Cross-domain access control method, electronic equipment and storage medium

Abstract

The invention provides a cross-domain access control method, electronic equipment and a storage medium, and the method comprises the steps: obtaining a cross-domain resource address corresponding to a specified user in response to a resource list obtaining request sent by a browser where the specified user is located; generating a new address according to the resource address and the first time, and issuing the new address to a browser where the specified user is located; in response to a resource access request sent by a browser where the specified user is located, verifying the new address according to the new address carried by the resource access request; after the new address passes the verification, obtaining a resource address according to the new address; and according to the resource address, requesting resource content from a resource server corresponding to the resource address and returning the resource content to a browser where the specified user is located. According to the method, the problem that access cannot be carried out due to the fact that legality verification cannot be carried out during cross-domain access is solved.

Description

technical field [0001] The present application relates to the field of communication technologies, and in particular to a cross-domain access control method, electronic equipment, and a computer-readable storage medium. Background technique [0002] Currently, sslvpn encrypts the data between the user and the service server through the ssl tunnel to protect the service resource server. Before the SSL tunnel is established, the user performs identity authentication. After the authentication is passed, a session is created. The SSLVPN gateway traverses resources and sends the resources associated with the user's role to the client browser. [0003] WEBVPN is an implementation scheme of SSLVPN for the seven-layer proxy. The existing WEBVPN accesses and logs in to vpn resources through domain names. Assume that the login domain name is vpn.topsec.com. After successful login, when accessing resources, the resource domain name must be a subclass of the login domain name. Domain n...

AI Technical Summary

Problems solved by technology

If there is no parent-child relationship between the login domain name and the resource domain name, there will be a cross-domain problem. For example, the login domain name is vpn.topsec.com, and the resource domain name is app1.topsec.com. At this time, the user logs in through the domain name vpn.topsec.com After the vpn device, the session information of the successful login authentication is saved in the cookie of the vpn.topsec.com domain, but when the user visits app1.topsec.com, the two domain names belong to different domains, and the vpn device starts from app1.topsec.com. The authentication session information of the user cannot be obtained in the cookie of the com domain, so that the validity verification cannot be performed, resulting in the failure of normal access

[0004] It can be seen that in the actual project deployment, in order to reduce costs, there are some application scenarios where the login domain name and the resource domain name are the same level domain name and have no parent-child relationship. The problem that prevented access to the resource

Images