquire corresponding permanent security credentials based on the temporary security credentials; and acquiring corresponding user information based on the permanent security credentials, and logging in each subsystem based on the user information.
The computer program product of the present application comprises a computer program which, when executed by a processor, implements the service processing method in the embodiments of the present application.
According to the technical scheme of the embodiment of the application, when each subsystem is in an unregistered state, the unified portal page is jumped to log in, and after the unified portal page is successfully logged in, the temporary security credentials are carried to jump to each subsystem login page, and then the temporary security credentials are replaced by the permanent security credentials to obtain corresponding user information, so that the working efficiency of staff is improved, the safety of service processing is ensured, and the robustness and usability of the service system are enhanced.
The above embodiments do not limit the scope of the present application. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present application should be included in the scope of the present application.

Claims (14)

1. A method for processing a service, comprising:
receiving a service processing request, and acquiring a corresponding subsystem identifier and a subsystem access address corresponding to the subsystem identifier;
acquiring a state identifier of a corresponding subsystem according to the subsystem access address;
In response to the state identification corresponding to the unregistered state, skipping to a unified portal page for logging, in response to successful logging, generating temporary security credentials, and further skipping to the logging page of each subsystem corresponding to the subsystem identification with the temporary security credentials, so that the front end of the subsystem calls a related interface to acquire corresponding permanent security credentials based on the temporary security credentials, acquires corresponding user information based on the permanent security credentials, and further logs in each subsystem based on the user information;
the temporary security credentials are generated and the permanent security credentials are generated at the same time, and the permanent security credentials are stored in a background service for calling, wherein the temporary security credentials and the permanent security credentials are in one-to-one correspondence.
2. The method of claim 1, wherein after the logging in of the subsystems based on the user information, the method further comprises:
responding to the operation of the subsystem by the user, and determining a corresponding target subsystem;
and displaying the functional dishes of the target subsystem to the user.
3. The method of claim 2, wherein the presenting the functional menu of the target subsystem to the user comprises:
acquiring a role identifier of the user, and determining a target function menu corresponding to the role identifier and target data in the target function menu corresponding to the role identifier;
And displaying the target function menu and the target data item by the user.
4. The method of claim 1, wherein prior to the jumping with the temporary security credential to the landing page of each subsystem to which the subsystem identity corresponds, the method further comprises:
and calling a white list to check the subsystem identification, and rejecting the subsystem identification which fails to check in response to the subsystem identification which fails to check, thereby updating the subsystem identification.
5. The method of claim 1, wherein after the logging in of the subsystems based on the user information, the method further comprises:
And in response to detecting that a user logs out any one of the subsystems corresponding to the subsystem identification, logging out all the subsystems corresponding to the subsystem identification at the same time.
6. The method of claim 1, comprising, prior to the obtaining the corresponding user information based on the permanent security credential:
And synchronizing the user information to each subsystem corresponding to the subsystem identifier.
7. A service processing apparatus, comprising:
The receiving unit is configured to receive a service processing request and acquire a corresponding subsystem identifier and a subsystem access address corresponding to the subsystem identifier;
the acquisition unit is configured to acquire the state identification of the corresponding subsystem according to the subsystem access address;
the jump unit is configured to respond to the state that the state identifier corresponds to an unregistered state, jump to a unified portal page for logging, respond to successful logging, generate temporary security credentials, and further carry the temporary security credentials to jump to the login pages of all subsystems corresponding to the subsystem identifier, so that the front end of the subsystem calls related interfaces to acquire corresponding permanent security credentials based on the temporary security credentials, wherein the permanent security credentials are generated while the temporary security credentials are generated, the permanent security credentials are stored in a background service for calling, and the temporary security credentials and the permanent security credentials are in one-to-one correspondence;
and the login unit is configured to acquire corresponding user information based on the permanent security credentials and further perform login of each subsystem based on the user information.
8. The apparatus of claim 7, further comprising a display unit configured to:
responding to the operation of the subsystem by the user, and determining a corresponding target subsystem;
and displaying the functional dishes of the target subsystem to the user.
9. The apparatus of claim 8, wherein the display unit is further configured to:
acquiring a role identifier of the user, and determining a target function menu corresponding to the role identifier and target data in the target function menu corresponding to the role identifier;
And displaying the target function menu and the target data item by the user.
10. The apparatus of claim 7, further comprising a verification unit configured to:
and calling a white list to check the subsystem identification, and rejecting the subsystem identification which fails to check in response to the subsystem identification which fails to check, thereby updating the subsystem identification.
11. The apparatus of claim 7, further comprising a logout unit configured to:
And in response to detecting that a user logs out any one of the subsystems corresponding to the subsystem identification, logging out all the subsystems corresponding to the subsystem identification at the same time.
12. A business processing electronic device, comprising:
one or more processors;
Storage means for storing one or more programs,
The one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-6.
13. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-6.
14. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any of claims 1-6.
CN202210299671.7A 2022-03-25 2022-03-25 Service processing method, device, electronic equipment and computer readable medium Active CN114745164B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210299671.7A CN114745164B (en) 2022-03-25 2022-03-25 Service processing method, device, electronic equipment and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210299671.7A CN114745164B (en) 2022-03-25 2022-03-25 Service processing method, device, electronic equipment and computer readable medium

Publications (2)

Publication Number Publication Date
CN114745164A CN114745164A (en) 2022-07-12
CN114745164B true CN114745164B (en) 2024-05-03

Family

ID=82276811

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210299671.7A Active CN114745164B (en) 2022-03-25 2022-03-25 Service processing method, device, electronic equipment and computer readable medium

Country Status (1)

Country Link
CN (1) CN114745164B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118734277B (en) * 2024-09-02 2024-11-08 贵州财经大学 Identity verification method, device and system based on data credentials

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109409043A (en) * 2018-09-03 2019-03-01 中国平安人寿保险股份有限公司 Login method, terminal device and the medium of application system
CN110417730A (en) * 2019-06-17 2019-11-05 平安科技(深圳)有限公司 The unified access method and relevant device of multiple utility program
WO2020236394A1 (en) * 2019-05-20 2020-11-26 Citrix Systems, Inc. Computing system and methods providing session access based upon authentication token with different authentication credentials
CN113934998A (en) * 2021-11-01 2022-01-14 阳光保险集团股份有限公司 Gateway authentication method, service system authentication method and gateway authentication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109409043A (en) * 2018-09-03 2019-03-01 中国平安人寿保险股份有限公司 Login method, terminal device and the medium of application system
WO2020236394A1 (en) * 2019-05-20 2020-11-26 Citrix Systems, Inc. Computing system and methods providing session access based upon authentication token with different authentication credentials
CN110417730A (en) * 2019-06-17 2019-11-05 平安科技(深圳)有限公司 The unified access method and relevant device of multiple utility program
CN113934998A (en) * 2021-11-01 2022-01-14 阳光保险集团股份有限公司 Gateway authentication method, service system authentication method and gateway authentication system

Also Published As

Publication number Publication date
CN114745164A (en) 2022-07-12

Similar Documents

Publication Publication Date Title
US9524382B2 (en) System and method for centralizedly controlling server user rights
CN107733922B (en) Method and apparatus for invoking a service
CN113239344B (en) Access right control method and device
JP6707127B2 (en) Access server authenticity check initiated by end user
CN108701175B (en) Associating user accounts with enterprise workspaces
CN112202744B (en) Multi-system data communication method and device
US11477187B2 (en) API key access authorization
CN112910904B (en) Login method and device of multi-service system
US20210328952A1 (en) Context Driven Dynamic Actions Embedded in Messages
CN103415847A (en) A system and method for accessing a service
CN114745164B (en) Service processing method, device, electronic equipment and computer readable medium
CN113572763B (en) Data processing method and device, electronic equipment and storage medium
CN113282591B (en) Authority filtering method, authority filtering device, computer equipment and storage medium
CN113010238A (en) Permission determination method, device and system for micro application call interface
US12068933B2 (en) Launcher application with connectivity detection for shared mobile devices
CN110765445B (en) Method and device for processing request
CN111191256B (en) Method and device for configuring user permission
CN116244682A (en) Database access method, device, equipment and storage medium
CN113765866B (en) Method and device for logging in remote host
CN115733685A (en) Web session authentication management method and device, computer equipment and storage medium
CN114417318A (en) Third-party page jumping method and device and electronic equipment
CN111147470A (en) Account authorization method and device and electronic equipment
CN115297019B (en) Management method of Internet of things application platform, internet of things system, equipment and medium
CN114189365B (en) Universal multi-tenant service authorization method and device based on field mapping
CN112069517B (en) Method and device for managing user rights

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant