Method, device and system for controlling safety of service access

Abstract

The invention discloses a method, device and system for controlling safety of service access. The method comprises the following steps: acquiring a user session identification from a service request message initiated by a user; based on the user session identification, reading user permission information corresponding to the user session identification from a cache container, wherein the cache container caches the user permission information; and authorizing the service request of the user based on the user permission information. In the technical scheme adopted by the invention, a caching technology is used, thus the safety of user service access is effectively improved, and the service access efficiency is enhanced.

Description

technical field [0001] The present invention relates to information security technology, in particular to a security control method, device and system for access services. Background technique [0002] With the development of computer and network technology, informatization has become an important direction for the development of various industries. For example, industries such as finance, transportation, electric power, telecommunications, insurance and government affairs have all carried out informatization construction. Informatization construction has brought convenience to the development of various industries and improved the management and work efficiency of the industry. Among them, the security of information systems is very important. For example, in industries such as finance, electric power, and transportation, the security of information systems is to ensure The key to the application of information systems. [0003] The information system is a complex system, ...

AI Technical Summary

Problems solved by technology

However, in the existing control method for user access to services, each time a user accesses a service, he needs to access the system database, and these databases are usually stored on a specific storage device, which makes accessing the system database take a long time and affects users. Access business efficiency; moreover, since the user authorization information stored in the system database is generally fixed, the system cannot dynamically change user authorization, or it is very difficult to dynamically change user authorization, which also affects the security of access services, for example, for Some suspicious users who are using the system must modify the data in the system database when the system needs to limit their business access rights; in addition, the existing information system generally controls the user interface (User Interface, UI) operation buttons according to the user's authority. , forms, content, etc., lack of fine-grained control of business permissions in the system, and cannot fine-grained control of user permissions

For example, the Java EE application server application platform is an important development tool, Java EE middleware has been widely used in the construction of information systems, and the standard EJB 3.0 security model design in the Java EE application server is based on metadata and extensible Markup Language (Extensible Markup Language, XML) configuration file method, and its security control will change during the actual operation of the system, but the use of metadata and XML data lacks flexibility, and cannot be dynamically changed during system operation. Authorization of

[0004] To sum up, when the user access authority control of the existing information system requires frequent access to the system database to authorize the user, the efficiency of user access to the service is low and the resource consumption is high; moreover, because the system database information is generally Fixed, the user authorization cannot be dynamically changed during system operation, resulting in security risks in system operation

Images