Summary of the invention
The application be designed to provide a kind of method for processing business, system and a kind of electronic equipment and a kind of computer canStorage medium is read, can be realized data isolation, it is ensured that the safety of data.
To achieve the above object, this application provides a kind of method for processing business, comprising:
Obtain business processing request;
Determine the contextual information carried in the business processing request;
The identity type and tenant's level information of the initiator are determined according to the contextual information;
The response knot of the corresponding business processing request is returned based on the identity type and tenant's level informationFruit.
Optionally, before the acquisition business processing request, further includes:
Obtain logging request;
Judge whether the logging request is legal, and is determined whether to respond the logging request according to judging result.
Optionally, described to judge whether the logging request is legal, and response institute is determined whether according to judging resultState logging request, comprising:
Judge whether the logging request matches with tenant's level information;
If it is, determining that the logging request is legal, allow to respond the logging request;
If it is not, then determining that the logging request is illegal, forbid responding the logging request, and records and illegally step onRecord request.
Optionally, further includes:
It receives configuration-direct and is verified;
After passing through to configuration-direct verification, the identity type of user and described is updated based on the configuration-directTenant's level information.
Optionally, the identity type includes tenant administrator, tenant;Tenant's level information includes characterization business systemThe second level information of platform Service Privileges in the first level information and characterization of permission of uniting.
Optionally, described to be asked based on the identity type and the corresponding business processing of tenant's level information returnThe response results asked, comprising:
Judge whether the first level information in tenant's level information is equal with the first default value;
If the first level information and first default value are unequal, in tenant's level information is judgedWhether two level informations are equal with the second default value;
If the second level information is equal with second default value, it is based on the first level information and the bodyPart type determines the response results of the corresponding business processing request;
If the second level information and second default value are unequal, based on the first level information, describedSecond level information and the identity type determine the response results of the corresponding business processing request.
To achieve the above object, this application provides a kind of transaction processing systems, comprising:
First obtains module, for obtaining business processing request;
Information determination module, for determining the contextual information carried in the business processing request;
Identity determining module, for determining the identity type and tenant's rank of the initiator according to the contextual informationInformation;
Result return module, for returning to the corresponding business based on the identity type and tenant's level informationHandle the response results of request.
Optionally, further includes:
Second obtains module, for obtaining logging request;
Legal determination module, it is whether legal for judging the logging request, and determined whether according to judging resultRespond the logging request.
To achieve the above object, this application provides a kind of electronic equipment, comprising:
Memory, for storing computer program;
Processor realizes the step of aforementioned disclosed any method for processing business when for executing the computer programSuddenly.
To achieve the above object, this application provides a kind of computer readable storage medium, the computer-readable storagesComputer program is stored on medium, the computer program is realized when being executed by processor at aforementioned disclosed any businessThe step of reason method.
By above scheme it is found that a kind of method for processing business provided by the present application, comprising: obtain business processing request;Determine the contextual information carried in the business processing request;The identity of the initiator is determined according to the contextual informationType and tenant's level information;The corresponding business processing is returned to based on the identity type and tenant's level information to askThe response results asked.In the application, after getting business processing request, it is first determined the context letter of business processing requestBreath, the identity type and tenant's level information of initiator is determined using contextual information, to can return to and identity type and rentThe corresponding response results of family level information, can be realized data isolation, it is ensured that the safety of data.
Disclosed herein as well is a kind of transaction processing system and a kind of electronic equipment and a kind of computer readable storage medium,Equally it is able to achieve above-mentioned technical effect.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limitedApplication.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, completeSite preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based onEmbodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every otherEmbodiment shall fall in the protection scope of this application.
The embodiment of the present application discloses a kind of method for processing business, can be realized data isolation, it is ensured that the safety of dataProperty.
Shown in Figure 1, a kind of method for processing business disclosed in the embodiment of the present application includes:
S101: business processing request is obtained;
In the present embodiment, the request of Client-initiated business processing is obtained.Specifically, above-mentioned business processing request can be numberIt is requested according to processing, for example, data inquiry request, data modification request etc..
It is understood that the present embodiment can first obtain logging request before obtaining business processing request, and withFamily obtains the business processing request that login user is initiated after logging in.After getting logging request, the present embodiment, which may determine that, to be stepped onWhether record request is legal, to determine whether to respond the logging request according to judging result, to realize to loginThe control of operation.Wherein it is possible to judge to log in by the way that whether the logging request for judging active user is consistent with its business identityWhether request legal.Such as, it can be determined that whether logging request matches with tenant's level information;It is asked if it is, determining to log inIt asks legal, allows to respond logging request;If it is not, then determining that logging request is illegal, forbid ringing logging requestIt answers, and records illegal logging request and report to administrative staff, while transmittable login failure prompt information feeds back to user.
S102: the contextual information carried in the business processing request is determined;
In this step, after getting business processing request, the contextual information carried in business processing request will be determined.Wherein, the data that request contexts information preservations client and server interacts.
S103: the identity type and tenant's level information of the initiator are determined according to the contextual information;
It should be noted that this step determined based on the contextual information carried in request the identity type of initiator withAnd tenant's level information.Specifically, identity type may include tenant administrator, tenant;Tenant's level information may include tableLevy the second level information of platform Service Privileges in the first level information and characterization of operation system permission.Wherein, tenant managesMember can be divided into level-one tenant administrator and second level tenant administrator, level-one tenant pipe for managing itself responsible tenant dataReason person refers generally to the operation personnel of operation system or the developer of middle platform service, such as the administrator of retail trade system;Second level is rentedFamily administrator refers generally to the administrator in operation system, such as the shopkeeper in retail trade system, manages its responsible shop and shopSpread customer data.Tenant can be the user of service in operation system, can check the data of oneself, such as shop in retail trade systemThe customer of paving.In a kind of specific embodiment, identity type can also include system user, which can be specificFor the operation system or service in cluster, it can be specially the process write in advance, can appoint as a kind of timingOther services are called in business, it is virtually turned to a system user, for example, the process that timing summarizes data.
S104: the sound of the corresponding business processing request is returned to based on the identity type and tenant's level informationAnswer result.
It is understood that the present embodiment is in the identity type and tenant's grade for determining current business processing request originatorAfter other information, the data or energy that active user is able to access that can be determined based on above-mentioned identity type and tenant's level informationThe operation enough executed, to return to corresponding response results.
In the present embodiment, the configuration-direct that tenant administrator issues can also be received, so as to according to the configuration-direct moreThe identity type and tenant's level information of new user.In the preferred embodiment, after receiving configuration-direct, configuration can be referred toOrder is verified, and judges whether the lower originator of the instruction has configuration permission, allows to execute configuration-direct after verification passes through.
By above scheme it is found that a kind of method for processing business provided by the present application, comprising: obtain business processing request;Determine the contextual information carried in the business processing request;The identity of the initiator is determined according to the contextual informationType and tenant's level information;The corresponding business processing is returned to based on the identity type and tenant's level information to askThe response results asked.In the application, after getting business processing request, it is first determined the context letter of business processing requestBreath, the identity type and tenant's level information of initiator is determined using contextual information, to can return to and identity type and rentThe corresponding response results of family level information, can be realized data isolation, it is ensured that the safety of data.
The embodiment of the present application discloses another method for processing business, and relative to a upper embodiment, the present embodiment is to technologyScheme has made further instruction and optimization.It is shown in Figure 2, specific:
S201: business processing request is obtained;
S202: the contextual information carried in the business processing request is determined;
S203: the identity type and tenant's level information of the initiator are determined according to the contextual information;The rentFamily level information includes the second level letter of platform Service Privileges in the first level information and characterization for characterize operation system permissionBreath;
S204: judge whether the first level information is equal with the first default value;If it is not, then entering S205;
S205: judge whether the second level information is equal with the second default value;If so, into S206;If it is not, thenInto S207;
S206: the sound of the corresponding business processing request is determined based on the first level information and the identity typeAnswer result;
S207: corresponding institute is determined based on the first level information, the second level information and the identity typeState the response results of business processing request.
In the present embodiment, after getting business processing request, it may be determined that the context letter that business processing request carriesBreath, the identification information being specifically as follows in request header.Specifically,<TenantID, extTenantID>two field be can useCarry out tenant's rank of identity user, TenantID is the first level information for characterizing operation system permission, and extTenantID is tableThe second level information of platform Service Privileges in sign.If identification information is<xxx, defaultTenantID>, i.e. first level informationUnequal with the first default value, second level information is equal with the second default value, it is determined that tenant's rank of active user is oneGrade needs to determine that user is level-one tenant or level-one tenant administrator according to the identity type of active user, and is based on the first orderOther information and identity type determine the data that the user right is corresponding accessible or manages, to return to corresponding responseAs a result;If identification information is<xxx, yyy>, i.e. first level information and the first default value is unequal, second level information and theTwo default values are also unequal, it is determined that tenant's rank of active user is second level, is needed true according to the identity type of active userDetermining user is second level tenant or second level tenant administrator, and true based on first level information, second level information and identity typeThe data that the user right is corresponding accessible or manages are determined, to be returned to corresponding request response results.
A kind of transaction processing system provided by the embodiments of the present application is introduced below, at a kind of business described belowReason system can be cross-referenced with a kind of above-described method for processing business.
Shown in Figure 3, a kind of transaction processing system provided by the embodiments of the present application includes:
First obtains module 11, for obtaining business processing request;
Information determination module 12, for determining the contextual information carried in the business processing request;
Identity determining module 13, for determining the identity type and tenant's grade of the initiator according to the contextual informationOther information;
Result return module 14, for returning to the corresponding industry based on the identity type and tenant's level informationThe response results of business processing request.
Specific implementation process about above-mentioned module 11 to 14 can refer to corresponding contents disclosed in previous embodiment, herein notIt is repeated again.
On the basis of the above embodiments, business processing provided by the embodiments of the present application as a preferred implementation manner,System can further include:
Second obtains module, for obtaining logging request;
Legal determination module, it is whether legal for judging the logging request, and determined whether according to judging resultRespond the logging request.
On the basis of the above embodiments, business processing provided by the embodiments of the present application as a preferred implementation manner,In system, the legal determination module may include:
First judging unit, for judging whether the logging request matches with tenant's level information;
Response allows unit, if matched for the logging request with tenant's level information, steps on described in judgementRecord request is legal, allows to respond the logging request;
Unit is forbidden in response, if mismatched for the logging request and tenant's level information, described in judgementLogging request is illegal, forbids responding the logging request, and record illegal logging request.
On the basis of the above embodiments, business processing provided by the embodiments of the present application as a preferred implementation manner,System can further include:
Command reception module, for receiving configuration-direct and being verified;
User configuration module updates user's based on the configuration-direct after passing through to configuration-direct verificationThe identity type and tenant's level information.
Wherein, the identity type includes tenant administrator, tenant;Tenant's level information includes characterization operation systemThe second level information of platform Service Privileges in the first level information and characterization of permission.
On the basis of the above embodiments, business processing provided by the embodiments of the present application as a preferred implementation manner,In system, the result return module 14 may include:
Second judgment unit, for judging whether are the first level information in tenant's level information and the first default valueIt is equal;
Third judging unit, if unequal for the first level information and first default value, described in judgementWhether the second level information in tenant's level information is equal with the second default value;
First determination unit is based on described the if equal with second default value for the second level informationOne level information and the identity type determine the response results of the corresponding business processing request;
Second determination unit, if unequal for the second level information and second default value, based on describedFirst level information, the second level information and the identity type determine the response knot of the corresponding business processing requestFruit.
Present invention also provides a kind of electronic equipment, shown in Figure 4, a kind of electronic equipment provided by the embodiments of the present applicationInclude:
Memory 100, for storing computer program;
Industry provided by any of the above-described kind of embodiment may be implemented in processor 200 when for executing the computer programThe step of processing method of being engaged in.
Specifically, memory 100 includes non-volatile memory medium, built-in storage.Non-volatile memory medium storageThere are operating system and computer-readable instruction, which is that the operating system and computer in non-volatile memory medium canThe operation of reading instruction provides environment.Processor 200 can be a central processing unit (Central in some embodimentsProcessing Unit, CPU), controller, microcontroller, microprocessor or other data processing chips, mentioned for electronic equipmentFor calculating and control ability, when executing the computer program saved in the memory 100, aforementioned any implementation may be implementedThe step of method for processing business disclosed in example.
On the basis of the above embodiments, preferably, shown in Figure 5, the electronic equipment further include:
Input interface 300 is connected with processor 200, for obtaining computer program, parameter and the instruction of external importing,It saves through the control of processor 200 into memory 100.The input interface 300 can be connected with input unit, and it is manual to receive userThe parameter or instruction of input.The input unit can be the touch layer covered on display screen, be also possible to be arranged in terminal enclosureKey, trace ball or Trackpad, be also possible to keyboard, Trackpad or mouse etc..
Display unit 400 is connected with processor 200, for video-stream processor 200 processing data and for show canDepending on the user interface changed.The display unit 400 can for light-emitting diode display, liquid crystal display, touch-control liquid crystal display andOLED (Organic Light-Emitting Diode, Organic Light Emitting Diode) touches device etc..
The network port 500 is connected with processor 200, for being communicatively coupled with external each terminal device.The communication linkThe communication technology used by connecing can be cable communicating technology or wireless communication technique, and such as mobile high definition chained technology (MHL) leads toIt is blue with universal serial bus (USB), high-definition media interface (HDMI), adopting wireless fidelity technology (WiFi), Bluetooth Communication Technology, low-power consumptionThe tooth communication technology, communication technology based on IEEE802.11s etc..
Fig. 5 illustrates only the electronic equipment with component 100-500, it will be appreciated by persons skilled in the art that Fig. 5 showsStructure out does not constitute the restriction to electronic equipment, may include than illustrating less perhaps more components or combining certainA little components or different component layouts.
Present invention also provides a kind of computer readable storage medium, the storage medium may include: USB flash disk, mobile hard disk,Read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magneticThe various media that can store program code such as dish or CD.Computer program, the calculating are stored on the storage mediumMachine program realizes the step of method for processing business disclosed in aforementioned any embodiment when being executed by processor.
In the application, after getting business processing request, it is first determined the contextual information of business processing request, benefitThe identity type and tenant's level information of initiator are determined with contextual information, to can return to and identity type and tenant's rankThe corresponding response results of information, can be realized data isolation, it is ensured that the safety of data.
Each embodiment is described in a progressive manner in specification, the highlights of each of the examples are with other realitiesThe difference of example is applied, the same or similar parts in each embodiment may refer to each other.For system disclosed in embodimentSpeech, since it is corresponded to the methods disclosed in the examples, so being described relatively simple, related place is referring to method part illustration.It should be pointed out that for those skilled in the art, under the premise of not departing from the application principle, alsoCan to the application, some improvement and modification can also be carried out, these improvement and modification also fall into the protection scope of the claim of this applicationIt is interior.
It should also be noted that, in the present specification, relational terms such as first and second and the like be used merely to byOne entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operationBetween there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaningCovering non-exclusive inclusion, so that the process, method, article or equipment for including a series of elements not only includes thatA little elements, but also including other elements that are not explicitly listed, or further include for this process, method, article orThe intrinsic element of equipment.In the absence of more restrictions, the element limited by sentence "including a ...", is not arrangedExcept there is also other identical elements in the process, method, article or apparatus that includes the element.