技术领域Technical Field
本申请涉及计算机技术领域,具体而言,涉及一种应用程序访问方法及装置。The present application relates to the field of computer technology, and in particular to an application access method and device.
背景技术Background Art
企业一般使用移动办公等集成APP(应用程序)时,一般是将移动端APP作为应用统一入口,在APP内部的工作台上集成其他应用。一般来说,当用户需要使用内网应用时,就需要先拨VPN(虚拟专用网络)才能继续使用。在移动端拨VPN的传统方式是在移动端安装一个独立的VPN APP,采用这种方式,用户在使用内网应用前,需要先打开VPN APP,使用VPN的账号密码登录,建立好VPN隧道,再打开内网应用,需要分别登录VPN和移动APP,用户体验差,安全性也不好。When enterprises use integrated APPs (applications) such as mobile office, they usually use the mobile APP as the unified entrance to the application and integrate other applications on the workbench inside the APP. Generally speaking, when users need to use intranet applications, they need to dial VPN (virtual private network) before they can continue to use it. The traditional way to dial VPN on the mobile terminal is to install an independent VPN APP on the mobile terminal. In this way, before using the intranet application, the user needs to open the VPN APP, log in with the VPN account and password, establish a VPN tunnel, and then open the intranet application. They need to log in to the VPN and mobile APP separately, which has a poor user experience and poor security.
针对上述的问题,目前尚未提出有效的解决方案。To address the above-mentioned problems, no effective solution has been proposed yet.
发明内容Summary of the invention
本申请实施例提供了一种应用程序访问方法及装置,以至少解决相关技术中由于需要额外开启VPN APP导致操作繁琐的问题。The embodiments of the present application provide an application access method and device to at least solve the problem in the related art that the operation is complicated due to the need to additionally open a VPN APP.
根据本申请实施例的一个方面,提供了一种应用程序访问方法,包括:响应于第一应用程序检测到的触发指令,从第一服务端设备获取登录令牌,所述登录令牌用于控制移动终端与所述第一服务端设备建立连接;通过所述第一应用程序将所述登录令牌传输到虚拟专用网络VPN网关,在所述VPN网关采用所述登录令牌登录到所述第一服务端设备后,建立与所述VPN网关之间的传输隧道;通过所述传输隧道向所述VPN网关发送访问请求,所述访问请求用于访问第二服务端设备中的第二应用程序。According to one aspect of an embodiment of the present application, an application access method is provided, comprising: in response to a trigger instruction detected by a first application, obtaining a login token from a first server device, wherein the login token is used to control a mobile terminal to establish a connection with the first server device; transmitting the login token to a virtual private network VPN gateway through the first application, and after the VPN gateway uses the login token to log in to the first server device, establishing a transmission tunnel with the VPN gateway; and sending an access request to the VPN gateway through the transmission tunnel, wherein the access request is used to access a second application in a second server device.
可选地,从第一服务端设备获取登录令牌,包括:通过所述第一应用程序的目标界面接收触发指令,所述触发指令在所述目标控件被触发时发出;响应于所述触发指令,从所述第一服务端设备获取登录令牌。Optionally, obtaining a login token from a first server device includes: receiving a trigger instruction through a target interface of the first application, the trigger instruction being issued when the target control is triggered; and obtaining a login token from the first server device in response to the trigger instruction.
可选地,建立与所述VPN网关之间的传输隧道,包括:通过预设在第一应用程序中的软件开发工具包向所述VPN网关发送所述登录令牌,并接收所述指示信息,所述指示信息由所述VPN网关采用所述登录令牌通过所述第一服务端设备的验证后发送的;在接收到指示信息的情况下,与所述VPN网关之间建立所述传输通道,所述指示信息用于指示所述VPN网关已登录所述第一服务端设备。Optionally, establishing a transmission tunnel with the VPN gateway includes: sending the login token to the VPN gateway through a software development kit preset in the first application, and receiving the indication information, the indication information is sent by the VPN gateway after the login token is used by the VPN gateway to pass the verification of the first server device; when the indication information is received, establishing the transmission channel with the VPN gateway, the indication information is used to indicate that the VPN gateway has logged in to the first server device.
可选地,通过所述传输隧道向所述VPN网关发送访问请求,包括:通过所述传输隧道经过所述VPN网关与第二服务端设备建立通信连接;将所述访问请求通过所述VPN网关发送给所述第二服务端设备。Optionally, sending the access request to the VPN gateway through the transmission tunnel includes: establishing a communication connection with a second server device through the transmission tunnel via the VPN gateway; and sending the access request to the second server device through the VPN gateway.
可选地,在将所述访问请求通过所述VPN网关发送给所述第二服务端设备之后,所述方法还包括:通过所述传输隧道接收由所述VPN网关转发的所述第二应用程序对应的数据,其中,所述第二应用程序对应的数据是所述第二服务端设备响应于所述访问请求发送的。Optionally, after sending the access request to the second server device through the VPN gateway, the method also includes: receiving data corresponding to the second application forwarded by the VPN gateway through the transmission tunnel, wherein the data corresponding to the second application is sent by the second server device in response to the access request.
可选地,在通过所述传输隧道向所述VPN网关发送访问请求之后,所述方法还包括:通过所述软件工具包向所述第一服务器发送断开指令,所述断开指令用于指示所述第一服务器向所述VPN网关发送退出指令,所述退出指令用于指示所述VPN网关断开与所述第一服务器的连接;通过所述软件工具包接收目标消息,所述目标消息用于指示所述传输隧道已断开,其中,所述传输隧道在所述VPN网关断开与所述第一服务器的连接之后断开。Optionally, after sending an access request to the VPN gateway through the transmission tunnel, the method further includes: sending a disconnect instruction to the first server through the software toolkit, the disconnect instruction being used to instruct the first server to send an exit instruction to the VPN gateway, the exit instruction being used to instruct the VPN gateway to disconnect from the first server; receiving a target message through the software toolkit, the target message being used to indicate that the transmission tunnel has been disconnected, wherein the transmission tunnel is disconnected after the VPN gateway disconnects from the first server.
可选地,所述方法还包括:接收目标指令,所述目标指令用于指示将所述第一应用程序转移到移动终端的后台;在所述第一应用程序被转移到所述移动终端的后台后,断开所述传输隧道。Optionally, the method further includes: receiving a target instruction, the target instruction being used to instruct to transfer the first application to the background of the mobile terminal; and disconnecting the transmission tunnel after the first application is transferred to the background of the mobile terminal.
根据本申请实施例的另一方面,还提供了一种应用程序访问系统,包括:移动终端、第一服务端设备、VPN网关和第二服务端;所述移动终端,用于运行所述第一应用程序,还用于响应于第一应用程序检测到的触发指令,从第一服务端设备获取登录令牌,所述登录令牌用于控制移动终端与所述第一服务端设备建立连接;通过所述第一应用程序将所述登录令牌传输到虚拟专用网络VPN网关,在所述VPN网关采用所述登录令牌登录到所述第一服务端设备后,建立与所述VPN网关之间的传输隧道;通过所述传输隧道向所述VPN网关发送访问请求,所述访问请求用于访问第二服务端设备中的第二应用程序。According to another aspect of an embodiment of the present application, there is also provided an application access system, including: a mobile terminal, a first server device, a VPN gateway, and a second server; the mobile terminal is used to run the first application, and is also used to obtain a login token from the first server device in response to a trigger instruction detected by the first application, and the login token is used to control the mobile terminal to establish a connection with the first server device; the login token is transmitted to a virtual private network VPN gateway through the first application, and after the VPN gateway uses the login token to log in to the first server device, a transmission tunnel is established between the VPN gateway and the VPN gateway; an access request is sent to the VPN gateway through the transmission tunnel, and the access request is used to access the second application in the second server device.
根据本申请实施例的又一方面,还提供了一种计算机设备,包括:存储器,用于存储程序指令;处理器,与存储器连接,用于执行以下功能的程序指令:响应于第一应用程序检测到的触发指令,从第一服务端设备获取登录令牌,所述登录令牌用于控制移动终端与所述第一服务端设备建立连接;通过所述第一应用程序将所述登录令牌传输到虚拟专用网络VPN网关,在所述VPN网关采用所述登录令牌登录到所述第一服务端设备后,建立与所述VPN网关之间的传输隧道;通过所述传输隧道向所述VPN网关发送访问请求,所述访问请求用于访问第二服务端设备中的第二应用程序。According to another aspect of the embodiment of the present application, a computer device is also provided, including: a memory for storing program instructions; a processor, connected to the memory, for executing the program instructions of the following functions: in response to a trigger instruction detected by a first application, obtaining a login token from a first server device, wherein the login token is used to control a mobile terminal to establish a connection with the first server device; transmitting the login token to a virtual private network VPN gateway through the first application, and after the VPN gateway uses the login token to log in to the first server device, establishing a transmission tunnel with the VPN gateway; sending an access request to the VPN gateway through the transmission tunnel, wherein the access request is used to access a second application in a second server device.
根据本申请实施例的又一方面,还提供了一种计算机程序产品,包括计算机程序,上述计算机程序被处理器执行时实现上述应用程序访问方法的步骤。According to another aspect of the embodiment of the present application, a computer program product is provided, including a computer program, and when the computer program is executed by a processor, the steps of the application program access method are implemented.
在本申请实施例中,采用响应于第一应用程序检测到的触发指令,从第一服务端设备获取登录令牌,所述登录令牌用于控制移动终端与所述第一服务端设备建立连接;通过所述第一应用程序将所述登录令牌传输到虚拟专用网络VPN网关,在所述VPN网关采用所述登录令牌登录到所述第一服务端设备后,建立与所述VPN网关之间的传输隧道;通过所述传输隧道向所述VPN网关发送访问请求,所述访问请求用于访问第二服务端设备中的第二应用程序的方式,通过利用第一应用程序直接与VPN网关建立连接,达到了避免额外开启VPN APP的目的,从而实现了简化操作流程的技术效果,进而解决了相关技术中由于需要额外开启VPN APP导致操作繁琐的问题。In an embodiment of the present application, a login token is obtained from a first server device in response to a trigger instruction detected by a first application, and the login token is used to control the mobile terminal to establish a connection with the first server device; the login token is transmitted to a virtual private network VPN gateway through the first application, and after the VPN gateway uses the login token to log in to the first server device, a transmission tunnel between the VPN gateway and the VPN gateway is established; an access request is sent to the VPN gateway through the transmission tunnel, and the access request is used to access the second application in the second server device. By using the first application to directly establish a connection with the VPN gateway, the purpose of avoiding additional opening of the VPN APP is achieved, thereby achieving the technical effect of simplifying the operation process, and further solving the problem of cumbersome operation caused by the need to additionally open the VPN APP in the related technology.
附图说明BRIEF DESCRIPTION OF THE DRAWINGS
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described herein are used to provide a further understanding of the present application and constitute a part of the present application. The illustrative embodiments of the present application and their descriptions are used to explain the present application and do not constitute an improper limitation on the present application. In the drawings:
图1是根据本申请实施例的一种用于实现应用程序访问方法的计算机终端的硬件结构框图;FIG1 is a hardware structure block diagram of a computer terminal for implementing an application program access method according to an embodiment of the present application;
图2是根据本申请实施例的一种应用程序访问方法的流程图;FIG2 is a flow chart of an application access method according to an embodiment of the present application;
图3是根据本申请实施例的一种传输隧道断开过程的流程图;FIG3 is a flow chart of a transmission tunnel disconnection process according to an embodiment of the present application;
图4是根据本申请实施例的一种应用程序访问系统的结构示意图;FIG4 is a schematic diagram of the structure of an application access system according to an embodiment of the present application;
图5是根据本申请实施例的一种应用程序访问装置的结构示意图。FIG5 is a schematic diagram of the structure of an application access device according to an embodiment of the present application.
具体实施方式DETAILED DESCRIPTION
为了使本技术领域的人员更好地理解本申请方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分的实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本申请保护的范围。In order to enable those skilled in the art to better understand the solution of the present application, the technical solution in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments are only part of the embodiments of the present application, not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by ordinary technicians in this field without creative work should fall within the scope of protection of the present application.
需要说明的是,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的本申请的实施例能够以除了在这里图示或描述的那些以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。It should be noted that the terms "first", "second", etc. in the specification and claims of the present application and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the data used in this way can be interchangeable where appropriate, so that the embodiments of the present application described herein can be implemented in an order other than those illustrated or described herein. In addition, the terms "including" and "having" and any of their variations are intended to cover non-exclusive inclusions, for example, a process, method, system, product or device comprising a series of steps or units is not necessarily limited to those steps or units clearly listed, but may include other steps or units that are not clearly listed or inherent to these processes, methods, products or devices.
本申请实施例所提供的应用程序访问方法实施例可以在移动终端、计算机终端或者类似的运算装置中执行。图1示出了一种用于实现应用程序访问方法的计算机终端的硬件结构框图。如图1所示,计算机终端10可以包括一个或多个(图中采用102a、102b,……,102n来示出)处理器(处理器可以包括但不限于微处理器MCU或可编程逻辑器件FPGA等的处理装置)、用于存储数据的存储器104、以及用于通信功能的传输模块106。除此以外,还可以包括:显示器、键盘、光标控制设备、输入/输出接口(I/O接口)、通用串行总线(USB)端口(可以作为I/O接口的端口中的一个端口)、网络接口、BUS总线。本领域普通技术人员可以理解,图1所示的结构仅为示意,其并不对上述电子装置的结构造成限定。例如,计算机终端10还可包括比图1中所示更多或者更少的组件,或者具有与图1所示不同的配置。The application access method embodiment provided in the embodiment of the present application can be executed in a mobile terminal, a computer terminal or a similar computing device. FIG. 1 shows a hardware structure block diagram of a computer terminal for implementing the application access method. As shown in FIG. 1 , the computer terminal 10 may include one or more (102a, 102b, ..., 102n are used in the figure to show) processors (the processor may include but is not limited to a processing device such as a microprocessor MCU or a programmable logic device FPGA), a memory 104 for storing data, and a transmission module 106 for communication functions. In addition, it may also include: a display, a keyboard, a cursor control device, an input/output interface (I/O interface), a universal serial bus (USB) port (which can be used as one of the ports of the I/O interface), a network interface, and a BUS bus. It can be understood by those skilled in the art that the structure shown in FIG. 1 is only for illustration, and it does not limit the structure of the above-mentioned electronic device. For example, the computer terminal 10 may also include more or fewer components than those shown in FIG. 1 , or have a configuration different from that shown in FIG. 1 .
应当注意到的是上述一个或多个处理器和/或其他数据处理电路在本文中通常可以被称为“数据处理电路”。该数据处理电路可以全部或部分的体现为软件、硬件、固件或其他任意组合。此外,数据处理电路可为单个独立的处理模块,或全部或部分的结合到计算机终端10中的其他元件中的任意一个内。如本申请实施例中所涉及到的,该数据处理电路作为一种处理器控制(例如与接口连接的可变电阻终端路径的选择)。It should be noted that the one or more processors and/or other data processing circuits described above may generally be referred to herein as "data processing circuits". The data processing circuits may be embodied in whole or in part as software, hardware, firmware, or any other combination thereof. In addition, the data processing circuit may be a single independent processing module, or may be incorporated in whole or in part into any of the other components in the computer terminal 10. As described in the embodiments of the present application, the data processing circuit acts as a processor control (e.g., selection of a variable resistor terminal path connected to an interface).
存储器104可用于存储应用软件的软件程序以及模块,如本申请实施例中的应用程序访问方法对应的程序指令/数据存储装置,处理器通过运行存储在存储器104内的软件程序以及模块,从而执行各种功能应用以及数据处理,即实现上述的应用程序访问方法。存储器104可包括高速随机存储器,还可包括非易失性存储器,如一个或者多个磁性存储装置、闪存、或者其他非易失性固态存储器。在一些实例中,存储器104可进一步包括相对于处理器远程设置的存储器,这些远程存储器可以通过网络连接至计算机终端10。上述网络的实例包括但不限于互联网、企业内部网、局域网、移动通信网及其组合。The memory 104 can be used to store software programs and modules of application software, such as program instructions/data storage devices corresponding to the application access method in the embodiment of the present application. The processor executes various functional applications and data processing by running the software programs and modules stored in the memory 104, that is, realizing the above-mentioned application access method. The memory 104 may include a high-speed random access memory, and may also include a non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 104 may further include a memory remotely arranged relative to the processor, and these remote memories may be connected to the computer terminal 10 via a network. Examples of the above-mentioned network include, but are not limited to, the Internet, an intranet, a local area network, a mobile communication network, and combinations thereof.
传输模块106用于经由一个网络接收或者发送数据。上述的网络具体实例可包括计算机终端10的通信供应商提供的无线网络。在一个实例中,传输模块106包括一个网络适配器(Network Interface Controller,NIC),其可通过基站与其他网络设备相连从而可与互联网进行通讯。在一个实例中,传输模块106可以为射频(Radio Frequency,RF)模块,其用于通过无线方式与互联网进行通讯。The transmission module 106 is used to receive or send data via a network. The specific example of the above network may include a wireless network provided by a communication provider of the computer terminal 10. In one example, the transmission module 106 includes a network adapter (Network Interface Controller, NIC), which can be connected to other network devices through a base station so as to communicate with the Internet. In one example, the transmission module 106 can be a radio frequency (RF) module, which is used to communicate with the Internet wirelessly.
显示器可以例如触摸屏式的液晶显示器(LCD),该液晶显示器可使得用户能够与计算机终端10的用户界面进行交互。The display may be, for example, a touch screen liquid crystal display (LCD) that enables a user to interact with a user interface of the computer terminal 10 .
此处需要说明的是,在一些可选实施例中,上述图1所示的计算机设备可以包括硬件元件(包括电路)、软件元件(包括存储在计算机可读介质上的计算机代码)、或硬件元件和软件元件两者的结合。应当指出的是,图1仅为特定具体实例的一个实例,并且旨在示出可存在于上述计算机设备中的部件的类型。It should be noted here that, in some optional embodiments, the computer device shown in Figure 1 above may include hardware elements (including circuits), software elements (including computer codes stored on computer-readable media), or a combination of hardware elements and software elements. It should be noted that Figure 1 is only an example of a specific specific example and is intended to illustrate the types of components that may be present in the above-mentioned computer device.
在上述运行环境下,本申请实施例提供了一种应用程序访问方法实施例,需要说明的是,在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行,并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。In the above-mentioned operating environment, an embodiment of the present application provides an application access method embodiment. It should be noted that the steps shown in the flowchart of the accompanying drawings can be executed in a computer system such as a set of computer executable instructions, and although the logical order is shown in the flowchart, in some cases, the steps shown or described can be executed in an order different from that shown here.
图2是根据本申请实施例的一种应用程序访问方法的流程图,如图2所示,该方法包括如下步骤:FIG. 2 is a flow chart of an application access method according to an embodiment of the present application. As shown in FIG. 2 , the method includes the following steps:
步骤S202,响应于第一应用程序检测到的触发指令,从第一服务端设备获取登录令牌,登录令牌用于控制移动终端与第一服务端设备建立连接;Step S202, in response to the trigger instruction detected by the first application, obtaining a login token from the first server device, where the login token is used to control the mobile terminal to establish a connection with the first server device;
在上述步骤S202中,触发指令,可以在用户点击移动APP工作台上的内网应用(第二应用程序)入口时发出。在一种可选的方式中,在生成触发指令之前,可以设置登录第一应用程序的流程,在登录到第一应用程序之后,在第一应用程序的界面中点击第二应用程序的入口图标。In the above step S202, the trigger instruction may be issued when the user clicks on the entrance of the intranet application (second application) on the mobile APP workbench. In an optional manner, before generating the trigger instruction, a process of logging into the first application may be set, and after logging into the first application, the entrance icon of the second application may be clicked in the interface of the first application.
步骤S204,通过第一应用程序将登录令牌传输到虚拟专用网络VPN网关,在VPN网关采用登录令牌登录到第一服务端设备后,建立与VPN网关之间的传输隧道;Step S204, transmitting the login token to a virtual private network VPN gateway through the first application, and after the VPN gateway logs in to the first server device using the login token, establishing a transmission tunnel with the VPN gateway;
在上述步骤S204中,通过结合可信的移动客户端及VPN设备,实现移动端安全访问企业内网资源,对移动端设备及内网进行有效隔离,满足了企业安全要求。In the above step S204, by combining a trusted mobile client and a VPN device, secure mobile access to enterprise intranet resources is achieved, and the mobile device and the intranet are effectively isolated, thus meeting the enterprise security requirements.
步骤S206,通过传输隧道向VPN网关发送访问请求,访问请求用于访问第二服务端设备中的第二应用程序。Step S206: Send an access request to the VPN gateway through the transmission tunnel, where the access request is used to access the second application in the second server device.
通过上述步骤S202至步骤S206中的应用程序访问方法,采用响应于第一应用程序检测到的触发指令,从第一服务端设备获取登录令牌,所述登录令牌用于控制移动终端与所述第一服务端设备建立连接;通过所述第一应用程序将所述登录令牌传输到虚拟专用网络VPN网关,在所述VPN网关采用所述登录令牌登录到所述第一服务端设备后,建立与所述VPN网关之间的传输隧道;通过所述传输隧道向所述VPN网关发送访问请求,所述访问请求用于访问第二服务端设备中的第二应用程序的方式,通过利用第一应用程序直接与VPN网关建立连接,达到了避免额外开启VPN APP的目的,从而实现了简化操作流程的技术效果,进而解决了相关技术中由于需要额外开启VPN APP导致操作繁琐的问题。以下详细说明。Through the application access method in the above steps S202 to S206, a login token is obtained from the first server device in response to a trigger instruction detected by the first application, and the login token is used to control the mobile terminal to establish a connection with the first server device; the login token is transmitted to the virtual private network VPN gateway through the first application, and after the VPN gateway uses the login token to log in to the first server device, a transmission tunnel is established between the VPN gateway and the VPN gateway; an access request is sent to the VPN gateway through the transmission tunnel, and the access request is used to access the second application in the second server device. By using the first application to directly establish a connection with the VPN gateway, the purpose of avoiding additional opening of the VPN APP is achieved, thereby achieving the technical effect of simplifying the operation process, and further solving the problem of cumbersome operation caused by the need to additionally open the VPN APP in the related technology. The following is a detailed description.
从第一服务端设备获取登录令牌的具体过程为:通过所述第一应用程序的目标界面接收触发指令,所述触发指令在所述目标控件被触发时发出;响应于所述触发指令,从所述第一服务端设备获取登录令牌。The specific process of obtaining a login token from the first server device is: receiving a trigger instruction through the target interface of the first application, the trigger instruction being issued when the target control is triggered; and obtaining a login token from the first server device in response to the trigger instruction.
需要进行说明的是,目标控件可以是第二应用程序对应的图标或者是按钮。It should be noted that the target control may be an icon or a button corresponding to the second application.
在本申请的一些实施例中,建立与所述VPN网关之间的传输隧道的具体过程如下:通过预设在第一应用程序中的软件开发工具包向所述VPN网关发送所述登录令牌,并接收所述指示信息,所述指示信息由所述VPN网关采用所述登录令牌通过所述第一服务端设备的验证后发送的;在接收到指示信息的情况下,与所述VPN网关之间建立所述传输通道,所述指示信息用于指示所述VPN网关已登录所述第一服务端设备。In some embodiments of the present application, the specific process of establishing a transmission tunnel with the VPN gateway is as follows: sending the login token to the VPN gateway through a software development kit preset in the first application, and receiving the indication information, the indication information is sent by the VPN gateway after the login token is used by the VPN gateway to pass the verification of the first server device; when the indication information is received, establishing the transmission channel with the VPN gateway, the indication information is used to indicate that the VPN gateway has logged in to the first server device.
在一种可选的方式中,通过所述传输隧道向所述VPN网关发送访问请求的具体过程如下:通过所述传输隧道经过所述VPN网关与第二服务端设备建立通信连接;将所述访问请求通过所述VPN网关发送给所述第二服务端设备。In an optional manner, the specific process of sending an access request to the VPN gateway through the transmission tunnel is as follows: establishing a communication connection with a second server device through the transmission tunnel via the VPN gateway; and sending the access request to the second server device through the VPN gateway.
在将所述访问请求通过所述VPN网关发送给所述第二服务端设备之后,通过所述传输隧道接收由所述VPN网关转发的所述第二应用程序对应的数据,其中,所述第二应用程序对应的数据是所述第二服务端设备响应于所述访问请求发送的。After the access request is sent to the second server device through the VPN gateway, data corresponding to the second application forwarded by the VPN gateway is received through the transmission tunnel, wherein the data corresponding to the second application is sent by the second server device in response to the access request.
在通过所述传输隧道向所述VPN网关发送访问请求之后,还可以以下方式断开VPN连接,具体地,通过所述软件工具包向所述第一服务器发送断开指令,所述断开指令用于指示所述第一服务器向所述VPN网关发送退出指令,所述退出指令用于指示所述VPN网关断开与所述第一服务器的连接;通过所述软件工具包接收目标消息,所述目标消息用于指示所述传输隧道已断开,其中,所述传输隧道在所述VPN网关断开与所述第一服务器的连接之后断开。After sending an access request to the VPN gateway through the transmission tunnel, the VPN connection can also be disconnected in the following manner: specifically, sending a disconnect instruction to the first server through the software toolkit, the disconnect instruction is used to instruct the first server to send an exit instruction to the VPN gateway, and the exit instruction is used to instruct the VPN gateway to disconnect from the first server; receiving a target message through the software toolkit, the target message is used to indicate that the transmission tunnel has been disconnected, wherein the transmission tunnel is disconnected after the VPN gateway disconnects from the first server.
图3示出了一种传输隧道的建立流程图,如图3所示,步骤1,第一应用程序登录后,用户在第一应用程序的工作台上点击第二应用程序的入口时,第一应用程序客户端会先触发VPN的登录过程;步骤2,第一应用程序客户端从第一服务端设备获取登录令牌,传递给软件开发工具包;步骤3,软件开发工具包将登录令牌传递给VPN网关,由VPN网关调用第一服务端设备,完成VPN网关登录的验证过程;步骤4,VPN网关登录成功后,建立起VPN隧道;步骤5,用户即可正常访问第二应用程序。Figure 3 shows a flow chart for establishing a transmission tunnel. As shown in Figure 3, step 1, after the first application is logged in, when the user clicks on the entrance of the second application on the workbench of the first application, the first application client will first trigger the VPN login process; step 2, the first application client obtains the login token from the first server device and passes it to the software development kit; step 3, the software development kit passes the login token to the VPN gateway, and the VPN gateway calls the first server device to complete the VPN gateway login verification process; step 4, after the VPN gateway login is successful, a VPN tunnel is established; step 5, the user can access the second application normally.
可以理解的是,第二应用程序处于VPN网关后的内网中。It is understandable that the second application is located in the intranet behind the VPN gateway.
图3中还示出了传输隧道断开的过程,如图3所示,第一应用程序可调用软件开发工具包,断开VPN隧道。FIG. 3 also shows a process of disconnecting a transmission tunnel. As shown in FIG. 3 , the first application may call a software development kit to disconnect the VPN tunnel.
在本申请的一些实施例中,在接收到目标指令的情况下,所述目标指令用于指示将所述第一应用程序转移到移动终端的后台;在所述第一应用程序被转移到所述移动终端的后台后,断开所述传输隧道。In some embodiments of the present application, when a target instruction is received, the target instruction is used to instruct to transfer the first application to the background of the mobile terminal; after the first application is transferred to the background of the mobile terminal, the transmission tunnel is disconnected.
具体地,当用户把APP置于后台,APP收到移动终端的后台通知,同时关闭VPN隧道,不影响用户访问其他互联网应用。Specifically, when the user places the APP in the background, the APP receives the background notification from the mobile terminal and closes the VPN tunnel at the same time, which does not affect the user's access to other Internet applications.
通过在第一应用程序内部集成软件开发工具包,用户可免去在移动终端上独立安装VPN APP及独立登录VPN APP。而且可根据访问内网应用的需要动态建立和断开VPN隧道,在不降低安全性的同时,避免了繁琐的操作。By integrating the software development kit within the first application, users can avoid installing and logging into the VPN APP independently on the mobile terminal. In addition, VPN tunnels can be dynamically established and disconnected according to the need to access intranet applications, avoiding cumbersome operations without reducing security.
图4是根据本申请实施例的一种应用程序访问系统的结构图,如图4,所示,该系统包括:FIG. 4 is a structural diagram of an application access system according to an embodiment of the present application. As shown in FIG. 4 , the system includes:
移动终端40、第一服务端设备42、VPN网关44和第二服务端设备46;Mobile terminal 40, first server device 42, VPN gateway 44 and second server device 46;
所述移动终端40,用于运行所述第一应用程序,还用于响应于第一应用程序检测到的触发指令,从第一服务端设备获取登录令牌,所述登录令牌用于控制移动终端40与所述第一服务端设备42建立连接;通过所述第一应用程序将所述登录令牌传输到虚拟专用网络VPN网关44,在所述VPN网关44采用所述登录令牌登录到所述第一服务端设备42后,建立与所述VPN网关44之间的传输隧道;通过所述传输隧道向所述VPN网关44发送访问请求,所述访问请求用于访问第二服务端设备46中的第二应用程序。The mobile terminal 40 is used to run the first application, and is also used to obtain a login token from a first server device in response to a trigger instruction detected by the first application, and the login token is used to control the mobile terminal 40 to establish a connection with the first server device 42; transmit the login token to a virtual private network VPN gateway 44 through the first application, and after the VPN gateway 44 uses the login token to log in to the first server device 42, establish a transmission tunnel with the VPN gateway 44; send an access request to the VPN gateway 44 through the transmission tunnel, and the access request is used to access the second application in the second server device 46.
以上述系统为例,第一应用程序中集成软件开发工具包,移动终端40中不需要再集成单独的VPN APP;第一服务端设备42及VPN网关44从互联网可直接访问,内网第二服务端设备46位于VPN网关44后面,无法从互联网直接访问;用户先登录移动终端40中第一应用程序,点击第一应用程序中的第二应用程序入口时,第一应用程序会触发VPN网关44的登录过程,此时VPN网关44会调用第一服务端设备完成登录过程,建立起传输隧道;传输隧道建立后,第二应用程序的前端页面即可通过传输隧道与第二服务端设备建立起通信,用户即可使用第二应用程序;当用户退出第二应用程序时,第一应用程序可触发VPN退出登录,断开VPN隧道。Taking the above system as an example, a software development kit is integrated in the first application, and a separate VPN APP does not need to be integrated in the mobile terminal 40; the first server device 42 and the VPN gateway 44 can be directly accessed from the Internet, and the second server device 46 in the intranet is located behind the VPN gateway 44 and cannot be directly accessed from the Internet; the user first logs in to the first application in the mobile terminal 40, and when clicking on the entrance to the second application in the first application, the first application will trigger the login process of the VPN gateway 44, at which time the VPN gateway 44 will call the first server device to complete the login process and establish a transmission tunnel; after the transmission tunnel is established, the front-end page of the second application can establish communication with the second server device through the transmission tunnel, and the user can use the second application; when the user exits the second application, the first application can trigger the VPN logout and disconnect the VPN tunnel.
本申请实施例还提供了一种应用程序访问装置,如图5所示,包括:The embodiment of the present application further provides an application access device, as shown in FIG5 , comprising:
获取模块50,用于响应于第一应用程序检测到的触发指令,从第一服务端设备获取登录令牌,所述登录令牌用于控制移动终端与所述第一服务端设备建立连接;An acquisition module 50, configured to acquire a login token from a first server device in response to a trigger instruction detected by the first application, wherein the login token is used to control the mobile terminal to establish a connection with the first server device;
建立模块52,用于通过所述第一应用程序将所述登录令牌传输到虚拟专用网络VPN网关,在所述VPN网关采用所述登录令牌登录到所述第一服务端设备后,建立与所述VPN网关之间的传输隧道;Establishing module 52, used for transmitting the login token to a virtual private network VPN gateway through the first application, and establishing a transmission tunnel between the VPN gateway and the VPN gateway after the VPN gateway logs in to the first server device using the login token;
访问模块54,用于通过所述传输隧道向所述VPN网关发送访问请求,所述访问请求用于访问第二服务端设备中的第二应用程序。The access module 54 is used to send an access request to the VPN gateway through the transmission tunnel, where the access request is used to access the second application in the second server device.
获取模块50,包括:获取子模块,用于通过所述第一应用程序的目标界面接收触发指令,所述触发指令在所述目标控件被触发时发出;响应于所述触发指令,从所述第一服务端设备获取登录令牌。The acquisition module 50 includes: an acquisition submodule, which is used to receive a trigger instruction through the target interface of the first application, and the trigger instruction is issued when the target control is triggered; in response to the trigger instruction, obtain a login token from the first server device.
获取子模块,包括:建立单元和发送单元,建立单元,用于通过预设在第一应用程序中的软件开发工具包向所述VPN网关发送所述登录令牌,并接收所述指示信息,所述指示信息由所述VPN网关采用所述登录令牌通过所述第一服务端设备的验证后发送的;在接收到指示信息的情况下,与所述VPN网关之间建立所述传输通道,所述指示信息用于指示所述VPN网关已登录所述第一服务端设备。The acquisition submodule includes: an establishment unit and a sending unit. The establishment unit is used to send the login token to the VPN gateway through a software development kit preset in the first application, and receive the indication information. The indication information is sent by the VPN gateway after the login token is used to pass the verification of the first server device; when the indication information is received, the transmission channel is established between the VPN gateway and the VPN gateway, and the indication information is used to indicate that the VPN gateway has logged in to the first server device.
发送单元,用于通过所述传输隧道经过所述VPN网关与第二服务端设备建立通信连接;将所述访问请求通过所述VPN网关发送给所述第二服务端设备。The sending unit is used to establish a communication connection with the second server device through the transmission tunnel via the VPN gateway; and send the access request to the second server device through the VPN gateway.
建立单元,包括:接收子单元,用于通过所述传输隧道接收由所述VPN网关转发的所述第二应用程序对应的数据,其中,所述第二应用程序对应的数据是所述第二服务端设备响应于所述访问请求发送的。The establishing unit includes: a receiving subunit, which is used to receive data corresponding to the second application forwarded by the VPN gateway through the transmission tunnel, wherein the data corresponding to the second application is sent by the second server device in response to the access request.
访问模块54,包括:断开子模块和接收子模块,断开子模块,用于通过所述软件工具包向所述第一服务器发送断开指令,所述断开指令用于指示所述第一服务器向所述VPN网关发送退出指令,所述退出指令用于指示所述VPN网关断开与所述第一服务器的连接;通过所述软件工具包接收目标消息,所述目标消息用于指示所述传输隧道已断开,其中,所述传输隧道在所述VPN网关断开与所述第一服务器的连接之后断开。The access module 54 includes: a disconnect submodule and a receiving submodule, the disconnect submodule is used to send a disconnect instruction to the first server through the software toolkit, the disconnect instruction is used to instruct the first server to send an exit instruction to the VPN gateway, the exit instruction is used to instruct the VPN gateway to disconnect from the first server; receive a target message through the software toolkit, the target message is used to indicate that the transmission tunnel has been disconnected, wherein the transmission tunnel is disconnected after the VPN gateway disconnects from the first server.
接收子模块,用于接收目标指令,所述目标指令用于指示将所述第一应用程序转移到移动终端的后台;在所述第一应用程序被转移到所述移动终端的后台后,断开所述传输隧道。The receiving submodule is used to receive a target instruction, wherein the target instruction is used to instruct to transfer the first application to the background of the mobile terminal; after the first application is transferred to the background of the mobile terminal, the transmission tunnel is disconnected.
需要说明的是,图5所示的应用程序访问装置用于执行图2所示的应用程序访问方法,因此上述应用程序访问方法中的相关解释说明也适用于该种应用程序访问装置,此处不再赘述。It should be noted that the application access device shown in FIG. 5 is used to execute the application access method shown in FIG. 2 , so the relevant explanations in the above application access method are also applicable to this type of application access device and will not be repeated here.
本申请实施例还提供了一种计算机设备,包括:存储器,用于存储程序指令;处理器,与所述存储器连接,用于执行以下功能的程序指令:响应于第一应用程序检测到的触发指令,从第一服务端设备获取登录令牌,所述登录令牌用于控制移动终端与所述第一服务端设备建立连接;通过所述第一应用程序将所述登录令牌传输到虚拟专用网络VPN网关,在所述VPN网关采用所述登录令牌登录到所述第一服务端设备后,建立与所述VPN网关之间的传输隧道;通过所述传输隧道向所述VPN网关发送访问请求,所述访问请求用于访问第二服务端设备中的第二应用程序。An embodiment of the present application also provides a computer device, including: a memory for storing program instructions; a processor, connected to the memory, for executing the program instructions of the following functions: in response to a trigger instruction detected by a first application, obtaining a login token from a first server device, wherein the login token is used to control a mobile terminal to establish a connection with the first server device; transmitting the login token to a virtual private network VPN gateway through the first application, and after the VPN gateway uses the login token to log in to the first server device, establishing a transmission tunnel with the VPN gateway; sending an access request to the VPN gateway through the transmission tunnel, wherein the access request is used to access a second application in a second server device.
需要说明的是,上述计算机设备用于执行图2所示的应用程序访问方法,因此上述应用程序访问方法中的相关解释说明也适用于该计算机设备,此处不再赘述。It should be noted that the above-mentioned computer device is used to execute the application access method shown in Figure 2, so the relevant explanations in the above-mentioned application access method are also applicable to the computer device and will not be repeated here.
本申请实施例还提供了一种非易失性存储介质,该非易失性存储介质包括存储的计算机程序,其中,该非易失性存储介质所在设备通过运行计算机程序执行以下应用程序访问方法:响应于第一应用程序检测到的触发指令,从第一服务端设备获取登录令牌,所述登录令牌用于控制移动终端与所述第一服务端设备建立连接;通过所述第一应用程序将所述登录令牌传输到虚拟专用网络VPN网关,在所述VPN网关采用所述登录令牌登录到所述第一服务端设备后,建立与所述VPN网关之间的传输隧道;通过所述传输隧道向所述VPN网关发送访问请求,所述访问请求用于访问第二服务端设备中的第二应用程序。An embodiment of the present application also provides a non-volatile storage medium, which includes a stored computer program, wherein the device where the non-volatile storage medium is located executes the following application access method by running the computer program: in response to a trigger instruction detected by a first application, obtaining a login token from a first server device, and the login token is used to control a mobile terminal to establish a connection with the first server device; transmitting the login token to a virtual private network VPN gateway through the first application, and after the VPN gateway uses the login token to log in to the first server device, establishing a transmission tunnel with the VPN gateway; sending an access request to the VPN gateway through the transmission tunnel, and the access request is used to access a second application in a second server device.
需要说明的是,上述非易失性存储介质用于执行图2所示的应用程序访问方法,因此上述应用程序访问方法中的相关解释说明也适用于该非易失性存储介质,此处不再赘述。It should be noted that the above-mentioned non-volatile storage medium is used to execute the application access method shown in Figure 2, so the relevant explanations in the above-mentioned application access method are also applicable to the non-volatile storage medium, which will not be repeated here.
本申请还提供了一种计算机程序产品,包括计算机程序,计算机程序被处理器执行时实现应用程序访问方法的步骤。The present application also provides a computer program product, including a computer program, which implements the steps of the application program access method when the computer program is executed by a processor.
需要说明的是,上述计算机程序产品用于执行图2所示的应用程序访问方法,因此上述应用程序访问方法中的相关解释说明也适用于该计算机程序产品,此处不再赘述。It should be noted that the above-mentioned computer program product is used to execute the application access method shown in Figure 2, so the relevant explanations in the above-mentioned application access method are also applicable to the computer program product and will not be repeated here.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the above-mentioned embodiments of the present application are for description only and do not represent the advantages or disadvantages of the embodiments.
在本申请的上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above embodiments of the present application, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.
在本申请所提供的几个实施例中,应该理解到,所揭露的技术内容,可通过其它的方式实现。其中,以上所描述的装置实施例仅仅是示意性的,例如单元的划分,可以为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,单元或模块的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed technical content can be implemented in other ways. Among them, the device embodiments described above are only schematic. For example, the division of units can be a logical function division. There may be other division methods in actual implementation. For example, multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of units or modules, which can be electrical or other forms.
作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place or distributed over multiple units. Some or all of the units may be selected according to actual needs to achieve the purpose of the present embodiment.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above-mentioned integrated unit may be implemented in the form of hardware or in the form of software functional units.
集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本申请各个实施例方法的全部或部分步骤。而前述的存储介质包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application, or the part that contributes to the prior art or all or part of the technical solution, can be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for a computer device (which can be a personal computer, server or network device, etc.) to perform all or part of the steps of each embodiment method of the present application. The aforementioned storage medium includes: U disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), mobile hard disk, disk or optical disk, etc., which can store program code.
以上仅是本申请的优选实施方式,应当指出,对于本技术领域的普通技术人员来说,在不脱离本申请原理的前提下,还可以做出若干改进和润饰,这些改进和润饰也应视为本申请的保护范围。The above are only preferred implementations of the present application. It should be pointed out that for ordinary technicians in this technical field, several improvements and modifications can be made without departing from the principles of the present application. These improvements and modifications should also be regarded as the scope of protection of the present application.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410887787.1ACN118612742A (en) | 2024-07-03 | 2024-07-03 | Application program access method and device |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410887787.1ACN118612742A (en) | 2024-07-03 | 2024-07-03 | Application program access method and device |
| Publication Number | Publication Date |
|---|---|
| CN118612742Atrue CN118612742A (en) | 2024-09-06 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410887787.1APendingCN118612742A (en) | 2024-07-03 | 2024-07-03 | Application program access method and device |
| Country | Link |
|---|---|
| CN (1) | CN118612742A (en) |
| Publication | Publication Date | Title |
|---|---|---|
| US11140162B2 (en) | Response method and system in virtual network computing authentication, and proxy server | |
| CN107026764B (en) | Remote debugging method, device, server and system | |
| US9389826B2 (en) | Zero client device with integrated network authentication capability | |
| CN109672602B (en) | Method and equipment for remotely accessing VPN | |
| CN104869043B (en) | A kind of method and terminal for establishing VPN connection | |
| CN112838952B (en) | Data transmission method of baseboard management controller, BMC, server and medium | |
| US11216293B2 (en) | Command line interface | |
| CN105389175A (en) | Application program sharing method and mobile terminal | |
| US10367894B2 (en) | Information processing apparatus, method for controlling the same, non-transitory computer-readable storage medium, and information processing system | |
| CN105007306A (en) | Remote assistance method for mobile terminal and terminal | |
| US8984129B2 (en) | Remote session management | |
| EP3979071B1 (en) | Method, user equipment, and application server for downloading application | |
| CN105681122B (en) | Method and system for telecommunications equipment monitoring | |
| WO2017142019A1 (en) | Communication apparatus, router, server, system, and setting method | |
| WO2018032953A1 (en) | Windows window sharing method, gateway server, system, storage media | |
| KR100990744B1 (en) | Session establishment method using gateway server and phone identification | |
| CN118612742A (en) | Application program access method and device | |
| US20160316021A1 (en) | Remote out of band management | |
| CN108370500A (en) | Optimized settings for wireless devices | |
| CN110798514B (en) | Business processing method and device | |
| WO2023103331A1 (en) | Cloud platform connection method and apparatus, and device and storage medium | |
| CN114520780A (en) | Access method and device for proxy server | |
| KR101231203B1 (en) | System and method for network communicating between a communication device and information device | |
| CN112398718A (en) | Network transmission method and device, electronic equipment and storage medium | |
| KR100975865B1 (en) | Session establishment method using gateway server and phone number |
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |