[go: up one dir, main page]

CN114595005A - Application startup method, device, computer device and storage medium - Google Patents

Application startup method, device, computer device and storage medium Download PDF

Info

Publication number
CN114595005A
CN114595005A CN202210259920.XA CN202210259920A CN114595005A CN 114595005 A CN114595005 A CN 114595005A CN 202210259920 A CN202210259920 A CN 202210259920A CN 114595005 A CN114595005 A CN 114595005A
Authority
CN
China
Prior art keywords
application program
starting
user
application
user account
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210259920.XA
Other languages
Chinese (zh)
Inventor
林超
陈飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Glodon Co Ltd
Original Assignee
Glodon Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Glodon Co Ltd filed Critical Glodon Co Ltd
Priority to CN202210259920.XA priority Critical patent/CN114595005A/en
Publication of CN114595005A publication Critical patent/CN114595005A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44505Configuring for program initiating, e.g. using registry, configuration files

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention provides a starting method and a device of an application program, computer equipment and a storage medium, wherein the method comprises the following steps: receiving an application program starting request sent to a preset TCP port by a user in the current Windows session environment; determining a user account corresponding to the current Windows session environment according to the application program starting request; and starting the application program through a system account, and displaying the application program in a Windows session environment corresponding to the user account. On one hand, the invention can achieve interaction through the browser and the local desktop application program, and realize the function of opening the local application through the browser under different user environments by using a normal user account; on the other hand, the invention can solve the problem that the application program needing the administrator authority runs in the non-administrator environment, reduce the trouble of Windows popup to users and improve the usability of products. Therefore, the modification cost of the installation files of the application program by software developers can be reduced, and the software delivery efficiency is improved.

Description

应用程序的启动方法、装置、计算机设备及存储介质Application startup method, device, computer device and storage medium

技术领域technical field

本发明涉及Windows操作系统技术领域,特别涉及一种应用程序的启动方法、装置、计算机设备及存储介质。The present invention relates to the technical field of Windows operating systems, in particular to a method, device, computer equipment and storage medium for starting an application program.

背景技术Background technique

随着Windows系统版本的不断更新和发布,Windows系统对安全性的要求也越来越高。一方面,Windows系统对浏览器设置了拦截功能,不允许通过浏览器直接启动本地应用程序,避免操作系统暴露在网络环境中受到恶意攻击。另一方面,某些应用程序对于权限要求较高,其安装程序中已经将属性限制为只允许以管理员身份运行,使得操作系统中非管理员身份的普通用户账号或临时访问账号无法启动上述本地应用程序。上述设置为不同用户的使用体验带来诸多不便。With the continuous update and release of Windows system versions, the security requirements of Windows systems are also getting higher and higher. On the one hand, the Windows system sets an interception function on the browser, which does not allow the browser to directly launch local applications, so as to prevent the operating system from being exposed to malicious attacks in the network environment. On the other hand, some applications have higher requirements for permissions, and their installers have limited their properties to only allow running as administrators, so that ordinary user accounts or temporary access accounts that are not administrators in the operating system cannot start the above-mentioned applications. local application. The above settings bring a lot of inconvenience to the experience of different users.

现有技术目前可以通过修改业务逻辑的方式来访问上述应用。但修改业务逻辑需要将所有提权相关的代码全部去掉或者改为其他方式实现,例如涉及注册表的修改操作,将所有针对HKEY_LOCAL_MACHINE节点下的操作修改为针对HKEY_CURRENT_USER的操作等,涉及到的代码数据量大,修改效率低且容易出错。In the prior art, the above-mentioned applications can be accessed by modifying the business logic. However, to modify the business logic, you need to remove all the code related to privilege escalation or change it to other methods, such as modifying the registry, modifying all operations under the HKEY_LOCAL_MACHINE node to operations for HKEY_CURRENT_USER, etc., the code data involved Large amount, inefficient modification and error-prone.

发明内容SUMMARY OF THE INVENTION

本发明的目的是提供一种在Windows系统中能够实现通过浏览器或非管理员身份的其他用户账号顺利启动本地应用程序的技术方案,以解决现有技术中存在的上述问题。The purpose of the present invention is to provide a technical solution that can successfully start a local application program through a browser or other user account of a non-administrator identity in a Windows system, so as to solve the above problems existing in the prior art.

为实现上述目的,本发明提供一种应用程序的启动方法,包括以下步骤:To achieve the above object, the present invention provides a method for starting an application, comprising the following steps:

接收用户在当前Windows会话环境下向预设TCP端口发送的应用程序启动请求;Receive the application startup request sent by the user to the preset TCP port in the current Windows session environment;

根据所述应用程序启动请求确定所述当前Windows会话环境对应的用户账号;Determine the user account corresponding to the current Windows session environment according to the application startup request;

通过系统账号启动所述应用程序,并将所述应用程序显示在所述用户账号对应的Windows会话环境中。The application program is started through a system account, and the application program is displayed in the Windows session environment corresponding to the user account.

根据本发明提供的应用程序的启动方法,所述接收用户在当前Windows会话环境下发送的应用程序启动请求的步骤包括:According to the application startup method provided by the present invention, the step of receiving an application startup request sent by a user in the current Windows session environment includes:

通过预设TCP端口接收所述应用程序启动请求,其中所述启动请求是所述用户通过浏览器发出。The application startup request is received through a preset TCP port, wherein the startup request is sent by the user through a browser.

根据本发明提供的应用程序的启动方法,所述根据所述应用程序启动请求确定所述当前Windows会话环境对应的用户账号的步骤包括:According to the application startup method provided by the present invention, the step of determining the user account corresponding to the current Windows session environment according to the application startup request includes:

获取所述预设TCP端口的所述应用程序启动请求对应的进程标识;Obtain the process identifier corresponding to the application startup request of the preset TCP port;

根据所述进程标识获取所述用户账号标识。The user account identifier is acquired according to the process identifier.

根据本发明提供的应用程序的启动方法,所述接收用户在当前Windows会话环境下发送的应用程序启动请求的步骤包括:According to the application startup method provided by the present invention, the step of receiving an application startup request sent by a user in the current Windows session environment includes:

通过代理执行程序接收所述应用程序启动请求,其中所述启动请求是所述用户通过点击所述应用程序的桌面快捷方式发出的。The application program startup request is received by an agent execution program, wherein the startup request is sent by the user by clicking a desktop shortcut of the application program.

根据本发明提供的应用程序的启动方法,所述接收用户在当前Windows会话环境下发送的应用程序启动请求的步骤之后,还包括:According to the application startup method provided by the present invention, after the step of receiving the application startup request sent by the user in the current Windows session environment, the method further includes:

判断所述当前Windows会话环境是否具备启动所述应用程序的第一权限许可;Determine whether the current Windows session environment has the first permission permission to start the application;

在所述当前Windows会话环境不具备启动所述应用程序的第一权限许可的情况下,确定通过所述系统账号启动所述应用程序。In the case that the current Windows session environment does not have the first permission to start the application program, it is determined to start the application program through the system account.

根据本发明提供的应用程序的启动方法,所述通过系统账号启动所述应用程序,并将所述应用程序显示在所述用户账号对应的Windows会话环境中的步骤包括:According to the application startup method provided by the present invention, the steps of starting the application program through a system account and displaying the application program in the Windows session environment corresponding to the user account include:

获取所述系统账号相对于所述应用程序的第二权限许可;Obtain the second permission permission of the system account relative to the application;

将所述第二权限许可发送给所述用户账号,以供所述用户账号通过所述第二权限许可启动所述应用程序。Sending the second permission permission to the user account for the user account to start the application with the second permission permission.

根据本发明提供的应用程序的启动方法,所述应用程序启动请求基于ECC的公私钥机制进行传输,所述启动请求包括以下字段中的任意一个或多个:程序工作目录、程序执行路径、程序执行参数、是否显示界面、是否同步等待。According to the application startup method provided by the present invention, the application startup request is transmitted based on the ECC public-private key mechanism, and the startup request includes any one or more of the following fields: program working directory, program execution path, program Execution parameters, whether to display the interface, and whether to wait for synchronization.

为实现上述目的,本发明还提供一种应用程序的启动方法,包括:To achieve the above purpose, the present invention also provides a method for starting an application, including:

启动请求接收模块,适用于接收用户在当前Windows会话环境下向预设TCP端口发送的应用程序启动请求;The startup request receiving module is suitable for receiving the application startup request sent by the user to the preset TCP port in the current Windows session environment;

用户账号确定模块,适用于根据所述应用程序启动请求确定所述当前Windows会话环境对应的用户账号;a user account determination module, adapted to determine the user account corresponding to the current Windows session environment according to the application startup request;

系统账号启动模块,适用于通过系统账号启动所述应用程序,并将所述应用程序显示在所述用户账号对应的Windows会话环境中。The system account starting module is suitable for starting the application program through the system account, and displaying the application program in the Windows session environment corresponding to the user account.

为实现上述目的,本发明还提供一种计算机设备,包括存储器、处理器以及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现上述方法的步骤。In order to achieve the above object, the present invention also provides a computer device, comprising a memory, a processor, and a computer program stored in the memory and running on the processor, and the processor implements the steps of the above method when the processor executes the computer program. .

为实现上述目的,本发明还提供计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现上述方法的步骤。To achieve the above objects, the present invention also provides a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the above method.

与现有技术相比,本发明具有如下有益效果:Compared with the prior art, the present invention has the following beneficial effects:

1、本发明可以通过浏览器和本地桌面应用程序达成交互,实现通过浏览器在不同用户环境下以正常用户账号打开本地应用的功能;1. The present invention can achieve interaction through the browser and the local desktop application program, and realize the function of opening the local application with the normal user account through the browser in different user environments;

2、本发明可以解决需要管理员权限的应用程序在非管理员环境下运行,减少Windows弹窗给用户带来的困扰,提高产品易用性;2. The present invention can solve the problem that applications requiring administrator authority run in a non-administrator environment, reduce the troubles caused by Windows pop-up windows to users, and improve the usability of the product;

3、本发明可以减轻软件开发人员对于应用程序的安装文件改造成本,提高软件交付效率。3. The present invention can reduce the software developer's cost of modifying the installation file of the application program and improve the software delivery efficiency.

附图说明Description of drawings

图1为本发明的应用程序的启动方法实施例一的流程图;1 is a flowchart of Embodiment 1 of a method for starting an application program of the present invention;

图2为本发明实施例一确定用户账号的示意性流程图;2 is a schematic flowchart of determining a user account according to Embodiment 1 of the present invention;

图3为本发明实施例一通过系统账号启动应用程序的示意性流程图;3 is a schematic flowchart of starting an application program through a system account according to Embodiment 1 of the present invention;

图4为本发明实施例一的应用程序启动方法的时序图;4 is a sequence diagram of a method for starting an application program according to Embodiment 1 of the present invention;

图5为本发明的应用程序的启动装置实施例一的程序模块示意图;FIG. 5 is a schematic diagram of a program module of Embodiment 1 of an application startup device according to the present invention;

图6为本发明的应用程序的启动装置实施例一的硬件结构示意图。FIG. 6 is a schematic diagram of the hardware structure of the first embodiment of the application startup device of the present invention.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅用以解释本发明,并不用于限定本发明。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

实施例一Example 1

请参阅图1,本实施例提出一种应用程序的启动方法,包括以下步骤:Referring to FIG. 1 , this embodiment provides a method for starting an application, including the following steps:

S100:接收用户在当前Windows会话环境下向预设TCP端口发送的应用程序启动请求。S100: Receive an application startup request sent by a user to a preset TCP port in the current Windows session environment.

Windows会话是由进程和系统对象构成的,它代表一个用户的工作站登录会话。通俗来讲,Windows为每一个登录的用户账号分配一个唯一的会话。会话之间是相互隔离而独立存在的,例如账号admin登录之后,打开一个火狐浏览器,并选择某个网址浏览网页。另外一个账号guest也登录了该系统,而该账号登录之后看到的桌面和admin的桌面是两个不同的桌面,而且也看不到admin账号打开的火狐浏览器界面。Windows sessions are made up of process and system objects that represent a user's workstation login session. In layman's terms, Windows assigns a unique session to each logged-in user account. Sessions are isolated from each other and exist independently. For example, after the account admin logs in, open a Firefox browser and select a URL to browse the web. Another account, guest, has also logged in to the system, and the desktop that the account sees after logging in and the desktop of admin are two different desktops, and the Firefox browser interface opened by the admin account cannot be seen.

本步骤用于在一个特定的Windows会话环境中接收用户发送的对于某特定应用程序的启动请求。启动请求的具体内容可以包括以下字段中的任意一个或多个:程序工作目录(WorkPath)、程序执行路径(ProcessPath)、程序执行参数(Parameter)、是否显示界面(IsShowWindow)、是否同步等待(IsSync)。其中,该启动请求可以是通过浏览器发出的,也可以是通过点击桌面上该应用程序对应的快捷方式发出的。当用户通过浏览器发出启动请求时,该启动请求基于HTTP协议被传输到预设的TCP端口;当用户通过点击桌面上该应用程序对应的快捷方式发出启动请求时,该启动请求通过与该快捷方式相关联的代理调度程序(或称调度器)被传输到预设的TCP端口。该预设的TCP端口可以为本地端口9090,专用于接收应用程序启动请求。This step is used to receive a start request for a specific application sent by a user in a specific Windows session environment. The specific content of the startup request may include any one or more of the following fields: program working directory (WorkPath), program execution path (ProcessPath), program execution parameters (Parameter), whether to display the interface (IsShowWindow), whether to wait for synchronization (IsSync) ). Wherein, the start request may be sent by a browser, or may be sent by clicking a shortcut corresponding to the application on the desktop. When the user sends a startup request through the browser, the startup request is transmitted to the preset TCP port based on the HTTP protocol; when the user sends the startup request by clicking the shortcut corresponding to the application on the desktop, the startup request The proxy scheduler (or scheduler) associated with the mode is transmitted to the preset TCP port. The preset TCP port can be the local port 9090, which is dedicated to receiving application startup requests.

为了保证数据安全,本实施例的应用程序启动请求需要加密传输,采用基于ECC(椭圆曲线加密算法)的公私钥机制保证传输安全,用户利用公钥加密命令消息,Windows服务利用私钥解密数据并执行命令。椭圆曲线方程的表达式为:y2=x2+ax+b(molp),其中p为质数,a、b为自定义系数,x、y分别为横坐标值和纵坐标值。利用ECC生成公私钥的过程包括,首先构造一条椭圆曲线E,在曲线E上任选一点G作为生成元,并求G的阶为n,其中n为质数;选择一个私钥k(k<n),生成公钥Q=kG;将G和Q明文编码为M,M为曲线E上一点;生成密文1=M+rQ,密文2=rG,r是小于n的随机数,将密文1和密文2作为私钥。ECC加密算法可以使用更小的密钥并提供相当高等级的安全,计算量较小,处理速度更快,存储空间和传输带宽占用较少。通过ECC算法对应用程序启动请求进行加密,可以在保证传输效率的情况下有效提高数据的安全性。In order to ensure data security, the application startup request in this embodiment needs to be encrypted for transmission, and the public and private key mechanism based on ECC (Elliptic Curve Encryption Algorithm) is used to ensure transmission security. The user uses the public key to encrypt the command message, and the Windows service uses the private key to decrypt the data and Excuting an order. The expression of the elliptic curve equation is: y 2 =x 2 +ax+b(molp), where p is a prime number, a and b are self-defined coefficients, and x and y are the abscissa and ordinate values, respectively. The process of using ECC to generate public and private keys includes first constructing an elliptic curve E, selecting a point G on the curve E as a generator, and finding the order of G as n, where n is a prime number; selecting a private key k (k<n ), generate public key Q=kG; encode G and Q plaintext as M, M is a point on curve E; generate ciphertext 1=M+rQ, ciphertext 2=rG, r is a random number less than n, Text 1 and cipher text 2 are used as private keys. The ECC encryption algorithm can use a smaller key and provide a fairly high level of security, with less computation, faster processing, and less storage space and transmission bandwidth. Encrypting the application startup request through the ECC algorithm can effectively improve data security while ensuring transmission efficiency.

S200:根据所述应用程序启动请求确定所述当前Windows会话环境对应的用户账号。S200: Determine a user account corresponding to the current Windows session environment according to the application startup request.

本实施例的目的是在当前Windows会话环境中启动特定的应用程序,本领域技术人员理解,Windows会话环境与用户账号是一一对应的关系,该用户账号可以包括管理员账号、普通用户账号、临时访客账号等。通过相对应的用户账号启动应用程序,才可以将应用程序显示在当前Windows会话环境中。本实施例可以首先获取预设TCP端口的上述应用程序启动请求对应的进程标识,再根据所述进程标识获取所述用户账号标识。The purpose of this embodiment is to start a specific application in the current Windows session environment. Those skilled in the art understand that there is a one-to-one correspondence between the Windows session environment and user accounts, and the user accounts may include administrator accounts, ordinary user accounts, Temporary guest accounts, etc. The application can be displayed in the current Windows session environment by starting the application through the corresponding user account. In this embodiment, the process identifier corresponding to the above-mentioned application program startup request of the preset TCP port may be acquired first, and then the user account identifier may be acquired according to the process identifier.

本领域技术人员理解,Windows API函数是Windows操作系统中的应用程序编程接口,通过调用Windows API函数,可以实现上述确定用户账号的步骤。本实施例中,可以通过Windows本地API函数GetExtendedTCPTable获取Windows所有TCP端口实体列表,该实体列表中的实体结构类型为PMibTcpTableOwnerPID,该结构体中包含两个关键字段:dwLocalPort(TCP端口)和dwOwningPid(进程ID),通过该结构体可以获取指定的TCP端口号所对应的进程ID;其次通过Windows本地函数ProcessIdToSessionId反查进程ID所对应的Windows会话ID,从而实现了TCP端口反查Windows会话ID的功能。图2示出了本发明实施例一确定用户账号的示意性流程图。如图2所示,在获取指定的TCP端口号之后,获取Windows所有本地端口列表,通过遍历本地端口列表来确定是否包含指定的预设TCP端口;若本地端口列表中包含指定的预设TCP端口,则获取端口实体中的进程ID,并根据进程ID获取Windows会话ID,其中该Windows会话ID即为用户账号。若本地端口列表中不包含指定的预设TCP端口,则说明当前Windows会话环境下用户未发出应用程序启动请求,此时可继续保持监听直到发现本地端口列表中包含指定的预设TCP端口。Those skilled in the art understand that the Windows API function is an application programming interface in the Windows operating system, and the above steps of determining the user account can be implemented by calling the Windows API function. In this embodiment, a list of all TCP port entities in Windows can be obtained through the Windows native API function GetExtendedTCPTable, the entity structure type in the entity list is PMibTcpTableOwnerPID, and the structure contains two key fields: dwLocalPort (TCP port) and dwOwningPid ( Process ID), through this structure, the process ID corresponding to the specified TCP port number can be obtained; secondly, the Windows session ID corresponding to the process ID can be reversely checked through the Windows local function ProcessIdToSessionId, thus realizing the function of reverse checking the Windows session ID of the TCP port. . FIG. 2 shows a schematic flowchart of determining a user account according to Embodiment 1 of the present invention. As shown in Figure 2, after obtaining the specified TCP port number, obtain a list of all local ports in Windows, and traverse the local port list to determine whether the specified preset TCP port is included; if the specified preset TCP port is included in the local port list , the process ID in the port entity is obtained, and the Windows session ID is obtained according to the process ID, where the Windows session ID is the user account. If the specified preset TCP port is not included in the local port list, it means that the user has not sent an application startup request in the current Windows session environment. At this time, monitoring can be continued until the specified preset TCP port is found in the local port list.

S300:通过系统账号启动所述应用程序,并将所述应用程序显示在所述用户账号对应的Windows会话环境中。S300: Start the application program through a system account, and display the application program in the Windows session environment corresponding to the user account.

在确定用户账号的情况下,本步骤通过该号启动应用程序,从而保证该应用程序可以运行并显示在对应的Windows会话环境中。如前所述,某些应用程序设置权限较高,例如只有管理员账号的用户才被允许启动该应用程序,这就导致非管理员身份的其它用户账号无法启动该应用程序。为解决这一问题,本实施例可以先判断所述当前Windows会话环境是否具备启动所述应用程序的第一权限许可;若是,则直接用当前的用户账号启动该应用程序;若否,获取系统账号相对于上述应用程序的第二权限许可,将该第二权限许可发送给确定的用户账号,以供该用户账号通过第二权限许可启动所述应用程序。其中,系统账号可以为Windows系统中自带的SYSTEM进程,根据Windows系统规定,SYSTEM进程的权限高于管理员权限。In the case of determining the user account, this step starts the application program through the account number, thereby ensuring that the application program can be run and displayed in the corresponding Windows session environment. As mentioned above, some applications have high setting permissions. For example, only users with an administrator account are allowed to start the application, which causes other user accounts that are not administrators to be unable to start the application. In order to solve this problem, this embodiment can first determine whether the current Windows session environment has the first permission to start the application program; if so, directly use the current user account to start the application program; if not, obtain the system The account is relative to the second permission permission of the application program, and the second permission permission is sent to the determined user account, so that the user account can start the application program through the second permission permission. The system account can be the SYSTEM process that comes with the Windows system. According to the Windows system regulations, the rights of the SYSTEM process are higher than the rights of the administrator.

图3为本发明实施例一通过系统账号启动应用程序的示意性流程图,如图3所示,步骤S300的具体代码执行过程可包括,通过WTSQueryUserToken查询桌面应用程序会话所对应的Token(第一权限许可),如果无法获取桌面应用程序的Token(第一权限许可),则直接获取本地服务进程的令牌的Token(第二权限许可);其次通过DuplicateTokenEx复制该Token(第二权限许可)信息并重新命名为DuplicateToken,通过SetTokenInformation设置DuplicateToken所对应的Windows会话ID,利用CreateEnvironmentBlock创建会话的环境控制块,最后利用CreateProcessAsUser将命令传输的应用在指定的会话中打开。FIG. 3 is a schematic flowchart of launching an application through a system account according to Embodiment 1 of the present invention. As shown in FIG. 3 , the specific code execution process of step S300 may include querying the Token corresponding to the desktop application session through WTSQueryUserToken (first permission), if the Token (first permission permission) of the desktop application cannot be obtained, directly obtain the Token (second permission permission) of the token of the local service process; secondly, copy the Token (second permission permission) information through DuplicateTokenEx And rename it to DuplicateToken, set the Windows session ID corresponding to DuplicateToken through SetTokenInformation, use CreateEnvironmentBlock to create the environment control block of the session, and finally use CreateProcessAsUser to open the application of command transmission in the specified session.

如前所述,当用户通过点击桌面上该应用程序对应的快捷方式发出启动请求时,该启动请求通过与该快捷方式相关联的代理调度程序(或称调度器)被传输到预设的TCP端口。本实施例中的调度器可以有两种运行模式,一种是直接以SDK+lib的方式集成在软件中运行,一种是独立的可执行程序,通过给定参数来启动指定的桌面应用。对于无人维护的产品来说,只需要重新打包老产品的安装包,集成Windows会话识别装置,应用程序的快捷方式直接指向该调度器并配置原始的应用程序路径,即可完成产品的发布工作,真正实现零代码发布。对于某些有独立维护团队的产品来说,可以集成调度器对应的SDK来启动对某些有管理员权限要求的应用或者程序。As mentioned above, when a user sends a startup request by clicking the shortcut corresponding to the application on the desktop, the startup request is transmitted to the preset TCP through the proxy scheduler (or scheduler) associated with the shortcut. port. The scheduler in this embodiment may have two operation modes, one is directly integrated in the software in the form of SDK+lib to run, and the other is an independent executable program that starts a designated desktop application through a given parameter. For unmaintained products, it is only necessary to repackage the installation package of the old product, integrate the Windows session recognition device, the shortcut of the application directly points to the scheduler and configure the original application path to complete the release of the product. , and truly achieve zero code release. For some products with independent maintenance teams, the SDK corresponding to the scheduler can be integrated to start some applications or programs that require administrator privileges.

图4示出了本发明实施例一的应用程序启动方法的时序图。如图4所示,当用户针对某特定的应用程序发出启动应用请求时,该请求首先被发送给程序调度器。程序调度器向TCP数据解析模块发送TCP命令数据包。TCP数据解析模块在接收到TCP命令数据包之后解析数据包以及IP地址和端口号,通过会话识别模块根据解析出的端口号识别当前用户账号对应的Windows会话,并将识别到的Windows会话ID(即用户账号)返回TCP数据解析模块。接下来,TCP数据解析模块向执行模块发送TCP数据包和Windows会话ID,以供执行模块基于当前Windows会话ID启动应用程序。FIG. 4 shows a sequence diagram of a method for starting an application program according to Embodiment 1 of the present invention. As shown in FIG. 4 , when a user sends a request to start an application for a specific application, the request is first sent to the program scheduler. The program scheduler sends TCP command data packets to the TCP data parsing module. After receiving the TCP command data packet, the TCP data parsing module parses the data packet, the IP address and the port number, and identifies the Windows session corresponding to the current user account through the session identification module according to the parsed port number, and uses the identified Windows session ID ( i.e. user account) returns the TCP data parsing module. Next, the TCP data parsing module sends the TCP data packet and the Windows session ID to the execution module, so that the execution module starts the application based on the current Windows session ID.

综上所述,本实施例通过本地TCP服务获取客户端应用程序的TCP源端口号,然后通过扫描本地端口号列表获取相应的进程ID,进而获取其Windows会话,实现了在System账号的Winodws服务模式下以客户端所在会话的模式打开指定的应用程序。一方面,本实施例为浏览器和应用程序交互提供了支持,可以在浏览器下通过HTTP请求完成打开本地应用的功能。另一方面,本实施例通过Winodw服务启动应用程序解决了要求管理员运行的软件可以在非管理员下运行的问题,从而有效提升用户的应用体验。To sum up, this embodiment obtains the TCP source port number of the client application through the local TCP service, then obtains the corresponding process ID by scanning the local port number list, and then obtains its Windows session, thereby realizing the Winodws service on the System account Mode Opens the specified application in the mode of the session the client is in. On the one hand, this embodiment provides support for the interaction between a browser and an application program, and the function of opening a local application can be completed under the browser through an HTTP request. On the other hand, the present embodiment solves the problem that the software required to be run by the administrator can be run under the non-administrator by starting the application program through the Winodw service, thereby effectively improving the user's application experience.

请继续参阅图5,示出了一种应用程序的启动装置,在本实施例中,应用程序的启动装置50可以包括或被分割成一个或多个程序模块,一个或者多个程序模块被存储于存储介质中,并由一个或多个处理器所执行,以完成本发明,并可实现上述应用程序的启动方法。本发明所称的程序模块是指能够完成特定功能的一系列计算机程序指令段,比程序本身更适合于描述应用程序的启动装置50在存储介质中的执行过程。以下描述将具体介绍本实施例各程序模块的功能:Please continue to refer to FIG. 5, which shows an application startup device. In this embodiment, the application startup device 50 may include or be divided into one or more program modules, and one or more program modules are stored stored in the storage medium and executed by one or more processors to complete the present invention and implement the above application startup method. The program module referred to in the present invention refers to a series of computer program instruction segments capable of accomplishing specific functions, and is more suitable for describing the execution process of the application program startup device 50 in the storage medium than the program itself. The following description will specifically introduce the functions of each program module in this embodiment:

启动请求接收模块51,适用于接收用户在当前Windows会话环境下向预设TCP端口发送的应用程序启动请求;A startup request receiving module 51 is adapted to receive an application startup request sent by a user to a preset TCP port under the current Windows session environment;

用户账号确定模块52,适用于根据所述应用程序启动请求确定所述当前Windows会话环境对应的用户账号;A user account determination module 52, adapted to determine a user account corresponding to the current Windows session environment according to the application startup request;

系统账号启动模块53,适用于通过系统账号启动所述应用程序,并将所述应用程序显示在所述用户账号对应的Windows会话环境中。The system account starting module 53 is adapted to start the application program through the system account, and display the application program in the Windows session environment corresponding to the user account.

根据本实施例提供的应用程序的启动装置50,其中启动请求接收模块51包括:According to the application startup device 50 provided in this embodiment, the startup request receiving module 51 includes:

浏览器启动单元511,适用于通过预设TCP端口接收所述应用程序启动请求,其中所述启动请求是所述用户通过浏览器发出;A browser startup unit 511, adapted to receive the application startup request through a preset TCP port, wherein the startup request is sent by the user through a browser;

代理程序启动单元512,适用于通过代理执行程序接收所述应用程序启动请求,其中所述启动请求是所述用户通过点击所述应用程序的桌面快捷方式发出的。The agent program starting unit 512 is adapted to receive the application program starting request through an agent executing program, wherein the starting request is sent by the user by clicking the desktop shortcut of the application program.

根据本实施例提供的应用程序的启动装置50,其中用户账号确定模块52包括:According to the application startup device 50 provided in this embodiment, the user account determination module 52 includes:

进程标识确定单元521,适用于获取所述预设TCP端口的所述应用程序启动请求对应的进程标识;A process identification determining unit 521, adapted to obtain a process identification corresponding to the application startup request of the preset TCP port;

用户标识确定单元522,适用于根据所述进程标识获取所述用户账号标识。The user identification determining unit 522 is adapted to obtain the user account identification according to the process identification.

根据本实施例提供的应用程序的启动装置50,其中系统账号启动模块53包括:According to the application startup device 50 provided in this embodiment, the system account startup module 53 includes:

第一权限判断单元531,适用于判断所述当前Windows会话环境是否具备启动所述应用程序的第一权限许可;The first authority judgment unit 531 is adapted to judge whether the current Windows session environment has the first authority permission to start the application;

系统账号确定单元532,适用于在所述当前Windows会话环境不具备启动所述应用程序的第一权限许可的情况下,确定通过所述系统账号启动所述应用程序;The system account determining unit 532 is adapted to determine to start the application program through the system account when the current Windows session environment does not have the first permission permission to start the application program;

第二权限获取单元533,获取所述系统账号相对于所述应用程序的第二权限许可;The second permission obtaining unit 533 obtains the second permission permission of the system account relative to the application;

第二权限启动单元534将所述第二权限许可发送给所述用户账号,以供所述用户账号通过所述第二权限许可启动所述应用程序。The second permission enabling unit 534 sends the second permission permission to the user account, so that the user account can start the application program through the second permission permission.

综上所述,本实施例通过本地TCP服务获取客户端应用程序的TCP源端口号,然后通过扫描本地端口号列表获取相应的进程ID,进而获取其Windows会话,实现了在System账号的Winodws服务模式下以客户端所在会话的模式打开指定的应用程序。一方面,本实施例为浏览器和应用程序交互提供了支持,可以在浏览器下通过HTTP请求完成打开本地应用的功能。另一方面,本实施例通过Winodw服务启动应用程序解决了要求管理员运行的软件可以在非管理员下运行的问题,从而有效提升用户的应用体验。To sum up, this embodiment obtains the TCP source port number of the client application through the local TCP service, then obtains the corresponding process ID by scanning the local port number list, and then obtains its Windows session, thereby realizing the Winodws service on the System account Mode Opens the specified application in the mode of the session the client is in. On the one hand, this embodiment provides support for the interaction between a browser and an application program, and the function of opening a local application can be completed under the browser through an HTTP request. On the other hand, the present embodiment solves the problem that the software required to be run by the administrator can be run under the non-administrator by starting the application program through the Winodw service, thereby effectively improving the user's application experience.

本实施例还提供一种计算机设备,如可以执行程序的智能手机、平板电脑、笔记本电脑、台式计算机、机架式服务器、刀片式服务器、塔式服务器或机柜式服务器(包括独立的服务器,或者多个服务器所组成的服务器集群)等。本实施例的计算机设备60至少包括但不限于:可通过系统总线相互通信连接的存储器61、处理器62,如图6所示。需要指出的是,图6仅示出了具有组件61-62的计算机设备60,但是应理解的是,并不要求实施所有示出的组件,可以替代的实施更多或者更少的组件。This embodiment also provides a computer device, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a rack server, a blade server, a tower server, or a cabinet server (including independent servers, or A server cluster composed of multiple servers), etc. The computer device 60 in this embodiment at least includes but is not limited to: a memory 61 and a processor 62 that can be communicatively connected to each other through a system bus, as shown in FIG. 6 . It should be noted that FIG. 6 only shows the computer device 60 having components 61-62, but it should be understood that implementation of all of the illustrated components is not required, and more or less components may be implemented instead.

本实施例中,存储器61(即可读存储介质)包括闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘等。在一些实施例中,存储器61可以是计算机设备60的内部存储单元,例如该计算机设备60的硬盘或内存。在另一些实施例中,存储器61也可以是计算机设备60的外部存储设备,例如该计算机设备60上配备的插接式硬盘,智能存储卡(Smart Media Card,SMC),安全数字(Secure Digital,SD)卡,闪存卡(Flash Card)等。当然,存储器61还可以既包括计算机设备60的内部存储单元也包括其外部存储设备。本实施例中,存储器61通常用于存储安装于计算机设备60的操作系统和各类应用程序,例如实施例一的应用程序的启动装置50的程序代码等。此外,存储器61还可以用于暂时地存储已经输出或者将要输出的各类数据。In this embodiment, the memory 61 (ie, a readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card-type memory (eg, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Programmable Read Only Memory (PROM), Magnetic Memory, Magnetic Disk, Optical Disk, etc. In some embodiments, the memory 61 may be an internal storage unit of the computer device 60 , such as a hard disk or memory of the computer device 60 . In other embodiments, the memory 61 may also be an external storage device of the computer device 60, such as a plug-in hard disk, a smart memory card (Smart Media Card, SMC), a secure digital (Secure Digital, SD) card, flash memory card (Flash Card), etc. Of course, the memory 61 may also include both the internal storage unit of the computer device 60 and its external storage device. In this embodiment, the memory 61 is generally used to store the operating system and various application programs installed on the computer device 60 , for example, the program code of the application program startup device 50 in the first embodiment. In addition, the memory 61 can also be used to temporarily store various types of data that have been output or will be output.

处理器62在一些实施例中可以是中央处理器(Central Processing Unit,CPU)、控制器、微控制器、微处理器、或其他数据处理芯片。该处理器62通常用于控制计算机设备60的总体操作。本实施例中,处理器62用于运行存储器61中存储的程序代码或者处理数据,例如运行应用程序的启动装置50,以实现实施例一的应用程序的启动方法。The processor 62 may be a central processing unit (CPU), a controller, a microcontroller, a microprocessor, or other data processing chips in some embodiments. The processor 62 is typically used to control the overall operation of the computer device 60 . In this embodiment, the processor 62 is used for running the program code or processing data stored in the memory 61, for example, the starting device 50 for running the application program, so as to realize the method for starting the application program in the first embodiment.

本实施例还提供一种计算机可读存储介质,如闪存、硬盘、多媒体卡、卡型存储器(例如,SD或DX存储器等)、随机访问存储器(RAM)、静态随机访问存储器(SRAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、可编程只读存储器(PROM)、磁性存储器、磁盘、光盘、服务器、App应用商城等等,其上存储有计算机程序,程序被处理器执行时实现相应功能。本实施例的计算机可读存储介质用于存储应用程序的启动装置50,被处理器执行时实现实施例一的应用程序的启动方法。This embodiment also provides a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (for example, SD or DX memory, etc.), random access memory (RAM), static random access memory (SRAM), only Read-only memory (ROM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Programmable Read-Only Memory (PROM), magnetic memory, magnetic disk, optical disk, server, App application mall, etc., on which computer programs are stored, When the program is executed by the processor, the corresponding function is realized. The computer-readable storage medium of this embodiment is used to store the application startup device 50, and when executed by the processor, implements the application startup method of the first embodiment.

上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。The above-mentioned serial numbers of the embodiments of the present invention are only for description, and do not represent the advantages or disadvantages of the embodiments.

流程图中或在此以其它方式描述的任何过程或方法描述可以被理解为,表示包括一个或更多个用于实现特定逻辑功能或过程的步骤的可执行指令的代码的模块、片段或部分,并且本发明的优选实施方式的范围包括另外的实现,其中可以不按所示出或讨论的顺序,包括根据所涉及的功能按基本同时的方式或按相反的顺序,来执行功能,这应被本发明的实施例所属技术领域的技术人员所理解。Any description of a process or method in the flowcharts or otherwise described herein may be understood to represent a module, segment or portion of code comprising one or more executable instructions for implementing a specified logical function or step of the process , and the scope of the preferred embodiments of the invention includes alternative implementations in which the functions may be performed out of the order shown or discussed, including performing the functions substantially concurrently or in the reverse order depending upon the functions involved, which should It is understood by those skilled in the art to which the embodiments of the present invention belong.

本技术领域的普通技术人员可以理解,实现上述实施例方法携带的全部或部分步骤是可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读介质中,该程序在执行时,包括方法实施例的步骤之一或其组合。Those of ordinary skill in the art can understand that all or part of the steps carried by the methods of the above embodiments can be completed by instructing relevant hardware through a program, and the program can be stored in a computer-readable medium, and the program can be stored in a computer-readable medium. When executed, one or a combination of the steps of the method embodiment is included.

在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本发明的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of this specification, reference to the terms "one embodiment," "some embodiments," "example," "specific example," or "some examples", etc., means a specific feature described in connection with the embodiment or example, A structure, material, or feature is included in at least one embodiment or example of the present invention. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。From the description of the above embodiments, those skilled in the art can clearly understand that the method of the above embodiment can be implemented by means of software plus a necessary general hardware platform, and of course can also be implemented by hardware, but in many cases the former is better implementation.

以上仅为本发明的优选实施例,并非因此限制本发明的专利范围,凡是利用本发明说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本发明的专利保护范围内。The above are only preferred embodiments of the present invention, and are not intended to limit the scope of the present invention. Any equivalent structure or equivalent process transformation made by using the contents of the description and drawings of the present invention, or directly or indirectly applied in other related technical fields , are similarly included in the scope of patent protection of the present invention.

Claims (10)

1. A method for starting an application program is characterized by comprising the following steps:
receiving an application program starting request sent to a preset TCP port by a user in the current Windows session environment;
determining a user account corresponding to the current Windows session environment according to the application program starting request;
and starting the application program through a system account, and displaying the application program in a Windows session environment corresponding to the user account.
2. The method for starting the application program according to claim 1, wherein the step of receiving the application program starting request sent by the user in the current Windows session environment comprises:
and receiving the application program starting request through a preset TCP port, wherein the starting request is sent by the user through a browser.
3. The method for starting the application program according to claim 2, wherein the step of determining the user account corresponding to the current Windows session environment according to the application program starting request comprises:
acquiring a process identifier corresponding to the application program starting request of the preset TCP port;
and acquiring the user account identification according to the process identification.
4. The method for starting the application program according to claim 1, wherein the step of receiving the application program starting request sent by the user in the current Windows session environment comprises:
receiving the application program starting request through an agent executive program, wherein the starting request is sent by the user through clicking a desktop shortcut of the application program.
5. The method for starting application programs according to claim 4, wherein after the step of receiving the application program starting request sent by the user in the current Windows session environment, the method further comprises:
judging whether the current Windows session environment has first permission to start the application program;
and determining to start the application program through the system account under the condition that the current Windows session environment does not have first permission for starting the application program.
6. The method for starting the application program according to claim 5, wherein the step of starting the application program through a system account and displaying the application program in a Windows session environment corresponding to the user account comprises:
acquiring a second permission of the system account relative to the application program;
and sending the second permission to the user account so that the user account can start the application program through the second permission.
7. The method for starting the application program according to any one of claims 1 to 6, wherein the application program start request is transmitted based on a public and private key mechanism of ECC, and the start request includes any one or more of the following fields: program working directory, program execution path, program execution parameter, whether to display interface and whether to synchronously wait.
8. A method for starting an application program, comprising:
the starting request receiving module is suitable for receiving an application program starting request sent to a preset TCP port by a user in the current Windows session environment;
the user account determining module is suitable for determining a user account corresponding to the current Windows session environment according to the application program starting request;
and the system account starting module is suitable for starting the application program through a system account and displaying the application program in a Windows session environment corresponding to the user account.
9. A computer arrangement comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1 to 7 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 7.
CN202210259920.XA 2022-03-16 2022-03-16 Application startup method, device, computer device and storage medium Pending CN114595005A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210259920.XA CN114595005A (en) 2022-03-16 2022-03-16 Application startup method, device, computer device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210259920.XA CN114595005A (en) 2022-03-16 2022-03-16 Application startup method, device, computer device and storage medium

Publications (1)

Publication Number Publication Date
CN114595005A true CN114595005A (en) 2022-06-07

Family

ID=81818027

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210259920.XA Pending CN114595005A (en) 2022-03-16 2022-03-16 Application startup method, device, computer device and storage medium

Country Status (1)

Country Link
CN (1) CN114595005A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101176331A (en) * 2005-06-06 2008-05-07 国际商业机器公司 Computer network intrusion detection system and method
CN101304409A (en) * 2008-06-28 2008-11-12 华为技术有限公司 Malicious code detection method and system
CN105302092A (en) * 2014-07-25 2016-02-03 费希尔-罗斯蒙特系统公司 Process control software security architecture based on least privileges
CN106709288A (en) * 2016-12-22 2017-05-24 腾讯科技(深圳)有限公司 Application program review operation authority processing method and device
WO2020093214A1 (en) * 2018-11-05 2020-05-14 深圳市欢太科技有限公司 Application program login method, application program login device and mobile terminal
CN113177195A (en) * 2021-04-29 2021-07-27 杭州迪普科技股份有限公司 Client access method, login service module, client and system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101176331A (en) * 2005-06-06 2008-05-07 国际商业机器公司 Computer network intrusion detection system and method
CN101304409A (en) * 2008-06-28 2008-11-12 华为技术有限公司 Malicious code detection method and system
CN105302092A (en) * 2014-07-25 2016-02-03 费希尔-罗斯蒙特系统公司 Process control software security architecture based on least privileges
CN106709288A (en) * 2016-12-22 2017-05-24 腾讯科技(深圳)有限公司 Application program review operation authority processing method and device
WO2018113596A1 (en) * 2016-12-22 2018-06-28 腾讯科技(深圳)有限公司 Method of processing application reviewing operation permission, device, and data storage medium
WO2020093214A1 (en) * 2018-11-05 2020-05-14 深圳市欢太科技有限公司 Application program login method, application program login device and mobile terminal
CN112771826A (en) * 2018-11-05 2021-05-07 深圳市欢太科技有限公司 Application program login method, application program login device and mobile terminal
CN113177195A (en) * 2021-04-29 2021-07-27 杭州迪普科技股份有限公司 Client access method, login service module, client and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
叶志鹏;何成万;张峥峰;: "基于AOP的Web应用程序的安全会话管理", 武汉工程大学学报, no. 05, 15 October 2018 (2018-10-15), pages 97 - 100 *

Similar Documents

Publication Publication Date Title
US11070641B2 (en) Optimizing web applications using a rendering engine
US11652613B2 (en) Secure information exchange in federated authentication
US11438421B2 (en) Accessing resources in a remote access or cloud-based network environment
US11711214B2 (en) Enhanced token transfer
US11748312B2 (en) Sharing of data with applications
US11522847B2 (en) Local mapped accounts in virtual desktops
WO2022006131A1 (en) Injection of tokens or client certificates for managed application communication
US11062041B2 (en) Scrubbing log files using scrubbing engines
US11770454B2 (en) Native application integration for enhanced remote desktop experiences
US11722461B2 (en) Connecting client devices to anonymous sessions via helpers
US11526595B2 (en) Optically scannable representation of a hardware secured artifact
US20220038282A1 (en) Secure Token Transfer between Untrusted Entities
US10721719B2 (en) Optimizing caching of data in a network of nodes using a data mapping table by storing data requested at a cache location internal to a server node and updating the mapping table at a shared cache external to the server node
CA3157931A1 (en) Systems and methods for automated application launching
US20200110857A1 (en) Reflection Based Endpoint Security Test Framework
US20190243520A1 (en) Using Pressure Sensor Data in a Remote Access Environment
US20230064996A1 (en) Sharing Virtual Environment Data
CN114595005A (en) Application startup method, device, computer device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination