技术领域technical field
本发明涉及数据库领域,更具体地,特别是指一种在web系统中调用REST接口的方法与装置。The present invention relates to the field of databases, and more particularly, to a method and a device for invoking a REST interface in a web system.
背景技术Background technique
随着信息化的普及,各类信息化系统层出不穷,未免各系统成为信息孤岛,各系统之间需要信息的互通和相互调用,系统间调用的方式较多。其中REST API的方式是比较主流的方式。对于近期新构建的系统的在构建初期已经设计了开放API的解决方案,而对于已存的web系统,开放API可能会影响原有功能,改造量也较大。With the popularization of informatization, various informatization systems emerge in an endless stream, and each system becomes an information island, which requires information exchange and mutual call between systems, and there are many ways to call between systems. Among them, the way of REST API is the more mainstream way. For newly constructed systems, an open API solution has been designed in the early stage of construction, while for existing web systems, open API may affect the original functions, and the amount of modification is also large.
现有技术中已经存在开放API调用的技术手段,主要包括如何认证,如何给第三方调用者分配权限;而对于已有web系统如何以开放API的方式与其他系统交互则缺乏有效的解决方案。针对该问题,目前尚无有效的解决方案。There are already technical means for open API calls in the prior art, mainly including how to authenticate and how to assign permissions to third-party callers; however, there is no effective solution for how existing web systems interact with other systems through open APIs. There is currently no effective solution to this problem.
发明内容SUMMARY OF THE INVENTION
有鉴于此,本发明实施例的目的在于提出一种在web系统中调用REST接口的方法与装置,能够在不改变原有系统的前提下以很低的成本开放API,既满足现有web系统正常运行又提高了兼容性。In view of this, the purpose of the embodiments of the present invention is to propose a method and device for invoking a REST interface in a web system, which can open the API at a low cost without changing the original system, which not only satisfies the existing web system Normal operation improves compatibility again.
基于上述目的,本发明实施例的第一方面提供了一种在web系统中调用REST接口的方法,包括以下步骤:Based on the above purpose, a first aspect of the embodiments of the present invention provides a method for invoking a REST interface in a web system, including the following steps:
新增外部账号访问类型,基于外部账号访问类型创建外部访问账号;Add an external account access type, and create an external access account based on the external account access type;
为web系统的每个接口分别增加标识接口是否允许外部访问账号访问的新映射;Add a new mapping to identify whether the interface allows external access account access to each interface of the web system;
响应于外部访问账号向根据新映射确定的接口发出获取权限令牌的请求而生成并向外部访问账号反馈权限令牌;In response to the external access account sending a request for obtaining the permission token to the interface determined according to the new mapping, generating and feeding back the permission token to the external access account;
响应于外部访问账号携带权限令牌访问接口而选择性地允许外部访问账号调用接口。The external access account is selectively allowed to call the interface in response to the external access account carrying the authorization token to access the interface.
在一些实施方式中,还包括:在新增外部账号访问类型的同时,还在系统安全框架中设置禁止使用外部访问账号从web页面入口登录web系统。In some embodiments, the method further includes: while adding an external account access type, setting in the system security framework to prohibit using an external access account to log in to the web system from the web page entrance.
在一些实施方式中,web系统的每个接口分别还具有不同于新映射的已有映射;web系统向外部访问账号提供接口的新映射,并且不提供接口的已有映射。In some embodiments, each interface of the web system also has an existing mapping that is different from the new mapping; the web system provides the new mapping of the interface to the external access account, and does not provide the existing mapping of the interface.
在一些实施方式中,已有账号仅能使用接口的已有映射通过web页面入口登录web系统。In some implementations, an existing account can only log in to the web system through the web page portal using the existing mapping of the interface.
在一些实施方式中,响应于外部访问账号向根据新映射确定的接口发出获取权限令牌的请求而生成并向外部访问账号反馈权限令牌包括:响应于外部访问账号的账号和密码正确,而根据账号和密码生成并向外部访问账号反馈权限令牌。In some embodiments, generating and feeding back the permission token to the external access account in response to the external access account sending a request for obtaining the permission token to the interface determined according to the new mapping includes: responding that the account number and password of the external access account are correct, and Generate a permission token based on the account number and password and feed back the permission token to the external access account.
在一些实施方式中,响应于外部访问账号携带权限令牌访问接口而选择性地允许外部访问账号调用接口包括:In some embodiments, selectively allowing the external access account to call the interface in response to the external access account carrying the permission token access interface includes:
使用系统安全框架拦截访问;Use a system security framework to block access;
响应于被访问的接口不允许外部访问账号访问而由web系统阻止访问;Access is blocked by the web system in response to the accessed interface not allowing external access account access;
响应于外部访问账号未携带权限令牌或携带的权限令牌不合法而由系统安全框架阻止访问。Access is blocked by the system security framework in response to the external access account not carrying the authorization token or the authorization token being carried is illegal.
在一些实施方式中,方法还包括:响应于外部访问账号没有访问接口的特定权限而由系统安全框架阻止访问。In some embodiments, the method further includes blocking access by the system security framework in response to the external access account not having specific rights to access the interface.
在一些实施方式中,特定权限由web系统的数据库配置和访问逻辑控制确定。In some implementations, specific permissions are determined by the web system's database configuration and access logic controls.
本发明实施例的第二方面提供了一种在web系统中调用REST接口的装置,包括:A second aspect of the embodiments of the present invention provides an apparatus for invoking a REST interface in a web system, including:
初始化模块,用于新增外部账号访问类型,基于外部账号访问类型创建外部访问账号;The initialization module is used to add an external account access type and create an external access account based on the external account access type;
映射模块,用于为web系统的每个接口分别增加标识接口是否允许外部访问账号访问的新映射;The mapping module is used to add a new mapping for each interface of the web system to identify whether the interface allows external access account access;
令牌模块,用于响应于外部访问账号向根据新映射确定的接口发出获取权限令牌的请求而生成并向外部访问账号反馈权限令牌;The token module is used to generate and feed back the permission token to the external access account in response to the external access account sending a request for obtaining the permission token to the interface determined according to the new mapping;
拦截模块,用于响应于外部访问账号携带权限令牌访问接口而选择性地允许外部访问账号调用接口。The interception module is used to selectively allow the external access account to call the interface in response to the external access account carrying the permission token to access the interface.
本发明实施例的第三方面提供了一种web系统,包括:A third aspect of the embodiments of the present invention provides a web system, including:
多个接口;multiple interfaces;
处理器;和processor; and
存储器,存储有处理器可运行的程序代码,程序代码在被运行时执行上述的在web系统中调用REST接口的方法。The memory stores program code executable by the processor, and the program code executes the above-mentioned method for invoking the REST interface in the web system when the program code is executed.
本发明具有以下有益技术效果:本发明实施例提供的在web系统中调用REST接口的方法与装置,通过新增外部账号访问类型,基于外部账号访问类型创建外部访问账号;为web系统的每个接口分别增加标识接口是否允许外部访问账号访问的新映射;响应于外部访问账号向根据新映射确定的接口发出获取权限令牌的请求而生成并向外部访问账号反馈权限令牌;响应于外部访问账号携带权限令牌访问接口而选择性地允许外部访问账号调用接口的技术方案,能够在不改变原有系统的前提下以很低的成本开放API,既满足现有web系统正常运行又提高了兼容性。The present invention has the following beneficial technical effects: the method and device for invoking a REST interface in a web system provided by the embodiment of the present invention, by adding an external account access type, create an external access account based on the external account access type; The interface adds a new mapping that identifies whether the interface allows access by an external access account; generates and feeds back a permission token to the external access account in response to the external access account sending a request to obtain a permission token to the interface determined according to the new mapping; in response to the external access account The technical solution that the account carries the permission token to access the interface and selectively allows external access to the account to call the interface can open the API at a low cost without changing the original system, which not only satisfies the normal operation of the existing web system but also improves the compatibility.
附图说明Description of drawings
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.
图1为本发明提供的在web系统中调用REST接口的方法的流程示意图;1 is a schematic flowchart of a method for calling a REST interface in a web system provided by the present invention;
图2为本发明提供的在web系统中调用REST接口的方法的外部访问校验流程图。FIG. 2 is a flow chart of external access verification of the method for invoking a REST interface in a web system provided by the present invention.
具体实施方式Detailed ways
为使本发明的目的、技术方案和优点更加清楚明白,以下结合具体实施例,并参照附图,对本发明实施例进一步详细说明。In order to make the objectives, technical solutions and advantages of the present invention more clearly understood, the embodiments of the present invention will be further described in detail below with reference to the specific embodiments and the accompanying drawings.
需要说明的是,本发明实施例中所有使用“第一”和“第二”的表述均是为了区分两个相同名称非相同的实体或者非相同的参量,可见“第一”“第二”仅为了表述的方便,不应理解为对本发明实施例的限定,后续实施例对此不再一一说明。It should be noted that all expressions using "first" and "second" in the embodiments of the present invention are for the purpose of distinguishing two entities with the same name but not the same or non-identical parameters. It can be seen that "first" and "second" It is only for the convenience of expression and should not be construed as a limitation to the embodiments of the present invention, and subsequent embodiments will not describe them one by one.
基于上述目的,本发明实施例的第一个方面,提出了一种能够能够在不改变原有系统的前提下以很低的成本开放API的在web系统中调用REST接口的方法的一个实施例。图1示出的是本发明提供的在web系统中调用REST接口的方法的流程示意图。Based on the above purpose, the first aspect of the embodiments of the present invention provides an embodiment of a method for invoking a REST interface in a web system that can open an API at a low cost without changing the original system . FIG. 1 shows a schematic flowchart of a method for invoking a REST interface in a web system provided by the present invention.
所述在web系统中调用REST接口的方法,如图1所示,包括以下步骤:The method for invoking the REST interface in the web system, as shown in Figure 1, includes the following steps:
步骤S101:新增外部账号访问类型,基于外部账号访问类型创建外部访问账号;Step S101: adding an external account access type, and creating an external access account based on the external account access type;
步骤S103:为web系统的每个接口分别增加标识接口是否允许外部访问账号访问的新映射;Step S103: adding a new mapping for each interface of the web system to identify whether the interface allows access by an external access account;
步骤S105:响应于外部访问账号向根据新映射确定的接口发出获取权限令牌的请求而生成并向外部访问账号反馈权限令牌;Step S105: generating and feeding back a permission token to the external access account in response to the external access account sending a request for obtaining a permission token to the interface determined according to the new mapping;
步骤S107:响应于外部访问账号携带权限令牌访问接口而选择性地允许外部访问账号调用接口。Step S107 : selectively allowing the external access account to call the interface in response to the external access account carrying the permission token to access the interface.
本领域普通技术人员可以理解实现上述实施例方法中的全部或部分流程,可以通过计算机程序来指令相关硬件来完成,所述的程序可存储于一计算机可读取存储介质中,该程序在执行时,可包括如上述各方法的实施例的流程。其中,所述的存储介质可为磁碟、光盘、只读存储记忆体(ROM)或随机存储记忆体(RAM)等。所述计算机程序的实施例,可以达到与之对应的前述任意方法实施例相同或者相类似的效果。Those of ordinary skill in the art can understand that all or part of the processes in the methods of the above embodiments can be implemented by instructing relevant hardware through a computer program, and the program can be stored in a computer-readable storage medium. , may include the flow of the above-mentioned method embodiments. The storage medium may be a magnetic disk, an optical disk, a read only memory (ROM), or a random access memory (RAM), or the like. The embodiments of the computer program can achieve the same or similar effects as any of the foregoing method embodiments corresponding thereto.
API(Application Programming Interface,应用程序接口)是一些预先定义的函数,或指软件系统不同组成部分衔接的约定。目的是提供应用程序与开发人员基于某软件或硬件得以访问一组例程的能力,而又无需访问原码,或理解内部工作机制的细节。API (Application Programming Interface, application programming interface) is some predefined functions, or refers to the agreement of the connection between different components of a software system. The purpose is to provide applications and developers the ability to access a set of routines based on a piece of software or hardware without having to access the source code or understand the details of the inner workings.
在一些实施方式中,在新增外部账号访问类型的同时,还在系统安全框架中设置禁止使用外部访问账号从web页面入口登录web系统。In some embodiments, while adding an access type of an external account, it is also set in the system security framework to prohibit using an external access account to log in to the web system from the web page portal.
在一些实施方式中,web系统的每个接口分别还具有不同于新映射的已有映射;web系统向外部访问账号提供接口的新映射,并且不提供接口的已有映射。In some embodiments, each interface of the web system also has an existing mapping that is different from the new mapping; the web system provides the new mapping of the interface to the external access account, and does not provide the existing mapping of the interface.
在一些实施方式中,已有账号仅能使用接口的已有映射通过web页面入口登录web系统。In some implementations, an existing account can only log in to the web system through the web page portal using the existing mapping of the interface.
在一些实施方式中,响应于外部访问账号向根据新映射确定的接口发出获取权限令牌的请求而生成并向外部访问账号反馈权限令牌包括:响应于外部访问账号的账号和密码正确,而根据账号和密码生成并向外部访问账号反馈权限令牌。In some embodiments, generating and feeding back the permission token to the external access account in response to the external access account sending a request for obtaining the permission token to the interface determined according to the new mapping includes: responding that the account number and password of the external access account are correct, and Generate a permission token based on the account number and password and feed back the permission token to the external access account.
在一些实施方式中,响应于外部访问账号携带权限令牌访问接口而选择性地允许外部访问账号调用接口包括:In some embodiments, selectively allowing the external access account to call the interface in response to the external access account carrying the permission token access interface includes:
响应于外部访问账号访问接口而使用系统安全框架拦截访问;Use the system security framework to intercept access in response to external access to the account access interface;
响应于被访问的接口不允许外部访问账号访问而由web系统阻止访问;Access is blocked by the web system in response to the accessed interface not allowing external access account access;
响应于外部访问账号未携带权限令牌或携带的权限令牌不合法而由系统安全框架阻止访问;The access is blocked by the system security framework in response to the external access account not carrying the permission token or the permission token carried is illegal;
响应于外部访问账号未被阻止访问而允许访问。Access is allowed in response to the external access account not being blocked.
在一些实施方式中,方法还包括:响应于外部访问账号没有访问接口的特定权限而由系统安全框架阻止访问。In some embodiments, the method further includes blocking access by the system security framework in response to the external access account not having specific rights to access the interface.
在一些实施方式中,特定权限由web系统的数据库配置和访问逻辑控制确定。In some implementations, specific permissions are determined by the web system's database configuration and access logic controls.
根据本发明实施例公开的方法还可以被实现为由CPU执行的计算机程序,该计算机程序可以存储在计算机可读存储介质中。在该计算机程序被CPU执行时,执行本发明实施例公开的方法中限定的上述功能。上述方法步骤以及系统单元也可以利用控制器以及用于存储使得控制器实现上述步骤或单元功能的计算机程序的计算机可读存储介质实现。The methods disclosed according to the embodiments of the present invention may also be implemented as a computer program executed by the CPU, and the computer program may be stored in a computer-readable storage medium. When the computer program is executed by the CPU, the above-mentioned functions defined in the methods disclosed in the embodiments of the present invention are executed. The above-mentioned method steps and system units can also be implemented by a controller and a computer-readable storage medium for storing a computer program that enables the controller to implement the functions of the above-mentioned steps or units.
下面根据图2所示的具体实施例进一步阐述本发明的实施方式。The embodiments of the present invention are further described below according to the specific embodiment shown in FIG. 2 .
首先新增外部访问账号类型,将外部调用与web页面入口调用隔离,这么做的目的是不影响原有的web访问。在原有账号表中增加一种外部访问账号的类型。在安全拦截框架SpringSecurity中的登录逻辑中增加判断逻辑,控制该类型的账号无法从web入口登录系统。其中,Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架,能够为应用系统提供声明式的安全访问控制功能,减少了为企业系统安全控制编写大量重复代码的工作。First, add an external access account type to isolate external calls from web page entry calls. The purpose of this is to not affect the original web access. Add a type of external access account to the original account table. The judgment logic is added to the login logic in the security interception framework SpringSecurity to control that accounts of this type cannot log in to the system from the web portal. Among them, Spring Security is a security framework that can provide declarative security access control solutions for Spring-based enterprise application systems. code work.
然后,在原有接口的映射上增加一个新映射,构建双映射对应同一个接口的结构,该新映射标识接口是否为开放接口。这么做的目的是将接口的访问分流,并控制外部账号访问的接口范围。只将新增的映射标识展示给外部用户,因此外部账号只能访问具备双映射的接口。具体实现接口双映射(Mapping)配置为从web入口调用接口时调用/web/test/update,第三方调用接口时调用/openAPI/test/update。Then, a new mapping is added to the mapping of the original interface, and a structure in which the double mapping corresponds to the same interface is constructed, and the new mapping identifies whether the interface is an open interface. The purpose of this is to divert the access of the interface and control the scope of the interface accessed by external accounts. Only the newly added mapping ID is displayed to external users, so external accounts can only access interfaces with dual mappings. The specific implementation interface dual mapping (Mapping) is configured to call /web/test/update when calling the interface from the web portal, and call /openAPI/test/update when the third party calls the interface.
然后,获取认证token(权限令牌)。这主要依靠OAuth2框架完成。第三方调用时,首先携带外部访问账号和密码,访问token接口,获取由OAuth2生成的具备访问权限令牌。OAuth2通过组织在资源拥有者和HTTP服务商之间的被批准的交互动作代表用户或允许第三方应用代表用户获得访问的权限,同时也为Web应用、桌面应用和手机、和起居室设备提供专门的认证流程。Then, get the authentication token (authority token). This is mainly done by relying on the OAuth2 framework. When the third party calls, first carry the external access account and password, access the token interface, and obtain the access token generated by OAuth2. OAuth2 organizes approved interactions between resource owners and HTTP service providers on behalf of the user or allows third-party applications to gain access on behalf of the user, while also providing specialized services for web applications, desktop applications and mobile, and living room devices certification process.
然后,配置安全框架拦截规则。当访问带有开放接口标识的接口时,被框架拦截处理,拦截后会验证调用者携带的token。Then, configure the security framework blocking rules. When accessing an interface with an open interface identifier, it is intercepted and processed by the framework, and the token carried by the caller will be verified after interception.
最后,在认证通过后,需要校验该外部用户是否具备访问该接口的权限。该部分主要通过数据库配置和访问逻辑控制实现。将外部访问账号类型可以访问的接口资源存入数据库,当外部账号访问接口时,将该请求资源与数据库资源匹配,若匹配成功即可访问。Finally, after the authentication is passed, it is necessary to verify whether the external user has the permission to access the interface. This part is mainly realized through database configuration and access logic control. Store the interface resources that can be accessed by the external access account type in the database. When the external account accesses the interface, match the requested resource with the database resource, and access it if the match is successful.
从上述实施例可以看出,本发明实施例提供的在web系统中调用REST接口的方法,通过新增外部账号访问类型,基于外部账号访问类型创建外部访问账号;为web系统的每个接口分别增加标识接口是否允许外部访问账号访问的新映射;响应于外部访问账号向根据新映射确定的接口发出获取权限令牌的请求而生成并向外部访问账号反馈权限令牌;响应于外部访问账号携带权限令牌访问接口而选择性地允许外部访问账号调用接口的技术方案,能够在不改变原有系统的前提下以很低的成本开放API,既满足现有web系统正常运行又提高了兼容性。It can be seen from the above embodiments that the method for calling a REST interface in a web system provided by the embodiment of the present invention creates an external access account based on the access type of an external account by adding an access type of an external account; Add a new mapping that identifies whether the interface allows access by an external access account; generates and feeds back a permission token to the external access account in response to the external access account sending a request to obtain a permission token to the interface determined according to the new mapping; in response to the external access account carrying the permission token The technical solution of selectively allowing external access accounts to call the interface through the permission token access interface can open the API at a low cost without changing the original system, which not only satisfies the normal operation of the existing web system but also improves the compatibility .
需要特别指出的是,上述在web系统中调用REST接口的方法的各个实施例中的各个步骤均可以相互交叉、替换、增加、删减,因此,这些合理的排列组合变换之于在web系统中调用REST接口的方法也应当属于本发明的保护范围,并且不应将本发明的保护范围局限在所述实施例之上。It should be specially pointed out that the steps in the above-mentioned various embodiments of the method for invoking a REST interface in a web system can be intersected, replaced, added, and deleted. The method of invoking the REST interface should also belong to the protection scope of the present invention, and the protection scope of the present invention should not be limited to the embodiment.
基于上述目的,本发明实施例的第二个方面,提出了一种能够在不改变原有系统的前提下以很低的成本开放API的在web系统中调用REST接口的装置的一个实施例。在web系统中调用REST接口的装置包括:Based on the above purpose, the second aspect of the embodiments of the present invention provides an embodiment of an apparatus for invoking a REST interface in a web system that can open an API at a low cost without changing the original system. The means for invoking the REST interface in the web system include:
初始化模块,用于新增外部账号访问类型,基于外部账号访问类型创建外部访问账号;The initialization module is used to add an external account access type and create an external access account based on the external account access type;
映射模块,用于为web系统的每个接口分别增加标识接口是否允许外部访问账号访问的新映射;The mapping module is used to add a new mapping for each interface of the web system to identify whether the interface allows external access account access;
令牌模块,用于响应于外部访问账号向根据新映射确定的接口发出获取权限令牌的请求而生成并向外部访问账号反馈权限令牌;The token module is used to generate and feed back the permission token to the external access account in response to the external access account sending a request for obtaining the permission token to the interface determined according to the new mapping;
拦截模块,用于响应于外部访问账号携带权限令牌访问接口而选择性地允许外部访问账号调用接口。The interception module is used to selectively allow the external access account to call the interface in response to the external access account carrying the permission token to access the interface.
结合这里的公开所描述的各种示例性逻辑块、模块、电路和算法步骤可以被实现为电子硬件、计算机软件或两者的组合。为了清楚地说明硬件和软件的这种可互换性,已经就各种示意性组件、方块、模块、电路和步骤的功能对其进行了一般性的描述。这种功能是被实现为软件还是被实现为硬件取决于具体应用以及施加给整个系统的设计约束。本领域技术人员可以针对每种具体应用以各种方式来实现所述的功能,但是这种实现决定不应被解释为导致脱离本发明实施例公开的范围。The various exemplary logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein can be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate this interchangeability of hardware and software, various illustrative components, blocks, modules, circuits, and steps have been described generally in terms of their functionality. Whether such functionality is implemented as software or hardware depends on the specific application and design constraints imposed on the overall system. Those skilled in the art may implement the described functions in various ways for each specific application, but such implementation decisions should not be interpreted as causing a departure from the scope of the disclosed embodiments of the present invention.
基于上述目的,本发明实施例的第三个方面,提出了一种能够在不改变原有系统的前提下以很低的成本开放API的在web系统中调用REST接口的web系统一个实施例。web系统包括:Based on the above purpose, the third aspect of the embodiments of the present invention provides an embodiment of a web system that can open an API at a low cost and call a REST interface in a web system without changing the original system. The web system includes:
多个接口;multiple interfaces;
处理器;和processor; and
存储器,存储有处理器可运行的程序代码,程序代码在被运行时执行上述的在web系统中调用REST接口的方法。The memory stores program code executable by the processor, and the program code executes the above-mentioned method for invoking the REST interface in the web system when the program code is executed.
从上述实施例可以看出,本发明实施例提供的在web系统中调用REST接口的装置和web系统,通过新增外部账号访问类型,基于外部账号访问类型创建外部访问账号;为web系统的每个接口分别增加标识接口是否允许外部访问账号访问的新映射;响应于外部访问账号向根据新映射确定的接口发出获取权限令牌的请求而生成并向外部访问账号反馈权限令牌;响应于外部访问账号携带权限令牌访问接口而选择性地允许外部访问账号调用接口的技术方案,能够在不改变原有系统的前提下以很低的成本开放API,既满足现有web系统正常运行又提高了兼容性。It can be seen from the above embodiments that the device and web system for invoking a REST interface in a web system provided by the embodiments of the present invention create an external access account based on the access type of the external account by adding an access type of an external account; Each interface adds a new mapping that identifies whether the interface allows access by the external access account; generates and feeds back the authorization token to the external access account in response to the external access account sending a request to obtain the authorization token to the interface determined according to the new mapping; in response to the external access account The technical solution that the access account carries the permission token to access the interface and selectively allows the external access account to call the interface can open the API at a low cost without changing the original system, which not only satisfies the normal operation of the existing web system but also improves the compatibility.
需要特别指出的是,上述在web系统中调用REST接口的装置和web系统的实施例采用了所述在web系统中调用REST接口的方法的实施例来具体说明各模块的工作过程,本领域技术人员能够很容易想到,将这些模块应用到所述在web系统中调用REST接口的方法的其他实施例中。当然,由于所述在web系统中调用REST接口的方法实施例中的各个步骤均可以相互交叉、替换、增加、删减,因此,这些合理的排列组合变换之于所述在web系统中调用REST接口的装置和web系统也应当属于本发明的保护范围,并且不应将本发明的保护范围局限在所述实施例之上。It should be particularly pointed out that the above-mentioned embodiments of the apparatus for invoking a REST interface in a web system and the web system use the embodiment of the method for invoking a REST interface in a web system to specifically describe the working process of each module, which is technically known in the art. Persons can easily think of applying these modules to other embodiments of the method for invoking a REST interface in a web system. Of course, since the steps in the method embodiment for invoking a REST interface in a web system can be intersected, replaced, added, and deleted, these reasonable permutations and combinations are important for the invocation of REST in the web system. The device of the interface and the web system should also belong to the protection scope of the present invention, and the protection scope of the present invention should not be limited to the above-described embodiments.
以上是本发明公开的示例性实施例,但是应当注意,在不背离权利要求限定的本发明实施例公开的范围的前提下,可以进行多种改变和修改。根据这里描述的公开实施例的方法权利要求的功能、步骤和/或动作不需以任何特定顺序执行。此外,尽管本发明实施例公开的元素可以以个体形式描述或要求,但除非明确限制为单数,也可以理解为多个。The above are exemplary embodiments of the present disclosure, but it should be noted that various changes and modifications may be made without departing from the scope of the disclosure of the embodiments of the present invention as defined in the claims. The functions, steps and/or actions of the method claims in accordance with the disclosed embodiments described herein need not be performed in any particular order. Furthermore, although elements disclosed in the embodiments of the present invention may be described or claimed in the singular, unless explicitly limited to the singular, the plural may also be construed.
应当理解的是,在本文中使用的,除非上下文清楚地支持例外情况,单数形式“一个”旨在也包括复数形式。还应当理解的是,在本文中使用的“和/或”是指包括一个或者一个以上相关联地列出的项目的任意和所有可能组合。上述本发明实施例公开实施例序号仅仅为了描述,不代表实施例的优劣。It should be understood that, as used herein, the singular form "a" is intended to include the plural form as well, unless the context clearly supports an exception. It will also be understood that "and/or" as used herein is meant to include any and all possible combinations of one or more of the associated listed items. The above-mentioned embodiments of the present invention disclose the serial numbers of the embodiments only for description, and do not represent the advantages and disadvantages of the embodiments.
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。Those of ordinary skill in the art can understand that all or part of the steps of implementing the above embodiments can be completed by hardware, or can be completed by instructing relevant hardware through a program, and the program can be stored in a computer-readable storage medium. The storage medium mentioned may be a read-only memory, a magnetic disk or an optical disk, etc.
所属领域的普通技术人员应当理解:以上任何实施例的讨论仅为示例性的,并非旨在暗示本发明实施例公开的范围(包括权利要求)被限于这些例子;在本发明实施例的思路下,以上实施例或者不同实施例中的技术特征之间也可以进行组合,并存在如上所述的本发明实施例的不同方面的许多其它变化,为了简明它们没有在细节中提供。因此,凡在本发明实施例的精神和原则之内,所做的任何省略、修改、等同替换、改进等,均应包含在本发明实施例的保护范围之内。Those of ordinary skill in the art should understand that the discussion of any of the above embodiments is only exemplary, and is not intended to imply that the scope (including the claims) disclosed by the embodiments of the present invention is limited to these examples; under the idea of the embodiments of the present invention , the technical features of the above embodiments or different embodiments can also be combined, and there are many other variations of the different aspects of the embodiments of the present invention as described above, which are not provided in detail for the sake of brevity. Therefore, any omission, modification, equivalent replacement, improvement, etc. made within the spirit and principle of the embodiments of the present invention should be included within the protection scope of the embodiments of the present invention.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910848442.4ACN110610069A (en) | 2019-09-09 | 2019-09-09 | A method and device for calling a REST interface in a web system |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910848442.4ACN110610069A (en) | 2019-09-09 | 2019-09-09 | A method and device for calling a REST interface in a web system |
| Publication Number | Publication Date |
|---|---|
| CN110610069Atrue CN110610069A (en) | 2019-12-24 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910848442.4APendingCN110610069A (en) | 2019-09-09 | 2019-09-09 | A method and device for calling a REST interface in a web system |
| Country | Link |
|---|---|
| CN (1) | CN110610069A (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114357426A (en)* | 2021-12-02 | 2022-04-15 | 北京金山云网络技术有限公司 | Interface access verification method, device, electronic device and readable storage medium |
| CN114465806A (en)* | 2022-02-21 | 2022-05-10 | 深圳市世强元件网络有限公司 | Multi-party data access security management method and system |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685193A (en)* | 2012-09-20 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Method for third party application to access open platform and open platform access system |
| CN104750810A (en)* | 2015-03-30 | 2015-07-01 | 浪潮集团有限公司 | Data querying and processing method based on configuration |
| CN105005543A (en)* | 2015-06-29 | 2015-10-28 | 浪潮通用软件有限公司 | Interface generation apparatus and method |
| CN105704154A (en)* | 2016-04-01 | 2016-06-22 | 金蝶软件(中国)有限公司 | RESTful-based service processing method, device and system |
| CN107357660A (en)* | 2017-07-06 | 2017-11-17 | 华为技术有限公司 | The distribution method and device of a kind of virtual resource |
| CN107872484A (en)* | 2016-09-27 | 2018-04-03 | 中国电信股份有限公司 | REST API fast registration methods, devices and systems |
| CN108809912A (en)* | 2017-05-04 | 2018-11-13 | 中国移动通信集团重庆有限公司 | Terminal core application of function method and device |
| CN105389222B (en)* | 2015-12-15 | 2018-12-21 | 中国科学院声学研究所 | A kind of methods, devices and systems of dynamic call native interface |
| CN109150805A (en)* | 2017-06-19 | 2019-01-04 | 亿阳安全技术有限公司 | The method for managing security and system of application programming interface |
| CN109710676A (en)* | 2018-12-26 | 2019-05-03 | 新华三技术有限公司 | Data capture method, device and the electronic equipment of CMDB model |
| CN109756542A (en)* | 2017-11-06 | 2019-05-14 | 北京航天长峰科技工业集团有限公司 | A kind of REST frame data service system based on WEB API |
| CN208954181U (en)* | 2018-12-06 | 2019-06-07 | 贵州电网有限责任公司 | A kind of computer room access control device |
| CN110035044A (en)* | 2017-11-28 | 2019-07-19 | 京瓷办公信息系统株式会社 | Information processing system and information processing method |
| CN110149339A (en)* | 2019-05-27 | 2019-08-20 | 浪潮云信息技术有限公司 | A kind of method and system for realizing AWS API based on RESTful API |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103685193A (en)* | 2012-09-20 | 2014-03-26 | 腾讯科技(深圳)有限公司 | Method for third party application to access open platform and open platform access system |
| CN104750810A (en)* | 2015-03-30 | 2015-07-01 | 浪潮集团有限公司 | Data querying and processing method based on configuration |
| CN105005543A (en)* | 2015-06-29 | 2015-10-28 | 浪潮通用软件有限公司 | Interface generation apparatus and method |
| CN105389222B (en)* | 2015-12-15 | 2018-12-21 | 中国科学院声学研究所 | A kind of methods, devices and systems of dynamic call native interface |
| CN105704154A (en)* | 2016-04-01 | 2016-06-22 | 金蝶软件(中国)有限公司 | RESTful-based service processing method, device and system |
| CN107872484A (en)* | 2016-09-27 | 2018-04-03 | 中国电信股份有限公司 | REST API fast registration methods, devices and systems |
| CN108809912A (en)* | 2017-05-04 | 2018-11-13 | 中国移动通信集团重庆有限公司 | Terminal core application of function method and device |
| CN109150805A (en)* | 2017-06-19 | 2019-01-04 | 亿阳安全技术有限公司 | The method for managing security and system of application programming interface |
| CN107357660A (en)* | 2017-07-06 | 2017-11-17 | 华为技术有限公司 | The distribution method and device of a kind of virtual resource |
| CN109756542A (en)* | 2017-11-06 | 2019-05-14 | 北京航天长峰科技工业集团有限公司 | A kind of REST frame data service system based on WEB API |
| CN110035044A (en)* | 2017-11-28 | 2019-07-19 | 京瓷办公信息系统株式会社 | Information processing system and information processing method |
| CN208954181U (en)* | 2018-12-06 | 2019-06-07 | 贵州电网有限责任公司 | A kind of computer room access control device |
| CN109710676A (en)* | 2018-12-26 | 2019-05-03 | 新华三技术有限公司 | Data capture method, device and the electronic equipment of CMDB model |
| CN110149339A (en)* | 2019-05-27 | 2019-08-20 | 浪潮云信息技术有限公司 | A kind of method and system for realizing AWS API based on RESTful API |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114357426A (en)* | 2021-12-02 | 2022-04-15 | 北京金山云网络技术有限公司 | Interface access verification method, device, electronic device and readable storage medium |
| CN114465806A (en)* | 2022-02-21 | 2022-05-10 | 深圳市世强元件网络有限公司 | Multi-party data access security management method and system |
| Publication | Publication Date | Title |
|---|---|---|
| US12155664B2 (en) | Access control in microservice architectures | |
| US10652235B1 (en) | Assigning policies for accessing multiple computing resource services | |
| US10200361B2 (en) | System and method for integrating a transactional middleware platform with a centralized access manager for single sign-on in an enterprise-level computing environment | |
| US9639678B2 (en) | Identity risk score generation and implementation | |
| US11757636B2 (en) | Access control for short-lived resource principals | |
| CN106341234B (en) | Authorization method and device | |
| CN107743702B (en) | Single Sign-On for Managed Mobile Devices | |
| US20210176229A1 (en) | Single sign-on service authentication through a voice assistant | |
| US11418343B2 (en) | Access control for long-lived resource principals | |
| CN111147572B (en) | Cloud customer service platform management system and method | |
| JP6921831B2 (en) | Associating user accounts with corporate workspaces | |
| US20200344235A1 (en) | System and method for controlling a multi-tenant service-oriented architecture | |
| JP2015518201A5 (en) | ||
| US10749874B2 (en) | Preventing unauthorized access to secured information systems by injecting device data collectors | |
| WO2021027532A1 (en) | Authority verification method and device for smart contract | |
| WO2018129723A1 (en) | Management method for subscription data set, terminal, and server | |
| CN110610069A (en) | A method and device for calling a REST interface in a web system | |
| US11947657B2 (en) | Persistent source values for assumed alternative identities | |
| US10263971B2 (en) | Preventing unauthorized access to secured information systems by injecting device data collectors | |
| US20240356985A1 (en) | Impersonating request-based security in connection-based security environment | |
| US10936383B2 (en) | Hard coded credential bypassing | |
| CN112153025A (en) | Method and device for realizing OAuth2.0 authentication based on PAM | |
| CN111427589B (en) | A data space deployment method and device for a big data cluster resource management system | |
| CN114640505A (en) | FTP user authentication method and system and construction method thereof | |
| US20220277266A1 (en) | System and method for real-time healthcare claim adjustment |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | Application publication date:20191224 | |
| RJ01 | Rejection of invention patent application after publication |