[go: up one dir, main page]

CN114237558A - Method for controlling Web interface access by JWT - Google Patents

Method for controlling Web interface access by JWT Download PDF

Info

Publication number
CN114237558A
CN114237558A CN202111476792.6A CN202111476792A CN114237558A CN 114237558 A CN114237558 A CN 114237558A CN 202111476792 A CN202111476792 A CN 202111476792A CN 114237558 A CN114237558 A CN 114237558A
Authority
CN
China
Prior art keywords
interface
request
jwt
authority
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111476792.6A
Other languages
Chinese (zh)
Inventor
李劲雄
柯贤祥
何志鹏
范松
王冠华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Amazing Information Technology Co ltd
Original Assignee
Chengdu Amazing Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Amazing Information Technology Co ltd filed Critical Chengdu Amazing Information Technology Co ltd
Priority to CN202111476792.6A priority Critical patent/CN114237558A/en
Publication of CN114237558A publication Critical patent/CN114237558A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/20Software design
    • G06F8/24Object-oriented

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a method for controlling Web interface access by using JWT, which comprises the following steps: s1: connecting the endpoint name of the interface URL with the interface request method to form an interface authority identifier; s2: assigning interface rights to the user; s3: after the user login authentication is passed, storing the authority identification in the JWT and returning the authority identification to the user, wherein the JWT is carried by the user in the subsequent interface request; s4: setting an interface request interceptor, judging whether an endpoint name of an interface and an identifier formed by a request method are in the JWT, if so, passing the request, and if not, rejecting the request. The method reduces interface authority identifier hard coding, the authority identifier is from the endpoint name of the interface URL and the interface method, and the work that whether the authority identifier is repeated or not needs to be additionally carried out in a common method is omitted; meanwhile, the interface request interceptor is not used for displaying the transmission authority identifier, so that a certain code amount is saved; if the authority identification needs to be changed, only the name of the interface endpoint needs to be changed, so that the maintenance is easier.

Description

Method for controlling Web interface access by JWT
Technical Field
The invention relates to a method for controlling Web interface access by using JWT (just-through-the-word).
Background
The common method for controlling Web interface access by using JWT is to define an interface authority identifier and bind the identifier and the interface, then to distribute the interface authority identifier as authority to the user, after the user passes the login authentication, to store the authority identifier in JWT, and then to determine whether the authority identifier exists in JWT or not in the interface, so as to achieve the purpose of controlling interface access.
The method has certain disadvantages that 1, the authority identification bound with the interface needs to be realized by hard coding, if the rule of the hard coding is not well designed, the hard coding is often difficult to understand, and then extra work is needed to ensure that the hard coding identification cannot be repeated; 2. when designing an interface interceptor, the access control judgment can be carried out only by displaying and transmitting the authority identification into the interceptor in a parameter form; 3. in the later maintenance, the operation is relatively troublesome, for example, a certain authority identifier "xxx" needs to be changed into "xxxx", the position of the defined identifier needs to be modified, the positions where the interface interceptors refer to the identifier need to be modified, and other positions where the identifier has reference need to be modified.
Disclosure of Invention
The present invention is directed to a method for controlling Web interface access by JWT, which can solve the above problems.
In order to meet the requirements, the technical scheme adopted by the invention is as follows: provided is a method for Web interface access control by JWT, which comprises the following steps:
s1: connecting the endpoint name of the interface URL with the interface request method to form an interface authority identifier;
s2: assigning interface rights to the user;
s3: after the user login authentication is passed, storing the authority identification in the JWT and returning the authority identification to the user, wherein the JWT is carried by the user in the subsequent interface request;
s4: setting an interface request interceptor, judging whether an endpoint name of an interface and an identifier formed by a request method are in the JWT, if so, passing the request, and if not, rejecting the request.
The method for controlling the Web interface access by using the JWT has the following advantages:
hard coding of the interface authority identifier is reduced, the authority identifier is from the endpoint name of the interface URL and the interface method, theoretically, whether the authority identifier is repeated or not can be automatically judged when the endpoint name of the interface URL is defined, and the work that whether the authority identifier is repeated or not needs to be additionally carried out in a common method is omitted; meanwhile, the interface request interceptor is not used for displaying the transmission authority identifier, so that a certain code amount is saved; if the authority identification needs to be changed, only the name of the interface endpoint needs to be changed, so that the maintenance is easier.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 schematically shows a flowchart of a method for Web interface access control using JWT according to one embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be described in further detail with reference to the accompanying drawings and specific embodiments.
In the following description, references to "one embodiment," "an embodiment," "one example," "an example," etc., indicate that the embodiment or example so described may include a particular feature, structure, characteristic, property, element, or limitation, but every embodiment or example does not necessarily include the particular feature, structure, characteristic, property, element, or limitation. Moreover, repeated use of the phrase "in accordance with an embodiment of the present application" although it may possibly refer to the same embodiment, does not necessarily refer to the same embodiment.
Certain features that are well known to those skilled in the art have been omitted from the following description for the sake of simplicity.
According to an embodiment of the present application, there is provided a method for controlling Web interface access by using JWT, as shown in fig. 1, including the steps of:
s1: connecting the endpoint name of the interface URL with the interface request method to form an interface authority identifier;
s2: assigning interface rights to the user;
s3: after the user login authentication is passed, storing the authority identification in the JWT and returning the authority identification to the user, wherein the JWT is carried by the user in the subsequent interface request;
s4: setting an interface request interceptor, judging whether an endpoint name of an interface and an identifier formed by a request method are in the JWT, if so, passing the request, and if not, rejecting the request.
According to an embodiment of the application, the method solves the defects of the existing method, provides a method for using the combination of the interface endpoint name and the interface request method as the interface access control identifier, and solves the problems that the readability of a hard code identifier is poor, an interface interceptor needs to explicitly transmit the authority identifier, the later maintenance is complex, and whether the identifier is repeated needs to be additionally judged in the definition process of the authority identifier in the existing method.
The above-mentioned embodiments only show some embodiments of the present invention, and the description thereof is more specific and detailed, but should not be construed as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present invention should be subject to the claims.

Claims (1)

1. A method for Web interface access control using JWT, comprising the steps of:
s1: connecting the endpoint name of the interface URL with the interface request method to form an interface authority identifier;
s2: assigning interface rights to the user;
s3: after the user login authentication is passed, storing the authority identification in the JWT and returning the authority identification to the user, wherein the JWT is carried by the user in the subsequent interface request;
s4: setting an interface request interceptor, judging whether an endpoint name of an interface and an identifier formed by a request method are in the JWT, if so, passing the request, and if not, rejecting the request.
CN202111476792.6A 2021-12-06 2021-12-06 Method for controlling Web interface access by JWT Pending CN114237558A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111476792.6A CN114237558A (en) 2021-12-06 2021-12-06 Method for controlling Web interface access by JWT

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111476792.6A CN114237558A (en) 2021-12-06 2021-12-06 Method for controlling Web interface access by JWT

Publications (1)

Publication Number Publication Date
CN114237558A true CN114237558A (en) 2022-03-25

Family

ID=80753284

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111476792.6A Pending CN114237558A (en) 2021-12-06 2021-12-06 Method for controlling Web interface access by JWT

Country Status (1)

Country Link
CN (1) CN114237558A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201508577D0 (en) * 2015-05-19 2015-07-01 Avecto Ltd Computer device and method for controlling access to a resource via a security system
CN111814186A (en) * 2020-07-13 2020-10-23 四川虹魔方网络科技有限公司 Menu authority access control method of intelligent equipment operation platform
WO2021022792A1 (en) * 2019-08-02 2021-02-11 创新先进技术有限公司 Authentication and service serving methods and apparatuses, and device
CN113672896A (en) * 2021-07-08 2021-11-19 浙江大华技术股份有限公司 Interface authority verification method, system, electronic device and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB201508577D0 (en) * 2015-05-19 2015-07-01 Avecto Ltd Computer device and method for controlling access to a resource via a security system
WO2021022792A1 (en) * 2019-08-02 2021-02-11 创新先进技术有限公司 Authentication and service serving methods and apparatuses, and device
CN111814186A (en) * 2020-07-13 2020-10-23 四川虹魔方网络科技有限公司 Menu authority access control method of intelligent equipment operation platform
CN113672896A (en) * 2021-07-08 2021-11-19 浙江大华技术股份有限公司 Interface authority verification method, system, electronic device and storage medium

Similar Documents

Publication Publication Date Title
US10511970B2 (en) Internet access authentication method and client, and computer storage medium
CN108605000B (en) Intelligent home service server and control method thereof
CN103716308B (en) Multiprotocol platform communication method and multiprotocol platform
CN101981897A (en) Method and device for communicating in client server system according to standard protocol OPC UA
CN103065074A (en) Uniform Resource Locator (URL) authority control method based on fine granularity
CN104335523A (en) Access control method, client and server
CN104870068A (en) Method and router for access network
EP2381648A2 (en) Field communication system and field communication method
KR20120106640A (en) Soc-based device for packet filtering and packet filtering method thereof
CN103297506A (en) Method and system for controlling household equipment
CN106250126A (en) XFS under a kind of linux system realizes system and method
CA2458771A1 (en) Network zones
WO2005045741A3 (en) System and method for name resolution
CN101197724A (en) Long-range control system and method for information household electrical appliance in IGRS household network based on IPv6
KR101890310B1 (en) Adapter for message queuing telemetry transport protocol interworking and data exchange system employing the same
CN114024759A (en) Security policy control method, device, computer equipment and medium
CN103327008A (en) HTTP reorienting method and HTTP reorienting device
JP2011221616A (en) Url filtering system, system control method, and system control program
CN105447384B (en) A kind of anti-method monitored, system and mobile terminal
CN114237558A (en) Method for controlling Web interface access by JWT
CN108055259A (en) A kind of method and device of account management
CN104852997B (en) Method for processing network address, server and computer readable storage medium
CN102148869A (en) Method and device for JAVA application to transfer information to local
CN105681396A (en) Control method and system for prohibiting input and output, controlled end and control end
US20140207970A1 (en) System and method for accessing information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination