CN108173839A

CN108173839A - Rights management method and system

Info

Publication number: CN108173839A
Application number: CN201711431178.1A
Authority: CN
Inventors: 李钢
Original assignee: Beijing Qihoo Technology Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd
Priority date: 2017-12-26
Filing date: 2017-12-26
Publication date: 2018-06-15
Anticipated expiration: 2037-12-26
Also published as: CN108173839B

Abstract

The invention discloses a rights management method and system. Wherein, the method includes: storing the authority configuration information corresponding to each application server in the authority management database; when receiving the authority management request from the application server, obtaining the authority keyword contained in the authority management request; according to the authority management The permission configuration information stored in the database determines the permission query result corresponding to the permission keyword; returns a response message corresponding to the permission management request to the application server according to the permission query result. It can be seen that, by adopting this solution, the permission information of multiple application systems can be managed and queried in a unified manner, without the need for each application system to maintain the permission management information by itself, which saves the overhead of each application system and improves the business operation efficiency of the application system. Provides convenience for rights management operations.

Description

Rights management method and system

技术领域technical field

本发明涉及计算机技术领域，具体涉及一种权限管理方法及系统。The present invention relates to the field of computer technology, in particular to a rights management method and system.

背景技术Background technique

目前，随着计算机技术的普及，各类应用系统层出不穷，为用户的使用带来了诸多便利。例如，有些应用系统能够为用户提供各类试题的查询和使用功能，有些应用系统能够为用户提供便捷的购物功能，还有些应用系统能够为用户提供阅读功能。At present, with the popularization of computer technology, various application systems emerge in an endless stream, bringing a lot of convenience to users. For example, some application systems can provide users with query and use functions of various test questions, some application systems can provide users with convenient shopping functions, and some application systems can provide users with reading functions.

通常情况下，每个应用系统具有对应的授权操作用户，不同的授权操作用户可能具有不同的操作权限。例如，以试题类应用系统为例，其授权操作用户包括运维类用户和消费类用户。其中，运维类用户负责对试题类应用系统进行各种设置操作，消费类用户能够浏览其购买的试题内容。由此可见，运维类用户和消费类用户的操作权限不同。并且，同样是消费类用户，用户A和用户B所能浏览的试题内容也会有所不同。为了分别为不同的用户设置对应的操作权限，需要在该试题类应用系统的内部进行权限配置操作，以实现权限管理功能。由此可见，在现有技术中，各个应用系统为了实现权限管理操作，需要在系统内部实现权限配置及管理功能。Usually, each application system has a corresponding authorized operation user, and different authorized operation users may have different operation permissions. For example, taking the test application system as an example, its authorized operating users include operation and maintenance users and consumption users. Among them, the operation and maintenance users are responsible for various setting operations on the test application system, and the consumer users can browse the content of the test questions they purchased. It can be seen that the operation permissions of operation and maintenance users and consumption users are different. Moreover, for the same consumer users, the content of the test questions that user A and user B can browse will also be different. In order to set corresponding operation permissions for different users, permission configuration operations need to be performed inside the test application system to realize the permission management function. It can be seen that, in the prior art, in order to implement the authority management operation, each application system needs to implement authority configuration and management functions within the system.

然而，发明人在实现本发明的过程中发现，现有技术中的上述方式至少存在下述缺陷：每个应用系统除了负责维护与业务运行相关的业务数据外，还必须额外维护与权限管理相关的数据，由此大幅增加了应用系统的负荷，为应用系统的正常业务运行带来了不必要的影响。However, in the process of implementing the present invention, the inventors found that the above-mentioned methods in the prior art have at least the following defects: each application system must maintain the business data related to business operation, and must also maintain additional rights related to authority management. As a result, the load on the application system has been greatly increased, which has brought unnecessary impact on the normal business operation of the application system.

发明内容Contents of the invention

鉴于上述问题，提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的权限管理方法及系统。In view of the above problems, the present invention is proposed to provide a rights management method and system that overcome the above problems or at least partially solve the above problems.

根据本发明的一个方面，提供了一种权限管理方法，包括：According to one aspect of the present invention, a rights management method is provided, including:

将与各个应用服务器相对应的权限配置信息存储到权限管理数据库中；Store the rights configuration information corresponding to each application server in the rights management database;

当接收到来自应用服务器的权限管理请求时，获取权限管理请求中包含的权限关键字；When receiving the permission management request from the application server, obtain the permission keyword included in the permission management request;

根据权限管理数据库中存储的权限配置信息确定与权限关键字相对应的权限查询结果；Determine the authority query result corresponding to the authority keyword according to the authority configuration information stored in the authority management database;

根据权限查询结果向应用服务器返回与权限管理请求相对应的响应消息。A response message corresponding to the permission management request is returned to the application server according to the permission query result.

根据本发明的另一方面，提供了一种权限管理系统，包括：According to another aspect of the present invention, a rights management system is provided, including:

存储模块，适于将与各个应用服务器相对应的权限配置信息存储到权限管理数据库中；A storage module, adapted to store the authority configuration information corresponding to each application server in the authority management database;

获取模块，适于当接收到来自应用服务器的权限管理请求时，获取权限管理请求中包含的权限关键字；The obtaining module is adapted to obtain the permission keyword contained in the permission management request when receiving the permission management request from the application server;

查询模块，适于根据权限管理数据库中存储的权限配置信息确定与权限关键字相对应的权限查询结果；A query module, adapted to determine the authority query result corresponding to the authority keyword according to the authority configuration information stored in the authority management database;

响应模块，适于根据权限查询结果向应用服务器返回与权限管理请求相对应的响应消息。The response module is adapted to return a response message corresponding to the rights management request to the application server according to the rights query result.

根据本发明的又一方面，提供了一种电子设备，包括：处理器、存储器、通信接口和通信总线，处理器、存储器和通信接口通过通信总线完成相互间的通信；According to yet another aspect of the present invention, an electronic device is provided, including: a processor, a memory, a communication interface, and a communication bus, and the processor, the memory, and the communication interface complete mutual communication through the communication bus;

存储器用于存放至少一可执行指令，可执行指令使处理器执行上述权限管理方法对应的操作。The memory is used to store at least one executable instruction, and the executable instruction causes the processor to execute the operation corresponding to the above rights management method.

根据本发明的再一方面，提供了一种计算机存储介质，存储介质中存储有至少一可执行指令，可执行指令使处理器执行如上述权限管理方法对应的操作。According to yet another aspect of the present invention, a computer storage medium is provided, wherein at least one executable instruction is stored in the storage medium, and the executable instruction causes a processor to perform operations corresponding to the above rights management method.

根据本发明公开的权限管理方法及系统，能够将各个应用服务器对应的权限配置信息存储到权限管理数据库中，相应地，当接收到来自应用服务器的权限管理请求时，根据权限管理请求中包含的权限关键字以及权限管理数据库中存储的权限配置信息确定与该权限关键字相对应的权限查询结果；根据该权限查询结果向应用服务器返回与权限管理请求相对应的响应消息。由此可见，本实施例中的方式能够对多个应用系统的权限信息进行统一管理和查询，无需各个应用系统自行维护权限管理信息，节省了各个应用系统的开销，提升了应用系统的业务运行效率，为权限管理操作提供了便利。According to the rights management method and system disclosed in the present invention, the rights configuration information corresponding to each application server can be stored in the rights management database. Correspondingly, when receiving a rights management request from an application server, according to the The permission keyword and the permission configuration information stored in the permission management database determine the permission query result corresponding to the permission keyword; return a response message corresponding to the permission management request to the application server according to the permission query result. It can be seen that the method in this embodiment can uniformly manage and query the permission information of multiple application systems, without the need for each application system to maintain the permission management information by itself, which saves the overhead of each application system and improves the business operation of the application system Efficiency provides convenience for rights management operations.

上述说明仅是本发明技术方案的概述，为了能够更清楚了解本发明的技术手段，而可依照说明书的内容予以实施，并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂，以下特举本发明的具体实施方式。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

附图说明Description of drawings

通过阅读下文优选实施方式的详细描述，各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的，而并不认为是对本发明的限制。而且在整个附图中，用相同的参考符号表示相同的部件。在附图中：Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same components. In the attached picture:

图1示出了本发明一个实施例的权限管理方法的流程示意图；FIG. 1 shows a schematic flow diagram of a rights management method according to an embodiment of the present invention;

图2示出了本发明另一个实施例的权限管理方法的流程示意图；FIG. 2 shows a schematic flow diagram of a rights management method according to another embodiment of the present invention;

图3示出了本发明又一实施例提供的一种权限管理系统的系统结构图；Fig. 3 shows a system structure diagram of a rights management system provided by another embodiment of the present invention;

图4示出了根据本发明实施例的一种电子设备的结构示意图。Fig. 4 shows a schematic structural diagram of an electronic device according to an embodiment of the present invention.

具体实施方式Detailed ways

下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例，然而应当理解，可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反，提供这些实施例是为了能够更透彻地理解本公开，并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

图1示出了本发明一个实施例的权限管理方法的流程示意图。如图1所示，该方法包括：Fig. 1 shows a schematic flowchart of a rights management method according to an embodiment of the present invention. As shown in Figure 1, the method includes:

步骤S110：将与各个应用服务器相对应的权限配置信息存储到权限管理数据库中。Step S110: storing the rights configuration information corresponding to each application server in the rights management database.

其中，应用服务器是为对应的应用提供业务支持的服务器。例如，以试题类应用为例，需要由试题类应用服务器为其提供业务支持，具体的试题类应用服务器的数量可能是一个，也可能是多个。本步骤及其后续步骤的执行主体可以为专用于管理各类应用的权限的权限管理系统，通过权限管理系统将与各个应用服务器相对应的权限配置信息存储到权限管理数据库中。Wherein, the application server is a server that provides service support for the corresponding application. For example, taking a test-question application as an example, the test-question application server needs to provide business support for it, and the number of specific test-question application servers may be one or multiple. The subject of execution of this step and subsequent steps may be a rights management system dedicated to managing rights of various applications, and the rights configuration information corresponding to each application server is stored in the rights management database through the rights management system.

其中，与各个应用服务器相对应的权限配置信息是指：与对应的应用相关的权限配置信息。具体地，权限配置信息可以包括多种，例如，可以包括应用权限配置信息、资源权限配置信息、终端权限配置信息、以及操作权限配置信息等。其中，应用权限配置信息用于配置应用本身的权限。资源权限配置信息用于配置应用中包含的各个资源所对应的权限，包括能够操作该资源的用户的用户标识和/或能够针对该资源执行的操作类型。终端权限配置信息用于配置各个用户终端所对应的权限，包括该用户终端能够操作的资源的资源标识和/或能够执行的操作类型。操作权限配置信息用于配置与各类操作相关的权限，包括某一操作类型所能适用的资源和/或用户终端。Wherein, the permission configuration information corresponding to each application server refers to the permission configuration information related to the corresponding application. Specifically, the permission configuration information may include multiple types, for example, it may include application permission configuration information, resource permission configuration information, terminal permission configuration information, and operation permission configuration information. Wherein, the application permission configuration information is used to configure permissions of the application itself. The resource permission configuration information is used to configure the permission corresponding to each resource included in the application, including the user ID of the user who can operate the resource and/or the type of operation that can be performed on the resource. The terminal authority configuration information is used to configure the authority corresponding to each user terminal, including the resource identifier of the resource that the user terminal can operate and/or the type of operation that can be performed. The operation permission configuration information is used to configure permissions related to various operations, including resources and/or user terminals applicable to a certain operation type.

除此之外，权限配置信息还可以包括多种形式的信息，只要与权限配置操作相关即可，本发明并不限定权限配置信息的具体内涵。In addition, the rights configuration information may also include various forms of information, as long as they are related to the rights configuration operation, and the present invention does not limit the specific connotation of the rights configuration information.

步骤S120：当接收到来自应用服务器的权限管理请求时，获取权限管理请求中包含的权限关键字。Step S120: When receiving the rights management request from the application server, obtain the rights keyword included in the rights management request.

其中，应用服务器发送的权限管理请求可以是由应用服务器自行触发并发送的。例如，当应用服务器所对应的运维人员需要查询该应用的权限配置情况时，可直接通过应用服务器发送权限管理请求。或者，应用服务器发送的权限管理请求可以是根据接收到的用户终端发送的操作请求触发的。例如，当第一用户终端针对该应用中包含的第一资源发送了查询类型的操作请求时，应用服务器根据该操作请求生成对应的权限管理请求。Wherein, the rights management request sent by the application server may be triggered and sent by the application server itself. For example, when the operation and maintenance personnel corresponding to the application server need to inquire about the permission configuration of the application, they can directly send a permission management request through the application server. Alternatively, the rights management request sent by the application server may be triggered according to the received operation request sent by the user terminal. For example, when the first user terminal sends a query-type operation request for the first resource included in the application, the application server generates a corresponding rights management request according to the operation request.

权限管理请求中包括权限关键字，该权限关键字用于确定对应的权限信息。权限关键字的具体内容和数量可根据实际情况设定。例如，在上述的第一种情况中，可由运维人员根据待查询的权限配置情况的具体内容设定该权限关键字。又如，在上述的第二种情况中，根据用户终端发送的操作请求确定该权限关键字，具体地，该权限关键字可包括：查询类操作信息、第一资源的资源标识信息、应用对应的应用标识、和/或第一用户终端的终端信息等。The permission management request includes a permission keyword, and the permission keyword is used to determine corresponding permission information. The specific content and quantity of authority keywords can be set according to actual conditions. For example, in the first case above, the authority keyword can be set by the operation and maintenance personnel according to the specific content of the authority configuration situation to be queried. As another example, in the second case above, the permission keyword is determined according to the operation request sent by the user terminal. Specifically, the permission keyword may include: query operation information, resource identification information of the first resource, application corresponding and/or terminal information of the first user terminal, etc.

步骤S130：根据权限管理数据库中存储的权限配置信息确定与权限关键字相对应的权限查询结果。Step S130: Determine the authority query result corresponding to the authority keyword according to the authority configuration information stored in the authority management database.

其中，由于权限配置信息以及权限关键字都是由应用服务器提供的，因此，权限配置信息与权限关键字之间存在关联关系，通过权限配置信息即可确定与权限关键字相对应的权限查询结果。Wherein, since the authority configuration information and the authority keywords are provided by the application server, there is an association between the authority configuration information and the authority keywords, and the authority query results corresponding to the authority keywords can be determined through the authority configuration information .

例如，在上述的第一种情况中，假设权限关键字包括：第一资源的资源标识信息，通过该关键字可以确定，应用服务器欲确认以下内容：能够操作第一资源的用户终端和/或能够针对第一资源执行的操作类型。相应地，在预先存储的权限配置信息中存储有能够操作第一资源的各个用户终端的信息，以及第一资源所对应的操作类型。因此，通过查询即可确定能够操作第一资源的用户终端的终端列表和/或能够针对第一资源执行的操作类型(例如包括查询、修改、删除等操作)。For example, in the above-mentioned first case, it is assumed that the permission keyword includes: resource identification information of the first resource, through which it can be determined that the application server wants to confirm the following content: the user terminal and/or The type of operation that can be performed on the first resource. Correspondingly, information about each user terminal capable of operating the first resource and an operation type corresponding to the first resource are stored in the pre-stored authority configuration information. Therefore, the terminal list of user terminals capable of operating the first resource and/or the types of operations that can be performed on the first resource (for example, including operations such as query, modification, and deletion) can be determined by querying.

又如，在上述的第二种情况中，假设权限关键字包括：查询类操作信息、第一资源的资源标识信息、以及第一用户终端的终端信息。通过上述关键字可以确定，应用服务器欲确认以下内容：第一用户终端是否具备针对第一资源进行查询操作的权限。相应地，在预先存储的权限配置信息中存储有能够操作第一资源的各个用户终端的信息，并且，还进一步存储了每个用户终端能够以何种操作方式操作该第一资源。因此，通过查询即可确定第一用户终端是否具备针对第一资源进行查询操作的权限。As another example, in the second case above, it is assumed that the authority key includes: query-type operation information, resource identification information of the first resource, and terminal information of the first user terminal. It can be determined through the above keywords that the application server wants to confirm the following content: whether the first user terminal has the authority to perform a query operation on the first resource. Correspondingly, the pre-stored authority configuration information stores the information of each user terminal capable of operating the first resource, and further stores the operation mode in which each user terminal can operate the first resource. Therefore, it can be determined whether the first user terminal has the right to perform a query operation on the first resource by querying.

步骤S140：根据权限查询结果向应用服务器返回与权限管理请求相对应的响应消息。Step S140: Return a response message corresponding to the rights management request to the application server according to the rights query result.

具体地，响应消息的具体内容取决于权限管理请求的具体形式以及查询结果的类型。例如，在上述的第一种情况中，通过查询确定能够操作第一资源的用户终端的终端列表和/或能够针对第一资源执行的操作类型。相应地，可以在响应消息中包含能够操作第一资源的用户终端的终端列表和/或能够针对第一资源执行的操作类型，以供运维人员查看。Specifically, the specific content of the response message depends on the specific form of the rights management request and the type of the query result. For example, in the first case above, the terminal list of user terminals capable of operating the first resource and/or the types of operations that can be performed on the first resource are determined through query. Correspondingly, a terminal list of user terminals capable of operating the first resource and/or types of operations that can be performed on the first resource may be included in the response message for viewing by the operation and maintenance personnel.

又如，在上述的第二种情况中，通过查询即可确定第一用户终端是否具备针对第一资源进行查询操作的权限。相应地，可以在响应消息中包含用于表示第一用户终端是否具备针对第一资源进行查询操作的权限的参数，以供应用服务器根据该参数的取值确定该第一用户终端是否存在权限。例如，假设参数值为0时表示第一用户终端具备针对第一资源进行查询操作的权限，假设参数值为1时表示第一用户终端不具备针对第一资源进行查询操作的权限。相应地，应用服务器根据查询结果对第一用户终端的操作请求做出响应。比如，若查询出第一用户终端具备针对第一资源进行查询操作的权限，则应用服务器允许第一用户终端针对第一资源进行查询操作；反之，则应用服务器拒绝第一用户终端针对第一资源进行查询操作。As another example, in the second case above, it can be determined whether the first user terminal has the right to perform a query operation on the first resource by querying. Correspondingly, the response message may include a parameter indicating whether the first user terminal has the right to query the first resource, so that the application server can determine whether the first user terminal has the right according to the value of the parameter. For example, assuming that the parameter value is 0, it means that the first user terminal has the right to perform query operations on the first resource, and assuming that the parameter value is 1, it means that the first user terminal does not have the right to perform query operations on the first resource. Correspondingly, the application server responds to the operation request of the first user terminal according to the query result. For example, if it is found out that the first user terminal has the authority to perform query operations on the first resource, the application server allows the first user terminal to perform query operations on the first resource; Perform query operations.

由此可见，本实施例中的方式能够对多个应用系统的权限信息进行统一管理和查询，无需各个应用系统自行维护权限管理信息，节省了各个应用系统的开销，提升了应用系统的业务运行效率，为权限管理操作提供了便利。It can be seen that the method in this embodiment can uniformly manage and query the permission information of multiple application systems, without the need for each application system to maintain the permission management information by itself, which saves the overhead of each application system and improves the business operation of the application system Efficiency provides convenience for rights management operations.

图2示出了本发明另一个实施例的权限管理方法的流程示意图。该方法的执行主体为权限管理系统(或称作权限管理平台)，通过权限管理系统，可以针对多个应用的权限进行管理。如图2所示，该方法包括：Fig. 2 shows a schematic flowchart of a rights management method according to another embodiment of the present invention. The subject of execution of the method is a rights management system (or called a rights management platform), and the rights of multiple applications can be managed through the rights management system. As shown in Figure 2, the method includes:

步骤S200：预先接收各个应用服务器通过预设的权限配置入口发送的权限配置信息。Step S200: Receive in advance permission configuration information sent by each application server through a preset permission configuration entry.

其中，权限配置入口可以是由权限管理系统提供的接口，具体包括以下中的至少一个：应用权限配置入口、资源权限配置入口、授权终端配置入口、以及授权操作配置入口。Wherein, the permission configuration entry may be an interface provided by the permission management system, specifically including at least one of the following: an application permission configuration entry, a resource permission configuration entry, an authorized terminal configuration entry, and an authorized operation configuration entry.

具体地，当权限配置入口为应用权限配置入口时，通过该应用权限配置入口能够配置与应用相关的权限信息。相应地，通过该应用权限配置入口发送的权限配置信息包括：待配置权限的应用的应用标识、以及与该应用标识相对应的应用权限配置信息。例如，操作人员可通过本发明中的权限管理系统提供的权限配置入口，新增待配置权限的应用的相关信息，具体包括应用的应用标识、以及与该应用标识相对应的应用权限配置信息。比如，一个新开发的应用可以通过权限配置入口新增该应用的相关信息。Specifically, when the permission configuration entry is an application permission configuration entry, permission information related to the application can be configured through the application permission configuration entry. Correspondingly, the permission configuration information sent through the application permission configuration entry includes: the application identifier of the application whose permission is to be configured, and the application permission configuration information corresponding to the application identifier. For example, the operator can add relevant information about the application to be configured with the permission through the permission configuration entry provided by the permission management system in the present invention, specifically including the application identification of the application and the application permission configuration information corresponding to the application identification. For example, a newly developed application can add relevant information about the application through the permission configuration entry.

当权限配置入口为资源权限配置入口时，通过该资源权限配置入口发送的权限配置信息包括：待配置权限的资源的资源标识、以及与该资源标识相对应的资源权限配置信息。其中，资源权限配置信息包括：与该资源标识相对应的授权操作类信息和/或与该资源标识相对应的授权终端类信息。具体地，一个应用的内部进一步包含多个资源，需要通过资源标识来区分各个资源，并分别针对每个资源配置对应的资源权限配置信息。例如，假设一个网址导航类应用的内部包含导航栏资源、首页资源、用户评论资源以及排行榜资源等。相应地，通过资源权限配置入口为该网址导航类应用新增上述的各个资源，并分别设置各个资源的资源权限配置信息。其中，资源权限配置信息包括与该资源标识相对应的授权操作类信息和/或与该资源标识相对应的授权终端类信息。其中，与该资源标识相对应的授权操作类信息是指：该资源所支持的合法操作类型，包括查询操作、修改操作等。与该资源标识相对应的授权终端类信息是指：能够操作该资源的合法终端的信息。可选地，该资源的资源权限配置信息具体包括：与该资源标识相对应的授权终端所具备的授权操作信息。例如，在实际应用中，一个资源本身支持查询操作和修改操作，且用户A和用户B均可操作该资源，但用户A所具备的授权操作信息仅为查询操作，即：用户A只能对该资源进行查询、不能修改；用户B所具备的授权操作信息同时包括查询操作和修改操作，即：用户B不仅能对该资源进行查询、还能进行修改。由此可见，在本实施例中还可以进一步存储各个授权终端所具备的授权操作信息，以便于更好地实现对各个终端用户的管理。通过上述描述可以看出，资源权限配置入口是从资源类型的角度进行配置的入口，用于针对每种资源配置与该资源相关的各项权限。When the permission configuration entry is a resource permission configuration entry, the permission configuration information sent through the resource permission configuration entry includes: the resource identifier of the resource whose permission is to be configured, and the resource permission configuration information corresponding to the resource identifier. Wherein, the resource permission configuration information includes: authorized operation type information corresponding to the resource identifier and/or authorized terminal type information corresponding to the resource identifier. Specifically, an application further includes multiple resources, and each resource needs to be distinguished through a resource identifier, and corresponding resource permission configuration information is configured for each resource. For example, assume that a website navigation application includes navigation bar resources, home page resources, user comment resources, and leaderboard resources. Correspondingly, add the above-mentioned resources for the website navigation application through the resource permission configuration entry, and set the resource permission configuration information of each resource respectively. Wherein, the resource permission configuration information includes authorized operation type information corresponding to the resource identifier and/or authorized terminal type information corresponding to the resource identifier. Wherein, the authorized operation type information corresponding to the resource identifier refers to: legal operation types supported by the resource, including query operations, modification operations, and the like. The authorized terminal type information corresponding to the resource identifier refers to: the information of the legal terminal capable of operating the resource. Optionally, the resource permission configuration information of the resource specifically includes: authorized operation information possessed by the authorized terminal corresponding to the resource identifier. For example, in practical applications, a resource itself supports query operations and modification operations, and both user A and user B can operate the resource, but the authorized operation information of user A is only for query operations, that is, user A can only The resource can be queried and cannot be modified; the authorized operation information possessed by user B includes both query operation and modification operation, that is, user B can not only query the resource but also modify it. It can be seen that, in this embodiment, the authorized operation information possessed by each authorized terminal may be further stored, so as to better realize the management of each terminal user. It can be seen from the above description that the resource permission configuration entry is a configuration entry from the perspective of resource type, and is used to configure various permissions related to the resource for each resource.

当权限配置入口包括授权终端配置入口时，通过授权终端配置入口发送的权限配置信息包括：授权终端的终端标识、以及与该终端标识相对应的终端权限配置信息；其中，终端权限配置信息包括：与该终端标识相对应的授权操作类信息和/或与该终端标识相对应的授权资源类信息。其中，与该终端标识相对应的授权操作类信息是指：该终端所支持的合法操作类型，包括查询操作、修改操作等。与该终端标识相对应的授权资源类信息是指：该终端能够操作的合法资源的信息。可选地，该终端权限配置信息具体包括：该终端能够针对其所能操作的资源执行何种类型的操作。例如，在实际应用中，一个终端用户本身既能够操作资源一，又能够操作资源二，但该用户针对资源一仅能执行查询操作，而针对资源二既能执行查询操作又能执行修改操作，因此，需要分别针对该终端用户所能操作的每种资源，进一步存储该用户能够针对该资源执行的操作类型。通过上述描述可以看出，授权终端配置入口是从用户终端的角度进行配置的入口。例如，可以配置各类用户终端的角色(包括普通管理员、高级管理员、普通用户、高级用户等)。When the authority configuration entry includes an authorized terminal configuration entry, the authority configuration information sent through the authorized terminal configuration entry includes: the terminal identifier of the authorized terminal, and terminal authority configuration information corresponding to the terminal identifier; wherein, the terminal authority configuration information includes: Authorized operation type information corresponding to the terminal identifier and/or authorized resource type information corresponding to the terminal identifier. Wherein, the authorized operation type information corresponding to the terminal identifier refers to: legal operation types supported by the terminal, including query operations, modification operations, and the like. The authorized resource information corresponding to the terminal identifier refers to: information about legal resources that the terminal can operate. Optionally, the terminal authority configuration information specifically includes: what type of operations the terminal can perform on the resources it can operate. For example, in practical applications, an end user can operate both resource one and resource two, but the user can only perform query operations on resource one, and can perform both query operations and modification operations on resource two. Therefore, for each resource that the terminal user can operate, it is necessary to further store the type of operation that the user can perform on the resource. It can be seen from the above description that the authorized terminal configuration entry is an entry for configuration from the perspective of the user terminal. For example, the roles of various user terminals (including ordinary administrators, advanced administrators, ordinary users, advanced users, etc.) can be configured.

当权限配置入口包括授权操作配置入口时，通过授权操作配置入口发送的权限配置信息包括：授权操作的操作标识、以及与该操作标识相对应的操作权限配置信息；其中，操作权限配置信息包括：与该操作标识相对应的授权资源类信息和/或与该操作标识相对应的授权终端类信息。其中，与该操作标识相对应的授权终端类信息是指：能够执行该操作的终端的信息。与该操作标识相对应的授权资源类信息是指：该操作所对应的合法资源的信息。可选地，该操作权限配置信息具体包括：能够执行该操作的终端具体能够针对哪些资源进行该操作。由此可见，授权操作配置入口是从操作类型的角度进行配置的入口，例如，具体可以分别针对每种操作类型进行配置。其中，操作类型具体包括查询、修改、登录、退出、统计等多种类型的操作。比如，可以针对查询操作配置能够支持该操作的资源包括：导航栏资源、用户评论资源等；并且，针对查询操作配置能够使用该操作的终端用户的列表。When the permission configuration entry includes an authorized operation configuration entry, the permission configuration information sent through the authorized operation configuration entry includes: the operation identifier of the authorized operation, and the operation permission configuration information corresponding to the operation identifier; wherein, the operation permission configuration information includes: Authorized resource type information corresponding to the operation identifier and/or authorized terminal type information corresponding to the operation identifier. Wherein, the authorized terminal type information corresponding to the operation identifier refers to: information of terminals capable of performing the operation. The authorized resource type information corresponding to the operation identifier refers to: information of legal resources corresponding to the operation. Optionally, the operation authority configuration information specifically includes: specifically for which resources the terminal capable of performing the operation can perform the operation. It can be seen that the authorized operation configuration entry is an entry for configuration from the perspective of operation types, for example, it can be specifically configured for each operation type. Wherein, the operation type specifically includes various types of operations such as query, modification, login, logout, and statistics. For example, resources that can support the operation can be configured for the query operation, including: navigation bar resources, user comment resources, etc.; and a list of end users that can use the operation can be configured for the query operation.

步骤S210：将与各个应用服务器相对应的权限配置信息存储到权限管理数据库中。Step S210: storing the rights configuration information corresponding to each application server in the rights management database.

其中，应用服务器是为对应的应用提供业务支持的服务器。例如，以试题类应用为例，需要由试题类应用服务器为其提供业务支持，具体的试题类应用服务器的数量可能是一个，也可能是多个。Wherein, the application server is a server that provides service support for the corresponding application. For example, taking a test-question application as an example, the test-question application server needs to provide business support for it, and the number of specific test-question application servers may be one or multiple.

其中，与各个应用服务器相对应的权限配置信息是指：与对应的应用相关的权限配置信息。具体地，权限配置信息可以包括多种，例如，可以包括通过上述的各个权限配置入口输入的各类权限配置信息，具体包括应用权限配置信息、资源权限配置信息、终端权限配置信息、以及操作权限配置信息等。除此之外，权限配置信息还可以包括多种形式的信息，只要与权限配置操作相关即可，本发明并不限定权限配置信息的具体内涵。Wherein, the permission configuration information corresponding to each application server refers to the permission configuration information related to the corresponding application. Specifically, the permission configuration information may include various types, for example, it may include various permission configuration information input through the above-mentioned various permission configuration entries, specifically including application permission configuration information, resource permission configuration information, terminal permission configuration information, and operation permission configuration information. configuration information, etc. In addition, the rights configuration information may also include information in various forms, as long as it is related to the rights configuration operation, and the present invention does not limit the specific connotation of the rights configuration information.

步骤S220：当接收到来自应用服务器的权限管理请求时，获取权限管理请求中包含的权限关键字。Step S220: When receiving the rights management request from the application server, obtain the rights keyword included in the rights management request.

在本实施例中，主要以后一种实现方式为例进行说明。相应地，权限管理系统接收应用服务器根据用户终端发送的操作请求生成的与该操作请求相对应的权限管理请求，并获取该权限管理请求中包含的权限关键字。其中，用户终端发送的操作请求中包括以下信息中的至少一个：应用类信息、资源类信息、终端类信息、以及操作类信息。相应地，权限管理请求中的权限关键字根据操作请求确定，可以包括以下中的至少一个：应用关键字、资源关键字、终端关键字、以及操作关键字。权限关键字的具体内容和数量可根据实际情况设定。例如，在本实施例中，根据用户终端发送的操作请求确定对应的权限关键字，具体地，该权限关键字可包括：操作关键字(具体为查询类操作信息)、资源关键字(具体为第一资源的资源标识信息)、应用关键字(具体为应用对应的应用标识)、和/或终端关键字(具体为第一用户终端的终端信息)等。In this embodiment, the latter implementation manner is mainly described as an example. Correspondingly, the rights management system receives the rights management request corresponding to the operation request generated by the application server according to the operation request sent by the user terminal, and obtains the rights keyword included in the rights management request. Wherein, the operation request sent by the user terminal includes at least one of the following information: application-type information, resource-type information, terminal-type information, and operation-type information. Correspondingly, the permission keyword in the permission management request is determined according to the operation request, and may include at least one of the following: an application keyword, a resource keyword, a terminal keyword, and an operation keyword. The specific content and quantity of authority keywords can be set according to actual conditions. For example, in this embodiment, the corresponding permission keyword is determined according to the operation request sent by the user terminal. Specifically, the permission keyword may include: operation keyword (specifically querying operation information), resource keyword (specifically The resource identification information of the first resource), the application key (specifically, the application identification corresponding to the application), and/or the terminal key (specifically, the terminal information of the first user terminal), etc.

步骤S230：根据权限管理数据库中存储的权限配置信息确定与权限关键字相对应的权限查询结果。Step S230: Determine the authority query result corresponding to the authority keyword according to the authority configuration information stored in the authority management database.

例如，在本实施例中，由于权限关键字包括：查询类操作信息、第一资源的资源标识信息、以及第一用户终端的终端信息。通过上述关键字可以确定，应用服务器欲确认以下内容：第一用户终端是否具备针对第一资源进行查询操作的权限。相应地，在预先存储的权限配置信息中存储有能够操作第一资源的各个用户终端的信息，并且，还进一步存储了每个用户终端能够以何种操作方式操作该第一资源。因此，通过查询即可确定第一用户终端是否具备针对第一资源进行查询操作的权限。For example, in this embodiment, since the authority key includes: query type operation information, resource identification information of the first resource, and terminal information of the first user terminal. It can be determined through the above keywords that the application server wants to confirm the following content: whether the first user terminal has the authority to perform a query operation on the first resource. Correspondingly, the pre-stored authority configuration information stores the information of each user terminal capable of operating the first resource, and further stores the operation mode in which each user terminal can operate the first resource. Therefore, it can be determined whether the first user terminal has the right to perform a query operation on the first resource by querying.

步骤S240：根据权限查询结果向应用服务器返回与权限管理请求相对应的响应消息。Step S240: Return a response message corresponding to the rights management request to the application server according to the rights query result.

具体地，响应消息的具体内容取决于权限管理请求的具体形式以及查询结果的类型。例如，在本实施例中，通过查询即可确定第一用户终端是否具备针对第一资源进行查询操作的权限。相应地，可以在响应消息中包含用于表示第一用户终端是否具备针对第一资源进行查询操作的权限的参数，以供应用服务器根据该参数的取值确定该第一用户终端是否存在权限。例如，假设参数值为0时表示第一用户终端具备针对第一资源进行查询操作的权限，假设参数值为1时表示第一用户终端不具备针对第一资源进行查询操作的权限。相应地，应用服务器根据响应消息中包含的查询结果对用户终端的操作请求做出响应。比如，若查询出第一用户终端具备针对第一资源进行查询操作的权限，则应用服务器允许第一用户终端针对第一资源进行查询操作；反之，则应用服务器拒绝第一用户终端针对第一资源进行查询操作。Specifically, the specific content of the response message depends on the specific form of the rights management request and the type of the query result. For example, in this embodiment, it can be determined by querying whether the first user terminal has the authority to perform query operations on the first resource. Correspondingly, the response message may include a parameter indicating whether the first user terminal has the right to query the first resource, so that the application server can determine whether the first user terminal has the right according to the value of the parameter. For example, assuming that the parameter value is 0, it means that the first user terminal has the right to perform query operations on the first resource, and assuming that the parameter value is 1, it means that the first user terminal does not have the right to perform query operations on the first resource. Correspondingly, the application server responds to the operation request of the user terminal according to the query result contained in the response message. For example, if it is found out that the first user terminal has the authority to perform query operations on the first resource, the application server allows the first user terminal to perform query operations on the first resource; Perform query operations.

由此可见，本实施例中的方式能够对多个应用系统的权限信息进行统一管理和查询，无需各个应用系统自行维护权限管理信息，节省了各个应用系统的开销，提升了应用系统的业务运行效率，为权限管理操作提供了便利。每个应用系统只需存储与业务相关的数据即可，无需存储并管理与权限相关的数据。当应用系统需要获知具体权限信息时，可接入本发明中的权限管理系统，或者通过发送API请求或其他形式的消息实现与本发明中的权限管理系统之间的通信，进而通过本发明中的权限管理系统获取到对应的权限信息，并实现权限管理功能。另外，由于权限管理功能涉及到多种粒度的管理，例如，可以是以资源为粒度进行管理，还可以是以操作为粒度进行管理，还可以是以用户为粒度进行管理，还可以是以应用为粒度进行管理，通过本发明中的权限管理系统，能够同时针对多个应用进行管理，且能够提供不同粒度的管理查询操作，为权限管理提供了便利。It can be seen that the method in this embodiment can uniformly manage and query the permission information of multiple application systems, without the need for each application system to maintain the permission management information by itself, which saves the overhead of each application system and improves the business operation of the application system Efficiency provides convenience for rights management operations. Each application system only needs to store business-related data, and does not need to store and manage permission-related data. When the application system needs to know the specific authority information, it can access the authority management system in the present invention, or realize communication with the authority management system in the present invention by sending API requests or other forms of messages, and then through the authority management system in the present invention The authority management system obtains the corresponding authority information and realizes the authority management function. In addition, since the permission management function involves management at multiple granularities, for example, it can be managed at the granularity of resources, at the granularity of operations, at the granularity of users, or at the granularity of applications. For granular management, through the authority management system in the present invention, multiple applications can be managed at the same time, and management query operations of different granularities can be provided, which provides convenience for authority management.

图3示出了本发明又一实施例提供的一种权限管理系统的系统结构图，包括：Fig. 3 shows a system structure diagram of a rights management system provided by another embodiment of the present invention, including:

存储模块31，适于将与各个应用服务器相对应的权限配置信息存储到权限管理数据库中；The storage module 31 is adapted to store the authority configuration information corresponding to each application server in the authority management database;

获取模块32，适于当接收到来自应用服务器的权限管理请求时，获取所述权限管理请求中包含的权限关键字；The acquiring module 32 is adapted to acquire the authority keyword contained in the authority management request when receiving the authority management request from the application server;

查询模块33，适于根据所述权限管理数据库中存储的权限配置信息确定与所述权限关键字相对应的权限查询结果；The query module 33 is adapted to determine the permission query result corresponding to the permission keyword according to the permission configuration information stored in the permission management database;

响应模块34，适于根据所述权限查询结果向所述应用服务器返回与所述权限管理请求相对应的响应消息。The response module 34 is adapted to return a response message corresponding to the permission management request to the application server according to the permission query result.

可选地，所述系统进一步包括：Optionally, the system further includes:

接收模块，预先接收各个应用服务器通过预设的权限配置入口发送的权限配置信息；The receiving module receives in advance the permission configuration information sent by each application server through the preset permission configuration entry;

其中，所述权限配置入口包括以下中的至少一个：应用权限配置入口、资源权限配置入口、授权终端配置入口、以及授权操作配置入口。Wherein, the permission configuration entry includes at least one of the following: an application permission configuration entry, a resource permission configuration entry, an authorized terminal configuration entry, and an authorized operation configuration entry.

可选地，当所述权限配置入口包括应用权限配置入口时，通过所述应用权限配置入口发送的权限配置信息包括：待配置权限的应用的应用标识、以及与该应用标识相对应的应用权限配置信息；Optionally, when the permission configuration entry includes an application permission configuration entry, the permission configuration information sent through the application permission configuration entry includes: the application identifier of the application whose permission is to be configured, and the application permission corresponding to the application identifier configuration information;

当所述权限配置入口包括资源权限配置入口时，通过所述资源权限配置入口发送的权限配置信息包括：待配置权限的资源的资源标识、以及与该资源标识相对应的资源权限配置信息；其中，所述资源权限配置信息包括：与该资源标识相对应的授权操作类信息和/或与该资源标识相对应的授权终端类信息；When the permission configuration entry includes a resource permission configuration entry, the permission configuration information sent through the resource permission configuration entry includes: the resource identifier of the resource whose permission is to be configured, and the resource permission configuration information corresponding to the resource identifier; wherein , the resource permission configuration information includes: authorized operation information corresponding to the resource identifier and/or authorized terminal information corresponding to the resource identifier;

当所述权限配置入口包括授权终端配置入口时，通过所述授权终端配置入口发送的权限配置信息包括：授权终端的终端标识、以及与该终端标识相对应的终端权限配置信息；其中，所述终端权限配置信息包括：与该终端标识相对应的授权操作类信息和/或与该终端标识相对应的授权资源类信息；When the authority configuration entry includes an authorized terminal configuration entry, the authority configuration information sent through the authorized terminal configuration entry includes: a terminal identifier of an authorized terminal, and terminal authority configuration information corresponding to the terminal identifier; wherein, the The terminal authority configuration information includes: authorized operation information corresponding to the terminal identifier and/or authorized resource information corresponding to the terminal identifier;

当所述权限配置入口包括授权操作配置入口时，通过所述授权操作配置入口发送的权限配置信息包括：授权操作的操作标识、以及与该操作标识相对应的操作权限配置信息；其中，所述操作权限配置信息包括：与该操作标识相对应的授权资源类信息和/或与该操作标识相对应的授权终端类信息。When the permission configuration entry includes an authorized operation configuration entry, the permission configuration information sent through the authorized operation configuration entry includes: an operation identifier of an authorized operation, and operation permission configuration information corresponding to the operation identifier; wherein, the The operation authority configuration information includes: authorized resource type information corresponding to the operation identifier and/or authorized terminal type information corresponding to the operation identifier.

可选地，所述权限管理请求中包含的权限关键字包括以下中的至少一个：应用关键字、资源关键字、终端关键字、以及操作关键字。Optionally, the permission keyword included in the permission management request includes at least one of the following: an application keyword, a resource keyword, a terminal keyword, and an operation keyword.

可选地，所述接收模块具体适于：接收应用服务器根据用户终端发送的操作请求生成的与该操作请求相对应的权限管理请求；Optionally, the receiving module is specifically adapted to: receiving a rights management request corresponding to the operation request generated by the application server according to the operation request sent by the user terminal;

则所述响应模块具体适于：根据所述权限查询结果向所述应用服务器返回与所述权限管理请求相对应的响应消息，以供所述应用服务器根据所述响应消息对用户终端发送的操作请求做出响应。Then the response module is specifically adapted to: return a response message corresponding to the permission management request to the application server according to the permission query result, so that the application server can perform operations sent by the user terminal according to the response message. Request a response.

可选地，所述用户终端发送的操作请求中包括以下信息中的至少一个：应用类信息、资源类信息、终端类信息、以及操作类信息。Optionally, the operation request sent by the user terminal includes at least one of the following information: application-type information, resource-type information, terminal-type information, and operation-type information.

上述各个模块的具体结构和工作原理可参照方法实施例中相应步骤的描述，此处不再赘述。For the specific structure and working principle of each of the above modules, reference may be made to the description of corresponding steps in the method embodiments, which will not be repeated here.

本申请实施例提供了一种非易失性计算机存储介质，所述计算机存储介质存储有至少一可执行指令，该计算机可执行指令可执行上述任意方法实施例中的权限管理方法。An embodiment of the present application provides a non-volatile computer storage medium, the computer storage medium stores at least one executable instruction, and the computer executable instruction can execute the rights management method in any of the above method embodiments.

图4示出了根据本发明实施例的一种电子设备的结构示意图，本发明具体实施例并不对电子设备的具体实现做限定。Fig. 4 shows a schematic structural diagram of an electronic device according to an embodiment of the present invention, and the specific embodiment of the present invention does not limit the specific implementation of the electronic device.

如图4所示，该电子设备可以包括：处理器(processor)402、通信接口(Communications Interface)404、存储器(memory)406、以及通信总线408。As shown in FIG. 4 , the electronic device may include: a processor (processor) 402 , a communication interface (Communications Interface) 404 , a memory (memory) 406 , and a communication bus 408 .

其中：in:

处理器402、通信接口404、以及存储器406通过通信总线408完成相互间的通信。The processor 402 , the communication interface 404 , and the memory 406 communicate with each other through the communication bus 408 .

通信接口404，用于与其它设备比如客户端或其它服务器等的网元通信。The communication interface 404 is used to communicate with network elements of other devices such as clients or other servers.

处理器402，用于执行程序410，具体可以执行上述权限管理方法实施例中的相关步骤。The processor 402 is configured to execute the program 410, and may specifically execute the relevant steps in the above embodiments of the rights management method.

具体地，程序410可以包括程序代码，该程序代码包括计算机操作指令。Specifically, the program 410 may include program codes including computer operation instructions.

处理器402可能是中央处理器CPU，或者是特定集成电路ASIC(ApplicationSpecific Integrated Circuit)，或者是被配置成实施本发明实施例的一个或多个集成电路。电子设备包括的一个或多个处理器，可以是同一类型的处理器，如一个或多个CPU；也可以是不同类型的处理器，如一个或多个CPU以及一个或多个ASIC。The processor 402 may be a central processing unit CPU, or an Application Specific Integrated Circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of the present invention. The one or more processors included in the electronic device may be of the same type, such as one or more CPUs, or may be different types of processors, such as one or more CPUs and one or more ASICs.

存储器406，用于存放程序410。存储器406可能包含高速RAM存储器，也可能还包括非易失性存储器(non-volatile memory)，例如至少一个磁盘存储器。The memory 406 is used to store the program 410 . The memory 406 may include a high-speed RAM memory, and may also include a non-volatile memory (non-volatile memory), such as at least one disk memory.

程序410具体可以用于使得处理器402执行以下操作：The program 410 can specifically be used to make the processor 402 perform the following operations:

当接收到来自应用服务器的权限管理请求时，获取所述权限管理请求中包含的权限关键字；When receiving the rights management request from the application server, obtain the rights keyword included in the rights management request;

根据所述权限管理数据库中存储的权限配置信息确定与所述权限关键字相对应的权限查询结果；determining the authority query result corresponding to the authority keyword according to the authority configuration information stored in the authority management database;

根据所述权限查询结果向所述应用服务器返回与所述权限管理请求相对应的响应消息。Returning a response message corresponding to the rights management request to the application server according to the rights query result.

在一种可选的方式中，程序410具体可以进一步用于使得处理器402执行以下操作：In an optional manner, the program 410 may be further specifically configured to enable the processor 402 to perform the following operations:

预先接收各个应用服务器通过预设的权限配置入口发送的权限配置信息；Receive in advance the permission configuration information sent by each application server through the preset permission configuration entry;

其中，当所述权限配置入口包括应用权限配置入口时，通过所述应用权限配置入口发送的权限配置信息包括：待配置权限的应用的应用标识、以及与该应用标识相对应的应用权限配置信息；Wherein, when the permission configuration entry includes an application permission configuration entry, the permission configuration information sent through the application permission configuration entry includes: the application identifier of the application whose permission is to be configured, and the application permission configuration information corresponding to the application identifier ;

其中，所述权限管理请求中包含的权限关键字包括以下中的至少一个：应用关键字、资源关键字、终端关键字、以及操作关键字。Wherein, the authority key included in the authority management request includes at least one of the following: an application key, a resource key, a terminal key, and an operation key.

接收应用服务器根据用户终端发送的操作请求生成的与该操作请求相对应的权限管理请求；以供所述应用服务器根据所述响应消息对用户终端发送的操作请求做出响应。receiving a rights management request corresponding to the operation request generated by the application server according to the operation request sent by the user terminal; for the application server to respond to the operation request sent by the user terminal according to the response message.

其中，所述用户终端发送的操作请求中包括以下信息中的至少一个：应用类信息、资源类信息、终端类信息、以及操作类信息。Wherein, the operation request sent by the user terminal includes at least one of the following information: application type information, resource type information, terminal type information, and operation type information.

在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述，构造这类系统所要求的结构是显而易见的。此外，本发明也不针对任何特定编程语言。应当明白，可以利用各种编程语言实现在此描述的本发明的内容，并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

在此处所提供的说明书中，说明了大量具体细节。然而，能够理解，本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中，并未详细示出公知的方法、结构和技术，以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

类似地，应当理解，为了精简本公开并帮助理解各个发明方面中的一个或多个，在上面对本发明的示例性实施例的描述中，本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而，并不应将该公开的方法解释成反映如下意图：即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说，如下面的权利要求书所反映的那样，发明方面在于少于前面公开的单个实施例的所有特征。因此，遵循具体实施方式的权利要求书由此明确地并入该具体实施方式，其中每个权利要求本身都作为本发明的单独实施例。Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解，可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件，以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外，可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述，本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外，本领域的技术人员能够理解，尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征，但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如，在下面的权利要求书中，所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现，或者以在一个或者多个处理器上运行的软件模块实现，或者以它们的组合实现。本领域的技术人员应当理解，可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的权限管理系统中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如，计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上，或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到，或者在载体信号上提供，或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in the rights management system according to the embodiments of the present invention. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制，并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中，不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中，这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

本发明还公开了：A1.一种权限管理方法，包括：The present invention also discloses: A1. A rights management method, comprising:

A2.根据A1所述的方法，其中，所述将与各个应用服务器相对应的权限配置信息存储到权限管理数据库中的步骤之前，进一步包括：A2. The method according to A1, wherein, before the step of storing the rights configuration information corresponding to each application server in the rights management database, further comprising:

A3.根据A2所述的方法，其中，当所述权限配置入口包括应用权限配置入口时，通过所述应用权限配置入口发送的权限配置信息包括：待配置权限的应用的应用标识、以及与该应用标识相对应的应用权限配置信息；A3. The method according to A2, wherein, when the permission configuration entry includes an application permission configuration entry, the permission configuration information sent through the application permission configuration entry includes: the application identifier of the application whose permission is to be configured, and the App permission configuration information corresponding to the app identifier;

A4.根据A1-A3任一所述的方法，其中，所述权限管理请求中包含的权限关键字包括以下中的至少一个：应用关键字、资源关键字、终端关键字、以及操作关键字。A4. The method according to any one of A1-A3, wherein the permission key contained in the permission management request includes at least one of the following: an application key, a resource key, a terminal key, and an operation key.

A5.根据A1-A4任一所述的方法，其中，所述接收到来自应用服务器的权限管理请求的步骤具体包括：接收应用服务器根据用户终端发送的操作请求生成的与该操作请求相对应的权限管理请求；A5. The method according to any one of A1-A4, wherein the step of receiving the rights management request from the application server specifically includes: receiving the operation request corresponding to the operation request generated by the application server according to the operation request sent by the user terminal Rights management requests;

则所述根据所述权限查询结果向所述应用服务器返回与所述权限管理请求相对应的响应消息的步骤进一步包括步骤：Then the step of returning a response message corresponding to the permission management request to the application server according to the permission query result further includes the steps of:

所述应用服务器根据所述响应消息对用户终端发送的操作请求做出响应。The application server responds to the operation request sent by the user terminal according to the response message.

A6.根据A5所述的方法，其中，所述用户终端发送的操作请求中包括以下信息中的至少一个：应用类信息、资源类信息、终端类信息、以及操作类信息。A6. The method according to A5, wherein the operation request sent by the user terminal includes at least one of the following information: application-type information, resource-type information, terminal-type information, and operation-type information.

B7.一种权限管理系统，包括：B7. A rights management system, comprising:

获取模块，适于当接收到来自应用服务器的权限管理请求时，获取所述权限管理请求中包含的权限关键字；The obtaining module is adapted to obtain the permission keyword contained in the permission management request when receiving the permission management request from the application server;

查询模块，适于根据所述权限管理数据库中存储的权限配置信息确定与所述权限关键字相对应的权限查询结果；A query module, adapted to determine the authority query result corresponding to the authority keyword according to the authority configuration information stored in the authority management database;

响应模块，适于根据所述权限查询结果向所述应用服务器返回与所述权限管理请求相对应的响应消息。The response module is adapted to return a response message corresponding to the rights management request to the application server according to the rights query result.

B8.根据B7所述的系统，其中，所述系统进一步包括：B8. The system according to B7, wherein the system further comprises:

B9.根据B8所述的系统，其中，当所述权限配置入口包括应用权限配置入口时，通过所述应用权限配置入口发送的权限配置信息包括：待配置权限的应用的应用标识、以及与该应用标识相对应的应用权限配置信息；B9. The system according to B8, wherein, when the permission configuration entry includes an application permission configuration entry, the permission configuration information sent through the application permission configuration entry includes: the application identifier of the application whose permission is to be configured, and the App permission configuration information corresponding to the app identifier;

B10.根据B7-B9任一所述的系统，其中，所述权限管理请求中包含的权限关键字包括以下中的至少一个：应用关键字、资源关键字、终端关键字、以及操作关键字。B10. The system according to any one of B7-B9, wherein the permission key contained in the permission management request includes at least one of the following: an application key, a resource key, a terminal key, and an operation key.

B11.根据B7-B10任一所述的系统，其中，所述接收模块具体适于：接收应用服务器根据用户终端发送的操作请求生成的与该操作请求相对应的权限管理请求；B11. The system according to any one of B7-B10, wherein the receiving module is specifically adapted to: receive the rights management request corresponding to the operation request generated by the application server according to the operation request sent by the user terminal;

B12.根据B11所述的系统，其中，所述用户终端发送的操作请求中包括以下信息中的至少一个：应用类信息、资源类信息、终端类信息、以及操作类信息。B12. The system according to B11, wherein the operation request sent by the user terminal includes at least one of the following information: application type information, resource type information, terminal type information, and operation type information.

C13.一种电子设备，包括：处理器、存储器、通信接口和通信总线，所述处理器、所述存储器和所述通信接口通过所述通信总线完成相互间的通信；C13. An electronic device, comprising: a processor, a memory, a communication interface, and a communication bus, and the processor, the memory, and the communication interface complete mutual communication through the communication bus;

所述存储器用于存放至少一可执行指令，所述可执行指令使所述处理器执行如A1-A6中任一项所述的权限管理方法对应的操作。The memory is used to store at least one executable instruction, and the executable instruction causes the processor to perform an operation corresponding to the rights management method described in any one of A1-A6.

D14.一种计算机存储介质，所述存储介质中存储有至少一可执行指令，所述可执行指令使处理器执行如A1-A6中任一项所述的权限管理方法对应的操作。D14. A computer storage medium, at least one executable instruction is stored in the storage medium, and the executable instruction causes a processor to perform an operation corresponding to the rights management method described in any one of A1-A6.

Claims

1. a kind of right management method, including：

Privileges configuration information corresponding with each application server is stored into rights management data library；

When receiving the request of the rights management from application server, obtain the permission included in the rights management request and close Key word；

Privileges configuration information according to being stored in the rights management data library determines and the corresponding power of permission keyword Limit query result；

It is returned to the application server according to the permission query result and disappeared with the corresponding response of rights management request Breath.

2. according to the method described in claim 1, wherein, it is described will be with the corresponding privileges configuration information of each application server Before storing the step in rights management data library, further comprise：

The privileges configuration information that each application server is sent by preset authority configuration entrance is received in advance；

Wherein, the authority configuration entrance includes at least one of the following：Application permission is with posting port, access authorization for resource with merging Mouth, authorization terminal match posting port with posting port and Authorized operation.

3. according to the method described in claim 2, wherein, when the authority configuration entrance, which includes application permission, matches posting port, Included by the application permission with the privileges configuration information that posting port is sent：The application identities of the application of permission to be configured, with And with the corresponding application permission configuration information of the application identities；

When the authority configuration entrance, which includes access authorization for resource, matches posting port, the power of posting port transmission is matched by the access authorization for resource Limit configuration information includes：The resource identification of the resource of permission to be configured and match with the corresponding access authorization for resource of the resource identification Confidence ceases；Wherein, the access authorization for resource configuration information includes：Authorized operation category information corresponding with the resource identification and/or With the corresponding authorization terminal category information of the resource identification；

When the authority configuration entrance, which includes authorization terminal, matches posting port, the power of posting port transmission is matched by the authorization terminal Limit configuration information includes：The terminal iidentification of authorization terminal and with the corresponding terminal authorization configuration information of the terminal iidentification；Its In, the terminal authorization configuration information includes：Authorized operation category information corresponding with the terminal iidentification and/or with the terminal mark Sensible corresponding authorization resources category information；

When the authority configuration entrance, which includes Authorized operation, matches posting port, the power of posting port transmission is matched by the Authorized operation Limit configuration information includes：The operation mark of Authorized operation and with the corresponding operating right configuration information of the operation mark；Its In, the operating right configuration information includes：Authorization resources category information corresponding with the operation mark and/or with the operation mark Sensible corresponding authorization terminal category information.

4. according to any methods of claim 1-3, wherein, the permission keyword packet included in the rights management request Include at least one of the following：Key application word, Resource Key, terminal key word and operation keyword.

5. according to any methods of claim 1-4, wherein, it is described receive the rights management from application server please The step of asking specifically includes：Receive the operation requests generation that application server is sent according to user terminal with the operation requests phase Corresponding rights management request；

It is then described corresponding to application server return and rights management request according to the permission query result The step of response message, further comprises step：

The application server is responded according to the operation requests that the response message sends user terminal.

6. according to the method described in claim 5, wherein, the operation requests that the user terminal is sent are included in following information It is at least one：Using category information, resource category information, terminal category information and operation category information.

7. a kind of Rights Management System, including：

Memory module, suitable for storing privileges configuration information corresponding with each application server to rights management data library In；

Acquisition module, suitable for when receiving the request of the rights management from application server, obtaining the rights management request In the permission keyword that includes；

Enquiry module, suitable for being determined according to the privileges configuration information stored in the rights management data library and permission key The corresponding permission query result of word；

Respond module asks phase suitable for being returned according to the permission query result to the application server with the rights management Corresponding response message.

8. system according to claim 7, wherein, the system further comprises：

Receiving module receives the privileges configuration information that each application server is sent by preset authority configuration entrance in advance；

9. a kind of electronic equipment, including：Processor, memory, communication interface and communication bus, the processor, the storage Device and the communication interface complete mutual communication by the communication bus；

For the memory for storing an at least executable instruction, the executable instruction makes the processor perform right such as will Ask the corresponding operation of the right management method described in any one of 1-6.

10. a kind of computer storage media, an at least executable instruction, the executable instruction are stored in the storage medium Processor is made to perform the corresponding operation of right management method as described in any one of claim 1-6.