[go: up one dir, main page]

CN118364440A - Information authorization method, device, terminal equipment and storage medium - Google Patents

Information authorization method, device, terminal equipment and storage medium Download PDF

Info

Publication number
CN118364440A
CN118364440A CN202410364162.7A CN202410364162A CN118364440A CN 118364440 A CN118364440 A CN 118364440A CN 202410364162 A CN202410364162 A CN 202410364162A CN 118364440 A CN118364440 A CN 118364440A
Authority
CN
China
Prior art keywords
information
user
application
user login
tenant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202410364162.7A
Other languages
Chinese (zh)
Inventor
阮建雄
向晓霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Dianlian Technology Co ltd
Original Assignee
Shenzhen Dianlian Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Dianlian Technology Co ltd filed Critical Shenzhen Dianlian Technology Co ltd
Priority to CN202410364162.7A priority Critical patent/CN118364440A/en
Publication of CN118364440A publication Critical patent/CN118364440A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses an information authorization method, an information authorization device, terminal equipment and a storage medium, in particular to a method for configuring relevant parameters when a user enters an application through a flow engine when the user is detected to enter the application; configuring a corresponding interface according to the related parameters; receiving source information and authentication information of a service platform; when triggering a user login process in the process engine, invoking the corresponding interface to perform authority verification on a user login request according to the service platform source information and the authentication information. The scheme is used for configuring the flow engine and the corresponding interface, combining with automatic flow management and authority verification, and avoiding the need of waiting and carrying out additional development investment by a user, so that development cost and management complexity are reduced, and the smoothness of system butt joint and operation work is improved.

Description

Information authorization method, device, terminal equipment and storage medium
Technical Field
The present invention relates to the field of information technologies, and in particular, to an information authorization method, an information authorization device, a terminal device, and a storage medium.
Background
In the current sats (Software AS A SERVICE, a service) prevailing mode, an application program needs to connect to various different SAAS application integration centers to obtain different tenant information and authorize the tenant.
At present, the existing docking modes of applications and SAAS application integration centers are divided into two modes: one is that the application provides the tenant, role, relevant interface of user information butt joint, according to the synchronous information of different scenes by SAAS application integration center, but need SAAS butt joint application this tenant, role, interface such as user, etc., the time efficiency is slow; the other is that the SAAS provides a query interface for opening tenant, role, user information and the like, and the application actively pulls tenant information through the query interface, but the application interface is required to be connected with interfaces which are opened by different SAAS platforms, so that the time efficiency is slow and the investment is large.
Disclosure of Invention
The invention mainly aims to provide an information authorization method, an information authorization device, terminal equipment and a storage medium, which aim to reduce development cost and management complexity and improve smoothness of system butt joint and operation work.
In order to achieve the above object, the present invention provides an information authorization method, including the steps of:
When the user is detected to enter the application, configuring relevant parameters when the user enters the application through a flow engine;
configuring a corresponding interface according to the related parameters;
Receiving source information and authentication information of a service platform;
when triggering a user login process in the process engine, invoking the corresponding interface to perform authority verification on a user login request according to the service platform source information and the authentication information.
Optionally, after the step of configuring the corresponding interface according to the relevant parameters, the method further includes:
configuring a field mapping relation according to the related parameters;
And converting related parameters of application users of different systems based on the field mapping relation.
Optionally, when triggering the user login process in the process engine, the step of calling the corresponding interface to perform authority verification on the user login request according to the platform source information and the authentication information includes:
when triggering a user login process in the process engine, receiving a user login request;
according to the source information of the service platform, a corresponding interface is called, and whether the user login request is legal or not and whether the user login request comes from a specific platform or not is verified;
and according to the authentication information, a corresponding interface is called, and whether the user login request accords with preset login conditions is verified.
Optionally, the step of verifying whether the user login request meets a preset login condition according to authentication information includes:
And verifying whether the user information, the tenant information and the roles in the user login request accord with preset login conditions through corresponding interfaces according to the authentication information.
Optionally, when triggering the user login process in the process engine, after invoking the step of performing authority verification on the user login request by the corresponding interface according to the service platform source information and the authentication information, the method further includes:
calling an interface for acquiring tenant information through a flow engine;
acquiring and storing tenant information of a current user according to the interface for acquiring the tenant information and the authentication information;
and initializing and configuring a database in the application according to the tenant information of the current user.
Optionally, after the step of initializing the database in the application according to the tenant information of the current user, the method further includes:
and acquiring role information and menu information based on the configuration of the application integration center through a flow engine, and storing the role information and the menu information.
Optionally, after the step of acquiring the role information and the menu information based on the configuration of the application integration center and saving the role information and the menu information by the flow engine, the method further includes:
and after the new tenant successfully logs in the system, sending notification information to an application manager, wherein the notification information comprises system configuration and/or processing conditions.
The embodiment of the application also provides an information authorization device, which comprises:
the configuration module is used for detecting that a user enters the application, and configuring related parameters when the user enters the application through the flow engine;
the configuration module is further used for configuring a corresponding interface according to the related parameters;
the information receiving module is used for receiving the source information and the authentication information of the service platform;
And the permission verification module is used for calling the corresponding interface to perform permission verification on the user login request according to the platform source information and the authentication information when the user login process in the process engine is triggered.
The embodiment of the application also provides information authorization terminal equipment, which comprises: a memory, a processor, and an information authorization program stored on the memory and executable on the processor, the information authorization program configured to implement the steps of the information authorization method as described above.
The embodiment of the application also provides a storage medium, wherein the storage medium stores an information authorization program, and the information authorization program realizes the steps of the information authorization method when being executed by a processor.
The embodiment of the application configures related parameters when the user enters the application through the flow engine by the method, specifically detecting that the user enters the application; configuring a corresponding interface according to the related parameters; receiving source information and authentication information of a service platform; when triggering a user login process in the process engine, invoking the corresponding interface to perform authority verification on a user login request according to the service platform source information and the authentication information. The scheme is used for configuring the flow engine and the corresponding interface, combining with automatic flow management and authority verification, and avoiding the need of waiting and carrying out additional development investment by a user, so that development cost and management complexity are reduced, and the smoothness of system butt joint and operation work is improved.
Drawings
FIG. 1 is a schematic diagram of functional modules involved in a terminal device to which an information authorization apparatus of the present application belongs;
FIG. 2 is a flowchart of a first exemplary embodiment of an information authorization method according to the present application;
FIG. 3 is a flowchart of a second exemplary embodiment of an information authorization method according to the present application;
FIG. 4 is a flowchart of a third exemplary embodiment of an information authorization method according to the present application;
FIG. 5 is a flowchart of a fourth exemplary embodiment of an information authorization method according to the present application;
FIG. 6 is a flowchart of a fifth exemplary embodiment of an information authorization method according to the present application;
fig. 7 is a flowchart of a sixth exemplary embodiment of the information authorization method of the present application.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The main solution of the embodiment of the application is as follows: when the user is detected to enter the application, configuring relevant parameters when the user enters the application through a flow engine; configuring a corresponding interface according to the related parameters; receiving service platform source information and the authentication information; when triggering a user login process in the process engine, invoking the corresponding interface to perform authority verification on a user login request according to the service platform source information and the authentication information. The scheme is used for configuring the flow engine and the corresponding interface, combining with automatic flow management and authority verification, and avoiding the need of waiting and carrying out additional development investment by a user, so that development cost and management complexity are reduced, and the smoothness of system butt joint and operation work is improved.
Technical terms related to the embodiment of the application:
A process engine, a software tool or platform, for managing and executing business processes and workflows. The method can help the organization to design, simulate, execute and monitor various business processes, thereby realizing automation and optimization of the business processes.
Authentication information Authentication Information. Data or credentials for verifying user identity and rights. In computer systems and networks, authentication information typically includes a user's username, password, digital certificate, token, etc. to confirm the identity and rights of the user to ensure that only legitimate users can access the system or resource.
Authentication interface Authentication Interface. An interface for verifying the identity and rights of a user is typically used for interacting with an authentication service or authentication system. Through the authentication interface, the application may send the identity information provided by the user to the authentication system and obtain the verification result to determine whether the user has permission to access the system or the resource.
The embodiment of the application considers that the existing application and application integration center docking scheme is as follows: accessing various application integration centers, taking different tenant information and authorizing tenant users, which causes the problem that users need to interface with different application centers or interface with application centers, continuously input developers, rely on the stability of the application integration centers, and the manual intervention is not timely.
Based on the above, the embodiment of the application provides a method for authorizing the tenant information of the application under a multi-application integration center, which can effectively solve the problem of untimely continuous input of developers and manual intervention so as to realize smooth butt joint and operation of the system.
Specifically, referring to fig. 1, fig. 1 is a schematic diagram of functional modules of a terminal device to which an information authorization apparatus of the present application belongs. The information authorization means may be a system capable of data processing independent of the terminal device, which may be carried on the terminal device in the form of hardware or software. The terminal equipment can be information interaction equipment such as a computer, a mobile phone or a tablet. The present embodiment is exemplified by a computer.
In this embodiment, the terminal device to which the information authorization apparatus belongs at least includes a management module 110, a processor 120, a memory 130, and a communication module 140.
The memory 130 stores an operating system and an information authorization program, and the information authorization device can store relevant parameters of a user, corresponding interface information, platform source information carried by the user when the user enters an application and authentication information in the memory 130; the management module 110 may include servers, software applications, routers, etc.; the communication module 140 may include a network interface card, a router, bluetooth, etc. that may enable wired communication and data transmission between systems.
Wherein the information synchronization and authorization in memory 130 when executed by processor 120 performs the steps of:
When the user is detected to enter the application, configuring relevant parameters when the user enters the application through a flow engine;
configuring a corresponding interface according to the related parameters;
Receiving source information and authentication information of a service platform;
when triggering a user login process in the process engine, invoking the corresponding interface to perform authority verification on a user login request according to the service platform source information and the authentication information.
Further, the synchronization and authorization of information in memory 130, when executed by processor 120, also performs the steps of:
configuring a field mapping relation according to the related parameters;
And converting related parameters of application users of different systems based on the field mapping relation.
Further, the synchronization and authorization of information in memory 130, when executed by processor 120, also performs the steps of:
when triggering a user login process in the process engine, receiving a user login request;
according to the source information of the service platform, a corresponding interface is called, and whether the user login request is legal or not and whether the user login request comes from a specific platform or not is verified;
and according to the authentication information, a corresponding interface is called, and whether the user login request accords with preset login conditions is verified.
Further, the synchronization and authorization of information in memory 130, when executed by processor 120, also performs the steps of:
And verifying whether the user information, the tenant information and the roles in the user login request accord with preset login conditions through corresponding interfaces according to the authentication information.
Further, the synchronization and authorization of information in memory 130, when executed by processor 120, also performs the steps of:
calling an interface for acquiring tenant information through a flow engine;
acquiring and storing tenant information of a current user according to the interface for acquiring the tenant information and the authentication information;
and initializing and configuring a database in the application according to the tenant information of the current user.
Further, the synchronization and authorization of information in memory 130, when executed by processor 120, also performs the steps of:
and acquiring role information and menu information based on the configuration of the application integration center through a flow engine, and storing the role information and the menu information.
Further, the synchronization and authorization of information in memory 130, when executed by processor 120, also performs the steps of:
and after the new tenant successfully logs in the system, sending notification information to an application manager, wherein the notification information comprises system configuration and/or processing conditions.
According to the scheme, when the user is detected to enter the application, the relevant parameters of the user entering the application are configured through the flow engine; configuring a corresponding interface according to the related parameters; receiving platform source information and authentication information; when the user login process in the process engine is triggered, the corresponding interface is called to carry out authority verification on the user login request according to the platform source information and the authentication information. The scheme is used for configuring the flow engine and the corresponding interface, combining with automatic flow management and authority verification, and avoiding the need of waiting and carrying out additional development investment by a user, so that development cost and management complexity are reduced, and the smoothness of system butt joint and operation work is improved.
Based on the above architecture, but not limited to the above architecture, the method embodiments of the present application are presented.
Referring to fig. 2, fig. 2 is a flowchart illustrating a first exemplary embodiment of an information authorization method according to the present application. The information authorization method comprises the following steps:
step S10, when the user is detected to enter the application, the relevant parameters when the user enters the application are configured through a flow engine.
The execution body of the method of the embodiment may be an information authorization device, or may be an information synchronization and authorization device or a server, and the embodiment uses the information authorization device as an example, where the information authorization device may be integrated on a terminal device such as a mobile phone, a tablet, a computer, etc.
The scheme of the embodiment mainly aims to solve the problem that continuous developer investment and manual intervention are not timely, so that the system can be smoothly connected and operated.
Specifically, since in the current SAAS prevailing mode, applications need to connect to various SAAS application integration centers to obtain different tenant information and authorize the tenant.
The main modes of the butt joint of the existing application and the SAAS application integration center are as follows: the application provides tenant, role, user information docking related interface, SAAS application integration center synchronizes tenant information according to different scenes, but this mode needs SAAS docking the tenant, role, user and other interfaces on the side of application, time is slow, depending on SAAS system stability, and there may be lost data; another way provides an opening tenant, role, user query interface for the SAAS, and actively pulls the information by the application, but the way needs to apply interfaces which are open to different SAAS platforms, and has high timeliness and investment. Therefore, the embodiment starts from the tenant information synchronization and authorization directions of the application, so that the problem that developers are continuously input and manual intervention is not timely is effectively solved, and the stability and smoothness of system butt joint and operation work are improved.
Specifically, an application manager uses a flow engine in an application to configure relevant parameters when a user enters the application, wherein the relevant parameters comprise a login flow, tenant information, roles, user information, login authentication synchronization flow and the like when the user enters the application.
Through the steps, namely through the process engine, relevant parameters when a user enters the application are configured, unified management, flexible customization and automatic process of the parameters can be realized, safety is enhanced, user experience is improved, and effective support and guarantee are provided for tenant information synchronization and authorization of the application.
Step S20, configuring corresponding interfaces according to the related parameters.
Specifically, the application manager may define and design the interfaces required in the application based on the relevant parameters of the user when entering the application. The corresponding interfaces may include a login interface, a tenant information acquisition interface, a role information acquisition interface, a user information acquisition interface, a login authentication interface, and the like.
By configuring the corresponding interfaces according to the related parameters, data exchange and integration between the application and the SAAS application integration center can be realized, seamless connection and collaborative work between the systems can be realized, flexibility and expansibility of the systems are improved, and better experience and service are provided for users.
Step S30, receiving service platform source information and authentication information.
Service platform source information refers to information about its source and manner of access provided by a user when accessing a website, application, or other online platform. In this embodiment, the service platform source information refers to SAAS platform source information.
Specifically, after receiving a user access request, the application integration center analyzes and extracts the carried SAAS platform source information and authentication information. Analyzing the platform source information so that the application can know through which channel or source the user enters the application; the parsed authentication information is used to verify the identity and rights of the user.
By receiving the carried SAAS platform source information and authentication information, the application can better know the source and identity of the user, provide personalized service and experience, and ensure the safety and authority control of the user.
And step S40, when a user login process in the process engine is triggered, invoking the corresponding interface to perform authority verification on a user login request according to the service platform source information and the authentication information.
Specifically, the user logs in the application integration center, and triggers the user login process in the process engine. After receiving the user login request, the flow engine starts to execute the login flow.
In the user login process, the process engine can call a corresponding interface to carry out authority verification of a user login request according to the acquired source information and authentication information of the service platform.
For example, a login authentication interface may be invoked to verify the identity and rights of the user, ensuring that the user has rights to access the application. If the verification is passed, the user can smoothly log in and access the application; if the authentication is not passed, the user will not be able to log in or have limited access.
After the interface verification is completed, the flow engine can correspondingly process the user login request according to the authority verification result returned by the interface. For example, if the authority verification is passed, the user can normally log in and enter the application, and enjoy the corresponding functions and services; if the rights verification is not passed, the user may receive a corresponding prompt or be redirected to other pages to ensure security and rights control.
The user login request is subjected to authority verification by calling the corresponding interface, so that the identity safety and authority control of the user can be ensured, only the user with legal authority can access the application, the safety and user experience of the system are improved, and the user login request is only required to be completely submitted to a flow engine configured by the system for execution, so that the timeliness is high.
Referring to fig. 3, fig. 3 is a flowchart illustrating a second exemplary embodiment of the information authorization method according to the present application. In this embodiment, based on the step S20, after the step of configuring the corresponding interface according to the related parameter, the method further includes:
Step S21, configuring a field mapping relation according to the related parameters;
If two or more application systems are in conversion of related parameters, corresponding processing measures are needed to be adopted, so that normal conversion and transmission of the parameters are ensured.
Specifically, fields that need to be mapped are determined, including data types, value ranges, etc. in different systems. And establishing a mapping table for recording the corresponding relation of the fields in different systems, wherein the mapping table contains information such as field names, data types, value ranges and the like so as to facilitate the subsequent parameter conversion and verification.
And configuring a field mapping relation according to the information in the mapping table, ensuring the accuracy and the integrity of mapping inertia, and avoiding the condition of abnormal data transfer caused by mapping errors.
For example, a certain field is named "a" in system a, and a field of the same meaning is named "B" in system B. In order to ensure that data can be properly transferred and parsed, the correspondence of the fields needs to be set by parameter mapping, i.e., mapping the field "a" in system a to the field "B" in system B, in order to properly transfer and process the data.
And S22, converting relevant parameters of application users of different systems based on the field mapping relation.
Specifically, according to the field mapping relation configured before, parameters in different systems are correspondingly converted. For example, the user ID in system a is mapped to the user ID in system B, the user name in system a is mapped to the user name in system B, and so on.
And the converted parameters can be updated to the target system, so that the consistency of the user information among different systems is ensured. The converted parameters can be updated to the target system through API call or data synchronization and the like.
By the method of the embodiment, specifically, the field mapping relation is configured according to the related parameters; and converting related parameters of application users of different systems based on the field mapping relation. The conversion of the application user related parameters of different systems can be realized, and the consistency and the accuracy of the user information among the different systems are ensured.
Referring to fig. 4, fig. 4 is a flowchart illustrating a third exemplary embodiment of the information authorization method according to the present application. In this embodiment, based on the step S40, when triggering the user login procedure in the procedure engine, the step of calling the corresponding interface to perform authority verification on the user login request according to the platform source information and the authentication information includes:
step S401, when triggering a user login process in the process engine, receiving a user login request;
Specifically, when the user performs login operation in the application integration center, login credentials such as a user name and a password can be input to trigger a user login process in the process engine. The flow engine receives the login request of the user and starts to process the login flow. The flow engine verifies the login credentials submitted by the user, including matching the user name and password, checking the user status and permissions.
Step S402, according to the source information of the service platform, a corresponding interface is called, and whether the user login request is legal or not and whether the user login request comes from a specific platform or not is verified;
Specifically, in the user login process, the process engine may acquire source information of the service platform, including information such as a source channel and a source website, carried by the user login request. The flow engine calls a corresponding interface to verify according to the source information of the service platform, and the interface can perform validity verification on the user login request, including verification of identity information of the user, validity of login credentials and the like; and verifying the platform source information carried by the user login request, judging whether the user login request comes from a specific platform, and verifying the source information of the service platform and preset specific service platform information by comparing the source information of the service platform to ensure that the source of the user login request meets the requirements.
Step S403, according to the authentication information, calling a corresponding interface to verify whether the user login request meets the preset login condition.
Specifically, the flow engine also calls a corresponding interface, such as a login authentication interface, according to the authentication information carried by the acquired user login request, and verifies whether the authority of the user accords with the preset login condition, and the interface verifies the login request submitted by the user to ensure that the authority and role information of the user accord with the preset login condition. The authentication process may include the step of checking whether the user's role has login rights, whether the user is in a valid state, and the like.
Further, the step of calling a corresponding interface according to the authentication information to verify whether the user login request meets a preset login condition, further includes:
Step S4031, verifying whether the user information, tenant information and role in the user login request meet the preset login conditions through the corresponding interfaces according to the authentication information.
Specifically, user information, tenant information and role information are transmitted to the corresponding interfaces as parameters. In this embodiment, the interface configured to verify whether the user information, the tenant information and the role in the user login request meet the preset login conditions is an authentication interface, and the authentication interface performs verification according to the preset login conditions, including whether the user exists, whether the password is correct, whether the tenant is valid, whether the role meets the requirements, and the like.
After the authentication interface completes the verification of the user login part, the flow engine can correspondingly process the user login request according to the verification result returned by the interface, and if the authority of the user accords with the preset login condition, the user can successfully login and access the corresponding application; if the authority of the user does not accord with the preset login condition, the application system can reject the login request of the user or give corresponding prompt information.
The above steps are described by taking the enterprise internal management system as an example of a specific scenario.
When a user triggers a user login process in a process engine in an enterprise internal management system, firstly, the process engine receives a login request of the user, wherein the request comprises login information such as a user name, a password and the like provided by the user.
Then, the flow engine calls an authentication interface to judge whether the user login request comes from a specific platform, such as an enterprise internal network, a mobile terminal application and the like, according to the platform source information.
Then, the flow engine calls an authentication interface to verify the validity of the user login request, including whether the user name password is correct, whether the user exists, and the like. If the user login request is illegal, the system returns corresponding error information to the user.
And then, the flow engine also calls an authentication interface according to the authentication information to verify whether the user login request meets preset login conditions, such as user roles, tenant information and the like. The authentication interface can verify the user login request to ensure that the user accords with preset login conditions.
Finally, the authentication interface returns a verification result including information that the verification passed or failed. If the verification is passed, the user can successfully log in the system; if the verification fails, the system returns corresponding error information to the user.
Through the embodiment, when the user login process in the process engine is triggered, a user login request is received, a corresponding interface is called according to the platform source information, whether the user login request is legal or not is verified, whether the user login request comes from a specific platform or not is verified, and the corresponding interface is called according to the authentication information, and whether the user login request meets preset login conditions or not is verified. The method can configure the corresponding interface to check the user login part only through the flow engine, so that manual intervention is not needed, the labor cost is reduced, and the stability and the reliability of the system are improved.
Referring to fig. 5, fig. 5 is a flowchart illustrating a fourth exemplary embodiment of the information authorization method according to the present application. In this embodiment, based on the step S40, when triggering the user login procedure in the procedure engine, after invoking the step of performing authority verification on the user login request by using the corresponding interface according to the platform source information and the authentication information, the method further includes:
Step S41, calling an interface for acquiring tenant information through a flow engine;
specifically, a node is configured in the flow engine for calling an interface for acquiring tenant information. The interface for acquiring tenant information generally refers to an API interface for acquiring information of a specific tenant or customer. This interface may receive specific parameters, such as tenant ID, tenant name, etc., and return relevant information of the tenant, such as basic information of the tenant, contact, service subscription, etc.
Step S42, acquiring and storing tenant information of the current user according to the interface and authentication information for acquiring the tenant information;
Specifically, when the user logs in the application, the flow engine acquires authentication information carried by the user, including user identity information and an access Token (Token), where the authentication information can ensure validity of interface call for acquiring tenant information.
And then analyzing tenant information data returned by the interface for acquiring tenant information, extracting tenant information of the current user, and storing the tenant information in a database in the application.
Step S43, initializing and configuring a database in the application according to the tenant information of the current user.
Specifically, data isolation configuration inside the application is performed according to the obtained tenant information, wherein corresponding database examples, table structures and the like can be created according to the tenant information, and mutual isolation of data of different tenants is ensured.
In the application program, data isolation processing is carried out according to tenant information, and data isolation can be realized by adding tenant ID conditions in database inquiry or carrying out data filtering and the like on a data access layer, so that data of different tenants can not be interfered with each other.
If the user of the stored tenant information is recorded as logging in the application for the first time, when the user enters the application again, if the tenant information of the user is changed or updated, the process engine can acquire the changed or updated tenant information again by using the tenant information acquisition interface, and store the changed or updated tenant information.
The embodiment calls an interface for acquiring tenant information through a flow engine; acquiring and storing tenant information of a current user according to the interface for acquiring the tenant information and the authentication information; and initializing and configuring a database in the application according to the tenant information of the current user. Realizing data isolation, authority control and personalized configuration, simplifying development and maintenance work, improving user experience,
Referring to fig. 6, fig. 6 is a flowchart illustrating a fifth exemplary embodiment of an information authorization method according to the present application. In this embodiment, based on the step S43, after initializing the database in the application according to the tenant information to which the current user belongs, the method further includes:
Step S431, acquiring role information and menu information based on the configuration of the application integration center through a flow engine, and storing the role information and the menu information.
Specifically, a corresponding process or task is configured in the process engine, an interface for acquiring role information and menu information is called, corresponding authentication information is transmitted, and the data returned by the interface needs to be ensured to contain the role information and the menu information.
The flow engine analyzes menu information data of the character information returned by the interface for acquiring the character information and menu information, extracts needed information, and stores the character information and the menu information into a database in the application, wherein the information can be stored by creating a corresponding table or record.
The process engine can control the authority according to the role information of the user, ensure that the user can only access the menu and the function with the authority, and ensure the consistency and the usability of the user interface according to the menu display and the function authority in the menu information configuration application.
Illustrated with WeChat applet development.
For example, in the development of the WeChat applet, a developer may set a flow engine in the background of the WeChat applet, call an application integration center to provide an interface for acquiring character information and menu information, and acquire the character information and menu information, and the interface may also need authentication information of the incoming applet to ensure that only the authorized applet can acquire the information.
And then, creating a data table of the role information and the menu information in the applet background database, or storing the acquired role information and menu information into a corresponding database table by using the existing table structure, so as to ensure the consistency and the integrity of the data.
According to the method, the role information and the menu information are acquired through the flow engine based on the configuration of the application integration center, and the role information and the menu information are stored. The system has the advantages of realizing the automation of authority control and menu configuration, improving the flexibility and maintainability of the system, and being capable of helping to simplify the configuration and management of the system and improving the user experience and the safety of the system.
Referring to fig. 7, fig. 7 is a flowchart illustrating a sixth exemplary embodiment of an information authorization method according to the present application. In this embodiment, based on the step S431, the process engine obtains the role information and the menu information based on the configuration of the application integration center, and stores the role information and the menu information, and then further includes:
Step S4310, after the new tenant successfully logs in the system, notification information is sent to the application manager, wherein the notification information comprises system configuration and/or processing conditions.
Specifically, a trigger is set in the system, and when a new tenant comes in, the trigger is triggered.
And the writing notification module is used for sending notification information to the application manager in the modes of mail, short message, instant messaging tool and the like. The notification information may include a system configuration to be processed, for example, information such as roles, menus, rights, etc. to be configured for a new tenant, and may also provide guidance of the system configuration, for example, specific steps, operation flows, matters to be noted, etc.
When a new tenant successfully logs in the system, the trigger is started, and after receiving a signal of the new tenant successfully logging in the system, the flow engine sends corresponding notification information to an application manager for reference by the application manager.
By the method, after a new tenant successfully logs in the system, notification information is sent to an application manager, wherein the notification information comprises system configuration and/or processing conditions. The access condition of the new tenant can be timely notified to the manager, and smooth completion of system configuration is ensured.
Through the method of the embodiment, particularly, when the user is detected to enter the application, the flow engine configures related parameters when the user enters the application; configuring a corresponding interface according to the related parameters; receiving source information and authentication information of a service platform; when triggering a user login process in the process engine, invoking the corresponding interface to perform authority verification on a user login request according to the service platform source information and the authentication information. The scheme is used for configuring the flow engine and the corresponding interface, combining with automatic flow management and authority verification, and avoiding the need of waiting and carrying out additional development investment by a user, so that development cost and management complexity are reduced, and the smoothness of system butt joint and operation work is improved.
In addition, the embodiment also provides an information authorization device, which comprises:
the configuration module is used for detecting that a user enters the application, and configuring related parameters when the user enters the application through the flow engine;
the configuration module is further used for configuring a corresponding interface according to the related parameters;
the information receiving module is used for receiving the source information and the authentication information of the service platform;
and the permission verification module is used for calling the corresponding interface to perform permission verification on the user login request according to the service platform source information and the authentication information when the user login process in the process engine is triggered.
The principle and implementation process of information synchronization and authorization are implemented in this embodiment, please refer to the above embodiments, and are not described herein again.
In addition, the embodiment of the application also provides information authorization terminal equipment, which comprises: a memory, a processor, and an information authorization program stored on the memory and executable on the processor, the information authorization program configured to implement the steps of the information authorization method as described above.
Because the information authorization program is executed by the processor, all the technical schemes of all the embodiments are adopted, at least all the beneficial effects brought by all the technical schemes of all the embodiments are provided, and the detailed description is omitted.
In addition, the embodiment of the application also provides a storage medium, wherein the storage medium stores an information authorization program, and the information authorization program realizes the steps of the information authorization method when being executed by a processor.
Because the information authorization program is executed by the processor, all the technical schemes of all the embodiments are adopted, at least all the beneficial effects brought by all the technical schemes of all the embodiments are provided, and the detailed description is omitted.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
From the above description of embodiments, it will be clear to a person skilled in the art that the above embodiment method may be implemented by means of software plus a necessary general hardware platform, but may of course also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. ROM/RAM, magnetic disk, optical disk) as described above, comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (10)

1. An information authorization method, characterized in that the information authorization method comprises the following steps:
When the user is detected to enter the application, configuring relevant parameters when the user enters the application through a flow engine;
configuring a corresponding interface according to the related parameters;
Receiving source information and authentication information of a service platform;
when triggering a user login process in the process engine, invoking the corresponding interface to perform authority verification on a user login request according to the service platform source information and the authentication information.
2. The method of information authorization according to claim 1, wherein after the step of configuring the corresponding interface according to the related parameters, further comprising:
configuring a field mapping relation according to the related parameters;
And converting related parameters of application users of different systems based on the field mapping relation.
3. The method for authorizing information according to claim 1, wherein when triggering the user login procedure in the procedure engine, the step of calling the corresponding interface to perform authority verification on the user login request according to the service platform source information and the authentication information includes:
when triggering a user login process in the process engine, receiving a user login request;
according to the source information of the service platform, a corresponding interface is called, and whether the user login request is legal or not and whether the user login request comes from a specific platform or not is verified;
and according to the authentication information, a corresponding interface is called, and whether the user login request accords with preset login conditions is verified.
4. The information authorization method according to claim 3, wherein the step of calling a corresponding interface according to the authentication information to verify whether the user login request meets a preset login condition comprises:
And verifying whether the user information, the tenant information and the roles in the user login request accord with preset login conditions through corresponding interfaces according to the authentication information.
5. The method for authorizing information according to claim 1, wherein when triggering the user login procedure in the procedure engine, after the step of invoking the corresponding interface to perform authority verification on the user login request according to the service platform source information and the authentication information, the method further comprises:
calling an interface for acquiring tenant information through a flow engine;
acquiring and storing tenant information of a current user according to the interface for acquiring the tenant information and the authentication information;
and initializing and configuring a database in the application according to the tenant information of the current user.
6. The information authorization method according to claim 5, wherein after the step of initializing the database inside the application according to the tenant information to which the current user belongs, the method further comprises:
and acquiring role information and menu information based on the configuration of the application integration center through a flow engine, and storing the role information and the menu information.
7. The information authorization method according to any one of claims 1 to 6, wherein after the steps of acquiring character information and menu information based on the configuration of the application integration center by the flow engine and saving the character information and the menu information, further comprising:
and after the new tenant successfully logs in the system, sending notification information to an application manager, wherein the notification information comprises system configuration and/or processing conditions.
8. An information authorization device, characterized in that the information authorization device comprises:
the configuration module is used for detecting that a user enters the application, and configuring related parameters when the user enters the application through the flow engine;
the configuration module is further used for configuring a corresponding interface according to the related parameters;
the information receiving module is used for receiving the source information and the authentication information of the service platform;
and the permission verification module is used for calling the corresponding interface to perform permission verification on the user login request according to the service platform source information and the authentication information when the user login process in the process engine is triggered.
9. An information-authorized terminal device, characterized in that the information-authorized terminal device comprises: a memory, a processor and an information authorization program stored on the memory and executable on the processor, the information authorization program configured to implement the steps of the information authorization method of any one of claims 1 to 7.
10. A storage medium having stored thereon an information authorization program which, when executed by a processor, implements the steps of the information authorization method according to any one of claims 1 to 7.
CN202410364162.7A 2024-03-28 2024-03-28 Information authorization method, device, terminal equipment and storage medium Pending CN118364440A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410364162.7A CN118364440A (en) 2024-03-28 2024-03-28 Information authorization method, device, terminal equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410364162.7A CN118364440A (en) 2024-03-28 2024-03-28 Information authorization method, device, terminal equipment and storage medium

Publications (1)

Publication Number Publication Date
CN118364440A true CN118364440A (en) 2024-07-19

Family

ID=91881162

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410364162.7A Pending CN118364440A (en) 2024-03-28 2024-03-28 Information authorization method, device, terminal equipment and storage medium

Country Status (1)

Country Link
CN (1) CN118364440A (en)

Similar Documents

Publication Publication Date Title
CN109600306B (en) Method, device and storage medium for creating session
EP2441208B1 (en) Access control to secured application features using client trust levels
US11196739B2 (en) Authorization activation
US12238101B2 (en) Customizing authentication and handling pre and post authentication in identity cloud service
CN112311783B (en) Method and system for authenticating reverse proxy
CN110795174B (en) Application program interface calling method, device, equipment and readable storage medium
CN110691089B (en) Authentication method applied to cloud service, computer equipment and storage medium
CN107133516A (en) A kind of authority control method and system
CN115801472B (en) Authority management method and system based on authentication gateway
CN104468119A (en) One-time password authentication system and method
CN111586021A (en) Remote office business authorization method, terminal and system
CN116170234B (en) Single sign-on method and system based on virtual account authentication
CN116015824A (en) Unified authentication method, equipment and medium for platform
CN117375954A (en) Multi-factor authentication method based on TOTP
CN117240539A (en) Method and device for logging in system
CN107483477B (en) Account management method and account management system
CN115941782A (en) Message push method and system based on RPA and chat robot
JP7099198B2 (en) Management equipment, management systems and programs
CN114462013A (en) Application access method and system based on jsbridge
CN109905402B (en) SSO login method and device based on SSL VPN
KR20220041706A (en) Authentication method and device, computing equipment and medium
CN118364440A (en) Information authorization method, device, terminal equipment and storage medium
US12223028B2 (en) Authentication device and authentication method for single sign-on
CN107172082B (en) File sharing method and system
CN115776400A (en) Identity authentication method, device, system and equipment across multiple identity authentication centers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination