[go: up one dir, main page]

WO2015078170A1 - Resource access method and apparatus, and server and terminal - Google Patents

Resource access method and apparatus, and server and terminal Download PDF

Info

Publication number
WO2015078170A1
WO2015078170A1 PCT/CN2014/080233 CN2014080233W WO2015078170A1 WO 2015078170 A1 WO2015078170 A1 WO 2015078170A1 CN 2014080233 W CN2014080233 W CN 2014080233W WO 2015078170 A1 WO2015078170 A1 WO 2015078170A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
server
browser
terminal
authentication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2014/080233
Other languages
French (fr)
Chinese (zh)
Inventor
徐少泽
张锐利
金学骥
包之凡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ZTE Corp
Original Assignee
ZTE Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ZTE Corp filed Critical ZTE Corp
Publication of WO2015078170A1 publication Critical patent/WO2015078170A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/14Multichannel or multilink protocols

Definitions

  • the present invention relates to mobile internet technologies, and in particular, to a method and device for accessing resources, a server, and a terminal. Background technique
  • HTML5 Hyper Text Markup Language 5
  • WEB web page
  • webApp web application
  • the traditional native app local application
  • webapp has the advantages of lower development cost, simpler upgrade, easier maintenance and no need to install and not consume user storage space.
  • the so-called webApp is for Iphone, Android (Android).
  • the disadvantages of web sites optimized by mobile terminals are also obvious.
  • webApp access to local resources is restricted, such as searching local databases, reading local files, Operate terminal hardware resources, etc. Summary of the invention
  • the embodiments of the present invention provide a method and device for accessing resources, a server, and a terminal, so as to ensure secure access of the webApp to local resources.
  • the embodiment of the invention provides a method for resource access, including:
  • the server receives the hypertext transfer protocol request of the visited terminal resource, and establishes a dedicated control message channel with the browser of the corresponding terminal;
  • the server authenticates the hypertext transfer protocol request and processes according to the authentication result.
  • a dedicated control message channel with the browser of the corresponding terminal also includes:
  • the server will establish a peer-to-peer network connection relationship with the browser of the terminal into the connection table.
  • the server authenticating the access includes:
  • the server extracts an application identifier and user login information of the browser from the hypertext transfer protocol request;
  • the processing by the server according to the authentication result includes:
  • the corresponding access control command message is sent to the browser; if the authentication fails, the access restricted message is sent to the browser.
  • the embodiment of the invention further provides a server, which includes:
  • Establishing a module configured to receive a hypertext transfer protocol request, and establish a dedicated control message channel with a browser of the corresponding terminal;
  • the processing module is configured to: if the hypertext transfer protocol is requested to access the resource of the terminal, perform authentication on the access, and perform processing according to the authentication result.
  • the establishing module is further configured to put a peer-to-peer network connection with a browser of the terminal into a connection table.
  • the processing module authenticating the access includes: extracting, by the hypertext transfer protocol request, an application identifier of the browser and user login information; and detecting, according to the application identifier, whether the version of the browser is If the version of the browser is legal and the user has access rights, the authentication is passed.
  • the processing by the processing module according to the authentication result includes: sending, by the browser, a corresponding access control command message, if the authentication is passed; if the authentication fails, sending the access restricted to the browser Message.
  • the embodiment of the invention further provides a method for resource access, including: When the web application is opened, a hypertext transfer protocol request for accessing the terminal resource is sent to the server, and a dedicated control message channel is established with the server;
  • the method includes: sending an access result to the server.
  • the embodiment of the invention further provides a device for accessing resources, which includes:
  • a sending module configured to open a webpage application, send a hypertext transfer protocol request for accessing the terminal resource to the server, and establish a dedicated control message channel with the server;
  • the processing module is configured to receive an access control command message sent by the server, and perform access processing according to the access control command message.
  • the processing module is further configured to: after the access processing is performed according to the access control command message, send the access result to the server.
  • the device comprises: a browser.
  • the embodiment of the invention further provides a terminal, including the above device.
  • the embodiment of the present invention further provides a computer readable storage medium, the storage medium includes an embodiment of the invention, and a computer readable storage medium, the storage medium includes a set of computer executable instructions, and the instructions are used by the A method of performing resource access on the terminal side.
  • the embodiment of the invention provides a method, a device, a server and a terminal for resource access, which can ensure secure access of the webApp to local resources.
  • FIG. 1 is a flowchart of a method for resource access on a terminal side according to an embodiment of the present invention
  • FIG. 2 is a flowchart of a method for resource access on a server side according to an embodiment of the present invention
  • 3 is a schematic diagram of a protocol field according to an embodiment of the present invention
  • 4 is a schematic diagram of a server according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of an apparatus for resource access according to an embodiment of the present invention. detailed description
  • webApps are software that performs a specific task.
  • the functions are relatively simple. They are mainly used to meet a specific user's usage requirements. However, in order to enhance the user experience and make full use of the unique features of the webApp. At the same time, it is better to replace the native app.
  • the webApp also needs to have some features of the native app. One of the most important ones is how to ensure the secure access of the webApp to local resources.
  • the embodiment of the invention provides a method for resource access, and the browser-based webApp securely accesses local resources.
  • the browser integrates a web fiction reading software with night mode and day switching functions, as well as saving bookmarks, viewing bookmarks, etc., when the user views the bookmark list, the terminal database needs to be accessed, and the webApp is essentially It is a web page that is like a native app and displayed through the browser kernel.
  • front-end JS Java script program, which is used to implement various logic functions in WEB applications
  • directly access local resources such as phonegap. Etc., but in order to prevent the abuse of local resources by developers or some malware and to protect the security of user information, it has made many restrictions.
  • This solution provides a secure access mechanism through server authentication, which is determined according to the security level. Which terminal resources and devices can be accessed.
  • server authentication is determined according to the security level. Which terminal resources and devices can be accessed.
  • the server is first notified. After the server authentication is passed, the special control protocol is used to interact with the terminal browser in a dedicated control message channel to complete the terminal resource. Access and Control of the device and feedback the results to the front end.
  • FIG. 1 is a flowchart of a method for accessing a resource on a terminal side according to an embodiment of the present invention.
  • the method in this embodiment may include: Step 11: When the terminal opens the webpage application, the browser sends an HTTP (Hyper Text Transfer Protocol) request for accessing the terminal resource to the server, and establishes a dedicated control message channel with the server;
  • HTTP Hyper Text Transfer Protocol
  • Step 12 The browser of the terminal receives the access control command message sent by the server, and performs access processing according to the access control command message.
  • Step 21 The server receives the HTTP request, and establishes a dedicated control message channel with the browser of the corresponding terminal.
  • Step 22 If the server finds that the HTTP request is to access the resource of the terminal, the server authenticates the access and performs processing according to the authentication result.
  • the embodiment of the present invention aims to enable the webApp to securely access terminal resources.
  • technologies such as the phonegap framework also support web applications to directly access local resources, but phonegap cannot guarantee that terminal resources are not abused or guaranteed.
  • the user information is secure.
  • Other similar technical standards also use the access restriction method.
  • the embodiment of the present invention uses the indirect access method through the server. The server performs security management in a unified manner, which avoids the above problems to some extent.
  • Step 101 First, when the user opens a webApp, send an HTTP request to the server; the server acquires the user terminal information according to the HTTP request header field, and establishes a dedicated control information channel with the terminal browser.
  • webAp runs on the browser.
  • connection control management module is responsible for establishing a P2P connection with the terminal browser, and placing the connection table for management, and the management module can close the connection according to the terminal status or network status. Delete the corresponding index in the connection table, retrieve the connection table according to the server requirements, and so on.
  • Step 102 After receiving the HTTP request, the server finds that it needs to access the terminal resource (such as accessing the terminal database to obtain a bookmark, etc.), and then invokes the authentication module to calculate the access security level, and determines whether the accessed terminal resource is allowed according to the security level.
  • the user security level may be determined by the terminal browser AppID and the user login information.
  • the server first extracts the terminal browser AppID and the user login information; and then determines whether to publish the version for the official channel according to the AppID of the terminal browser. Since the application published by the official channel has been tested in advance, it is ensured that the malicious plug-in is not included, and has certain Reliability, so set its security level to 1, allowing webApps running on this browser to have certain terminal resource access rights; then checking user login information, such as the user is already a logged-in user, automatically has the highest access Permissions.
  • the corresponding control command message corresponds to the request sent by the webApp.
  • the HTTP request sent to the server, after receiving the request, the server finds that it needs to access the database on the terminal, and then goes to the terminal browser.
  • the message requesting access to the database is sent through a dedicated control information channel, and after receiving the message, the browser performs related data operations and returns the result.
  • Control messages between the server and the terminal browser can interact with a custom internal protocol format.
  • the specific composition of the protocol field in this embodiment is shown in Figure 3.
  • the length of the protocol data is not fixed, and varies according to the number of parameters and the length of the parameter values.
  • T is used as a separator between the parts of the protocol field, and T is also used between the parameters.
  • the protocol parsing unit extracts relevant parameters according to the command. For example, if the browser receives a command to adjust the brightness of the screen of the terminal, it searches for the corresponding keyword in the field, and then extracts the brightness value parameter. Pass commands and parameters to the command execution unit. Finally, the command execution unit calls the corresponding system interface to complete the adjustment of the screen brightness control. If the authentication fails, you can give the user a corresponding prompt, and ask the user to log in.
  • Step 104 After receiving the command message, the terminal browser performs a corresponding operation, and returns the operation result to the server.
  • Step 105 The server sends an HTTP response to the front end of the webApp, and delivers the access result and the return data to the front end.
  • Step 106 After receiving the response, the webAp front end performs the corresponding subsequent action.
  • the webApp front end can display the results of the query after receiving the message.
  • connection relationship between the server and the terminal browser is relatively simple, and the positions of the network elements are equivalent, which is a typical star structure.
  • FIG. 4 is a schematic diagram of a server according to an embodiment of the present invention. As shown in FIG. 4, the server 10 of this embodiment includes:
  • the establishing module 11 may be further configured to put a peer-to-peer network connection with a browser of the terminal into a connection table.
  • the processing module 12, the authenticating the access may include: extracting, by the hypertext transfer protocol request, an application identifier and user login information of the browser; and detecting, by the application identifier, the browser If the version is legal, the user's access rights are detected according to the user login information. If the version of the browser is valid and the user has access rights, the authentication is passed.
  • the processing module 12 when processing according to the authentication result, may include: sending, by the browser, a corresponding access control command message, if the authentication is passed; if the authentication fails, the browsing is performed to the browser
  • the foregoing establishing module 11 and the processing module 12 may be configured by a central processing unit (CPU), a processor (MPU, a Micro Processing Unit), a digital signal processor (DSP), or Programmable Array (FPGA) implementation.
  • CPU central processing unit
  • MPU Micro Processing Unit
  • DSP digital signal processor
  • FPGA Programmable Array
  • FIG. 5 is a schematic diagram of an apparatus for accessing resources according to an embodiment of the present invention.
  • the apparatus for accessing a resource includes a browser installed on the terminal.
  • the apparatus 20 of this embodiment may include:
  • the processing module 22 is configured to receive an access control command message sent by the server, and perform access processing according to the access control command message.
  • sending module 21 and processing module 22 can be implemented by a CPU, MPU, DSP or FPGA of a device accessed by a resource.
  • the function modules in the server and the device in this embodiment may have different partitions according to specific functions.
  • the webApp server includes a user security level authentication unit, a protocol data processing unit, and a peer router (P2P). a communication control unit or the like; the terminal browser includes a protocol processing unit, a command execution unit, and a P2P communication control unit.
  • the web application front end cannot directly access the local resource by using the JS, and the webApp indirectly completes the access to the terminal resource and the device through the server, that is, the server and the terminal browser establish a dedicated control message channel, when the terminal resource needs to be accessed, The corresponding command message is sent to the terminal browser, and the browser performs the corresponding access operation after receiving the command and returns the result.
  • the user security level authentication unit of the server performs authentication according to the AppID and user login information of the terminal browser to determine the security access level of the webApp to the terminal resource, different security, etc.
  • the terminal resources and devices that the level allows to access are also different.
  • the server protocol processing unit receives the HTTP request and encapsulates the custom protocol data (the commands and parameters carried in the HTTP request), and then transmits the data to the communication control unit, and is also responsible for receiving the data from the communication control unit, and performing data on the data. Parsing and passing to the interactive interface single TL o
  • the server communication control unit is responsible for completing the establishment of the connection, managing the dedicated control message channel with each terminal browser, transmitting and receiving protocol data, etc., while maintaining a P2P connection table between the server and each terminal browser, when The connection channel is updated as soon as it changes.
  • the terminal browser side protocol processing unit also completes the parsing of the protocol data, and generates a control command to be transmitted to the command processing unit, and at the same time, the command execution result is encapsulated and transmitted to the communication unit and returned to the server.
  • the browser side command execution unit is configured to execute various operation instructions such as adjusting screen brightness, saving bookmarks, accessing bookmarks, vibrating the mobile phone, etc., and returning the execution result to the protocol processing unit.
  • the browser side P2P communication unit is responsible for establishing connections, transmitting and receiving protocol data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

Provided are a resource access method and apparatus, and a server and a terminal, wherein the method comprises: receiving, by the server, a hypertext transfer protocol request of accessed terminal resources, and establishing a specialised control message channel with a browser of a corresponding terminal; and authenticating, by the server, the hypertext transfer protocol request, and processing same according to an authentication result.

Description

一种资源访问的方法及装置、 服务器及终端 技术领域  Method, device, server and terminal for resource access

本发明涉及移动互联网技术, 具体涉及一种资源访问的方法及装置、 服务器及终端。 背景技术  The present invention relates to mobile internet technologies, and in particular, to a method and device for accessing resources, a server, and a terminal. Background technique

随着 HTML5 ( Hyper Text Markup Language5 , 超文本标记语言 5 )及 相关 WEB (网页)技术的发展, 目前釆用 HTML5技术开发 webApp (网 页应用程序)越来越被广大开发者接受和青睐,相对于传统的 native App(本 地应用程序), webApp有着开发成本较低、 升级较简单、 维护比较轻松且 无需安装不消耗用户存储空间等优越性,本质上所谓的 webApp就是一个针 对 Iphone、 Android (安卓)等移动终端优化后的 web站点, 其缺点也很明 显, 为了防止开发者对本地资源的滥用, 也为了保证用户的信息安全, webApp访问本地资源受限制, 如搜索本地数据库、 读取本地文件、 操作终 端硬件资源等。 发明内容  With the development of HTML5 (Hyper Text Markup Language 5) and related WEB (web page) technology, the development of webApp (web application) using HTML5 technology is increasingly accepted and favored by developers. The traditional native app (local application), webapp has the advantages of lower development cost, simpler upgrade, easier maintenance and no need to install and not consume user storage space. In essence, the so-called webApp is for Iphone, Android (Android). The disadvantages of web sites optimized by mobile terminals are also obvious. In order to prevent developers from abusing local resources and to ensure user information security, webApp access to local resources is restricted, such as searching local databases, reading local files, Operate terminal hardware resources, etc. Summary of the invention

有鉴于此, 本发明实施例提供一种资源访问的方法及装置、 服务器及 终端, 以保证 webApp对本地资源的安全访问。  In view of this, the embodiments of the present invention provide a method and device for accessing resources, a server, and a terminal, so as to ensure secure access of the webApp to local resources.

本发明实施例提供了一种资源访问的方法, 包括:  The embodiment of the invention provides a method for resource access, including:

服务器接收到访终端资源的超文本传输协议请求, 与对应终端的浏览 器建立专用控制消息通道;  The server receives the hypertext transfer protocol request of the visited terminal resource, and establishes a dedicated control message channel with the browser of the corresponding terminal;

所述服务器对所述超文本传输协议请求进行鉴权, 根据鉴权结果进行 处理。  The server authenticates the hypertext transfer protocol request and processes according to the authentication result.

优选的, 所述服务器与对应终端的浏览器建立专用控制消息通道后, 还包括: Preferably, after the server establishes a dedicated control message channel with the browser of the corresponding terminal, Also includes:

所述服务器将与所述终端的浏览器建立对等网络连接关系放入连接表。 优选的, 所述服务器对该访问进行鉴权包括:  The server will establish a peer-to-peer network connection relationship with the browser of the terminal into the connection table. Preferably, the server authenticating the access includes:

所述服务器从所述超文本传输协议请求中提取所述浏览器的应用标识 和用户登录信息;  The server extracts an application identifier and user login information of the browser from the hypertext transfer protocol request;

根据所述应用标识检测所述浏览器的版本是否合法, 根据所述用户登 录信息检测用户的访问权限, 如所述浏览器的版本合法且用户有访问权, 则鉴权通过。  And detecting, according to the application identifier, whether the version of the browser is legal, and detecting the access right of the user according to the user login information. If the version of the browser is legal and the user has the access right, the authentication is passed.

优选的, 所述服务器根据鉴权结果进行处理包括:  Preferably, the processing by the server according to the authentication result includes:

如鉴权通过, 则向所述浏览器发送相应的访问控制命令消息; 如鉴权 未通过, 则向所述浏览器发送访问受限消息。  If the authentication is passed, the corresponding access control command message is sent to the browser; if the authentication fails, the access restricted message is sent to the browser.

本发明实施例还提供了一种服务器, 其中, 包括:  The embodiment of the invention further provides a server, which includes:

建立模块, 配置为接收到超文本传输协议请求, 与对应终端的浏览器 建立专用控制消息通道;  Establishing a module, configured to receive a hypertext transfer protocol request, and establish a dedicated control message channel with a browser of the corresponding terminal;

处理模块, 配置为如发现所述超文本传输协议请求要访问所述终端的 资源, 则对该访问进行鉴权, 根据鉴权结果进行处理。  And the processing module is configured to: if the hypertext transfer protocol is requested to access the resource of the terminal, perform authentication on the access, and perform processing according to the authentication result.

优选的, 所述建立模块, 还配置为将与所述终端的浏览器建立对等网 络连接放入连接表。  Preferably, the establishing module is further configured to put a peer-to-peer network connection with a browser of the terminal into a connection table.

优选的, 所述处理模块对该访问进行鉴权包括: 从所述超文本传输协 议请求中提取所述浏览器的应用标识和用户登录信息; 根据所述应用标识 检测所述浏览器的版本是否合法, 根据所述用户登录信息检测用户的访问 权限, 如所述浏览器的版本合法且用户有访问权, 则鉴权通过。  Preferably, the processing module authenticating the access includes: extracting, by the hypertext transfer protocol request, an application identifier of the browser and user login information; and detecting, according to the application identifier, whether the version of the browser is If the version of the browser is legal and the user has access rights, the authentication is passed.

优选的, 所述处理模块根据鉴权结果进行处理包括: 如鉴权通过, 则 向所述浏览器发送相应的访问控制命令消息; 如鉴权未通过, 则向所述浏 览器发送访问受限消息。  Preferably, the processing by the processing module according to the authentication result includes: sending, by the browser, a corresponding access control command message, if the authentication is passed; if the authentication fails, sending the access restricted to the browser Message.

本发明实施例还提供了一种资源访问的方法, 包括: 打开网页应用时, 向服务器发送访问终端资源的超文本传输协议请求, 与所述服务器建立专用控制消息通道; The embodiment of the invention further provides a method for resource access, including: When the web application is opened, a hypertext transfer protocol request for accessing the terminal resource is sent to the server, and a dedicated control message channel is established with the server;

接收所述服务器发送的访问控制命令消息, 根据所述访问控制命令消 息进行访问处理。  Receiving an access control command message sent by the server, and performing access processing according to the access control command message.

优选的, 所述根据所述访问控制命令消息进行访问处理后包括: 将访问结果发送给所述服务器。  Preferably, after performing the access processing according to the access control command message, the method includes: sending an access result to the server.

本发明实施例还提供了一种资源访问的装置, 其中, 包括:  The embodiment of the invention further provides a device for accessing resources, which includes:

发送模块, 配置为打开网页应用时, 向服务器发送访问终端资源的超 文本传输协议请求, 与所述服务器建立专用控制消息通道;  a sending module, configured to open a webpage application, send a hypertext transfer protocol request for accessing the terminal resource to the server, and establish a dedicated control message channel with the server;

处理模块, 配置为接收所述服务器发送的访问控制命令消息, 根据所 述访问控制命令消息进行访问处理。  The processing module is configured to receive an access control command message sent by the server, and perform access processing according to the access control command message.

优选的, 所述处理模块还配置为, 在根据所述访问控制命令消息进行 访问处理后, 将访问结果发送给所述服务器。  Preferably, the processing module is further configured to: after the access processing is performed according to the access control command message, send the access result to the server.

优选的, 所述装置包括: 浏览器。  Preferably, the device comprises: a browser.

本发明实施例还提供一种终端, 包括上述的装置。  The embodiment of the invention further provides a terminal, including the above device.

本发明实施例还提供一种计算机可读存储介质, 所述存储介质包括一 本发明实施例还提供一种计算机可读存储介质, 所述存储介质包括一 组计算机可执行指令, 所述指令用于执行终端侧的资源访问的方法。  The embodiment of the present invention further provides a computer readable storage medium, the storage medium includes an embodiment of the invention, and a computer readable storage medium, the storage medium includes a set of computer executable instructions, and the instructions are used by the A method of performing resource access on the terminal side.

本发明实施例提供一种资源访问的方法及装置、 服务器及终端, 可以 保证 webApp对本地资源的安全访问。 附图说明  The embodiment of the invention provides a method, a device, a server and a terminal for resource access, which can ensure secure access of the webApp to local resources. DRAWINGS

图 1为本发明实施例终端侧的资源访问的方法的流程图;  1 is a flowchart of a method for resource access on a terminal side according to an embodiment of the present invention;

图 2为本发明实施例服务器侧的资源访问的方法的流程图;  2 is a flowchart of a method for resource access on a server side according to an embodiment of the present invention;

图 3为本发明实施例的协议字段的示意图; 图 4为本发明实施例的服务器的示意图; 3 is a schematic diagram of a protocol field according to an embodiment of the present invention; 4 is a schematic diagram of a server according to an embodiment of the present invention;

图 5为本发明实施例的资源访问的装置的示意图。 具体实施方式  FIG. 5 is a schematic diagram of an apparatus for resource access according to an embodiment of the present invention. detailed description

很多时候 webApp都是作为一种完成某个特殊任务的软件,功能相对较 为单一, 主要是用来满足用户某个特定的使用需求, 然而为了提升用户体 验、 使其充分发挥 webApp所特有的优越性的同时更好的取代 native App, webApp也需要具备部分 native App才有的特性, 其中很重要的一块就是如 何保证 webApp对本地资源的安全访问。  In many cases, webApps are software that performs a specific task. The functions are relatively simple. They are mainly used to meet a specific user's usage requirements. However, in order to enhance the user experience and make full use of the unique features of the webApp. At the same time, it is better to replace the native app. The webApp also needs to have some features of the native app. One of the most important ones is how to ensure the secure access of the webApp to local resources.

本发明实施例提供一种资源访问的方法,基于浏览器的 webApp安全访 问本地资源。 例如, 浏览器上集成了一个网络小说阅读软件, 该软件具有 夜间模式和日间切换功能, 还有保存书签、 查看书签功能等等, 当用户查 看书签列表时需要访问终端数据库, 而 webApp 本质上就是一个做的像 native App并通过浏览器内核展现出来的网页, 虽然目前出现一些技术可以 支持前端 JS ( Java script程序, 用以实现 WEB应用中的各种逻辑功能 ) 直 接访问本地资源, 如 phonegap等, 但为了防止开发者或某些恶意软件对本 地资源的滥用以及保护用户信息安全, 从而对其做了很多限制, 本方案提 供一种通过服务器鉴权的安全访问机制, 根据安全等级来确定可以访问哪 些终端资源及设备, 前端 JS需要访问某一本地资源时首先通知服务器, 服 务器鉴权通过后在专用的控制消息通道使用特殊的通信协议与终端浏览器 进行交互,以完成对终端资源的访问及设备的控制,并将结果反馈给前端。  The embodiment of the invention provides a method for resource access, and the browser-based webApp securely accesses local resources. For example, the browser integrates a web fiction reading software with night mode and day switching functions, as well as saving bookmarks, viewing bookmarks, etc., when the user views the bookmark list, the terminal database needs to be accessed, and the webApp is essentially It is a web page that is like a native app and displayed through the browser kernel. Although there are some technologies that can support front-end JS (Java script program, which is used to implement various logic functions in WEB applications), directly access local resources, such as phonegap. Etc., but in order to prevent the abuse of local resources by developers or some malware and to protect the security of user information, it has made many restrictions. This solution provides a secure access mechanism through server authentication, which is determined according to the security level. Which terminal resources and devices can be accessed. When the front-end JS needs to access a certain local resource, the server is first notified. After the server authentication is passed, the special control protocol is used to interact with the terminal browser in a dedicated control message channel to complete the terminal resource. Access and Control of the device and feedback the results to the front end.

为使本发明的目的、 技术方案和优点更加清楚明白, 下文中将结合附 图对本发明的实施例进行详细说明。 需要说明的是, 在不冲突的情况下, 本发明实施例及实施例中的特征可以相互任意组合。  In order to make the objects, the technical solutions and the advantages of the present invention more comprehensible, the embodiments of the present invention will be described in detail below. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments of the present invention may be arbitrarily combined with each other.

图 1为本发明实施例终端侧的资源访问的方法的流程图,如图 1所示, 本实施例的方法可以包括: 步骤 11、 终端打开网页应用时, 浏览器向服务器发送访问终端资源的 HTTP ( Hyper Text Transfer Protocol, 超文本传输协议)请求, 与所述服务 器建立专用控制消息通道; FIG. 1 is a flowchart of a method for accessing a resource on a terminal side according to an embodiment of the present invention. As shown in FIG. 1 , the method in this embodiment may include: Step 11: When the terminal opens the webpage application, the browser sends an HTTP (Hyper Text Transfer Protocol) request for accessing the terminal resource to the server, and establishes a dedicated control message channel with the server;

步骤 12、 终端的浏览器接收所述服务器发送的访问控制命令消息, 根 据所述访问控制命令消息进行访问处理。  Step 12: The browser of the terminal receives the access control command message sent by the server, and performs access processing according to the access control command message.

图 2为服务器侧的资源访问的方法的流程图, 如图 2所示, 本实施例 的方法可以包括:  2 is a flowchart of a method for resource access on the server side. As shown in FIG. 2, the method in this embodiment may include:

步骤 21、 服务器接收到 HTTP请求, 与对应终端的浏览器建立专用控 制消息通道;  Step 21: The server receives the HTTP request, and establishes a dedicated control message channel with the browser of the corresponding terminal.

步骤 22、 服务器如发现所述 HTTP请求要访问所述终端的资源, 则对 该访问进行鉴权, 根据鉴权结果进行处理。  Step 22: If the server finds that the HTTP request is to access the resource of the terminal, the server authenticates the access and performs processing according to the authentication result.

与现有技术相比较,本发明实施例旨在能够使 webApp安全访问终端资 源, 目前出现的技术如 phonegap框架也支持 web App直接访问本地资源, 但 phonegap无法保证终端资源不被滥用, 也不能保证用户信息安全, 为了 确保用户信息安全, 于是在终端资源访问方面做了很多限制, 其他一些类 似的技术标准也大都釆用访问限制的办法, 本发明实施例釆用通过服务器 间接访问的方式, 在服务器统一进行安全管理, 一定程度上很好的避免了 上述问题。  Compared with the prior art, the embodiment of the present invention aims to enable the webApp to securely access terminal resources. Currently, technologies such as the phonegap framework also support web applications to directly access local resources, but phonegap cannot guarantee that terminal resources are not abused or guaranteed. The user information is secure. In order to ensure the security of the user information, there are many restrictions on the access of the terminal resources. Other similar technical standards also use the access restriction method. The embodiment of the present invention uses the indirect access method through the server. The server performs security management in a unified manner, which avoids the above problems to some extent.

以下以一具体实施例的整体流程对本发明进行详细的说明, 可以包括 以下步骤:  The present invention will be described in detail below with reference to the overall flow of a specific embodiment, which may include the following steps:

步骤 101、首先当用户打开一个 webApp时,向服务器发送 HTTP请求; 服务器根据 HTTP请求头字段获取用户终端信息, 建立与终端浏览器 之间的专用控制信息通道。  Step 101: First, when the user opens a webApp, send an HTTP request to the server; the server acquires the user terminal information according to the HTTP request header field, and establishes a dedicated control information channel with the terminal browser.

webAp 运行在浏览器上。  webAp runs on the browser.

本实施例中,连接控制管理模块负责建立与终端浏览器之间 P2P连接, 并放入连接表进行管理, 管理模块可根据终端状态或网络状况关闭连接和 删除连接表中相应索引, 根据服务器要求对连接表进行检索等。 步骤 102、 服务器收到 HTTP请求后, 发现需要访问终端资源(如访问 终端数据库获取书签等), 于是调用鉴权模块计算访问安全等级, 根据安全 等级确定是否允许访问的终端资源。 In this embodiment, the connection control management module is responsible for establishing a P2P connection with the terminal browser, and placing the connection table for management, and the management module can close the connection according to the terminal status or network status. Delete the corresponding index in the connection table, retrieve the connection table according to the server requirements, and so on. Step 102: After receiving the HTTP request, the server finds that it needs to access the terminal resource (such as accessing the terminal database to obtain a bookmark, etc.), and then invokes the authentication module to calculate the access security level, and determines whether the accessed terminal resource is allowed according to the security level.

本发明实施例中, 用户安全等级可以由终端浏览器 AppID及用户登录 信息所决定。 服务器首先提取终端浏览器 AppID及用户登录信息; 然后根 据终端浏览器的 AppID确定是否为官方渠道发布版本, 由于官方渠道发布 的应用事先都经过一定的检测, 确保不会附带恶意插件等, 具有一定的可 靠性, 于是将其安全等级设置为 1, 允许在此浏览器上运行的 webApp具备 一定的终端资源访问权限; 再者检查用户登录信息, 如用户已经是登录用 户, 则自动拥有最高的访问权限。  In the embodiment of the present invention, the user security level may be determined by the terminal browser AppID and the user login information. The server first extracts the terminal browser AppID and the user login information; and then determines whether to publish the version for the official channel according to the AppID of the terminal browser. Since the application published by the official channel has been tested in advance, it is ensured that the malicious plug-in is not included, and has certain Reliability, so set its security level to 1, allowing webApps running on this browser to have certain terminal resource access rights; then checking user login information, such as the user is already a logged-in user, automatically has the highest access Permissions.

步骤 103、如果鉴权通过, 则服务器向终端浏览器发送相应的控制命令 消息。  Step 103: If the authentication is passed, the server sends a corresponding control command message to the terminal browser.

其中, 相应的控制命令消息与 webApp发送的请求相对应, 如 webApp 要访问终端数据库, 就会向服务器发送的 HTTP请求, 服务器收到请求后 发现需要访问终端上的数据库, 于是再向终端浏览器通过专用的控制信息 通道发送请求访问数据库的消息, 浏览器接收到此消息后执行相关的数据 操作并返回结果。  The corresponding control command message corresponds to the request sent by the webApp. For example, if the webApp wants to access the terminal database, the HTTP request sent to the server, after receiving the request, the server finds that it needs to access the database on the terminal, and then goes to the terminal browser. The message requesting access to the database is sent through a dedicated control information channel, and after receiving the message, the browser performs related data operations and returns the result.

服务器与终端浏览器之间的控制消息可以交互釆用自定义的内部协议 格式。 本实施例的协议字段具体组成如图 3 所示, 协议数据长度不固定, 根据参数的个数及参数值的长度而变化。 协议字段各部分之间使用 T 作 为分隔符, 包括参数之间也同样使用 T分割。协议解析单元根据 command (命令) 来提取相关参数, 例如, 浏览器收到要求调节终端屏幕亮度的命 令, 则会在字段中查找相应的关键字, 然后提取亮度值参数。 将命令和参 数传递给命令执行单元。 最后由命令执行单元调用相应的系统接口, 完成 调节屏幕亮度控制。 如鉴权未通过, 可以给用户相应的提示, 并请用户登录等。 步骤 104、终端浏览器接收到命令消息后执行相应的操作, 并将操作结 果返回服务器。 Control messages between the server and the terminal browser can interact with a custom internal protocol format. The specific composition of the protocol field in this embodiment is shown in Figure 3. The length of the protocol data is not fixed, and varies according to the number of parameters and the length of the parameter values. T is used as a separator between the parts of the protocol field, and T is also used between the parameters. The protocol parsing unit extracts relevant parameters according to the command. For example, if the browser receives a command to adjust the brightness of the screen of the terminal, it searches for the corresponding keyword in the field, and then extracts the brightness value parameter. Pass commands and parameters to the command execution unit. Finally, the command execution unit calls the corresponding system interface to complete the adjustment of the screen brightness control. If the authentication fails, you can give the user a corresponding prompt, and ask the user to log in. Step 104: After receiving the command message, the terminal browser performs a corresponding operation, and returns the operation result to the server.

例如, 服务器发送给终端浏览器的消息中包含的操作本地资源的请求, 如服务器请求访问终端本地的数据库, 则浏览器接收并解析此消息后便会 执行访问数据库的操作, 并向服务器返回操作结果。  For example, the request sent by the server to the terminal browser to operate the local resource, such as the server requesting access to the local database of the terminal, the browser will perform the operation of accessing the database after receiving and parsing the message, and return the operation to the server. result.

步骤 105、 服务器向 webApp前端发送 HTTP响应, 将访问结果及返回 数据传递给前端。  Step 105: The server sends an HTTP response to the front end of the webApp, and delivers the access result and the return data to the front end.

步骤 106、 webAp 前端收到响应后再执行相应的后续动作。  Step 106: After receiving the response, the webAp front end performs the corresponding subsequent action.

例如, webApp前端收到消息后可以显示查询结果。  For example, the webApp front end can display the results of the query after receiving the message.

服务器与终端浏览器之间的连接关系比较简单, 各网元之间地位对等, 属于典型的星型结构。  The connection relationship between the server and the terminal browser is relatively simple, and the positions of the network elements are equivalent, which is a typical star structure.

图 4为本发明实施例的服务器的示意图, 如图 4所示, 本实施例的服 务器 10包括:  FIG. 4 is a schematic diagram of a server according to an embodiment of the present invention. As shown in FIG. 4, the server 10 of this embodiment includes:

建立模块 11, 配置为接收到超文本传输协议请求, 与对应终端的浏览 器建立专用控制消息通道;  The establishing module 11 is configured to receive the hypertext transfer protocol request, and establish a dedicated control message channel with the browser of the corresponding terminal;

处理模块 12, 配置为如发现所述超文本传输协议请求要访问所述终端 的资源, 则对该访问进行鉴权, 根据鉴权结果进行处理。  The processing module 12 is configured to: if the hypertext transfer protocol is requested to access the resource of the terminal, perform authentication on the access, and perform processing according to the authentication result.

其中, 所述建立模块 11, 还可以配置为将与所述终端的浏览器建立对 等网络连接放入连接表。  The establishing module 11 may be further configured to put a peer-to-peer network connection with a browser of the terminal into a connection table.

其中, 所述处理模块 12, 对该访问进行鉴权可以包括: 从所述超文本 传输协议请求中提取所述浏览器的应用标识和用户登录信息; 根据所述应 用标识检测所述浏览器的版本是否合法, 根据所述用户登录信息检测用户 的访问权限, 如所述浏览器的版本合法且用户有访问权, 则鉴权通过。  The processing module 12, the authenticating the access may include: extracting, by the hypertext transfer protocol request, an application identifier and user login information of the browser; and detecting, by the application identifier, the browser If the version is legal, the user's access rights are detected according to the user login information. If the version of the browser is valid and the user has access rights, the authentication is passed.

所述处理模块 12, 根据鉴权结果进行处理可以包括: 如鉴权通过, 则 向所述浏览器发送相应的访问控制命令消息; 如鉴权未通过, 则向所述浏 需要说明的是, 上述建立模块 11和处理模块 12可以由服务器的中央 处理器(CPU, Central Processing Unit ), 处理器(MPU, Micro Processing Unit )、 数字信号处理器(DSP, Digital Signal Processor )或可编程逻辑阵列 ( FPGA, Field - Programmable Gate Array ) 实现。 The processing module 12, when processing according to the authentication result, may include: sending, by the browser, a corresponding access control command message, if the authentication is passed; if the authentication fails, the browsing is performed to the browser It should be noted that the foregoing establishing module 11 and the processing module 12 may be configured by a central processing unit (CPU), a processor (MPU, a Micro Processing Unit), a digital signal processor (DSP), or Programmable Array (FPGA) implementation.

图 5 为本发明实施例的资源访问的装置的示意图, 本实施例中, 所述 资源访问的装置包括安装在终端上的浏览器, 如图 5 所示, 本实施例的装 置 20可以包括:  FIG. 5 is a schematic diagram of an apparatus for accessing resources according to an embodiment of the present invention. In this embodiment, the apparatus for accessing a resource includes a browser installed on the terminal. As shown in FIG. 5, the apparatus 20 of this embodiment may include:

发送模块 21, 配置为打开网页应用时, 向服务器发送访问终端资源的 超文本传输协议请求, 与所述服务器建立专用控制消息通道;  The sending module 21 is configured to: when the webpage application is opened, send a hypertext transfer protocol request for accessing the terminal resource to the server, and establish a dedicated control message channel with the server;

处理模块 22, 配置为接收所述服务器发送的访问控制命令消息, 根据 所述访问控制命令消息进行访问处理。  The processing module 22 is configured to receive an access control command message sent by the server, and perform access processing according to the access control command message.

其中, 所述处理模块 22, 还可以配置为根据所述访问控制命令消息进 行访问处理后, 将访问结果发送给所述服务器。  The processing module 22 may be further configured to: after performing the access processing according to the access control command message, send the access result to the server.

需要说明的是, 上述发送模块 21和处理模块 22可以由资源访问的装 置的 CPU、 MPU、 DSP或 FPGA实现。  It should be noted that the foregoing sending module 21 and processing module 22 can be implemented by a CPU, MPU, DSP or FPGA of a device accessed by a resource.

当然, 根据具体功能, 本实施例的服务器和装置中的功能模块可以有 不同的划分,如本发明实施例中 webApp服务器包含用户安全等级鉴定单元、 协议数据处理单元、 P2P ( PeertoPeer, 对等网络)通信控制单元等; 终端 浏览器则包含协议处理单元、 命令执行单元及 P2P通信控制单元。  Of course, the function modules in the server and the device in this embodiment may have different partitions according to specific functions. For example, the webApp server includes a user security level authentication unit, a protocol data processing unit, and a peer router (P2P). a communication control unit or the like; the terminal browser includes a protocol processing unit, a command execution unit, and a P2P communication control unit.

本发明实施例中 webApp前端无法使用 JS直接访问本地资源, webApp 通过服务器间接完成对终端资源及设备的访问, 即服务器与终端浏览器之 间建立专用的控制消息通道, 当需要访问终端资源时则向终端浏览器发送 相应的命令消息, 浏览器接收到命令后执行相应的访问操作并返回结果。  In the embodiment of the present invention, the web application front end cannot directly access the local resource by using the JS, and the webApp indirectly completes the access to the terminal resource and the device through the server, that is, the server and the terminal browser establish a dedicated control message channel, when the terminal resource needs to be accessed, The corresponding command message is sent to the terminal browser, and the browser performs the corresponding access operation after receiving the command and returns the result.

服务器的用户安全等级鉴定单元根据终端浏览器的 AppID和用户登录 信息进行鉴权, 以确定 webApp对终端资源的安全访问等级,不同的安全等 级允许访问的终端资源及设备也不同。 The user security level authentication unit of the server performs authentication according to the AppID and user login information of the terminal browser to determine the security access level of the webApp to the terminal resource, different security, etc. The terminal resources and devices that the level allows to access are also different.

服务器协议处理单元接收 HTTP请求, 并将其 ( HTTP请求中携带的命 令及参数)封装自定义的协议数据, 然后传给通信控制单元, 同时也负责 接收来自通信控制单元的数据, 并对数据进行解析然后传递给交互接口单 TL o  The server protocol processing unit receives the HTTP request and encapsulates the custom protocol data (the commands and parameters carried in the HTTP request), and then transmits the data to the communication control unit, and is also responsible for receiving the data from the communication control unit, and performing data on the data. Parsing and passing to the interactive interface single TL o

服务器通信控制单元负责完成建立连接, 管理与各终端浏览器之间的 专用控制消息通道, 传送和接收协议数据等, 同时维护一张服务器与各终 端浏览器之间的 P2P连接表, 当某个连接通道发生变化时则即时更新。  The server communication control unit is responsible for completing the establishment of the connection, managing the dedicated control message channel with each terminal browser, transmitting and receiving protocol data, etc., while maintaining a P2P connection table between the server and each terminal browser, when The connection channel is updated as soon as it changes.

终端浏览器侧协议处理单元同样完成协议数据的解析, 并生成控制命 令传递给命令处理单元, 同时将命令执行结果封装后传递给通信单元返回 给服务器。  The terminal browser side protocol processing unit also completes the parsing of the protocol data, and generates a control command to be transmitted to the command processing unit, and at the same time, the command execution result is encapsulated and transmitted to the communication unit and returned to the server.

浏览器侧命令执行单元用以执行各种操作指令, 如调节屏幕亮度、 保 存书签、 访问书签、 震动手机等, 并将执行结果返回协议处理单元。  The browser side command execution unit is configured to execute various operation instructions such as adjusting screen brightness, saving bookmarks, accessing bookmarks, vibrating the mobile phone, etc., and returning the execution result to the protocol processing unit.

浏览器侧 P2P通信单元负责建立连接, 传递和接收协议数据。  The browser side P2P communication unit is responsible for establishing connections, transmitting and receiving protocol data.

本发明实施例还提供一种计算机可读存储介质, 所述存储介质包括一 本发明实施例还提供一种计算机可读存储介质, 所述存储介质包括一 组计算机可执行指令, 所述指令用于执行终端侧的资源访问的方法。  The embodiment of the present invention further provides a computer readable storage medium, the storage medium includes an embodiment of the invention, and a computer readable storage medium, the storage medium includes a set of computer executable instructions, and the instructions are used by the A method of performing resource access on the terminal side.

本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程 序来指令相关硬件完成, 所述程序可以存储于计算机可读存储介质中, 如 只读存储器、 磁盘或光盘等。 可选地, 上述实施例的全部或部分步骤也可 以使用一个或多个集成电路来实现。 相应地, 上述实施例中的各模块 /单元 可以釆用硬件的形式实现, 也可以釆用软件功能模块的形式实现。 本发明 不限制于任何特定形式的硬件和软件的结合。  One of ordinary skill in the art will appreciate that all or a portion of the above steps may be accomplished by instructions to the associated hardware, which may be stored in a computer readable storage medium, such as a read only memory, a magnetic disk, or an optical disk. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the above embodiment may be implemented in the form of hardware or in the form of a software function module. The invention is not limited to any specific form of combination of hardware and software.

以上仅为本发明的优选实施例, 当然,本发明还可有其他多种实施例, 在不背离本发明精神及其实质的情况下, 熟悉本领域的技术人员当可根据 本发明作出各种相应的改变和变形, 但这些相应的改变和变形都应属于本 发明所附的权利要求的保护范围。 The above is only a preferred embodiment of the present invention, and of course, the present invention may be embodied in various other embodiments without departing from the spirit and scope of the present invention. The invention is susceptible to various modifications and variations, which are intended to be included within the scope of the appended claims.

Claims

权利要求书 claims 1、 一种资源访问的方法, 包括: 1. A method of resource access, including: 服务器接收到访终端资源的超文本传输协议请求, 与对应终端的浏 览器建立专用控制消息通道; The server receives the Hypertext Transfer Protocol request for the accessed terminal resource and establishes a dedicated control message channel with the browser of the corresponding terminal; 所述服务器对所述超文本传输协议请求进行鉴权, 根据鉴权结果进 行处理。 The server authenticates the Hypertext Transfer Protocol request and processes it according to the authentication result. 2、 如权利要求 1所述的方法, 其中, 所述服务器与对应终端的浏览 器建立专用控制消息通道后, 还包括: 2. The method of claim 1, wherein after the server establishes a dedicated control message channel with the browser of the corresponding terminal, it further includes: 所述服务器将与所述终端的浏览器建立对等网络连接关系放入连接 表。 The server will establish a peer-to-peer network connection relationship with the browser of the terminal and put it into the connection table. 3、 如权利要求 1所述的方法, 其中, 所述服务器对该访问进行鉴权 包括: 3. The method of claim 1, wherein the server authenticating the access includes: 所述服务器从所述超文本传输协议请求中提取所述浏览器的应用标 识和用户登录信息; The server extracts the application identification and user login information of the browser from the Hypertext Transfer Protocol request; 根据所述应用标识检测所述浏览器的版本是否合法, 根据所述用户 登录信息检测用户的访问权限, 如所述浏览器的版本合法且用户有访问 权, 则鉴权通过。 Detect whether the version of the browser is legal based on the application identifier, and detect the user's access rights based on the user login information. If the version of the browser is legal and the user has access rights, the authentication is passed. 4、 如权利要求 1-3任一项所述的方法, 其中, 所述服务器根据鉴权 结果进行处理包括: 4. The method according to any one of claims 1-3, wherein the server performs processing according to the authentication result including: 如鉴权通过, 则向所述浏览器发送相应的访问控制命令消息; 如鉴 权未通过, 则向所述浏览器发送访问受限消息。 If the authentication passes, a corresponding access control command message is sent to the browser; if the authentication fails, an access restricted message is sent to the browser. 5、 一种服务器, 包括: 5. A server, including: 建立模块, 配置为接收到超文本传输协议请求, 与对应终端的浏览 器建立专用控制消息通道; Establish a module configured to receive a Hypertext Transfer Protocol request and establish a dedicated control message channel with the browser of the corresponding terminal; 处理模块, 配置为如发现所述超文本传输协议请求要访问所述终端 的资源, 则对该访问进行鉴权, 根据鉴权结果进行处理。 a processing module configured to upon discovery of the Hypertext Transfer Protocol request to access the terminal resources, the access will be authenticated and processed based on the authentication results. 6、 如权利要求 5所述的服务器, 其中, 6. The server as claimed in claim 5, wherein, 所述建立模块, 还配置为将与所述终端的浏览器建立对等网络连接 放入连接表。 The establishment module is also configured to put the peer-to-peer network connection established with the browser of the terminal into the connection table. 7、 如权利要求 5所述的服务器, 其中, 7. The server as claimed in claim 5, wherein, 所述处理模块, 对该访问进行鉴权包括: 从所述超文本传输协议请 求中提取所述浏览器的应用标识和用户登录信息; 根据所述应用标识检 测所述浏览器的版本是否合法, 根据所述用户登录信息检测用户的访问 权限, 如所述浏览器的版本合法且用户有访问权, 则鉴权通过。 The processing module, authenticating the access includes: extracting the application identification and user login information of the browser from the Hypertext Transfer Protocol request; detecting whether the version of the browser is legal based on the application identification, The user's access rights are detected based on the user login information. If the version of the browser is legal and the user has access rights, the authentication is passed. 8、 如权利要求 5-7任一项所述的服务器, 其中, 8. The server according to any one of claims 5-7, wherein, 所述处理模块, 根据鉴权结果进行处理包括: 如鉴权通过, 则向所 述浏览器发送相应的访问控制命令消息; 如鉴权未通过, 则向所述浏览 器发送访问受限消息。 The processing module, which performs processing according to the authentication result, includes: if the authentication passes, sending a corresponding access control command message to the browser; if the authentication fails, sending an access restricted message to the browser. 9、 一种资源访问的方法, 包括: 9. A method of resource access, including: 打开网页应用时, 向服务器发送访问终端资源的超文本传输协议请 求, 与所述服务器建立专用控制消息通道; When opening a web application, send a Hypertext Transfer Protocol request to access terminal resources to the server, and establish a dedicated control message channel with the server; 接收所述服务器发送的访问控制命令消息, 根据所述访问控制命令 消息进行访问处理。 Receive the access control command message sent by the server, and perform access processing according to the access control command message. 10、 如权利要求 9所述的方法, 其中, 所述根据所述访问控制命令 消息进行访问处理后包括: 10. The method according to claim 9, wherein the access processing according to the access control command message includes: 将访问结果发送给所述服务器。 Send the access results to the server. 11、 一种资源访问的装置, 包括: 11. A resource access device, including: 发送模块, 配置为打开网页应用时, 向服务器发送访问终端资源的 超文本传输协议请求, 与所述服务器建立专用控制消息通道; The sending module is configured to send a Hypertext Transfer Protocol request for accessing terminal resources to the server when the web application is opened, and establish a dedicated control message channel with the server; 处理模块, 配置为接收所述服务器发送的访问控制命令消息, 根据 所述访问控制命令消息进行访问处理。 The processing module is configured to receive the access control command message sent by the server, and perform access processing according to the access control command message. 12、 如权利要求 11所述的装置, 其中, 12. The device of claim 11, wherein, 所述处理模块还配置为, 在根据所述访问控制命令消息进行访问处 理后, 将访问结果发送给所述服务器。 The processing module is also configured to, after performing access processing according to the access control command message, send the access result to the server. 13、 如权利要求 11或 12所述的装置, 其中, 13. The device according to claim 11 or 12, wherein, 所述装置包括: 浏览器。 The device includes: a browser. 14、 一种终端, 其特征在于, 包括如权利要求 11-13任一项所述的装 置。 14. A terminal, characterized by comprising the device according to any one of claims 11-13. 15、 一种计算机可读存储介质, 所述存储介质包括一组计算机可执 行指令, 所述指令用于执行权利要求 1-4任一项所述的资源访问的方法。 15. A computer-readable storage medium, the storage medium includes a set of computer-executable instructions, the instructions are used to execute the resource access method described in any one of claims 1-4. 16、 一种计算机可读存储介质, 所述存储介质包括一组计算机可执 行指令,所述指令用于执行权利要求 9-10任一项所述的资源访问的方法。 16. A computer-readable storage medium, the storage medium comprising a set of computer-executable instructions, the instructions being used to execute the resource access method described in any one of claims 9-10.
PCT/CN2014/080233 2013-11-26 2014-06-18 Resource access method and apparatus, and server and terminal Ceased WO2015078170A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310624479.1A CN104683297A (en) 2013-11-26 2013-11-26 Resource access method and device, server and terminal
CN201310624479.1 2013-11-26

Publications (1)

Publication Number Publication Date
WO2015078170A1 true WO2015078170A1 (en) 2015-06-04

Family

ID=53198296

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/080233 Ceased WO2015078170A1 (en) 2013-11-26 2014-06-18 Resource access method and apparatus, and server and terminal

Country Status (2)

Country Link
CN (1) CN104683297A (en)
WO (1) WO2015078170A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109241343A (en) * 2018-07-27 2019-01-18 北京奇艺世纪科技有限公司 A kind of brush amount user identifying system, method and device
CN113918902A (en) * 2021-09-16 2022-01-11 广州心娱网络科技有限公司 A back-end-based authorization authentication method and device
CN115065516A (en) * 2022-06-06 2022-09-16 上海华信长安网络科技有限公司 Method and device for requesting authentication by self-definition for VOIP equipment
WO2023104117A1 (en) * 2021-12-09 2023-06-15 中兴通讯股份有限公司 Resource access method and system, electronic device, and computer-readable storage medium

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106549989B (en) * 2015-09-17 2020-02-18 腾讯科技(深圳)有限公司 Data transmission method and system, user terminal and application server
CN105933766B (en) * 2016-01-21 2019-01-15 东方明珠新媒体股份有限公司 WebOS system and set-top box based on set-top box
CN106101127A (en) * 2016-06-30 2016-11-09 Tcl集团股份有限公司 A kind of weight discriminating methods, devices and systems
CN108390844A (en) * 2017-06-30 2018-08-10 勤智数码科技股份有限公司 A method-level device for data security access through a trusted third party
CN112632159B (en) * 2020-12-01 2021-09-28 腾讯科技(深圳)有限公司 Database access control method and device, electronic equipment and storage medium
CN114021046A (en) * 2021-11-09 2022-02-08 山东志盈医学科技有限公司 Method and device for calling local resources of pathological system in different browsers

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2226988A1 (en) * 2009-03-03 2010-09-08 NEC Corporation Method for accessing to local resources of a client terminal in a client/server architecture
CN102414690A (en) * 2009-04-27 2012-04-11 高通股份有限公司 Method and apparatus for creating a secure web browsing environment with privilege signing
CN102611709A (en) * 2012-03-31 2012-07-25 奇智软件(北京)有限公司 Access control method and system for third party resources
CN102929638A (en) * 2012-11-07 2013-02-13 广州市动景计算机科技有限公司 Method and system for expanding Web application (App) functions

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9152732B2 (en) * 2011-11-02 2015-10-06 Microsoft Technology Licensing, Llc. Browser cache assist for accessing web-based content

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2226988A1 (en) * 2009-03-03 2010-09-08 NEC Corporation Method for accessing to local resources of a client terminal in a client/server architecture
CN102414690A (en) * 2009-04-27 2012-04-11 高通股份有限公司 Method and apparatus for creating a secure web browsing environment with privilege signing
CN102611709A (en) * 2012-03-31 2012-07-25 奇智软件(北京)有限公司 Access control method and system for third party resources
CN102929638A (en) * 2012-11-07 2013-02-13 广州市动景计算机科技有限公司 Method and system for expanding Web application (App) functions

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109241343A (en) * 2018-07-27 2019-01-18 北京奇艺世纪科技有限公司 A kind of brush amount user identifying system, method and device
CN113918902A (en) * 2021-09-16 2022-01-11 广州心娱网络科技有限公司 A back-end-based authorization authentication method and device
WO2023104117A1 (en) * 2021-12-09 2023-06-15 中兴通讯股份有限公司 Resource access method and system, electronic device, and computer-readable storage medium
CN115065516A (en) * 2022-06-06 2022-09-16 上海华信长安网络科技有限公司 Method and device for requesting authentication by self-definition for VOIP equipment
CN115065516B (en) * 2022-06-06 2024-04-09 上海华信长安网络科技有限公司 Method and device for user-defined request authentication of VOIP equipment

Also Published As

Publication number Publication date
CN104683297A (en) 2015-06-03

Similar Documents

Publication Publication Date Title
WO2015078170A1 (en) Resource access method and apparatus, and server and terminal
US9954855B2 (en) Login method and apparatus, and open platform system
US10484385B2 (en) Accessing an application through application clients and web browsers
CN101431713B (en) Resource access method and device
CN104580406B (en) A kind of method and apparatus of synchronous logging state
WO2017067227A1 (en) Third party account number authorisation method, device, server, and system
WO2012126263A1 (en) Device, system and method for accessing internet web page
CN104468592B (en) Login method and login system
CN103036871B (en) Support device and method of application plug-in of browser
CN107690792A (en) Single sign-on for unmanaged mobile devices
CN102624737A (en) Single sign-on integration method for Form identity authentication in single sign-on system
CN106899549B (en) Network security detection method and device
CN103023976B (en) A kind of apparatus and method of browser application plug-in extension
WO2017008581A1 (en) Method, client, and system for testing application
CN104618412A (en) Page skipping method and device
US9471533B1 (en) Defenses against use of tainted cache
US10574703B1 (en) Content delivery employing multiple security levels
CN105379195A (en) Information sharing method and device
US20130036154A1 (en) Intelligent content delivery
US8381269B2 (en) System architecture and method for secure web browsing using public computers
WO2014094611A1 (en) Method and device for uploading data to social platform
WO2018076712A1 (en) Terminal authentication method and device
US20190347407A1 (en) Detecting client-side exploits in web applications
US9398066B1 (en) Server defenses against use of tainted cache
US20240406285A1 (en) Inserting and replacing placeholders in resource code

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14865933

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14865933

Country of ref document: EP

Kind code of ref document: A1