Disclosure of Invention
In view of this, embodiments of the present invention provide a token replacement method, apparatus, and storage medium to ensure security of source codes.
In order to achieve the above purpose, the embodiments of the present invention provide the following technical solutions:
a token permutation method, comprising:
responding to a token acquisition request of a login user for a website system corresponding to a current login website, and storing first token data corresponding to the token acquisition request;
when a page background is detected to initiate a token replacement request, analyzing the token replacement request to obtain identification information of a target system needing token conversion;
verifying whether the first token data for token replacement is legal;
if the token is legal, second token data of the target system is obtained, and the second token data is stored to the front end;
when detecting that a user triggers a heterogeneous page, reading the second token data, and initiating a data request to the target system based on the second token data;
and acquiring and displaying the feedback data of the target system.
Optionally, in the token replacement method, the target system is a system corresponding to each heterogeneous page embedded in the target website.
Optionally, in the token replacement method, before responding to the token acquisition request of the login user to the website system corresponding to the currently logged-in website, the method further includes:
acquiring and storing an authentication interface of a website system and a token generation interface of a target system;
the verifying whether the first token data for token replacement is legitimate includes:
verifying whether first token data for carrying out token replacement is legal or not by adopting an authentication interface of the website system;
the obtaining second token data of the target system includes:
and acquiring second token data of the target system through a token generation interface of the target system.
Optionally, in the token replacement method, when the number of the stored token generation interfaces is greater than 1, acquiring second token data of the target system through the token generation interface of the target system includes:
and acquiring second token data of the target system through a token generation interface of the target system corresponding to the heterogeneous page.
Optionally, the token replacement method further includes:
and scanning the target system embedded in the current login website, judging whether a new target system is embedded in or removed from the current login website, acquiring and storing a token generation interface of the new target system when the new target system is embedded in the current login website, and deleting the stored and removed token generation interface of the target system when the target system is removed from the current login website.
A token permuting apparatus, comprising:
the system comprises a first token data acquisition unit, a second token data acquisition unit and a third token data acquisition unit, wherein the first token data acquisition unit is used for responding to a token acquisition request of a login user for a website system corresponding to a current login website and storing first token data corresponding to the token acquisition request;
the system comprises a replacement request response unit, a token conversion unit and a token conversion unit, wherein the replacement request response unit is used for analyzing a token replacement request to obtain identification information of a target system needing token conversion when a page background is detected to initiate the token replacement request;
the verifying unit is used for verifying whether the first token data used for token replacement is legal or not;
the second token data acquisition unit is used for acquiring second token data of the target system and storing the second token data to the front end if the first token data is detected to be legal;
the data interaction unit is used for reading the second token data when detecting that a user triggers the heterogeneous page, and initiating a data request to the target system based on the second token data; and acquiring and displaying the feedback data of the target system.
Optionally, in the token replacing apparatus described above,
the first token data acquisition unit is further configured to, before responding to a token acquisition request of a login user for a website system corresponding to a currently logged-in website: acquiring and storing an authentication interface of a website system;
the second token data acquisition unit is used for acquiring and storing a token generation interface of the target system before acquiring second token data of the target system;
at this time, the verifying whether the first token data for token replacement is legitimate includes:
verifying whether first token data for carrying out token replacement is legal or not by adopting an authentication interface of the website system;
the obtaining second token data of the target system includes:
and acquiring second token data of the target system through a token generation interface of the target system.
Optionally, in the token replacing apparatus described above,
when the number of the saved token generation interfaces is greater than 1, acquiring second token data of the target system through the token generation interface of the target system, including:
and acquiring second token data of the target system through a token generation interface of the target system corresponding to the heterogeneous page.
Optionally, the token replacing apparatus further includes:
and scanning the target system embedded in the current login website, judging whether a new target system is embedded in or removed from the current login website, acquiring and storing a token generation interface of the new target system when the new target system is embedded in the current login website, and deleting the stored and removed token generation interface of the target system when the target system is removed from the current login website.
A storage medium storing a plurality of instructions adapted to be loaded by a processor to perform the steps of the token replacement method of any one of the preceding claims.
Based on the technical solution, in the solution provided in the embodiment of the present invention, when a user logs in a current website, first token data of a website system corresponding to the current website is obtained and stored, after the login is successful, a token replacement request initiated by a current page background is automatically processed, security verification is performed on the first token data in the token replacement request, when the verification passes, second token data of a target system corresponding to each heterogeneous webpage embedded in the current website is obtained, when the heterogeneous webpage is triggered, data interaction is directly performed with the target system based on the second token data, it can be seen that in a process in which the heterogeneous webpage is triggered, the first token data and the second token data can be directly obtained at a front end, in-website data in the website system is invisible to the user, and data access can be directly performed on the target system by using the second token data, the safety of the data in the website system is ensured.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
In order to prevent direct exposure of front-end source codes when jumping among a plurality of applets, the application discloses a token replacement method, which can be applied in a client, and referring to fig. 1, the method can include:
step S101: responding to a token acquisition request of a login user to a website system corresponding to a current login website, and storing first token data corresponding to the token acquisition request.
Referring to fig. 1 and 2, when a user logs in a currently logged-in website by using a client, a system applying the method automatically generates a token acquisition request for acquiring token data of the currently logged-in website, sends the token acquisition request to a website system corresponding to the currently logged-in website, generates first token data (token) corresponding to the website system after the website system acquires the token acquisition request, sends the first token data (token) of the website system to the client as real-time response data of the token acquisition request, and stores the first token data (token) in a front-end browser of the client after the client acquires the first token data (token), at this time, the user successfully logs in the currently logged-in website.
Step S102: when a page background is detected to initiate a token replacement request, analyzing the token replacement request to obtain identification information of a target system which needs to be subjected to token conversion.
When a device applying the method detects that the device detects that the page background initiates a token replacement request, the token replacement request is analyzed to obtain identification information of a target system which needs to be subjected to token conversion, wherein the analysis of the token replacement request at least comprises stored first token data atoken and the identification information of the target system, and the identification information of the target system can refer to address information of a token generation interface of the target system.
Step S103: it is checked whether the first token data used for the token replacement is legitimate.
In this step, in order to ensure the security of the front-end source code, before performing token replacement, security check needs to be performed on the first token data included in the token replacement request, that is, security check is performed on the first token data invoked by the client, and during the security check, the website system may be used to perform security check on the first token data.
Step S104: and if the second token data is legal, acquiring the second token data of the target system, and storing the second token data to the front end.
And after the security verification is carried out on the first token data, if the security verification of the first token data passes, executing the step, and if the security verification fails, not responding the token replacement request and reporting an error. When the step is executed, token data tokens of the target system corresponding to each heterogeneous webpage embedded in the current login website are obtained, the token data tokens are recorded as second token data tokens, and then the second token data tokens are stored in the client to wait for system call.
Step S105: and when detecting that the user triggers the heterogeneous page, reading the second token data, and initiating a data request to the target system based on the second token data.
In this step, when it is detected that the heterogeneous page of the current website is triggered by the user, second token data btocken of a target system corresponding to the triggered heterogeneous page is extracted, and data interaction is directly performed on the target system corresponding to the heterogeneous page based on the second token data btocken.
Step S106: and acquiring and displaying the feedback data of the target system.
In the technical solution disclosed in the above embodiment of the present application, when a user logs in a current website, first token data of a website system corresponding to the current website is obtained and stored, after the login is successful, a token replacement request initiated by a current page background is automatically processed, security verification is performed on the first token data in the token replacement request, when the verification passes, second token data of a target system corresponding to each heterogeneous webpage embedded in the current website is obtained, when the heterogeneous webpage is triggered, data interaction is directly performed with the target system based on the second token data, it can be seen that in a process in which the heterogeneous webpage is triggered, the first token data and the second token data can be directly obtained at a front end, in-site data in the website system is invisible to the user, and data access can be directly performed on the target system by using the second token data, the safety of the data in the website system is ensured.
In the above embodiment of the present application, the target system is a system corresponding to each heterogeneous page embedded in the target website, and the heterogeneous page is a plug-in or a function control embedded in the current login website.
The above-mentioned scheme disclosed in the embodiment of the present application may be implemented by a preset application program, for example, the above-mentioned scheme may be implemented by a JAVA application program, which is loaded on the client, and when the client is locally started, the above-mentioned flow is automatically executed. In the above scheme, the authentication interface of the website system may be fixed to the client, and when the security check is performed on the first token data, the first token data may be directly sent to the website system through the authentication interface of the website system, and the security check is performed at the website system. Correspondingly, the token generation interface of the target system corresponding to each heterogeneous webpage in the current login website can be solidified at the client, and when the token generation interface needs to be used, the token generation interface is directly called, that is, when the security check passes, the client obtains the second token data of the target system, and then the client directly obtains the system interface of the target system based on the second token data.
That is, to sum up, before responding to the token acquisition request of the login user to the website system corresponding to the currently logged-in website, the method further includes:
and acquiring and storing an authentication interface of the website system and a token generation interface of the target system at the client. In the technical solution disclosed in this embodiment, the authentication interface and the token generation interface may provide a request parameter request and a response data processing rule response, where the request parameter mainly includes a request header parameter, a url parameter and a request body parameter, and the response data processing rule may support two formats, namely JSON and a normal string, and certainly may also support other formats, where JSON uses an XPath definition rule and the normal string uses a regular expression processing rule;
at this time, the verifying whether the first token data for token replacement is legitimate includes:
verifying whether first token data for carrying out token replacement is legal or not by adopting an authentication interface of the website system;
at this time, the obtaining of the second token data of the target system includes:
and acquiring second token data of the target system through a token generation interface of the target system.
In this way, the authentication interface and the token generation interface are both fixed at the client, so that the problem of source code leakage caused by excessive data in the website system facing the user can be effectively prevented.
In the technical solution disclosed in this embodiment, the number of the token generation interfaces stored at the client may be greater than 1, and target systems corresponding to different token generation interfaces are different;
when the number of the saved token generation interfaces is greater than 1, acquiring second token data of the target system through the token generation interface of the target system, including:
and acquiring second token data of the target system through a token generation interface of the target system corresponding to the heterogeneous page.
In a technical solution disclosed in another embodiment of the present application, in consideration that a user may autonomously add or delete a heterogeneous web page in the target website based on a need of the user, when the heterogeneous web page in the currently logged-in website changes, a stored token generation interface may be adjusted based on the change, that is, in the above solution, the method may further include:
and scanning the target system embedded in the current login website, judging whether a new target system is embedded in or removed from the current login website, acquiring and storing a token generation interface of the new target system at the client when the new target system is embedded in the current login website, and deleting the stored and removed token generation interface of the target system by the client when the target system is removed from the current login website.
In this embodiment, corresponding to the above method, the present application also discloses a token replacement device, and the specific working contents of each unit in the device, please refer to the contents of the above method embodiment, and the token replacement device provided in the embodiment of the present invention is described below, and the token replacement device described below and the above described token replacement method may be referred to correspondingly.
Referring to fig. 3, a token replacement apparatus disclosed in an embodiment of the present application includes:
the system comprises a first token data acquisition unit 100, a second token data acquisition unit and a third token data acquisition unit, wherein the first token data acquisition unit is used for responding to a token acquisition request of a login user for a website system corresponding to a current login website and storing first token data corresponding to the token acquisition request;
a replacement request response unit 200, configured to, when it is detected that a page background initiates a token replacement request, parse the token replacement request to obtain identification information of a target system that needs to perform token conversion;
a verifying unit 300, configured to verify whether the first token data for token replacement is legal;
the second token data acquisition unit 400 is configured to, if it is detected that the first token data is legitimate, acquire second token data of the target system, and store the second token data to a front end;
the data interaction unit 500 is configured to, when it is detected that a user triggers a heterogeneous page, read the second token data, and initiate a data request to the target system based on the second token data; and acquiring and displaying the feedback data of the target system.
Corresponding to the method, before responding to a token acquisition request of a login user to a website system corresponding to a currently logged-in website, the first token data acquisition unit is further configured to: acquiring and storing an authentication interface of a website system;
the second token data acquisition unit is used for acquiring and storing a token generation interface of the target system before acquiring second token data of the target system;
at this time, the verifying whether the first token data for token replacement is legitimate includes:
verifying whether first token data for carrying out token replacement is legal or not by adopting an authentication interface of the website system;
the obtaining second token data of the target system includes:
and acquiring second token data of the target system through a token generation interface of the target system.
Corresponding to the above method, when the number of the stored token generation interfaces is greater than 1, obtaining second token data of the target system through the token generation interface of the target system includes:
and acquiring second token data of the target system through a token generation interface of the target system corresponding to the heterogeneous page.
Corresponding to the method, the method also comprises the following steps:
and scanning the target system embedded in the current login website, judging whether a new target system is embedded in or removed from the current login website, acquiring and storing a token generation interface of the new target system when the new target system is embedded in the current login website, and deleting the stored and removed token generation interface of the target system when the target system is removed from the current login website.
In accordance with the foregoing method, the present application also discloses a storage medium, wherein the storage medium stores a plurality of instructions, and the instructions are suitable for being loaded by a processor to execute the steps of the token replacement method according to any one of the foregoing methods.
Specifically, corresponding to the method, the instructions are specifically configured to, when executed, perform the following operations:
responding to a token acquisition request of a login user for a website system corresponding to a current login website, and storing first token data corresponding to the token acquisition request;
when a page background is detected to initiate a token replacement request, analyzing the token replacement request to obtain identification information of a target system needing token conversion;
verifying whether the first token data for token replacement is legal;
if the token is legal, second token data of the target system is obtained, and the second token data is stored to the front end;
when detecting that a user triggers a heterogeneous page, reading the second token data, and initiating a data request to the target system based on the second token data;
and acquiring and displaying the feedback data of the target system.
Before responding to a token acquisition request of a login user to a website system corresponding to a current login website, the instruction is further configured to:
acquiring and storing an authentication interface of a website system and a token generation interface of a target system;
the verifying whether the first token data for token replacement is legitimate includes:
verifying whether first token data for carrying out token replacement is legal or not by adopting an authentication interface of the website system;
the obtaining second token data of the target system includes:
and acquiring second token data of the target system through a token generation interface of the target system.
When the number of the stored token generation interfaces is greater than 1, and the instruction obtains the second token data of the target system through the token generation interface of the target system, the method specifically includes:
and acquiring second token data of the target system through a token generation interface of the target system corresponding to the heterogeneous page.
The instructions are further operable to:
and scanning the target system embedded in the current login website, judging whether a new target system is embedded in or removed from the current login website, acquiring and storing a token generation interface of the new target system when the new target system is embedded in the current login website, and deleting the stored and removed token generation interface of the target system when the target system is removed from the current login website.
The storage medium may be implemented in the form of a code, and the type and the encoding mode of the code may be selected according to the needs of a user.
For convenience of description, the above system is described with the functions divided into various modules, which are described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations of the invention.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, the system or system embodiments are substantially similar to the method embodiments and therefore are described in a relatively simple manner, and reference may be made to some of the descriptions of the method embodiments for related points. The above-described system and system embodiments are only illustrative, wherein the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
It is further noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.