Nothing Special   »   [go: up one dir, main page]

CN113010238A - Permission determination method, device and system for micro application call interface - Google Patents

Permission determination method, device and system for micro application call interface Download PDF

Info

Publication number
CN113010238A
CN113010238A CN202110310755.1A CN202110310755A CN113010238A CN 113010238 A CN113010238 A CN 113010238A CN 202110310755 A CN202110310755 A CN 202110310755A CN 113010238 A CN113010238 A CN 113010238A
Authority
CN
China
Prior art keywords
data table
interface
authority
permission
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110310755.1A
Other languages
Chinese (zh)
Inventor
袁潇锋
关宇坤
李冲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202110310755.1A priority Critical patent/CN113010238A/en
Publication of CN113010238A publication Critical patent/CN113010238A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/448Execution paradigms, e.g. implementations of programming paradigms
    • G06F9/4482Procedural
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a method, a device and a system for determining permission of a micro application call interface, and relates to the technical field of mobile interconnection. One embodiment of the method comprises: acquiring a first time stamp corresponding to a client side authority data table, and acquiring a second time stamp corresponding to a server side authority data table from a server side; judging whether to update the client permission data table or not according to the first time stamp and the second time stamp; if so, sending an authority updating request to the server to obtain a server authority data table, determining an authority result corresponding to the micro application calling interface according to the server authority data table, and updating the client authority data table according to the server authority data table. The method and the device improve the safety of the called interface, reduce the authority determining cost and the maintenance cost of the called interface, improve the fault tolerance rate of the processing method, improve the expansibility of the called interface, simplify the authority determining flow and improve the user experience.

Description

Permission determination method, device and system for micro application call interface
Technical Field
The invention relates to the technical field of mobile interconnection, in particular to a permission determination method, device and system of a micro application call interface.
Background
Under the micro-service architecture, each micro-application needs to authenticate access, and each micro-application needs to determine the current access user and the authority of the current access user. Under the micro-service architecture, a variety of authentication scenarios such as external application access scenario, user-service authentication, service-service authentication, etc. need to be considered.
The permission determination method of the micro application call interface in the existing method mainly comprises the following steps: firstly, all micro applications have the authority to call all APIs, and specific calling is controlled by a developer according to requirements; secondly, all the micro applications are divided into two parts: internal micro-applications and external micro-applications. The internal micro application can call all the APIs, and the external micro application can only call part of the APIs, so that the internal micro application and the external micro application are distinguished according to the micro application attribute; and thirdly, constructing an authorization model of 'user-role-authority', and associating the user with the authority through the role by using the authorization model so as to set the batch user authority aiming at the role.
The prior art has at least the following problems:
the existing permission determining method for the micro application calling interface has the advantages of low safety of the calling interface, high permission determining cost, low fault tolerance rate of a processing method, high maintenance cost of the calling interface, poor expansibility of the calling interface, complex permission determining process and poor user experience.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, and a system for determining permissions of a micro application call interface, which can improve security of the call interface, reduce permission determination cost and maintenance cost of the call interface, improve fault tolerance of a processing method, improve expandability of the call interface, simplify permission determination process, and improve user experience.
In order to achieve the above object, according to a first aspect of the embodiments of the present invention, there is provided a method for determining permission of a micro application call interface, which is applied to a client, and includes:
acquiring a first time stamp corresponding to a client side authority data table, and acquiring a second time stamp corresponding to a server side authority data table from a server side;
judging whether to update the client permission data table or not according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when the management system operates the server authority data table;
if so, sending an authority updating request to the server to obtain a server authority data table, determining an authority result corresponding to the micro application calling interface according to the server authority data table, and updating the client authority data table according to the server authority data table.
Further, after the step of updating the client side permission data table according to the server side permission data table, the method further includes:
acquiring a corresponding update timestamp when the client permission data table is updated;
the first timestamp is replaced with the update timestamp.
Further, before the step of obtaining the first timestamp corresponding to the client permission data table, the method further includes:
sending the call interface information to a management system such that: the management system sets interface calling authority according to the first service requirement and the calling interface information, and sends the interface calling authority to the server side; and the server side determines a server side authority data table according to the interface calling authority and records the current timestamp as a second timestamp.
According to a second aspect of the embodiments of the present invention, there is provided a method for determining permission of a micro application call interface, which is applied to a server, and includes:
responding to a second timestamp acquisition request sent by the client, and sending a second timestamp corresponding to the server side permission data table to the client;
receiving a permission updating request sent by the micro application based on the client, wherein the permission updating request is generated after the client determines that the client permission data table needs to be updated according to the second time stamp and the first time stamp corresponding to the client permission data table;
sending the server side authority data table to the client side, so that the micro application determines an authority result corresponding to a micro application calling interface according to the server side authority data table, and updating the client side authority data table; the server side authority data table is determined according to the interface calling authority sent by the management system.
Further, the step of determining the server authority data table according to the interface call authority sent by the management system further includes:
receiving an interface calling authority sent by a management system; the management system is used for setting the interface calling authority according to the first service requirement and calling interface information sent by the micro application;
and determining a server side authority data table according to the interface calling authority, and recording the current timestamp as a second timestamp.
According to a third aspect of the embodiments of the present invention, there is provided a method for determining permission of a micro application call interface, which is applied to a management system, and includes:
receiving calling interface information sent by at least one micro application;
setting interface calling authority according to the first service requirement and calling interface information sent by at least one micro application;
sending the interface calling authority to a server so that: after receiving a permission updating request sent by the micro application based on the client, the server sends a server permission data table to the micro application, and the micro application determines a permission result corresponding to a micro application calling interface according to the server permission data table; the server side authority data table is determined by the server side according to the interface calling authority.
Further, the calling interface information comprises an interface number, interface function characteristics and a micro application number; setting interface calling authority according to the first service requirement and calling interface information sent by at least one micro application, and further comprising:
grouping the calling interfaces according to the interface numbers and the interface function characteristics;
and setting interface calling authorities corresponding to the micro application numbers in batches according to the grouping result and the service requirement.
Furthermore, the calling interface information also comprises micro application attributes; before the step of sending the interface calling authority to the server, the method further comprises:
and determining the micro application type according to the micro application attribute, and determining the interface calling authority corresponding to the micro application number according to the micro application type.
Further, setting an interface calling authority according to the first service requirement and calling interface information sent by at least one micro application, further comprising:
judging whether the called interface is a target interface or not according to the service requirement and the interface number in the calling interface information;
if so, respectively setting interface calling authorities for different interface functions of the target interface according to the first service requirement and the interface function characteristics corresponding to the interface number.
Further, still include:
and receiving a second service requirement, and updating the calling interface and the interface calling authority corresponding to the calling interface according to the second service requirement.
According to a fourth aspect of the embodiments of the present invention, there is provided an apparatus for determining permission of a micro application call interface, which is disposed on a client, and includes:
the time stamp obtaining module is used for obtaining a first time stamp corresponding to the client side authority data table and obtaining a second time stamp corresponding to the server side authority data table from the server side;
the judging module is used for judging whether to update the client permission data table according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when the management system operates the server authority data table;
and the permission determining module is used for sending a permission updating request to the server side under the condition that the client side permission data table needs to be updated so as to obtain the server side permission data table, determining a permission result corresponding to the micro application calling interface according to the server side permission data table, and updating the client side permission data table according to the server side permission data table.
According to a fifth aspect of the embodiments of the present invention, there is provided an apparatus for determining permission of a micro application call interface, which is disposed at a server, and includes:
the first sending module is used for responding to a second timestamp acquisition request sent by the client and sending a second timestamp corresponding to the server side permission data table to the client;
the request receiving module is used for receiving a permission updating request sent by the micro application based on the client, wherein the permission updating request is generated after the client determines that the client permission data table needs to be updated according to the second time stamp and the first time stamp corresponding to the client permission data table;
the second sending module is used for sending the server side authority data table to the client side, so that the micro application determines an authority result corresponding to the micro application calling interface according to the server side authority data table and updates the client side authority data table; the server side authority data table is determined according to the interface calling authority sent by the management system.
According to a sixth aspect of the embodiments of the present invention, there is provided an authority determination apparatus for a micro application call interface, which is provided in a management system, and includes:
the calling interface information receiving module is used for receiving calling interface information sent by at least one micro application;
the permission setting module is used for setting interface calling permission according to the first service requirement and calling interface information sent by at least one micro application;
the permission sending module is used for sending the interface calling permission to the server side so as to enable: after receiving a permission updating request sent by the micro application based on the client, the server sends a server permission data table to the micro application, and the micro application determines a permission result corresponding to a micro application calling interface according to the server permission data table; the server side authority data table is determined by the server side according to the interface calling authority.
According to a seventh aspect of the embodiments of the present invention, there is provided a permission determination system for a micro application call interface, including a client, a server, and a management system; wherein,
the client is used for acquiring a first time stamp corresponding to the client permission data table and acquiring a second time stamp corresponding to the server permission data table from the server; judging whether to update the client permission data table or not according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when the management system operates the server authority data table; if so, sending an authority updating request to the server to acquire a server authority data table, determining an authority result corresponding to the micro application calling interface according to the server authority data table, and updating the client authority data table according to the server authority data table;
the server is used for responding to a second timestamp acquisition request sent by the client and sending a second timestamp corresponding to the server authority data table to the client; receiving a permission updating request sent by the micro application based on the client; sending the server side authority data table to the client side;
the management system is used for receiving calling interface information sent by at least one micro application; setting interface calling authority according to the first service requirement and calling interface information sent by at least one micro application; and sending the interface calling authority to the server.
According to an eighth aspect of the embodiments of the present invention, there is provided an electronic apparatus including:
one or more processors;
a storage device for storing one or more programs,
when executed by one or more processors, cause the one or more processors to implement the method for determining permissions of a micro application call interface as described in any of the above.
According to a ninth aspect of the embodiments of the present invention, there is provided a computer-readable medium on which a computer program is stored, the program, when executed by a processor, implementing the method for determining the authority of a micro application call interface as any one of the above.
One embodiment of the above invention has the following advantages or benefits: the first time stamp corresponding to the client side authority data table is obtained, and the second time stamp corresponding to the server side authority data table is obtained from the server side; judging whether to update the client permission data table or not according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when the management system operates the server authority data table; if yes, sending a permission updating request to the server to obtain a server permission data table, determining a permission result corresponding to the micro application calling interface according to the server permission data table, updating the client permission data table according to the server permission data table, therefore, the technical problems of lower security of the calling interface, higher authority determining cost, lower fault tolerance rate of the processing method, high maintenance cost of the calling interface, poor expansibility of the calling interface, complex authority determining flow and poor user experience in the conventional authority determining method of the micro application calling interface are solved, therefore, the safety of the called interface is improved, the authority determining cost and the maintenance cost of the called interface are reduced, the fault tolerance rate of the processing method is improved, the expansibility of the called interface is improved, the authority determining flow is simplified, and the technical effect of user experience is improved.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a schematic diagram of a main flow of a permission determination method of a micro application call interface according to a first embodiment of the present invention;
fig. 2 is a schematic diagram of a main flow of a permission determination method of a micro application call interface according to a second embodiment of the present invention;
fig. 3 is a schematic diagram of a main flow of a permission determination method of a micro application call interface according to a third embodiment of the present invention;
fig. 4 is a schematic diagram of main modules of an authority determination device of a micro application call interface according to a fourth embodiment of the present invention;
fig. 5 is a schematic diagram of main blocks of a permission determination device of a micro application call interface according to a fifth embodiment of the present invention;
fig. 6 is a schematic diagram of main blocks of an authority determination device of a micro application call interface according to a sixth embodiment of the present invention;
FIG. 7 is an interaction diagram of the main framework of the permission determination system of the micro application call interface according to the seventh embodiment of the present invention;
FIG. 8 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 9 is a schematic structural diagram of a computer system suitable for implementing a terminal device or a server according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 is a schematic diagram of a main flow of a permission determination method of a micro application call interface according to a first embodiment of the present invention; as shown in fig. 1, the method for determining permission of a micro application call interface according to an embodiment of the present invention is mainly applied to a client, and includes:
step S101, acquiring a first time stamp corresponding to a client side authority data table, and acquiring a second time stamp corresponding to a server side authority data table from a server side; and the second timestamp is a timestamp corresponding to the management system when operating the server authority data table.
Specifically, according to the embodiment of the present invention, the first timestamp corresponding to the client permission data table is a timestamp corresponding to the client when the client operates the data table, and the client operation includes a storage operation and an update operation.
And step S102, judging whether to update the client permission data table according to the first time stamp and the second time stamp. If yes, updating the client permission data table; if not, the client permission data table does not need to be updated.
Specifically, according to the embodiment of the invention, if the client permission data table does not need to be updated, the client permission data table is the latest permission data, the permission result corresponding to the micro application calling interface can be directly determined according to the client permission data table locally stored by the client, and then the client permission data table is updated according to the server permission data table.
Through the setting, the permission data table corresponding to the micro-application calling interface is stored in the client locally, when the permission result of the micro-application calling interface is determined, the permission result can be determined quickly only by comparing the timestamp of the client operating the data table with the operation timestamp of the permission data table corresponding to the server, the situation that the server acquires the latest permission data at every time in the existing method and occupies more server resources is avoided, the permission result determining efficiency is improved, and the occupation of data transmission on the server resources is reduced.
Further, according to the embodiment of the present invention, determining whether to update the client permission data table according to the first timestamp and the second timestamp, further includes:
judging whether the first time stamp is earlier than the second time stamp, if so, updating the client permission data table; if not, the client permission data table does not need to be updated.
If the first timestamp is earlier than the second timestamp and indicates that the client stores or updates the client permission data table, the server permission data table is updated, and in this case, the latest server permission data table needs to be acquired from the server to update the client permission data table, so that timeliness of the determined permission result can be guaranteed, the permission determination process is simplified, and technical effects of user experience are improved.
Step S103, sending an authority updating request to the server to obtain a server authority data table, determining an authority result corresponding to the micro application calling interface according to the server authority data table, and updating the client authority data table according to the server authority data table.
Through the setting, the authority data table is obtained from the server only after the authority data table of the server is updated (whether the authority data table of the server is updated or not can be judged according to the comparison of the second time stamp and the first time stamp), otherwise, the authority result can be directly determined according to the authority data table of the client locally stored by the client.
Further, according to the embodiment of the present invention, after the step of updating the client side permission data table according to the server side permission data table, the method further includes: acquiring a corresponding update timestamp when the client permission data table is updated; the first timestamp is replaced with the update timestamp.
And if the server side authority data table needs to be acquired again, updating the first timestamp when the client side authority data table is updated so as to judge whether the client side authority data table needs to be updated or not according to the timestamp corresponding to the latest operation of the authority data table during subsequent calling.
Preferably, according to an embodiment of the present invention, before the step of obtaining the first timestamp corresponding to the client permission data table, the method further includes: sending the call interface information to a management system such that: the management system sets interface calling authority according to the first service requirement and the calling interface information, and sends the interface calling authority to the server side; and the server side determines a server side authority data table according to the interface calling authority and records the current timestamp as a second timestamp.
Through the setting, the management system is used for uniformly setting the authority of the calling interface for the micro application, the safety of the called interface is guaranteed, and the authority determining cost and the maintenance cost of the calling interface are reduced.
According to the technical scheme of the embodiment of the invention, the first time stamp corresponding to the client side authority data table is obtained, and the second time stamp corresponding to the server side authority data table is obtained from the server side; judging whether to update the client permission data table or not according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when the management system operates the server authority data table; if yes, sending a permission updating request to the server to obtain a server permission data table, determining a permission result corresponding to the micro application calling interface according to the server permission data table, updating the client permission data table according to the server permission data table, therefore, the technical problems of lower security of the calling interface, higher authority determining cost, lower fault tolerance rate of the processing method, high maintenance cost of the calling interface, poor expansibility of the calling interface, complex authority determining flow and poor user experience in the conventional authority determining method of the micro application calling interface are solved, therefore, the safety of the called interface is improved, the authority determining cost and the maintenance cost of the called interface are reduced, the fault tolerance rate of the processing method is improved, the expansibility of the called interface is improved, the authority determining flow is simplified, and the technical effect of user experience is improved.
Fig. 2 is a schematic diagram of a main flow of a permission determination method of a micro application call interface according to a second embodiment of the present invention; as shown in fig. 2, the method for determining permission of a micro application call interface provided in an embodiment of the present invention is applied to a server, and mainly includes:
step S201, in response to a second timestamp obtaining request sent by the client, sending a second timestamp corresponding to the server side permission data table to the client.
Specifically, according to an embodiment of the present invention, the first timestamp corresponding to the client permission data table is a timestamp corresponding to when the client operates the data table, and the client operation includes a storage operation and an update operation. When the client wants to determine the calling interface authority corresponding to the micro application, the client needs to send a second timestamp acquisition request to the server so as to acquire a second timestamp corresponding to the server authority data table from the server. And the client side authority data table updating module is used for judging whether the client side authority data table needs to be updated according to the first time stamp and the second time stamp corresponding to the client side authority data table.
Step S202, receiving an authority updating request sent by the micro application based on the client, wherein the authority updating request is generated after the client determines that the client authority data table needs to be updated according to the second time stamp and the first time stamp corresponding to the client authority data table.
According to the embodiment of the invention, when the client judges that the client permission data table needs to be updated according to the first time stamp and the second time stamp, the client needs to send a permission updating request to the server, so that the latest server permission data table is used for determining the micro-application permission result and updating the locally stored client permission data table.
Through the setting, the permission data table corresponding to the micro-application calling interface is stored in the client locally, when the permission result of the micro-application calling interface is determined, the permission result can be determined quickly only by comparing the timestamp of the client operating the data table with the operation timestamp of the permission data table corresponding to the server, the situation that the server acquires the latest permission data at every time in the existing method and occupies more server resources is avoided, the permission result determining efficiency is improved, and the occupation of data transmission on the server resources is reduced.
Step S203, the server side authority data table is sent to the client side, so that the micro application determines an authority result corresponding to the micro application calling interface according to the server side authority data table, and the client side authority data table is updated; the server side authority data table is determined according to the interface calling authority sent by the management system.
Through the setting, the authority data table is obtained from the server only after the authority data table of the server is updated (whether the authority data table of the server is updated or not can be judged according to the comparison of the second time stamp and the first time stamp), otherwise, the authority result can be directly determined according to the authority data table of the client locally stored by the client.
Further, according to an embodiment of the present invention, the step of determining the server side permission data table according to the interface call permission sent by the management system further includes: receiving an interface calling authority sent by a management system; the management system is used for setting the interface calling authority according to the first service requirement and calling interface information sent by the micro application;
and determining a server side authority data table according to the interface calling authority, and recording the current timestamp as a second timestamp.
Through the setting, the management system is used for uniformly setting the authority of the calling interface for the micro application, the safety of the called interface is guaranteed, and the authority determining cost and the maintenance cost of the calling interface are reduced. According to a specific implementation manner of the embodiment of the present invention, the management system may be independent from the server, or may be disposed in the server.
According to the technical scheme of the embodiment of the invention, the second timestamp corresponding to the server side authority data table is sent to the client side by adopting the second timestamp obtaining request sent by responding to the client side; receiving a permission updating request sent by the micro application based on the client, wherein the permission updating request is generated after the client determines that the client permission data table needs to be updated according to the second time stamp and the first time stamp corresponding to the client permission data table; sending the server side authority data table to the client side, so that the micro application determines an authority result corresponding to a micro application calling interface according to the server side authority data table, and updating the client side authority data table; the technical means that the authority is determined by the server side authority data sheet according to the interface calling authority sent by the management system is overcome, the technical problems that the safety of calling the interface is low, the authority determining cost is high, the fault tolerance rate of a processing method is low, the maintenance cost of the calling interface is high, the expansibility of the calling interface is poor, the authority determining flow is complex, and the user experience is poor in the conventional authority determining method for calling the interface through micro applications are solved, so that the safety of the called interface is improved, the authority determining cost and the maintenance cost of the calling interface are reduced, the fault tolerance rate of the processing method is improved, the expansibility of the calling interface is improved, the authority determining flow is simplified, and the technical effect of the user experience is improved.
Fig. 3 is a schematic diagram of a main flow of a permission determination method of a micro application call interface according to a third embodiment of the present invention; as shown in fig. 3, the method for determining permission of a micro application call interface according to an embodiment of the present invention is applied to a management system, and mainly includes:
step S301, receiving calling interface information sent by at least one micro application.
Specifically, according to the embodiment of the present invention, the call interface information includes an interface number, an interface function feature, and a micro application number; setting interface calling authority according to the first service requirement and calling interface information sent by at least one micro application, and further comprising: grouping the calling interfaces according to the interface numbers and the interface function characteristics; and setting interface calling authorities corresponding to the micro application numbers in batches according to the grouping result and the service requirement.
Through the setting, the management system obtains the calling interface information sent by the micro applications, and then sets the authority of the calling interface corresponding to the micro applications in batches according to the interface number, the interface function characteristics, the service requirements and the like, so that the safety of the called interface is guaranteed, and the authority determining cost and the maintenance cost of the calling interface are reduced.
Step S302, interface calling authority is set according to the first service requirement and calling interface information sent by at least one micro application.
Further, according to the embodiment of the present invention, the call interface information further includes a micro application attribute; before the step of sending the interface calling authority to the server, the method further comprises: and determining the micro application type according to the micro application attribute, and determining the interface calling authority corresponding to the micro application number according to the micro application type.
Through the setting, the interface calling authority can be determined according to the micro application type, and the condition that when a developer sets the calling authority through a management system, due to misoperation, the calling authority corresponding to the micro application of a special type is set wrongly is avoided. According to the embodiment of the invention, a micro application management terminal list is constructed, micro applications belonging to the list uniformly set or do not set corresponding calling interface authorities, and the safety of the called interfaces is improved.
Preferably, according to an embodiment of the present invention, the setting of the interface invocation permission according to the first service requirement and the invocation interface information sent by the at least one micro application further includes: judging whether the called interface is a target interface or not according to the service requirement and the interface number in the calling interface information; if so, respectively setting interface calling authorities for different interface functions of the target interface according to the first service requirement and the interface function characteristics corresponding to the interface number.
According to a specific implementation manner of the embodiment of the present invention, the micro Application may add a usable special API (Application Program Interface), and when the special API (i.e., the target Interface) is added, it is required to set whether the special API needs to check the parameter permission. If the parameter authority needs to be checked, the parameter key and the allowed parameter value which need to be checked need to be configured at the same time.
If the channel client API is appointed by jumping: openClientFunction, assuming that the interface id allocated during registration of the API is 1002, the API has a channel field to check the parameter authority, and the currently provided parameters are: 1: a mobile phone bank; 2: an enterprise bank; 3: a payment channel c; 4: a payment channel d; 5: a payment channel e; 6: a payment channel f.
When only the special use permission of the API is configured for a certain micro application, if only the use parameters 1 and 5 are allowed (i.e. only the call permissions corresponding to the two interface function features of the API are set for the micro application), the finally generated permission verification data is configured as follows:
{
“1002”:{“channel”:[“1”,”5”]}
}
illustratively, according to the embodiment of the present invention, the foregoing further includes: and receiving a second service requirement, and updating the calling interface and the interface calling authority corresponding to the calling interface according to the second service requirement.
Through the setting, a developer can add, delete and change the calling interface API according to the service requirement (namely the second service requirement) updated in real time; and the calling authority corresponding to each API can be adjusted, so that the expansibility of a calling interface is improved.
Step S303, sending the interface call authority to the server, so that: after receiving a permission updating request sent by the micro application based on the client, the server sends a server permission data table to the micro application, and the micro application determines a permission result corresponding to a micro application calling interface according to the server permission data table; the server side authority data table is determined by the server side according to the interface calling authority.
According to the technical scheme of the embodiment of the invention, the calling interface information sent by at least one micro application is received; setting interface calling authority according to the first service requirement and calling interface information sent by at least one micro application; sending the interface calling authority to a server so that: after receiving a permission updating request sent by the micro application based on the client, the server sends a server permission data table to the micro application, and the micro application determines a permission result corresponding to a micro application calling interface according to the server permission data table; the server side authority data sheet is a technical means for determining the authority called by the server side according to the interface, so that the technical problems that the safety of calling the interface is low, the authority determining cost is high, the fault tolerance of a processing method is low, the maintenance cost of the calling interface is high, the expansibility of the calling interface is poor, the authority determining flow is complex, and the user experience is poor in the conventional authority determining method for calling the interface by micro application are solved, the safety of the called interface is improved, the authority determining cost and the maintenance cost of the calling interface are reduced, the fault tolerance of the processing method is improved, the expansibility of the calling interface is improved, the authority determining flow is simplified, and the technical effect of the user experience is improved.
Fig. 4 is a schematic diagram of main modules of an authority determination device of a micro application call interface according to a fourth embodiment of the present invention; as shown in fig. 4, an apparatus 400 for determining permission of a micro application call interface provided in an embodiment of the present invention is disposed at a client, and mainly includes:
the timestamp obtaining module 401 is configured to obtain a first timestamp corresponding to the client permission data table, and obtain a second timestamp corresponding to the server permission data table from the server.
Specifically, according to the embodiment of the present invention, the first timestamp corresponding to the client permission data table is a timestamp corresponding to the client when the client operates the data table, and the client operation includes a storage operation and an update operation.
A judging module 402, configured to judge whether to update the client permission data table according to the first timestamp and the second timestamp; and the second timestamp is a timestamp corresponding to the management system when operating the server authority data table.
Specifically, according to the embodiment of the invention, if the client permission data table does not need to be updated, the client permission data table is the latest permission data, the permission result corresponding to the micro application calling interface can be directly determined according to the client permission data table locally stored by the client, and then the client permission data table is updated according to the server permission data table.
Through the setting, the permission data table corresponding to the micro-application calling interface is stored in the client locally, when the permission result of the micro-application calling interface is determined, the permission result can be determined quickly only by comparing the timestamp of the client operating the data table with the operation timestamp of the permission data table corresponding to the server, the situation that the server acquires the latest permission data at every time in the existing method and occupies more server resources is avoided, the permission result determining efficiency is improved, and the occupation of data transmission on the server resources is reduced.
Further, according to an embodiment of the present invention, the determining module 402 is further configured to: judging whether the first time stamp is earlier than the second time stamp, if so, updating the client permission data table; if not, the client permission data table does not need to be updated.
If the first timestamp is earlier than the second timestamp and indicates that the client stores or updates the client permission data table, the server permission data table is updated, and in this case, the latest server permission data table needs to be acquired from the server to update the client permission data table, so that timeliness of the determined permission result can be guaranteed, the permission determination process is simplified, and technical effects of user experience are improved.
The permission determining module 403 is configured to send a permission updating request to the server to obtain the server permission data table when the client permission data table needs to be updated, determine a permission result corresponding to the micro application call interface according to the server permission data table, and update the client permission data table according to the server permission data table.
Through the setting, the authority data table is obtained from the server only after the authority data table of the server is updated (whether the authority data table of the server is updated or not can be judged according to the comparison of the second time stamp and the first time stamp), otherwise, the authority result can be directly determined according to the authority data table of the client locally stored by the client.
Further, according to the embodiment of the present invention, the apparatus 400 for determining permission of a micro application call interface further includes a timestamp updating module, after the step of updating the client permission data table according to the server permission data table, configured to: acquiring a corresponding update timestamp when the client permission data table is updated; the first timestamp is replaced with the update timestamp.
And if the server side authority data table needs to be acquired again, updating the first timestamp when the client side authority data table is updated so as to judge whether the client side authority data table needs to be updated or not according to the timestamp corresponding to the latest operation of the authority data table during subsequent calling.
Preferably, according to an embodiment of the present invention, the apparatus 400 for determining permission of a micro application call interface further includes a call interface information sending module, before the step of obtaining the first timestamp corresponding to the client permission data table, configured to: sending the call interface information to a management system such that: the management system sets interface calling authority according to the first service requirement and the calling interface information, and sends the interface calling authority to the server side; and the server side determines a server side authority data table according to the interface calling authority and records the current timestamp as a second timestamp.
Through the setting, the management system is used for uniformly setting the authority of the calling interface for the micro application, the safety of the called interface is guaranteed, and the authority determining cost and the maintenance cost of the calling interface are reduced.
According to the technical scheme of the embodiment of the invention, the first time stamp corresponding to the client side authority data table is obtained, and the second time stamp corresponding to the server side authority data table is obtained from the server side; judging whether to update the client permission data table or not according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when the management system operates the server authority data table; if yes, sending a permission updating request to the server to obtain a server permission data table, determining a permission result corresponding to the micro application calling interface according to the server permission data table, updating the client permission data table according to the server permission data table, therefore, the technical problems of lower security of the calling interface, higher authority determining cost, lower fault tolerance rate of the processing method, high maintenance cost of the calling interface, poor expansibility of the calling interface, complex authority determining flow and poor user experience in the conventional authority determining method of the micro application calling interface are solved, therefore, the safety of the called interface is improved, the authority determining cost and the maintenance cost of the called interface are reduced, the fault tolerance rate of the processing method is improved, the expansibility of the called interface is improved, the authority determining flow is simplified, and the technical effect of user experience is improved.
Fig. 5 is a schematic diagram of main blocks of a permission determination device of a micro application call interface according to a fifth embodiment of the present invention; as shown in fig. 5, an apparatus 500 for determining permission of a micro application call interface provided in an embodiment of the present invention is disposed at a server, and mainly includes:
the first sending module 501 is configured to send, to the client, a second timestamp corresponding to the server side permission data table in response to a second timestamp obtaining request sent by the client.
Specifically, according to an embodiment of the present invention, the first timestamp corresponding to the client permission data table is a timestamp corresponding to when the client operates the data table, and the client operation includes a storage operation and an update operation. When the client wants to determine the calling interface authority corresponding to the micro application, the client needs to send a second timestamp acquisition request to the server so as to acquire a second timestamp corresponding to the server authority data table from the server. And the client side authority data table updating module is used for judging whether the client side authority data table needs to be updated according to the first time stamp and the second time stamp corresponding to the client side authority data table.
The request receiving module 502 is configured to receive an authority updating request sent by the micro application based on the client, where the authority updating request is generated after the client determines that the client authority data table needs to be updated according to the second timestamp and the first timestamp corresponding to the client authority data table.
According to the embodiment of the invention, when the client judges that the client permission data table needs to be updated according to the first time stamp and the second time stamp, the client needs to send a permission updating request to the server, so that the latest server permission data table is used for determining the micro-application permission result and updating the locally stored client permission data table.
Through the setting, the permission data table corresponding to the micro-application calling interface is stored in the client locally, when the permission result of the micro-application calling interface is determined, the permission result can be determined quickly only by comparing the timestamp of the client operating the data table with the operation timestamp of the permission data table corresponding to the server, the situation that the server acquires the latest permission data at every time in the existing method and occupies more server resources is avoided, the permission result determining efficiency is improved, and the occupation of data transmission on the server resources is reduced.
The second sending module 503 is configured to send the server side permission data table to the client, so that the micro application determines a permission result corresponding to the micro application call interface according to the server side permission data table, and updates the client side permission data table; the server side authority data table is determined according to the interface calling authority sent by the management system.
Through the setting, the authority data table is obtained from the server only after the authority data table of the server is updated (whether the authority data table of the server is updated or not can be judged according to the comparison of the second time stamp and the first time stamp), otherwise, the authority result can be directly determined according to the authority data table of the client locally stored by the client.
Further, according to the embodiment of the present invention, the apparatus 500 for determining the authority of the micro application call interface further includes a server authority data table determining module, configured to: receiving an interface calling authority sent by a management system; the management system is used for setting the interface calling authority according to the first service requirement and calling interface information sent by the micro application; and determining a server side authority data table according to the interface calling authority, and recording the current timestamp as a second timestamp.
Through the setting, the management system is used for uniformly setting the authority of the calling interface for the micro application, the safety of the called interface is guaranteed, and the authority determining cost and the maintenance cost of the calling interface are reduced. According to a specific implementation manner of the embodiment of the present invention, the management system may be independent from the server, or may be disposed in the server.
According to the technical scheme of the embodiment of the invention, the second timestamp corresponding to the server side authority data table is sent to the client side by adopting the second timestamp obtaining request sent by responding to the client side; receiving a permission updating request sent by the micro application based on the client, wherein the permission updating request is generated after the client determines that the client permission data table needs to be updated according to the second time stamp and the first time stamp corresponding to the client permission data table; sending the server side authority data table to the client side, so that the micro application determines an authority result corresponding to a micro application calling interface according to the server side authority data table, and updating the client side authority data table; the technical means that the authority is determined by the server side authority data sheet according to the interface calling authority sent by the management system is overcome, the technical problems that the safety of calling the interface is low, the authority determining cost is high, the fault tolerance rate of a processing method is low, the maintenance cost of the calling interface is high, the expansibility of the calling interface is poor, the authority determining flow is complex, and the user experience is poor in the conventional authority determining method for calling the interface through micro applications are solved, so that the safety of the called interface is improved, the authority determining cost and the maintenance cost of the calling interface are reduced, the fault tolerance rate of the processing method is improved, the expansibility of the calling interface is improved, the authority determining flow is simplified, and the technical effect of the user experience is improved.
Fig. 6 is a schematic diagram of main blocks of an authority determination device of a micro application call interface according to a sixth embodiment of the present invention; as shown in fig. 6, an authority determining apparatus 600 for a micro application call interface provided in an embodiment of the present invention is disposed in a management system, and mainly includes:
the calling interface information receiving module 601 is configured to receive calling interface information sent by at least one micro application.
Specifically, according to the embodiment of the present invention, the call interface information includes an interface number, an interface function feature, and a micro application number; setting interface calling authority according to the first service requirement and calling interface information sent by at least one micro application, and further comprising: grouping the calling interfaces according to the interface numbers and the interface function characteristics; and setting interface calling authorities corresponding to the micro application numbers in batches according to the grouping result and the service requirement.
Through the setting, the management system obtains the calling interface information sent by the micro applications, and then sets the authority of the calling interface corresponding to the micro applications in batches according to the interface number, the interface function characteristics, the service requirements and the like, so that the safety of the called interface is guaranteed, and the authority determining cost and the maintenance cost of the calling interface are reduced.
And the permission setting module 602 is configured to set an interface calling permission according to the first service requirement and the calling interface information sent by the at least one micro application.
Further, according to an embodiment of the present invention, the apparatus 600 for determining permission of a micro application call interface further includes a micro application type determining module, where the call interface information further includes a micro application attribute; before the step of sending the interface calling authority to the server, the method further comprises: and determining the micro application type according to the micro application attribute, and determining the interface calling authority corresponding to the micro application number according to the micro application type.
Through the setting, the interface calling authority can be determined according to the micro application type, and the condition that when a developer sets the calling authority through a management system, due to misoperation, the calling authority corresponding to the micro application of a special type is set wrongly is avoided. According to the embodiment of the invention, a micro application management terminal list is constructed, micro applications belonging to the list uniformly set or do not set corresponding calling interface authorities, and the safety of the called interfaces is improved.
Preferably, according to an embodiment of the present invention, the setting of the interface invocation permission according to the first service requirement and the invocation interface information sent by the at least one micro application further includes: judging whether the called interface is a target interface or not according to the service requirement and the interface number in the calling interface information; if so, respectively setting interface calling authorities for different interface functions of the target interface according to the first service requirement and the interface function characteristics corresponding to the interface number.
Illustratively, according to the embodiment of the present invention, the foregoing further includes: and receiving a second service requirement, and updating the calling interface and the interface calling authority corresponding to the calling interface according to the second service requirement.
Through the setting, a developer can add, delete and change the calling interface API according to the service requirement (namely the second service requirement) updated in real time; and the calling authority corresponding to each API can be adjusted, so that the expansibility of a calling interface is improved.
The authority sending module 603 is configured to send the interface call authority to the server, so that: after receiving a permission updating request sent by the micro application based on the client, the server sends a server permission data table to the micro application, and the micro application determines a permission result corresponding to a micro application calling interface according to the server permission data table; the server side authority data table is determined by the server side according to the interface calling authority.
According to the technical scheme of the embodiment of the invention, the calling interface information sent by at least one micro application is received; setting interface calling authority according to the first service requirement and calling interface information sent by at least one micro application; sending the interface calling authority to a server so that: after receiving a permission updating request sent by the micro application based on the client, the server sends a server permission data table to the micro application, and the micro application determines a permission result corresponding to a micro application calling interface according to the server permission data table; the server side authority data sheet is a technical means for determining the authority called by the server side according to the interface, so that the technical problems that the safety of calling the interface is low, the authority determining cost is high, the fault tolerance of a processing method is low, the maintenance cost of the calling interface is high, the expansibility of the calling interface is poor, the authority determining flow is complex, and the user experience is poor in the conventional authority determining method for calling the interface by micro application are solved, the safety of the called interface is improved, the authority determining cost and the maintenance cost of the calling interface are reduced, the fault tolerance of the processing method is improved, the expansibility of the calling interface is improved, the authority determining flow is simplified, and the technical effect of the user experience is improved.
FIG. 7 is a diagram of the main framework of a privilege determination system of a micro application call interface according to a seventh embodiment of the present invention; as shown in fig. 7, the permission determination system 700 for a micro application call interface according to an embodiment of the present invention mainly includes:
the management end executes the step S1, and the manager enters the authority data change information; and S2, updating the server side authority data table according to the authority data modification information.
According to the embodiment of the present invention, before performing step S1, the management side is further configured to: the micro application is used for receiving calling interface information sent by at least one micro application; setting interface calling authority according to the first service requirement and calling interface information sent by at least one micro application; and sending the interface calling authority to the server side so that the server side generates a server side authority data table.
The client executes the step S3 and sends the authority updating request to the server; and step S5, determining the authority result according to the server side authority data table sent by the server side.
According to the embodiment of the present invention, before performing step S3, the client is further configured to: acquiring a first time stamp corresponding to a client side authority data table, and acquiring a second time stamp corresponding to a server side authority data table from a server side; judging whether to update the client permission data table or not according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when the management system operates the server authority data table; if the determination result is that updating is needed, performing step S3; and if the judgment result is that updating is not needed, determining the permission result directly according to the client permission data table.
And the server executes the step S4, and sends the updated server authority data table to the client in response to the authority updating request sent by the micro application based on the client.
According to the embodiment of the present invention, before performing step S4, the server is further configured to: and responding to a second timestamp acquisition request sent by the client, and sending a second timestamp corresponding to the server authority data table to the client so that the client can judge whether the client authority data table needs to be updated according to the first timestamp and the second timestamp.
According to the technical scheme of the embodiment of the invention, the first time stamp corresponding to the client side authority data table is obtained, and the second time stamp corresponding to the server side authority data table is obtained from the server side; judging whether to update the client permission data table or not according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when the management system operates the server authority data table; if yes, sending a permission updating request to the server to obtain a server permission data table, determining a permission result corresponding to the micro application calling interface according to the server permission data table, updating the client permission data table according to the server permission data table, therefore, the technical problems of lower security of the calling interface, higher authority determining cost, lower fault tolerance rate of the processing method, high maintenance cost of the calling interface, poor expansibility of the calling interface, complex authority determining flow and poor user experience in the conventional authority determining method of the micro application calling interface are solved, therefore, the safety of the called interface is improved, the authority determining cost and the maintenance cost of the called interface are reduced, the fault tolerance rate of the processing method is improved, the expansibility of the called interface is improved, the authority determining flow is simplified, and the technical effect of user experience is improved.
Fig. 8 shows an exemplary system architecture 800 of a permission determination method of a micro application call interface or a permission determination apparatus of a micro application call interface (adjusted according to a specific case) to which an embodiment of the present invention may be applied.
As shown in fig. 8, the system architecture 800 may include terminal devices 801, 802, 803, a network 804 and a server 805 (this architecture is merely an example, and the components included in a particular architecture may be adapted according to the application specific circumstances). The network 804 serves to provide a medium for communication links between the terminal devices 801, 802, 803 and the server 805. Network 804 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminal devices 801, 802, 803 to interact with a server 805 over a network 804 to receive or send messages or the like. The terminal devices 801, 802, 803 may have installed thereon various communication client applications, such as shopping-like applications, web browser applications, search-like applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 801, 802, 803 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 805 may be a server that provides various services, such as a server (for example only) that (performs authority determination/performs data processing) for users with the terminal devices 801, 802, 803. The server may analyze and perform other processing on the received data such as the first timestamp and the second timestamp, and feed back a processing result (for example, a server side permission data table, a permission result — just an example) to the terminal device.
It should be noted that the method for determining the authority of the micro application call interface provided by the embodiment of the present invention is generally executed by the server 805, and accordingly, the apparatus for determining the authority of the micro application call interface is generally disposed in the server 805.
It should be understood that the number of terminal devices, networks, and servers in fig. 8 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 9, a block diagram of a computer system 900 suitable for use with a terminal device or server implementing an embodiment of the invention is shown. The terminal device or the server shown in fig. 9 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 9, the computer system 900 includes a Central Processing Unit (CPU)901 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)902 or a program loaded from a storage section 908 into a Random Access Memory (RAM) 903. In the RAM 903, various programs and data necessary for the operation of the system 900 are also stored. The CPU 901, ROM 902, and RAM 903 are connected to each other via a bus 904. An input/output (I/O) interface 905 is also connected to bus 904.
The following components are connected to the I/O interface 905: an input portion 906 including a keyboard, a mouse, and the like; an output section 907 including components such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage portion 908 including a hard disk and the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as necessary. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 910 as necessary, so that a computer program read out therefrom is mounted into the storage section 908 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 909, and/or installed from the removable medium 911. The above-described functions defined in the system of the present invention are executed when the computer program is executed by a Central Processing Unit (CPU) 901.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes a timestamp acquisition module, a determination module, and a permission determination module. The names of these modules do not form a limitation on the modules themselves in some cases, for example, the timestamp obtaining module may also be described as "a module for obtaining a first timestamp corresponding to the client authority data table and obtaining a second timestamp corresponding to the server authority data table from the server".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: acquiring a first time stamp corresponding to a client side authority data table, and acquiring a second time stamp corresponding to a server side authority data table from a server side; judging whether to update the client permission data table or not according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when the management system operates the server authority data table; if so, sending an authority updating request to the server to obtain a server authority data table, determining an authority result corresponding to the micro application calling interface according to the server authority data table, and updating the client authority data table according to the server authority data table.
According to the technical scheme of the embodiment of the invention, the first time stamp corresponding to the client side authority data table is obtained, and the second time stamp corresponding to the server side authority data table is obtained from the server side; judging whether to update the client permission data table or not according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when the management system operates the server authority data table; if yes, sending a permission updating request to the server to obtain a server permission data table, determining a permission result corresponding to the micro application calling interface according to the server permission data table, updating the client permission data table according to the server permission data table, therefore, the technical problems of lower security of the calling interface, higher authority determining cost, lower fault tolerance rate of the processing method, high maintenance cost of the calling interface, poor expansibility of the calling interface, complex authority determining flow and poor user experience in the conventional authority determining method of the micro application calling interface are solved, therefore, the safety of the called interface is improved, the authority determining cost and the maintenance cost of the called interface are reduced, the fault tolerance rate of the processing method is improved, the expansibility of the called interface is improved, the authority determining flow is simplified, and the technical effect of user experience is improved.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (16)

1. A permission determination method of a micro application call interface is applied to a client and comprises the following steps:
acquiring a first time stamp corresponding to a client side authority data table, and acquiring a second time stamp corresponding to a server side authority data table from a server side;
judging whether to update the client permission data table according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when operating the server side authority data table;
if yes, sending an authority updating request to the server to obtain the server authority data table, determining an authority result corresponding to a micro application calling interface according to the server authority data table, and updating the client authority data table according to the server authority data table.
2. The permission determination method of a micro application call interface according to claim 1, wherein after the step of updating the client permission data table according to the server permission data table, the method further comprises:
acquiring a corresponding update timestamp when the client permission data table is updated;
replacing the first timestamp with the update timestamp.
3. The permission determination method of a micro application call interface according to claim 1, wherein before the step of obtaining the first timestamp corresponding to the client permission data table, the method further comprises:
sending the call interface information to a management system such that: the management system sets interface calling authority according to a first service requirement and the calling interface information, and sends the interface calling authority to the server side; and the server side determines a server side authority data table according to the interface calling authority and records the current timestamp as the second timestamp.
4. A permission determination method of a micro application call interface is applied to a server side and comprises the following steps:
responding to a second timestamp acquisition request sent by the client, and sending a second timestamp corresponding to the server side permission data table to the client;
receiving a permission updating request sent by a micro application based on the client, wherein the permission updating request is generated after the client determines that the client permission data table needs to be updated according to the second time stamp and a first time stamp corresponding to the client permission data table;
sending the server side authority data table to the client side, so that the micro application determines an authority result corresponding to a micro application calling interface according to the server side authority data table, and updating the client side authority data table; and the server side authority data table is determined according to the interface calling authority sent by the management system.
5. The permission determination method for the micro application call interface according to claim 4, wherein the step of determining the server side permission data table according to the interface call permission sent by the management system further comprises:
receiving an interface calling authority sent by a management system; the management system is used for setting the interface calling authority according to a first service requirement and calling interface information sent by the micro application;
and determining a server side authority data table according to the interface calling authority, and recording the current timestamp as a second timestamp.
6. A permission determination method of a micro application call interface is applied to a management system and comprises the following steps:
receiving calling interface information sent by at least one micro application;
setting interface calling authority according to a first service requirement and calling interface information sent by the at least one micro application;
sending the interface calling authority to a server so as to: after receiving a permission updating request sent by a micro application based on a client, a server side permission data table is sent to the micro application, and the micro application determines a permission result corresponding to a micro application calling interface according to the server side permission data table; and the server side authority data table is determined by the server side according to the interface calling authority.
7. The permission determination method of a micro application call interface according to claim 6, wherein the call interface information includes an interface number, an interface function feature, and a micro application number; the setting of the interface calling authority according to the first service requirement and the calling interface information sent by the at least one micro application further comprises:
grouping calling interfaces according to the interface numbers and the interface functional characteristics;
and setting interface calling authorities corresponding to the micro application numbers in batches according to grouping results and the service requirements.
8. The permission determination method of a micro application call interface according to claim 6, wherein the call interface information further includes a micro application attribute; before the step of sending the interface call authority to the server, the method further includes:
determining the type of the micro application according to the micro application attribute, and determining the interface calling authority corresponding to the micro application number according to the type of the micro application.
9. The method for determining permission of a calling interface of a micro application according to claim 6, wherein the setting of the interface calling permission according to the first service requirement and the calling interface information sent by the at least one micro application further comprises:
judging whether the called interface is a target interface or not according to the service requirement and the interface number in the calling interface information;
if so, respectively setting interface calling authorities for different interface functions of the target interface according to the first service requirement and the interface function characteristics corresponding to the interface numbers.
10. The permission determination method of a micro application call interface according to claim 6, further comprising:
and receiving a second service requirement, and updating the calling interface and the interface calling authority corresponding to the calling interface according to the second service requirement.
11. An authority determination device for a micro application call interface, which is arranged at a client, comprises:
the time stamp obtaining module is used for obtaining a first time stamp corresponding to the client side authority data table and obtaining a second time stamp corresponding to the server side authority data table from the server side;
the judging module is used for judging whether to update the client permission data table according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when operating the server side authority data table;
and the permission determining module is used for sending a permission updating request to the server side to acquire the server side permission data table under the condition that the client side permission data table needs to be updated, determining a permission result corresponding to a micro application calling interface according to the server side permission data table, and updating the client side permission data table according to the server side permission data table.
12. The utility model provides a permission confirming device of micro application call interface which characterized in that sets up in the server side, includes:
the first sending module is used for responding to a second timestamp acquisition request sent by the client and sending a second timestamp corresponding to the server side permission data table to the client;
the request receiving module is used for receiving a permission updating request sent by the micro application based on the client, wherein the permission updating request is generated after the client determines that the client permission data table needs to be updated according to the second time stamp and a first time stamp corresponding to the client permission data table;
the second sending module is used for sending the server side authority data table to the client side, so that the micro application determines an authority result corresponding to a micro application calling interface according to the server side authority data table and updates the client side authority data table; and the server side authority data table is determined according to the interface calling authority sent by the management system.
13. An authority determination device for a micro application call interface, provided in a management system, includes:
the calling interface information receiving module is used for receiving calling interface information sent by at least one micro application;
the permission setting module is used for setting interface calling permission according to the first service requirement and calling interface information sent by the at least one micro application;
the permission sending module is used for sending the interface calling permission to a server so as to enable: after receiving a permission updating request sent by a micro application based on a client, a server side permission data table is sent to the micro application, and the micro application determines a permission result corresponding to a micro application calling interface according to the server side permission data table; and the server side authority data table is determined by the server side according to the interface calling authority.
14. A permission determining system of a micro application calling interface is characterized by comprising a client, a server and a management system; wherein,
the client is used for acquiring a first time stamp corresponding to the client permission data table and acquiring a second time stamp corresponding to the server permission data table from the server; judging whether to update the client permission data table according to the first time stamp and the second time stamp; the second timestamp is a timestamp corresponding to the management system when operating the server side authority data table; if so, sending an authority updating request to the server to acquire the server authority data table, determining an authority result corresponding to a micro application calling interface according to the server authority data table, and updating the client authority data table according to the server authority data table;
the server is used for responding to a second timestamp acquisition request sent by the client and sending a second timestamp corresponding to the server authority data table to the client; receiving a permission updating request sent by a micro application based on the client; sending the server side authority data table to the client side;
the management system is used for receiving calling interface information sent by at least one micro application; setting interface calling authority according to a first service requirement and calling interface information sent by the at least one micro application; and sending the interface calling authority to a server.
15. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-3, 4-5, 6-10.
16. A computer-readable medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method of any one of claims 1-3, 4-5, 6-10.
CN202110310755.1A 2021-03-23 2021-03-23 Permission determination method, device and system for micro application call interface Pending CN113010238A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110310755.1A CN113010238A (en) 2021-03-23 2021-03-23 Permission determination method, device and system for micro application call interface

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110310755.1A CN113010238A (en) 2021-03-23 2021-03-23 Permission determination method, device and system for micro application call interface

Publications (1)

Publication Number Publication Date
CN113010238A true CN113010238A (en) 2021-06-22

Family

ID=76405711

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110310755.1A Pending CN113010238A (en) 2021-03-23 2021-03-23 Permission determination method, device and system for micro application call interface

Country Status (1)

Country Link
CN (1) CN113010238A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113722293A (en) * 2021-08-31 2021-11-30 平安科技(深圳)有限公司 Artificial intelligence-based firewall maintenance method and device, electronic equipment and medium
CN115481386A (en) * 2022-09-15 2022-12-16 中航信移动科技有限公司 Batch configuration system for target application use permission

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113722293A (en) * 2021-08-31 2021-11-30 平安科技(深圳)有限公司 Artificial intelligence-based firewall maintenance method and device, electronic equipment and medium
CN113722293B (en) * 2021-08-31 2023-06-09 平安科技(深圳)有限公司 Firewall maintenance method and device based on artificial intelligence, electronic equipment and medium
CN115481386A (en) * 2022-09-15 2022-12-16 中航信移动科技有限公司 Batch configuration system for target application use permission

Similar Documents

Publication Publication Date Title
CN110895603B (en) Multi-system account information integration method and device
CN112202744B (en) Multi-system data communication method and device
CN113361838A (en) Business wind control method and device, electronic equipment and storage medium
CN113010238A (en) Permission determination method, device and system for micro application call interface
CN111046371A (en) Method, electronic device and computer-readable medium for generating device identification
CN109391658B (en) Account data synchronization method and equipment, storage medium and terminal thereof
CN113946816A (en) Cloud service-based authentication method and device, electronic equipment and storage medium
CN109348472B (en) OTA (over the air) upgrading method and system based on single-point pushing
CN112953719A (en) Token authentication method and device
CN110543312B (en) Application software installation method and device and server
CN114745164B (en) Service processing method, device, electronic equipment and computer readable medium
US11757976B2 (en) Unified application management for heterogeneous application delivery
CN109213815B (en) Method, device, server terminal and readable medium for controlling execution times
CN116737662A (en) Method, device, electronic equipment and storage medium for processing business data
CN113133072B (en) Method and device for controlling terminal, terminal and storage medium
CN115550413A (en) Data calling method and device, service gateway and storage medium
CN112380411B (en) Sensitive word processing method, device, electronic equipment, system and storage medium
CN114417318A (en) Third-party page jumping method and device and electronic equipment
CN114528140A (en) Method and device for service degradation
CN114051029A (en) Authorization method, authorization device, electronic equipment and storage medium
CN113760487A (en) Service processing method and device
CN113779122A (en) Method and apparatus for exporting data
CN111737218A (en) File sharing method and device
CN113641966B (en) Application integration method, system, equipment and medium
CN114301778B (en) Access control method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination