CN106339441A - Form calling method, device and system - Google Patents
Form calling method, device and system Download PDFInfo
- Publication number
- CN106339441A CN106339441A CN201610703091.4A CN201610703091A CN106339441A CN 106339441 A CN106339441 A CN 106339441A CN 201610703091 A CN201610703091 A CN 201610703091A CN 106339441 A CN106339441 A CN 106339441A
- Authority
- CN
- China
- Prior art keywords
- calling
- information
- request
- client
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
- G06F16/986—Document structures and storage, e.g. HTML extensions
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a form calling method, device and system and is applied to a server side. The server side corresponds to a first area and comprises a form calling service and a form calling agent, a target condition is set in advance, the form calling agent receives a calling request transmitted from a client side from a second area, the calling request is used for requesting to use a first form and calling for at least one second form in the server side, wherein the calling request comprises corresponding resource locators of the first form and each second form, the form calling agent transfers to the form calling service according to the calling request, when determining that the calling request meets the target condition, the form calling service registers a corresponding association form according to the calling request, and the second form is called to the client side when the form calling agent registers successfully. The security of cross-domain calling of the form is improved.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a form calling method, device and system.
Background
Under the condition of rapid development of the internet and enterprise application integration environment, due to different resource distribution or diversification of internal systems of enterprises, cross-domain operation becomes a common method for integrating application systems.
Currently, a certain degree of Cross-domain may be implemented by a CORS (Cross-Origin Resource Sharing) policy, and the implementation may include: for example, when the client in the second domain needs to call the form corresponding to the server in the first domain, a header may be added to the URL corresponding to the first domain, and the adding manner of the header to the URL is "Access-Control-allocation-authority", so that the client in the second domain may call the form corresponding to the server in the first domain.
However, in the existing manner, not only the client in the second domain can call the form corresponding to the server in the first domain, but also the clients in other domains can call the form, so that the security of the existing cross-domain call of the form is low.
Disclosure of Invention
The embodiment of the invention provides a form calling method, a form calling device and a form calling system, which are used for improving the safety of cross-domain calling of forms.
In a first aspect, an embodiment of the present invention provides a form calling method, which is applied to a server, where the server corresponds to a first domain, and the server includes: the form calling service and the form calling agent, the method comprises the following steps:
presetting target conditions;
the form calling agent receives a calling request sent by a client corresponding to a second domain, wherein the calling request is used for requesting to use a first form in the client and calling at least one second form in the server, and the calling request comprises a resource locator of the first form and a resource locator corresponding to each second form;
the form calling agent forwards the calling request to the form calling service;
when the form calling service determines that the calling request meets the preset target condition, registering a corresponding associated form according to the calling request;
and the form calling agent calls the at least one second form to the client when the registration is determined to be successful.
Preferably, the first and second electrodes are formed of a metal,
the invocation request further includes: a form number of the first form;
the registering of the corresponding associated form according to the call request includes: and the form calling service uses the form number of the first form as a parent code of each second form according to the form number of the first form included in the calling request to generate a child code corresponding to each second form, and stores an associated form including the parent code and each child code.
Preferably, the first and second electrodes are formed of a metal,
further comprising: the form calling service registers form information corresponding to the server and form information corresponding to the client;
the determining that the call request meets the preset target condition includes:
and when the registered form information comprises the form information of the first form and the registered form information comprises the form information of each second form, determining that the calling request meets the preset target condition.
Preferably, the first and second electrodes are formed of a metal,
further comprising: the form calling service sets blacklist form information;
the determining that the call request meets the preset target condition includes:
and when the blacklist form information does not include the form information corresponding to the first form and the blacklist form information does not include the form information corresponding to each second form, determining that the calling request meets the preset target condition.
Preferably, the first and second electrodes are formed of a metal,
and the form calling agent acquires data information corresponding to each second form in the at least one second form and sends the at least one data information to the client.
In a second aspect, an embodiment of the present invention provides a form invoking device, which is applied to a server, and the device includes:
the form calling agent is used for receiving a calling request sent by a client corresponding to a second domain, wherein the calling request is used for requesting to use a first form in the client and calling at least one second form in the server, and the calling request comprises a resource locator of the first form and a resource locator corresponding to each second form; forwarding the form calling service to the form calling service according to the calling request; when the registration is determined to be successful, calling the at least one second form to the client;
and the form calling service is used for storing set target conditions, and registering a corresponding associated form according to the calling request when the calling request is determined to meet the preset target conditions.
Preferably, the first and second electrodes are formed of a metal,
the form calling service is specifically configured to use the form number of the first form as a parent code of each second form according to the form number of the first form included in the calling request, so as to generate a child code corresponding to each second form, and store an associated form including the parent code and each child code; wherein the invocation request includes: a form number of the first form.
Preferably, the first and second electrodes are formed of a metal,
the form calling service is specifically used for registering form information corresponding to the service end and form information corresponding to the client; when the registered form information comprises the form information of the first form and the registered form information comprises the form information of each second form, determining that the calling request meets the preset target condition;
preferably, the first and second electrodes are formed of a metal,
the form calling service is specifically used for setting blacklist form information; and when the blacklist form information does not include the form information corresponding to the first form and the blacklist form information does not include the form information corresponding to each second form, determining that the calling request meets the preset target condition.
Preferably, the first and second electrodes are formed of a metal,
the form calling agent is specifically configured to collect data information corresponding to each of the at least one second form, and send the at least one data information to the client.
In a third aspect, an embodiment of the present invention provides a form invocation system, where the system includes:
the form calling device and the client terminal of the second aspect; wherein,
and the client corresponds to a second domain and is used for sending a calling request to the form calling device and receiving at least one second form sent by the form calling device.
The embodiment of the invention provides a form calling method, a form calling agent and a form calling system, wherein a form calling service and a form calling agent are arranged at a server, a calling request sent by a client corresponding to a second domain is received by the form calling agent, at least one second form in the server is requested to be called by using a first form in the client, the form calling service is forwarded to the form calling service according to the calling request, when the form calling service determines that the calling request meets the preset target condition, a corresponding associated form is registered according to the calling request, and when the form calling agent determines that the form calling service is successfully registered, the at least one second form is called to the client The operation steps of registering and calling can be carried out only after the set target conditions are met, so that malicious programs which do not meet the target conditions are prevented from calling the form, and the safety of cross-domain calling of the form is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow diagram of a form invocation method provided by an embodiment of the present invention;
FIG. 2 is a flowchart of a form invocation method according to another embodiment of the present invention;
fig. 3 is a schematic structural diagram of a form calling apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a form invocation system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
As shown in fig. 1, an embodiment of the present invention provides a form calling method, which is applied to a server, where the server corresponds to a first domain, and the server includes: a form invocation service and a form invocation proxy, the method may include the steps of:
step 101: setting a target condition;
step 102: the form calling agent receives a calling request sent by a client corresponding to a second domain, wherein the calling request is used for requesting to use a first form in the client and calling at least one second form in the server, and the calling request comprises a resource locator of the first form and a resource locator corresponding to each second form;
step 103: the form calling agent forwards the form calling service according to the calling request;
step 104: when the form calling service determines that the calling request meets the preset target condition, registering a corresponding associated form according to the calling request;
step 105: and the form calling agent calls the at least one second form to the client when the registration is determined to be successful.
According to the embodiment, the form calling service and the form calling agent are called at the service end, the form calling agent is utilized to receive the calling request sent by the client corresponding to the second domain, the first form in the client is requested to call at least one second form in the service end, the form calling service is forwarded to the form calling service according to the calling request, when the form calling service determines that the calling request meets the preset target condition, the corresponding associated form is registered according to the calling request, and when the form calling agent determines that the form calling service is successfully registered, the at least one second form is called to the client, so that the invention determines whether the form information corresponding to the first form in the client and the at least one second form in the called service end meets the preset target condition or not after receiving the calling instruction, the registration and the call can be performed only after the requirements are met, and the operation steps of registration and call are performed first, so that malicious programs which do not meet the target conditions are prevented from calling the form, and the safety of cross-domain call of the form is improved.
In an embodiment of the present invention, in order to ensure that the first form is called by the second form corresponding to the first form, but not by other forms, the registering a corresponding associated form according to the call request and storing the associated form in the form call service includes:
the invocation request further includes: a form number of the first form;
the registering of the corresponding associated form according to the call request includes: and the form calling agent acquires the form number of the first form, takes the form number of the first form as a parent code of each second form to generate a child code corresponding to each second form, and stores the associated form comprising the parent code and each child code.
The form number of the first form is a unique serial number in an interactive system consisting of the client side corresponding to the second domain and the server side corresponding to the first domain, the form numbers of all forms are not repeated, the form numbers generated by calling at least two second forms corresponding to the server side each time the form numbers corresponding to the first form are generated randomly, and the form numbers generated each time are different. For example, the form number GS of the first form, if two forms are included in the second form, the sub-encodings corresponding to the two forms are GS01 and GS02, respectively. And storing the associated form generated according to the parent code and the child code in the form calling service.
According to the embodiment, the corresponding associated form is registered according to the call request, and the associated form is stored in the form call service, so that even if a plurality of forms of a client send call commands at the same time, the first form can be guaranteed to be called by the corresponding second form rather than other forms.
In an embodiment of the present invention, in order to ensure security of form invocation, before the form invocation, the form information corresponding to the server and the form information corresponding to the client are registered in the form invocation service, and when it is determined that the form information included in the received invocation request all satisfies the pre-registered form information, registration is allowed, including:
the form calling service registers form information corresponding to the server and form information corresponding to the client;
the determining that the call request meets the preset target condition includes:
and when the registered form information comprises the form information of the first form and the registered form information comprises the form information of each second form, determining that the calling request meets the preset target condition.
For example, the registered form information may be a URL (Uniform resource Locator) corresponding to the form. The URL corresponding to the form information of the form A information corresponding to the client is http:// www.test1.biaodana.com, and the URL corresponding to the form information of the form a corresponding to the server is http:// www.test2.biaodana.com. Then, when the form information in the call request includes the form a information and the form a information, it can be seen that the form information of the fade a is included in the registered form information, and when the form information of the form a is included in the registered form information, it is determined that the call request satisfies the preset target condition.
According to the embodiment, the form information corresponding to the server and the form information corresponding to the client are registered in the form calling service in advance, when the registered form information includes the form information of the first form and the registered form information includes the form information of each second form, the calling request is determined to meet the preset target condition, and then registration is allowed, so that it can be seen that only the form in which the form information is registered in advance can call the form corresponding to the server, and the form in which the form information is not registered is the form in which the form information is not registered, so that the form calling safety is improved.
In an embodiment of the present invention, in order to ensure the security of the form call, blacklist form information is set in the form call service before the form call, and registration is allowed only when it is determined that the form information in the received call request is not included in the blacklist form information, including:
the form calling service sets blacklist form information;
the determining that the call request meets the preset target condition includes:
and when the blacklist form information does not include the form information corresponding to the first form and the blacklist form information does not include the form information corresponding to each second form, determining that the calling request meets the preset target condition.
For example, some form information of programs with malicious attacks may be set in the blacklist information, for example, if a URL corresponding to a form in the client with the domain name test3 is http:// www.test3.biaodanx.com is a program with malicious attacks, the URL needs to be set in the blacklist form information table, and when none of the form information included in the call request is included in the set blacklist, it is determined that the call request satisfies the preset target condition.
According to the embodiment, by setting blacklist form information in the form calling service in advance, the form information corresponding to the first form is not included in the blacklist form information, and when the form information corresponding to each second form is not included in the blacklist form information, it is determined that the calling request meets the preset target condition, registration is not allowed, and calling limitation is performed on other domain clients in the blacklist form information, so that the form calling safety is improved.
In an embodiment of the present invention, in order to ensure that the at least one second form can be accurately called to the client, the method includes:
and the form calling agent acquires data information corresponding to each second form in the at least one second form and sends the at least one data information to the client.
For example, the second form to be called is form a and form B, and then the form calling agent collects data information, i.e., the form number corresponding to form a and form B and the data included in the form, and sends the data information to the client.
According to the embodiment, the form calling agent synthesizes the form information in the at least one second form into a data group and sends the data group to the client, so that the at least one second form can be accurately called to the client.
The following describes a form calling method provided in an embodiment of the present invention, taking a client side corresponding to a domain name test2 as an example, and calling a form a and a form B in a server side corresponding to a domain name test1 using a form a, as shown in fig. 2, where the form calling method may include the following steps:
step 201: and deploying a form calling service and a form calling agent at the service end.
The form call service may be an application program, the form call agent may be a script program written using javascript, and the form call service and the form call agent are deployed together and are both deployed at a server corresponding to at least one second form to be called. The form calling service is operated as a WebSocket service or a SignalR service at the server side.
Step 202: a target condition is set.
In this embodiment, the purpose of setting the target condition is to limit the invocation of forms in the server by other domain clients.
Wherein the set target condition at least includes the following two forms:
form 1: and the form calling service registers form information corresponding to the server and form information corresponding to the client.
The form information registered in the form calling service is the form information that is allowed to be called in the service side and the form information of other domain clients that are allowed to be called. For example, the domain name corresponding to the server is test1, the server includes a large amount of form information, and the form information allowed to be called may include: form information A, form information B and form information C. For other domain clients, for example, a client with a corresponding domain name of test2, the form information allowed to be called may include: form information a, form information b, and form information c.
The registered form information may be a URL corresponding to the form. For example, the URL corresponding to the form information A is http:// www.test1.biaodana.com, and the URL corresponding to the form information a is http:// www.test2.biaodana.com.
The registered URL may be stored in the form calling service in a set form information table.
Form 2: the form call service sets blacklist form information.
And setting blacklist form information in the form calling service, and aiming at carrying out calling limitation on other domain clients in the blacklist form information. Some form information with malicious attack programs can be set in the blacklist form information, for example, if a URL corresponding to a form in a client with a domain name of test3 is http:// www.test3.biaodanx.com with a malicious attack program, the URL needs to be set in the blacklist form information table.
The target condition is set by adopting a form 1 or a form 2, and the set form information is stored in a form information table in the form calling service, and the form information table can be recorded in a text file or directly stored in a database of a server corresponding to a domain name test1.
Step 203: the client with the domain name test2 sends a call request to the server with the domain name test1.
The calling request comprises a form a in a client side with a domain name of test2, and a form A and a form B in a server side with a domain name of test1, wherein the calling request comprises a resource locator http:// www.test2.biaodana.com of the form a, a resource locator http:// www.test1.biaodana.com of the form A, a resource locator http:// www.test1.biaodanb.com of the form B, and a form number GS of the form a.
The form number of the form a is a unique serial number in the system of the client and the server, and the serial number has no special requirement in a forming mode and is ensured not to be repeated in the system. And the form number of the form a is randomly generated each time the forms of other fields are called, and is not repeated each time.
Step 204: and the form calling agent forwards the form calling service according to the calling request.
The form calling agent transfers the calling requests including the form a in the client side with the domain name of test2, the form A and the form B in the service side with the domain name of test1, wherein the calling requests include the resource locator http:// www.test2.biaodana.com of the form a, the resource locator http:// www.test1.biao dana.com of the form A, the resource locator http:// www.test1.biaodanb.com of the form B, the form number GS of the form a and other information to the form calling service.
The core implementation code of the form call agent to implement the form call may be the following code:
step 205: the form call service determines whether the call request meets the preset target condition, and if so, executes step 206; otherwise, step 209 is performed.
Whether the call request satisfies the target condition may be determined according to two types of target conditions set in step 202:
with respect to the above form 1:
and judging whether the form information corresponding to the server and the form information corresponding to the client in the calling request meet the registered form information.
In this embodiment, the form information included in the call request is the resource locator http:// www.test2.biaodana.com of the form a, the resource locator http:// www.test1.biao dan. com of the form a, and the resource locator http:// www.test1.biaodanb.com of the form B, when the form information registered in step 202 includes the resource locator of the form a, and the form information registered in step 202 includes the form information of the form a and the form B, it is determined that the call request satisfies the predetermined target condition, when the form information registered in step 202 includes the resource locator of the form a, and the form information registered in step 202 includes the form information of the form a, but the form information registered in step 202 does not include the form information of the form B, it is determined that the call request does not satisfy the predetermined target condition, that is only when the form information of all forms involved in the call command includes the form information registered in step 202, the call request is deemed to satisfy the preset target condition.
With respect to the above form 2:
and judging whether the form information corresponding to the server and the form information corresponding to the client in the calling request are registered in the blacklist form information.
In this embodiment, the form information included in the call request is http:// www.test2.biaodana.com of form a, http:// www.test1.biao dana. com of form a, http:// www.test1.biaodanb.com of form B, when the blacklist form information set in step 202 does not include the resource locator of form a, and the blacklist form information set in step 202 does not include the form information of form a and form B, it is determined that the call request satisfies the predetermined target condition, when the blacklist form information set in step 202 does not include the resource locator of form a, and the blacklist form information set in step 202 does not include the form information of form a, but the blacklist form information set in step 202 includes the form information of form B, it is determined that the call request does not satisfy the predetermined target condition, that is, the call request is considered to satisfy the preset target condition only when the form information of all forms involved in the call command is not included in the blacklist form information set in step 202.
For example, the form call service checking whether the set target condition is satisfied may be the following code:
step 206: and according to the form number GS of the form a included in the call request, taking the form number GS of the form a as the parent codes of the form A and the form B to generate the child codes corresponding to the form A and the form B, and storing the associated form including the parent codes and each child code.
The form number GS of the form a is a unique serial number in the system of interaction between the service end with the domain name test1 and the client end with the domain name test2, the form numbers of the forms are not repeated, the form numbers GS of the form a call at least two second forms of the service end with the domain name test1 each time, the form numbers are generated randomly, and the form numbers generated each time are different. For example, the form number GS of the form a is used as the parent codes of the form a and the form B, and the corresponding child codes of the form a and the form B are GS01 and GS02, respectively. And storing the associated form generated according to the parent code and the child code in the form calling service.
After the call request is determined to meet the preset target condition, the generated associated form is registered in the form call service at the server side through fmc, server, and registered code of the form call service agent, wherein the associated form is stored in the form call service, and even if a plurality of forms at a client side send call commands at the same time, the first form can be ensured to be called by the second form corresponding to the first form, but not by other forms. If the form a is a called form, the parentCode of the form a is null, the form a transmits the form corresponding to the form a to the called form a and the form B through the URL, the form a and the form B acquire the form number corresponding to the form a and then use the form number as the parentCode, and generate the associated form together with the forms of the form a and the form B.
Step 207: and registering the corresponding associated form according to the calling request, and feeding back a notification of successful registration to the form calling agent.
And the associated form generated according to the parent code and the child code is registered in the form calling service according to the calling request, and a notification of successful registration is sent to the form calling agent after the registration is successful.
Step 208: and after the form calling agent determines that the registration is successful, the form calling agent collects the data information in the form A and the form B and sends the data information in the form A and the form B to the client.
The form calling agent collecting the data information in the form a and the form B may include: the form number and the data in the form are sent to the client with the corresponding domain name test2 and displayed in the browser of the client.
Step 209: and sending a notice of refusing the call to the client.
For example, a DOS window is sent to the client corresponding to the domain name test2, and information of the form a and the form B of the server corresponding to the domain name test1 cannot be called is displayed.
And the associated form which is successfully registered by the form calling agent is stored in the form calling service, the form number, the called method and the called parameter of the called form are specified by using the form calling service agent through a SendInvokeCD method, the at least one second form is generated into a corresponding data group and is transmitted to the form calling agent, the data group is transmitted to the client through the form calling agent, and the client accesses the second form through a browser.
As shown in fig. 3, an embodiment of the present invention provides a form calling apparatus, including:
the form calling agent 301 is configured to receive a calling request sent by a client corresponding to a second domain, where the calling request is used to request to use a first form in the client and call at least one second form in the server, where the calling request includes a resource locator of the first form and a resource locator corresponding to each second form, and send the calling request to the form calling service 302 according to the calling request, and when it is determined that registration is successful, call the at least one second form to the client.
The form calling service 302 is used for storing set target conditions, and registering corresponding associated forms according to the calling request when the preset target conditions are met;
in an embodiment of the present invention, the form calling service 302 is specifically configured to, according to the form number of the first form included in the call request, use the form number of the first form as a parent code of each second form to generate a child code corresponding to each second form, and store an associated form including the parent code and each child code; wherein the invocation request includes: a form number of the first form.
In an embodiment of the present invention, the form invoking service 302 is specifically configured to register form information corresponding to the server and form information corresponding to the client; when the registered form information comprises the form information of the first form and the registered form information comprises the form information of each second form, determining that the calling request meets the preset target condition;
in an embodiment of the present invention, the form call service 302 is specifically configured to set blacklist form information; and when the blacklist form information does not include the form information corresponding to the first form and the blacklist form information does not include the form information corresponding to each second form, determining that the calling request meets the preset target condition.
In an embodiment of the present invention, the form calling agent 301 is specifically configured to collect data information corresponding to each of the at least one second form, and send the at least one data information to the client.
Referring to fig. 4, an embodiment of the present invention further provides a form calling system, where the form calling system may include: the form calling device 30 and the client 40, wherein the client 40 sends a calling request to the form calling device 30 corresponding to the second domain, and the form calling agent 301 in the form calling device receives the calling request, wherein the calling request is used for requesting to use the first form in the client 40, the calling request is applied to at least one second form in the corresponding server by the form calling device 30, and the calling request includes the resource locator of the first form and the resource locator corresponding to each second form; the form calling agent 301 forwards the call request to a form calling service 302 in the form calling device 30, when the form calling service 302 determines that the call request meets the preset target condition, the form calling service 302 registers a corresponding associated form according to the call request and feeds a notification of successful registration back to the form calling agent 301, and when the form calling agent 301 determines that the registration is successful, the form calling agent 301 calls the at least one second form to the client 40. Therefore, the form calling operation steps of firstly registering and then calling can effectively avoid malicious programs which do not meet target conditions from calling the form, and therefore the safety of cross-domain calling of the form is improved.
Because the information interaction, execution process, and other contents between the units in the device are based on the same concept as the method embodiment of the present invention, specific contents may refer to the description in the method embodiment of the present invention, and are not described herein again.
In summary, the embodiments of the present invention can at least achieve the following beneficial effects:
1. in the embodiment of the invention, a service end form calling service and a form calling agent are used, the form calling agent is used for receiving a calling request sent by a client corresponding to a second domain, the request is to use a first form in the client to call at least one second form in the service end, the calling request is forwarded to the form calling service, when the form calling service determines that the calling request meets the preset target condition, the form calling service registers a corresponding associated form according to the calling request, and when the form calling agent determines that the form calling service registers successfully, the form calling agent calls the at least one second form to the client, therefore, after a calling instruction, whether the form information corresponding to the first form in the client and the at least one second form in the called service end meets the preset target condition is determined in advance, the registration and the call can be performed only after the requirements are met, and the operation steps of registration and call are performed first, so that malicious programs which do not meet the target conditions are prevented from calling the form, and the safety of cross-domain call of the form is improved.
2. In the embodiment of the invention, the corresponding associated form is registered according to the calling request, and the associated form is stored in the form calling service, so that even if a plurality of forms of a client send calling commands at the same time, the first form can be ensured to be called by the corresponding second form rather than other forms.
3. In the embodiment of the invention, the form information corresponding to the server and the form information corresponding to the client are registered in the form calling service in advance, and when the calling request is received, the registration is allowed only when at least one second form in the server in the calling request is checked to be consistent with the registered form information corresponding to the client, so that the form corresponding to the server can be called only by the form in which the form information is registered in advance, and the form without the registered form information is not allowed to call the form of the server, thereby improving the safety of form calling.
4. In the embodiment of the invention, the blacklist form information is set in the form calling service in advance, registration is allowed only when all the form information in the calling request is received and is not set in the blacklist form information, and registration is not allowed only when one form information in the calling request is received and is in the blacklist form information, so that the form at the server side can not be called, and the form calling safety is improved.
5. In the embodiment of the invention, the form calling agent synthesizes the form information in the at least one second form into a data group and sends the data group to the client, so that the at least one second form can be accurately called to the client.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a" does not exclude the presence of other similar elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it is to be noted that: the above description is only a preferred embodiment of the present invention, and is only used to illustrate the technical solutions of the present invention, and not to limit the protection scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. A form calling method is applied to a server, the server corresponds to a first domain, and the server comprises: the form calling service and the form calling agent preset target conditions, and the method further comprises the following steps:
the form calling agent receives a calling request sent by a client corresponding to a second domain, wherein the calling request is used for requesting to use a first form in the client and calling at least one second form in the server, and the calling request comprises a resource locator of the first form and a resource locator corresponding to each second form;
the form calling agent forwards the calling request to the form calling service;
when the form calling service determines that the calling request meets the preset target condition, registering a corresponding associated form according to the calling request;
and the form calling agent calls the at least one second form to the client when the registration is determined to be successful.
2. The method of claim 1,
the invocation request further includes: a form number of the first form;
the registering of the corresponding associated form according to the call request includes: and the form calling service uses the form number of the first form as a parent code of each second form according to the form number of the first form included in the calling request to generate a child code corresponding to each second form, and stores an associated form including the parent code and each child code.
3. The method of claim 1,
further comprising: the form calling service registers form information corresponding to the server and form information corresponding to the client;
the determining that the call request meets the preset target condition includes:
and when the registered form information comprises the form information of the first form and the registered form information comprises the form information of each second form, determining that the calling request meets the preset target condition.
4. The method of claim 1,
further comprising: the form calling service sets blacklist form information;
the determining that the call request meets the preset target condition includes:
and when the blacklist form information does not include the form information corresponding to the first form and the blacklist form information does not include the form information corresponding to each second form, determining that the calling request meets the preset target condition.
5. The method according to any of claims 1-4, wherein said invoking said at least one second form to said client comprises:
and the form calling agent acquires data information corresponding to each second form in the at least one second form and sends the at least one data information to the client.
6. A form calling device is applied to a server, wherein the server corresponds to a first domain, and the form calling device comprises:
the form calling agent is used for receiving a calling request sent by a client corresponding to a second domain, wherein the calling request is used for requesting to use a first form in the client and calling at least one second form in the server, and the calling request comprises a resource locator of the first form and a resource locator corresponding to each second form; forwarding the form calling service to the form calling service according to the calling request; when the registration is determined to be successful, calling the at least one second form to the client;
and the form calling service is used for storing set target conditions, and registering a corresponding associated form according to the calling request when the calling request is determined to meet the preset target conditions.
7. The form invocation device according to claim 6,
the form calling service is specifically configured to use the form number of the first form as a parent code of each second form according to the form number of the first form included in the calling request, so as to generate a child code corresponding to each second form, and store an associated form including the parent code and each child code; wherein the invocation request includes: a form number of the first form.
8. The form invocation device according to claim 6,
the form calling service is specifically used for registering form information corresponding to the service end and form information corresponding to the client; when the registered form information comprises the form information of the first form and the registered form information comprises the form information of each second form, determining that the calling request meets the preset target condition;
and/or the presence of a gas in the gas,
the form calling service is specifically used for setting blacklist form information; and when the blacklist form information does not include the form information corresponding to the first form and the blacklist form information does not include the form information corresponding to each second form, determining that the calling request meets the preset target condition.
9. The form invocation device according to any of claims 6-8,
the form calling agent is specifically configured to collect data information corresponding to each of the at least one second form, and send the at least one data information to the client.
10. A form invocation system, comprising: the form invocation apparatus of any of claims 6-9, and, a client; wherein,
and the client corresponds to a second domain and is used for sending a calling request to the form calling device and receiving at least one second form sent by the form calling device.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610703091.4A CN106339441A (en) | 2016-08-22 | 2016-08-22 | Form calling method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610703091.4A CN106339441A (en) | 2016-08-22 | 2016-08-22 | Form calling method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106339441A true CN106339441A (en) | 2017-01-18 |
Family
ID=57825474
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610703091.4A Pending CN106339441A (en) | 2016-08-22 | 2016-08-22 | Form calling method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106339441A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395365A (en) * | 2020-03-12 | 2021-09-14 | 中国移动通信集团山东有限公司 | Method and device for integrating view of micro-service system, computer equipment and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101615179A (en) * | 2008-06-25 | 2009-12-30 | 国际商业机器公司 | Method and system for cross-domain interaction of web applications |
| CN103023790A (en) * | 2012-12-31 | 2013-04-03 | 北京京东世纪贸易有限公司 | Method and system used for realizing cross-domain interactive access |
| CN103778107A (en) * | 2012-10-25 | 2014-05-07 | 上海宝信软件股份有限公司 | Method and platform for quickly and dynamically generating form based on EXCEL |
| CN103825900A (en) * | 2014-02-28 | 2014-05-28 | 广州云宏信息科技有限公司 | Website access method and device and filter form downloading and updating method and system |
| CN104410757A (en) * | 2014-10-20 | 2015-03-11 | 中国联合网络通信集团有限公司 | Composite service information processing method and device |
| CN104753901A (en) * | 2013-12-31 | 2015-07-01 | 上海格尔软件股份有限公司 | WEB firewall realization method based on intelligent form analysis |
| CN105808701A (en) * | 2015-11-23 | 2016-07-27 | 江苏中威科技软件系统有限公司 | Method and system for realizing automated form verification and communication between multiple systems |
-
2016
- 2016-08-22 CN CN201610703091.4A patent/CN106339441A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101615179A (en) * | 2008-06-25 | 2009-12-30 | 国际商业机器公司 | Method and system for cross-domain interaction of web applications |
| CN103778107A (en) * | 2012-10-25 | 2014-05-07 | 上海宝信软件股份有限公司 | Method and platform for quickly and dynamically generating form based on EXCEL |
| CN103023790A (en) * | 2012-12-31 | 2013-04-03 | 北京京东世纪贸易有限公司 | Method and system used for realizing cross-domain interactive access |
| CN104753901A (en) * | 2013-12-31 | 2015-07-01 | 上海格尔软件股份有限公司 | WEB firewall realization method based on intelligent form analysis |
| CN103825900A (en) * | 2014-02-28 | 2014-05-28 | 广州云宏信息科技有限公司 | Website access method and device and filter form downloading and updating method and system |
| CN104410757A (en) * | 2014-10-20 | 2015-03-11 | 中国联合网络通信集团有限公司 | Composite service information processing method and device |
| CN105808701A (en) * | 2015-11-23 | 2016-07-27 | 江苏中威科技软件系统有限公司 | Method and system for realizing automated form verification and communication between multiple systems |
Non-Patent Citations (1)
| Title |
|---|
| 康贤主编: "《Visual FoxPro数据库程序设计教程 第2版》", 31 August 2012 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113395365A (en) * | 2020-03-12 | 2021-09-14 | 中国移动通信集团山东有限公司 | Method and device for integrating view of micro-service system, computer equipment and storage medium |
| CN113395365B (en) * | 2020-03-12 | 2022-11-15 | 中国移动通信集团山东有限公司 | Microservice system view integration method, device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20240396858A1 (en) | Determining Authenticity of Reported User Action in Cybersecurity Risk Assessment | |
| US12019777B2 (en) | System and method for implementing data sovereignty safeguards in a distributed services network architecture | |
| CN110113366B (en) | CSRF vulnerability detection method and device, computing device and storage medium | |
| CN107634967B (en) | A CSRFToken defense system and method for CSRF attack | |
| US8250138B2 (en) | File transfer security system and method | |
| JP2018536232A (en) | System and method for controlling sign-on to a web application | |
| US20220329622A1 (en) | Low touch integration of a bot detection service in association with a content delivery network | |
| US9251367B2 (en) | Device, method and program for preventing information leakage | |
| CN102884764A (en) | Message receiving method, deep packet inspection device, and system | |
| JP6666441B2 (en) | IP address obtaining method and apparatus | |
| CN108989355A (en) | A kind of leak detection method and device | |
| CN106899549A (en) | A kind of network security detection method and device | |
| US20250016164A1 (en) | Access request capturing method and apparatus, and computer device and storage medium | |
| CN113709136B (en) | Access request verification method and device | |
| CN106339441A (en) | Form calling method, device and system | |
| US12452292B1 (en) | Inspecting requests and responses to identify application vulnerabilities | |
| CN105933298B (en) | Apparatus and method for performing Transmission Control Protocol handshake | |
| CN114978590B (en) | API safety protection method, equipment and readable storage medium | |
| CN107343028B (en) | Communication method and system based on HTTP (hyper text transport protocol) | |
| CN111988473B (en) | Voice communication call control method and device based on intelligent contract | |
| KR102148189B1 (en) | Apparatus and method for protecting malicious site | |
| US12445412B2 (en) | Automated service worker installation for client-initiated user identification and DLP scanning | |
| CN112003848B (en) | Method and equipment for logging in multiple accounts in same browser | |
| US20220321530A1 (en) | Method and system for enhancing computer network security | |
| US20160086194A1 (en) | Method, apparatus and system for providing a secure and user identifiable service signature |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170118 |
|
| RJ01 | Rejection of invention patent application after publication |