Interface authorization method and device, electronic equipment and storage medium

By using the interface authorization method, the permission request of the target platform is obtained and the call operation is executed, which solves the problem that the Ranger system cannot simultaneously authorize Hive database table and HDFS path permissions, and realizes simultaneous authorization of target database and target table.

CN115544546BActive Publication Date: 2026-06-05BEIJING KINGSOFT CLOUD NETWORK TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
BEIJING KINGSOFT CLOUD NETWORK TECH CO LTD
Filing Date
2022-10-11
Publication Date
2026-06-05

Smart Images

  • Figure CN115544546B_ABST
    Figure CN115544546B_ABST
Patent Text Reader

Abstract

The application provides an interface authorization method and device, electronic equipment and a storage medium, wherein the method comprises: obtaining a permission acquisition request from a target platform; in response to the library permission acquisition sub-request, performing a first calling operation on a target library authorization interface and obtaining a first calling result; in response to the table permission acquisition sub-request, performing a second calling operation on a target table authorization interface and obtaining a second calling result; and in a case where it is determined that the first calling result and the second calling result meet a preset authorization requirement, performing an interface authorization operation, wherein the interface authorization operation is used for authorizing the target library authorization interface and / or the target table authorization interface to the target platform. Through the application, the technical problem that the permission of simultaneously authorizing the library table and the library table path in the library cannot be solved in the related art is solved.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of cloud computing technology, and in particular to an interface licensing method and apparatus, electronic device and storage medium. Background Technology

[0002] Currently, big data cloud platforms are being used more and more, and Ranger, as a component of the Apache open-source community for access control in the Hadoop system, is widely used in big data cloud platforms.

[0003] When adding permissions to Hive (a data warehouse infrastructure tool for processing structured data in Hadoop) database tables in existing Ranger applications, it only grants permissions to the Hive database tables themselves, and does not grant permissions to the paths where the Hive database tables are stored in HDFS (a distributed file storage system); furthermore, related technologies cannot simultaneously grant permissions to both Hive database tables and their corresponding HDFS paths.

[0004] Therefore, there is a problem in the relevant technology that it is impossible to simultaneously grant permissions for both the database table and the path of the database table within the database. Summary of the Invention

[0005] This application provides an interface authorization method and apparatus, electronic device and storage medium to at least solve the problem in the related art that it is impossible to simultaneously authorize permissions for a database table and the path of the database table in the database.

[0006] According to one aspect of the embodiments of this application, an interface authorization method is provided, including:

[0007] Obtain permission acquisition requests from the target platform, wherein the permission acquisition requests include: a library permission acquisition sub-request and a table permission acquisition sub-request;

[0008] In response to the library permission acquisition sub-request, a first call operation is performed on the target library authorization interface, and a first call result is obtained, wherein the first call result is used to indicate whether the target library authorization interface was successfully called; in response to the table permission acquisition sub-request, a second call operation is performed on the target table authorization interface, and a second call result is obtained, wherein the target table used for authorization by the target table authorization interface is located in the target path of the target library used for authorization by the target library authorization interface, and the second call result is used to indicate whether the target table authorization interface was successfully called;

[0009] If the first call result and the second call result meet the preset authorization requirements, an interface authorization operation is performed, wherein the interface authorization operation is used to authorize the target library authorization interface and / or the target table authorization interface to the target platform.

[0010] Optionally, as described above, obtaining the permission request from the target platform includes:

[0011] Obtain the sub-request by acquiring the library permissions through the first interface; and...

[0012] Obtain the table permissions and sub-request through the second interface.

[0013] Optionally, as described above, the step of responding to the library permission acquisition sub-request by performing a first invocation operation on the target library authorization interface and obtaining a first invocation result includes:

[0014] Obtain the target Hive library information from the sub-request by acquiring the library permissions through the first interface;

[0015] The first call operation is performed through the first interface and on the target library authorization interface according to the target Hive library information;

[0016] The first call result is generated by determining whether the target library's authorization interface was successfully invoked after the first call operation.

[0017] Optionally, as described above, the step of responding to the table permission acquisition sub-request by performing a second invocation operation on the target table authorization interface and obtaining a second invocation result includes:

[0018] The target Hive database table information in the sub-request is obtained by acquiring the table permissions through the second interface;

[0019] The second call operation is performed on the target table authorization interface through the second interface and according to the target Hive database table information;

[0020] The second call result is generated by determining whether the target table authorization interface was successfully invoked after the second call operation.

[0021] Optionally, as described above, the interface authorization operation includes: a first sub-authorization operation and a second sub-authorization operation, wherein the first sub-authorization operation is used to authorize the target library authorization interface to the target platform, and the second sub-authorization operation is used to authorize the target table authorization interface to the target platform. The step of performing the interface authorization operation when it is determined that the first call result and the second call result meet the preset authorization requirements includes:

[0022] If the preset authorization requirement is that the target library authorization interface and the target table authorization interface are successfully invoked simultaneously, and the first invocation result indicates that the first invocation operation successfully invoked the target library authorization interface, and the second invocation result indicates that the second invocation operation successfully invoked the target table authorization interface, then the first sub-authorization operation and the second sub-authorization operation are executed simultaneously; otherwise, neither the first sub-authorization operation nor the second sub-authorization operation is executed.

[0023] Optionally, as described above, the interface authorization operation includes: a first sub-authorization operation and a second sub-authorization operation, wherein the first sub-authorization operation is used to authorize the target library authorization interface to the target platform, and the second sub-authorization operation is used to authorize the target table authorization interface to the target platform. After responding to the table permission acquisition sub-request, performing a second call operation on the target table authorization interface, and obtaining the second call result, the method further includes:

[0024] If the preset authorization requirement is to successfully call at least one of the target library authorization interface or the target table authorization interface, and if the first call result and the second call result indicate that one of the target library authorization interface and the target table authorization interface was successfully called, a specified authorization interface is determined. In the first sub-authorization operation and the second sub-authorization operation, a specified sub-authorization operation for authorizing the specified authorization interface to the target platform is executed. The specified authorization interface is the interface that was successfully called in the target library authorization interface and the target table authorization interface through the first call operation and the second call operation.

[0025] The remaining interfaces other than the specified authorization interface are determined from the target library authorization interface and the target table authorization interface, a reminder message is generated, and the reminder message is sent to the target platform. The reminder message is used to remind the target platform to re-request the authorization of the remaining interfaces.

[0026] Optionally, as described above, after responding to the table permission acquisition sub-request, performing a second invocation operation on the target table authorization interface, and obtaining the second invocation result, the method further includes:

[0027] The first call result and the second call result are fed back to the target platform. The first call result includes: first successful call information indicating that the first call operation successfully called the target library authorization interface, or first call failure information indicating that the first call operation failed to call the target table authorization interface. The second call result includes: second successful call information indicating that the second call operation successfully called the target table authorization interface, or second call failure information indicating that the second call operation failed to call the target table authorization interface.

[0028] According to another aspect of the embodiments of this application, an interface authorization device is also provided, comprising:

[0029] The acquisition module is used to acquire permission acquisition requests from the target platform, wherein the permission acquisition requests include: a library permission acquisition sub-request and a table permission acquisition sub-request;

[0030] The module is configured to, in response to the library permission acquisition sub-request, perform a first invocation operation on the target library authorization interface and obtain a first invocation result, wherein the first invocation result is used to indicate whether the target library authorization interface was successfully invoked; and in response to the table permission acquisition sub-request, perform a second invocation operation on the target table authorization interface and obtain a second invocation result, wherein the target table used for authorization by the target table authorization interface is located in the target path of the target library used for authorization by the target library authorization interface, and the second invocation result is used to indicate whether the target table authorization interface was successfully invoked.

[0031] The authorization module is used to perform an interface authorization operation when it is determined that the first call result and the second call result meet the preset authorization requirements. The interface authorization operation is used to authorize the target library authorization interface and / or the target table authorization interface to the target platform.

[0032] According to another aspect of the embodiments of this application, an electronic device is also provided, including a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory communicate with each other through the communication bus; wherein the memory is used to store a computer program; and the processor is used to execute the method steps of any of the above embodiments by running the computer program stored in the memory.

[0033] According to another aspect of the embodiments of this application, a computer-readable storage medium is also provided, wherein a computer program is stored therein, wherein the computer program is configured to execute the method steps of any of the above embodiments when running.

[0034] In this embodiment, a permission acquisition request from the target platform is obtained, wherein the permission acquisition request includes a library permission acquisition sub-request and a table permission acquisition sub-request; in response to the library permission acquisition sub-request, a first call operation is performed on the target library authorization interface, and a first call result is obtained, wherein the first call result is used to indicate whether the target library authorization interface was successfully called; in response to the table permission acquisition sub-request, a second call operation is performed on the target table authorization interface, and a second call result is obtained, wherein the target table used for authorization by the target table authorization interface is located in the target path of the target library used for authorization by the target library authorization interface, and the second call result is used to indicate whether the target table authorization interface was successfully called; if it is determined that the first call result and the second call result meet the preset authorization requirements, an interface authorization operation is performed, wherein the interface authorization operation is used to authorize the target library authorization interface and / or the target table authorization interface to the target platform. Therefore, authorization requests can be made to both the target database authorization interface and the target table authorization interface simultaneously, thus meeting the business requirement of obtaining permissions for the target database and target table in one request. This solves the technical problem in related technologies where it is impossible to simultaneously authorize permissions for the database table and the database table's path within the database. Attached Figure Description

[0035] The accompanying drawings, which are incorporated in and form part of this specification, illustrate embodiments consistent with this application and, together with the description, serve to explain the principles of this application.

[0036] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, for those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0037] Figure 1 This is a flowchart illustrating an optional interface authorization method according to an embodiment of this application;

[0038] Figure 2 This is a system architecture diagram of an optional interface authorization system according to an embodiment of this application;

[0039] Figure 3 This is a structural block diagram of an optional interface licensing device according to an embodiment of this application;

[0040] Figure 4 This is a structural block diagram of an optional electronic device according to an embodiment of this application. Detailed Implementation

[0041] To enable those skilled in the art to better understand the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present application, and not all embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative effort should fall within the scope of protection of the present application.

[0042] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of this application described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0043] According to one aspect of the embodiments of this application, an interface authorization method is provided. Optionally, in this embodiment, the interface authorization method can be applied to a hardware environment consisting of a terminal and a server. The server connects to the terminal via a network and can be used to provide services (such as advertising push services, application services, etc.) to the terminal or clients installed on the terminal. A database can be set up on the server or independently of the server to provide data storage services to the server. The network can include, but is not limited to, at least one of the following: wired network, wireless network. The wired network can include, but is not limited to, at least one of the following: wide area network, metropolitan area network, local area network. The wireless network can include, but is not limited to, at least one of the following: WIFI (Wireless Fidelity), Bluetooth. The terminal is not limited to PCs, mobile phones, tablets, etc.

[0044] The interface authorization method of this application embodiment can be executed by a server, a terminal, or both. Alternatively, the interface authorization method of this application embodiment can be executed by a client installed on the terminal.

[0045] Taking the interface authorization method in this embodiment being executed by the server as an example, Figure 1 An interface authorization method provided in this application includes the following steps:

[0046] Step S101: Obtain permission acquisition requests from the target platform, wherein the permission acquisition requests include: a library permission acquisition sub-request and a table permission acquisition sub-request;

[0047] The interface authorization method in this embodiment can be applied to scenarios requiring the simultaneous acquisition of multiple permissions, such as simultaneously acquiring authorization for the Hive library authorization interface and the Hive database table authorization interface, or for other interface authorization scenarios. This embodiment uses the simultaneous acquisition of authorization for the Hive library authorization interface and the Hive database table authorization interface as an example to illustrate the above interface authorization method. For other types of interface authorization, the above interface authorization method is equally applicable, provided there are no contradictions.

[0048] In the current Ranger-1.0.0 version, when adding permissions to Hive database tables, only permissions to the Hive database tables themselves are granted. Permissions to the HDFS paths where the Hive database tables are stored are not granted. Hive is a data warehouse infrastructure tool in Hadoop for processing structured data.

[0049] When a target object has a need to obtain library and table permissions, the target object will send a permission acquisition request to the target platform. The target platform can then forward the permission acquisition request to the server used to implement the method of this embodiment. The server can then obtain the permission acquisition request, as well as the library permission acquisition sub-request and the table permission acquisition sub-request included in the permission acquisition request.

[0050] The library permission retrieval sub-request is located within the permission retrieval request and is used to request permission to acquire the target library. Since operations on the target library need to be performed through the specified target library authorization interface, the library permission retrieval request is essentially equivalent to obtaining authorization for the target library's authorization interface.

[0051] The table permission retrieval sub-request is located within the permission retrieval request and is used to request permission to access the target table. Since operations on the target table need to be performed through the specified target table authorization interface, the table permission retrieval request is essentially equivalent to obtaining authorization for the target table authorization interface.

[0052] In this embodiment, the target table for which the library permission acquisition sub-request requests authorization is located in the target library for which the table permission acquisition sub-request requests authorization is requested.

[0053] In step S102, in response to the library permission acquisition sub-request, a first call operation is performed on the target library authorization interface, and a first call result is obtained, wherein the first call result is used to indicate whether the target library authorization interface was successfully called; in response to the table permission acquisition sub-request, a second call operation is performed on the target table authorization interface, and a second call result is obtained, wherein the target table used for authorization by the target table authorization interface is located in the target path of the target library used for authorization by the target library authorization interface, and the second call result is used to indicate whether the target table authorization interface was successfully called.

[0054] After obtaining the library permissions sub-request, the server can respond to the library permissions sub-request and perform the first call operation on the target library authorization interface.

[0055] Optionally, after recognizing that the request includes a library permission acquisition sub-request, the server automatically triggers the first call operation to the target library authorization interface, and then obtains the first call result indicating whether the target library authorization interface was successfully called.

[0056] Similarly, after the server recognizes that the request includes a table permission retrieval sub-request, it automatically triggers a second call operation to the target table authorization interface, and then obtains a second call result indicating whether the target library authorization interface was successfully called.

[0057] Step S103: If the first call result and the second call result meet the preset authorization requirements, perform the interface authorization operation, wherein the interface authorization operation is used to authorize the target library authorization interface and / or the target table authorization interface to the target platform.

[0058] After obtaining the first and second call results, it can be determined whether the authorization of the target library's authorized interface has been obtained based on the first and second call results.

[0059] Furthermore, interface authorization operations can be performed based on the first call result, the second call result, and the preset authorization requirements. For example, if the preset authorization requirement is to obtain authorization for both the target library authorization interface and the target table authorization interface simultaneously, then the interface authorization operation to authorize the target library authorization interface and the target table authorization interface to the target platform will only be executed if the first call result indicates a successful call to the target library authorization interface and the second call result indicates a successful call to the target table authorization interface. If the preset authorization requirement is to obtain authorization for at least one of the target library authorization interface or the target table authorization interface simultaneously, then the interface authorization operation to authorize the target library authorization interface or the target table authorization interface to the target platform can be executed if the first call result indicates a successful call to the target library authorization interface or the second call result indicates a successful call to the target table authorization interface.

[0060] The method in this embodiment can simultaneously request authorization from both the target database authorization interface and the target table authorization interface, thereby satisfying the business requirement to obtain permissions for the target database and target table in one permission acquisition request; thus solving the technical problem in related technologies that it is impossible to simultaneously authorize permissions for the database table and the path of the database table in the database.

[0061] As an optional embodiment, as described in the aforementioned method, step S101 of obtaining a permission request from the target platform includes the following steps:

[0062] Step S201: Obtain the sub-request by acquiring library permissions through the first interface; and,

[0063] Step S202: Obtain table permissions and sub-requests through the second interface.

[0064] The server can encapsulate a target API for implementing the method described in the foregoing embodiments; the target API has two interfaces, namely, a first interface and a second interface; thus, the target API can obtain sub-requests by obtaining library permissions through the first interface and obtain sub-requests by obtaining table permissions through the second interface.

[0065] The system architecture relationships between the target API, the target platform, the target library authorization interface, and the target library authorization interface are as follows: Figure 2 As shown, the target platform is the big data cloud platform, the target API is the Ranger-API, the target library authorization interface is the Ranger-Hive authorization interface, and the target library authorization interface is the Ranger-hdfs authorization interface.

[0066] By using the method in this embodiment, a first interface and a second interface are set up, thereby achieving the goal of simultaneously obtaining sub-requests for obtaining library permissions and sub-requests for obtaining table permissions.

[0067] As an optional embodiment, as described above, step S102, in response to the library permission acquisition sub-request, performs a first call operation on the target library authorization interface and obtains a first call result, including the following steps:

[0068] Step S301: Obtain the target Hive library information in the sub-request through the first interface to obtain library permissions;

[0069] Step S302: Through the first interface, and based on the target Hive library information, perform the first call operation on the target library authorization interface;

[0070] Step S303: By determining whether the target library's authorization interface was successfully invoked after the first invocation operation, the first invocation result is generated.

[0071] After obtaining the library permissions and the sub-request through the first interface, the first interface can parse the library permission acquisition sub-request to determine the target Hive library information in the outbound library permission acquisition sub-request.

[0072] The target Hive repository information can be unique identifiers indicating the target Hive repository for which permissions are required, and path information indicating the HDFS path of the target table in the target repository (i.e., the target path).

[0073] Optionally, the target Hive library information may include, but is not limited to: database (i.e., the Hive library name), project (i.e., the corresponding project in the data management), env (i.e., the connection information of the Hive environment), and location (i.e., the path of the corresponding HDFS).

[0074] After determining the target Hive library information, the first interface can perform the first call operation on the target library authorization interface based on the target Hive library information. This requests permission to call the target library authorization interface and access the target path of the target library indicated by the target Hive library information.

[0075] After executing and completing the first call operation, it can be determined whether the target library's authorized interface was successfully called, and the first call result can be generated based on the result.

[0076] For example, after successfully calling the target library authorization interface, the following parameters can be generated: status: status code, where "200" indicates success and other exceptions; and message: corresponding information, which can be used to indicate the reason for failure when failure occurs, such as: the library does not exist, or the data format of the target Hive library itself does not meet the preset requirements.

[0077] The method in this embodiment can obtain authorization for the target library's authorized interface through a first interface request and generate a first call result to provide a basis for subsequent interface authorization operations.

[0078] As an optional embodiment, as described in the aforementioned method, step S102, in response to the table permission acquisition sub-request, performs a second call operation on the target table authorization interface and obtains a second call result, including the following steps:

[0079] Step S401: Obtain the target Hive database table information in the sub-request by obtaining table permissions through the second interface;

[0080] Step S402: Through the second interface, and based on the target Hive database table information, perform a second call operation on the target table authorization interface;

[0081] Step S403: By determining whether the target table authorization interface was successfully invoked after the second invocation operation, the second invocation result is generated.

[0082] After obtaining the table permissions and sub-request through the second interface, the second interface can parse the table permissions acquisition sub-request to determine the target Hive database table information in the table permissions acquisition sub-request.

[0083] The target Hive table information can be a unique identifier used to indicate the target Hive table for which permissions are required.

[0084] Optionally, the target Hive database table information may include, but is not limited to: table: Hive table name; privileges: list of permissions to be granted; type: operation type, such as: grant (used to indicate granting or revoking the permissions indicated by privileges).

[0085] After determining the target Hive database table information, the second interface can perform a second call operation on the target table authorization interface based on this target Hive database table information. This requests permission to call the target table authorization interface and access the target Hive table indicated by the target Hive database table information.

[0086] After executing and completing the second call operation, it can be determined whether the target table authorization interface was successfully called, and the second call result can be generated based on the determination result.

[0087] For example, after successfully calling the target table authorization interface, the following parameters can be generated: status: status code, where a status code of "200" indicates success, and other exceptions; and message: corresponding information, which can be used to indicate the reason for failure when failure occurs, such as: the table does not exist, or the data format of the target Hive table itself does not meet the preset requirements.

[0088] The method in this embodiment can obtain the authorization of the target table authorization interface through the second interface request and generate a second call result to provide a basis for subsequent interface authorization operations.

[0089] As an optional embodiment, as described above, the interface authorization operation includes: a first sub-authorization operation and a second sub-authorization operation. The first sub-authorization operation is used to authorize the target library's authorization interface to the target platform, and the second sub-authorization operation is used to authorize the target table's authorization interface to the target platform. If the first call result and the second call result satisfy the preset authorization requirements, the execution of the interface authorization operation in step S103 includes the following steps:

[0090] Step S501: If the preset authorization requirement is that the target library authorization interface and the target table authorization interface are successfully called simultaneously, and the first call result indicates that the first call operation successfully called the target library authorization interface, and the second call result indicates that the second call operation successfully called the target table authorization interface, then the first sub-authorization operation and the second sub-authorization operation are executed simultaneously; otherwise, neither the first sub-authorization operation nor the second sub-authorization operation is executed.

[0091] For example, if the preset authorization requirement is to obtain authorization for both the target library authorization interface and the target table authorization interface at the same time, then the server will execute the first sub-authorization operation and the second sub-authorization operation simultaneously only if the first call result indicates that the target library authorization interface was successfully called and the second call result indicates that the target table authorization interface was successfully called. That is, in this case, the target library authorization interface and the target table authorization interface will be authorized to the target platform at the same time.

[0092] Conversely, if one or more of the first or second call results indicate a failed call, neither the first nor the second sub-authorization operation will be executed. For example: if the first call result indicates a successful call to the target library's authorization interface, and the second call result indicates a failed call to the target table's authorization interface, neither the first nor the second sub-authorization operation will be executed; if the first call result indicates a failed call to the target library's authorization interface, and the second call result indicates a successful call to the target table's authorization interface, neither the first nor the second sub-authorization operation will be executed; if the first call result indicates a failed call to the target library's authorization interface, and the second call result indicates a failed call to the target table's authorization interface, neither the first nor the second sub-authorization operation will be executed.

[0093] The method in this embodiment achieves the goal of ensuring that either both the target library authorization interface and the target table authorization interface are authorized simultaneously, or neither is authorized simultaneously, by implementing transaction control on the first and second sub-authorization operations. This eliminates the need for the business side to perform special processing on any single interface. As an optional embodiment, the interface authorization operation, as described above, includes: a first sub-authorization operation and a second sub-authorization operation. The first sub-authorization operation authorizes the target library authorization interface to the target platform, and the second sub-authorization operation authorizes the target table authorization interface to the target platform. After responding to the table permission acquisition sub-request, performing a second call operation on the target table authorization interface, and obtaining the second call result, the method further includes the following steps:

[0094] Step S601: If the preset authorization requirement is to successfully call at least one of the target library authorization interface or the target table authorization interface, and the first call result and the second call result indicate that one of the target library authorization interface and the target table authorization interface has been successfully called, the specified authorization interface is determined. In the first sub-authorization operation and the second sub-authorization operation, the specified sub-authorization operation for authorizing the specified authorization interface to the target platform is executed. The specified authorization interface is the interface that has been successfully called in the target library authorization interface and the target table authorization interface through the first call operation and the second call operation.

[0095] If the preset authorization requirement is to obtain authorization from at least one of the target library authorization interface or the target table authorization interface simultaneously, and if the first and second call results indicate that one of the target library authorization interface and the target table authorization interface was successfully invoked, then the server will only execute the corresponding sub-authorization operation for the interface that has been authorized, and determine the successfully invoked specified authorization interface from among the target library authorization interface and the target table authorization interface. Then, in the first and second sub-authorization operations, the specified sub-authorization operation (i.e., the sub-authorization operation that authorizes the specified authorization interface to the target platform) is determined. Finally, the specified sub-authorization operation is executed.

[0096] For example, when the specified authorization interface is the target library authorization interface, the sub-authorization operation is specified as the first sub-authorization operation and executed; when the specified authorization interface is the target table authorization interface, the sub-authorization operation is specified as the second sub-authorization operation and executed.

[0097] Step S602: Determine the remaining interfaces other than the specified authorization interface from the target library authorization interface and the target table authorization interface, generate a reminder message, and send the reminder message to the target platform. The reminder message is used to remind the target platform to re-request the authorization of the remaining interfaces.

[0098] After determining the specified authorization interface, the server can then determine the remaining interfaces from the target database authorization interface and the target table authorization interface. For example, if the specified authorization interface is the target database authorization interface, then the remaining interfaces are the target table authorization interfaces; if the specified authorization interface is the target table authorization interface, then the remaining interfaces are the target database authorization interfaces.

[0099] Once the remaining interfaces are identified, a reminder message can be generated based on these remaining interfaces and sent to the target platform to remind the target platform to re-request authorization for the remaining interfaces.

[0100] Furthermore, if the first and second call results indicate that neither the target library authorization interface nor the target table authorization interface was successfully invoked, then the first and second sub-authorization operations will not be executed, and both the target library authorization interface and the target table authorization interface will be identified as remaining interfaces. A failure message will be generated to remind the target platform to re-request the authorization of the target library authorization interface and the target table authorization interface, and the failure message will be sent to the target platform.

[0101] Furthermore, if the first and second call results indicate that the target library authorization interface and the target table authorization interface have been successfully invoked, then the first sub-authorization operation and the second sub-authorization operation are executed simultaneously, and step S602 is not executed.

[0102] The method in this embodiment can authorize the target platform for the successfully invoked execution authorization interface when the first and second invocation results indicate that one of the target library authorization interface and the target table authorization interface has been successfully invoked, and remind the target platform to request authorization for the remaining interfaces, thus eliminating the need to repeatedly request authorization for interfaces that have already been authorized.

[0103] As an optional embodiment, as described above, after step S102, in response to the table permission acquisition sub-request, performing a second call operation on the target table authorization interface and obtaining the second call result, the method further includes the following steps:

[0104] Step S701: Feed back the first call result and the second call result to the target platform. The first call result includes: first successful call information indicating that the first call operation successfully called the target library authorization interface, or first call failure information indicating that the first call operation failed to call the target table authorization interface. The second call result includes: second successful call information indicating that the second call operation successfully called the target table authorization interface, or second call failure information indicating that the second call operation failed to call the target table authorization interface.

[0105] After obtaining the first and second call results, the server can then send the first and second call results back to the target platform.

[0106] Furthermore, the first call result can be a first result returned by the target library's authorization interface to indicate whether authorization was successfully obtained, or it can be information obtained by the first interface after processing the first result. When the first call result indicates successful authorization, the first call result includes: first successful call information indicating that the first call operation successfully invoked the target library's authorization interface; when the first call result indicates unsuccessful authorization, the first call result includes: second call failure reason information indicating that the first call operation failed to invoke the target library's authorization interface.

[0107] For example, when the status code "200" indicates success, after the first call result indicates successful access to the target library's authorized interface, the output parameters are generated as follows: status: 200; and message: empty. If the first call result indicates unsuccessful access to the target library's authorized interface, as one example, the output parameters are generated as follows: status: 201; and message: library does not exist.

[0108] The second call result can be a second result returned by the target table authorization interface to indicate whether authorization was successfully obtained, or it can be information obtained by the second interface after processing the second result. When the second call result indicates successful authorization, the second call result includes: second successful call information indicating that the second call operation successfully called the target table authorization interface; when the second call result indicates unsuccessful authorization, the second call result includes: second call failure reason information indicating that the second call operation failed to call the target table authorization interface.

[0109] For example, when the status code is "200" indicating success, and the second call result indicates that the target table authorization interface was successfully invoked, the following parameters will be generated: status: 200; and message: null. If the second call result indicates that the target table authorization interface was not successfully invoked, as one example, the following parameters will be generated: status: 201; and message: table does not exist.

[0110] The method in this embodiment can feed back the first call result and the second call result to the target platform. By including first successful call information or second call failure reason information in the first call result and including second successful call information or second call failure reason information in the second call result, the business party that sends the permission acquisition request to the target platform can obtain whether it was successful or the reason for failure, thus providing a basis for the business party to perform the next operation.

[0111] It should be noted that, for the sake of simplicity, the foregoing method embodiments are all described as a series of actions. However, those skilled in the art should understand that this application is not limited to the described order of actions, as some steps may be performed in other orders or simultaneously according to this application. Furthermore, those skilled in the art should also understand that the embodiments described in the specification are preferred embodiments, and the actions and modules involved are not necessarily essential to this application.

[0112] Through the above description of the embodiments, those skilled in the art can clearly understand that the methods according to the above embodiments can be implemented by means of software plus necessary general-purpose hardware platforms. Of course, they can also be implemented by hardware, but in many cases the former is a better implementation method. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product is stored in a storage medium (such as ROM (Read-Only Memory) / RAM (Random Access Memory), magnetic disk, optical disk), and includes several instructions to cause a terminal device (which may be a mobile phone, computer, server, or network device, etc.) to execute the methods described in the various embodiments of this application.

[0113] According to another aspect of the embodiments of this application, an interface authorization apparatus for implementing the above-described interface authorization method is also provided. Figure 3 This is a structural block diagram of an optional interface licensing device according to an embodiment of this application, such as... Figure 3 As shown, the device may include:

[0114] Module 1 is used to obtain permission acquisition requests from the target platform. The permission acquisition requests include: library permission acquisition sub-requests and table permission acquisition sub-requests.

[0115] Module 2 is invoked in response to a sub-request for obtaining library permissions, performing a first invocation operation on the target library authorization interface and obtaining a first invocation result, wherein the first invocation result is used to indicate whether the target library authorization interface was successfully invoked; in response to a sub-request for obtaining table permissions, performing a second invocation operation on the target table authorization interface and obtaining a second invocation result, wherein the target table used for authorization by the target table authorization interface is located in the target library used for authorization by the target library authorization interface, and the second invocation result is used to indicate whether the target table authorization interface was successfully invoked;

[0116] The authorization module 3 is used to perform an interface authorization operation when it is determined that the first call result and the second call result meet the preset authorization requirements. The interface authorization operation is used to authorize the target library authorization interface and / or the target table authorization interface to the target platform. It should be noted that the acquisition module 1 in this embodiment can be used to perform the above step S101, the call module 2 in this embodiment can be used to perform the above step S102, and the authorization module 3 in this embodiment can be used to perform the above step S103.

[0117] It should be noted that the examples and application scenarios implemented by the above modules and corresponding steps are the same, but are not limited to the content disclosed in the above embodiments. It should be noted that the above modules, as part of the device, can operate in ways such as... Figure 1 The method shown can be implemented in either software or hardware within a hardware environment, where the hardware environment includes a network environment.

[0118] According to another aspect of the embodiments of this application, an electronic device for implementing the above-described interface authorization method is also provided. The electronic device may be a server, a terminal, or a combination thereof.

[0119] According to another embodiment of this application, an electronic device is also provided, comprising: Figure 4 As shown, the electronic device may include: a processor 1501, a communication interface 1502, a memory 1503, and a communication bus 1504, wherein the processor 1501, the communication interface 1502, and the memory 1503 communicate with each other through the communication bus 1504.

[0120] Memory 1503 is used to store computer programs;

[0121] When processor 1501 executes the program stored in memory 1503, it performs the following steps:

[0122] Step S101: Obtain permission acquisition requests from the target platform, wherein the permission acquisition requests include: a library permission acquisition sub-request and a table permission acquisition sub-request;

[0123] In step S102, in response to the library permission acquisition sub-request, a first call operation is performed on the target library authorization interface, and a first call result is obtained, wherein the first call result is used to indicate whether the target library authorization interface was successfully called; in response to the table permission acquisition sub-request, a second call operation is performed on the target table authorization interface, and a second call result is obtained, wherein the target table used for authorization by the target table authorization interface is located in the target path of the target library used for authorization by the target library authorization interface, and the second call result is used to indicate whether the target table authorization interface was successfully called.

[0124] Step S103: If the first call result and the second call result meet the preset authorization requirements, perform the interface authorization operation, wherein the interface authorization operation is used to authorize the target library authorization interface and / or the target table authorization interface to the target platform.

[0125] Optionally, in this embodiment, the communication bus can be a PCI (Peripheral Component Interconnect) bus or an EISA (Extended Industry Standard Architecture) bus, etc. This communication bus can be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is used to represent it in the figure, but this does not mean that there is only one bus or one type of bus. The communication interface is used for communication between the aforementioned electronic device and other devices.

[0126] The memory may include random access memory (RAM) or non-volatile memory (NVM), such as at least one disk storage device. Optionally, the memory may also be at least one storage device located remotely from the aforementioned processor.

[0127] The processors mentioned above can be general-purpose processors, including but not limited to: CPU (Central Processing Unit), NP (Network Processor), etc.; they can also be DSP (Digital Signal Processor), ASIC (Application Specific Integrated Circuit), FPGA (Field-Programmable Gate Array) or other programmable logic devices, discrete gate or transistor logic devices, or discrete hardware components.

[0128] This application also provides a computer-readable storage medium, which includes a stored program, wherein the program executes the method steps of the above method embodiments when it runs.

[0129] Optionally, in this embodiment, the storage medium may include, but is not limited to, various media capable of storing program code, such as USB flash drives, ROMs, RAMs, portable hard drives, magnetic disks, or optical disks.

[0130] The sequence numbers of the embodiments in this application are for descriptive purposes only and do not represent the superiority or inferiority of the embodiments.

[0131] If the integrated units in the above embodiments are implemented as software functional units and sold or used as independent products, they can be stored in the aforementioned computer-readable storage medium. Based on this understanding, the technical solution of this application, in essence, or the part that contributes to the prior art, or all or part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause one or more computer devices (which may be personal computers, servers, or network devices, etc.) to execute all or part of the steps of the methods described in the various embodiments of this application.

[0132] In the above embodiments of this application, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions of other embodiments.

[0133] In the several embodiments provided in this application, it should be understood that the disclosed client can be implemented in other ways. The device embodiments described above are merely illustrative; for example, the division of units is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be through some interfaces, indirect coupling or communication connection between units or modules, and may be electrical or other forms.

[0134] The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the units can be selected to achieve the purpose of the solution provided in this embodiment, depending on actual needs.

[0135] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0136] The above description is only a preferred embodiment of this application. It should be noted that for those skilled in the art, several improvements and modifications can be made without departing from the principle of this application, and these improvements and modifications should also be considered within the scope of protection of this application.

Claims

1. An interface authorization method, characterized in that, include: Obtain permission acquisition requests from the target platform, wherein the permission acquisition requests include: a library permission acquisition sub-request and a table permission acquisition sub-request, wherein the library permission is the permission of the Hive library, and the table permission is the permission of the Hive library table; In response to the library permission acquisition sub-request, a first call operation is performed on the target library authorization interface, and a first call result is obtained, including: obtaining the target Hive library information in the library permission acquisition sub-request through the first interface; performing the first call operation on the target library authorization interface through the first interface and according to the target Hive library information; generating the first call result by determining whether the target library authorization interface was successfully called after the first call operation, wherein the first call result is used to indicate whether the target library authorization interface was successfully called; in response to the table permission acquisition sub-request, a second call operation is performed on the target table authorization interface, and a second call result is obtained, including: obtaining the target Hive library table information in the table permission acquisition sub-request through the second interface; performing the second call operation on the target table authorization interface through the second interface and according to the target Hive library table information; generating the second call result by determining whether the target table authorization interface was successfully called after the second call operation, wherein the target table used for authorization by the target table authorization interface is located in the target path of the target library used for authorization by the target library authorization interface, and the second call result is used to indicate whether the target table authorization interface was successfully called; If the first call result and the second call result meet the preset authorization requirements, an interface authorization operation is performed, wherein the interface authorization operation is used to authorize the target library authorization interface and / or the target table authorization interface to the target platform.

2. The method according to claim 1, characterized in that, The process of obtaining permission requests from the target platform includes: Obtain the sub-request by acquiring the library permissions through the first interface; and... Obtain the table permissions and sub-request through the second interface.

3. The method according to claim 1, characterized in that, The interface authorization operation includes: a first sub-authorization operation and a second sub-authorization operation. The first sub-authorization operation is used to authorize the target library authorization interface to the target platform, and the second sub-authorization operation is used to authorize the target table authorization interface to the target platform. The step of executing the interface authorization operation when it is determined that the first call result and the second call result meet the preset authorization requirements includes: If the preset authorization requirement is that the target library authorization interface and the target table authorization interface are successfully invoked simultaneously, and the first invocation result indicates that the first invocation operation successfully invoked the target library authorization interface, and the second invocation result indicates that the second invocation operation successfully invoked the target table authorization interface, then the first sub-authorization operation and the second sub-authorization operation are executed simultaneously; otherwise, neither the first sub-authorization operation nor the second sub-authorization operation is executed.

4. The method according to claim 1, characterized in that, The interface authorization operation includes: a first sub-authorization operation and a second sub-authorization operation. The first sub-authorization operation is used to authorize the target library authorization interface to the target platform, and the second sub-authorization operation is used to authorize the target table authorization interface to the target platform. After responding to the table permission acquisition sub-request, performing a second call operation on the target table authorization interface, and obtaining the second call result, the method further includes: If the preset authorization requirement is to successfully call at least one of the target library authorization interface or the target table authorization interface, and if the first call result and the second call result indicate that one of the target library authorization interface and the target table authorization interface was successfully called, a specified authorization interface is determined. In the first sub-authorization operation and the second sub-authorization operation, a specified sub-authorization operation for authorizing the specified authorization interface to the target platform is executed. The specified authorization interface is the interface that was successfully called in the target library authorization interface and the target table authorization interface through the first call operation and the second call operation. The remaining interfaces other than the specified authorization interface are determined from the target library authorization interface and the target table authorization interface, a reminder message is generated, and the reminder message is sent to the target platform. The reminder message is used to remind the target platform to re-request the authorization of the remaining interfaces.

5. The method according to any one of claims 1 to 4, characterized in that, After responding to the table permission acquisition sub-request, performing a second call operation on the target table authorization interface, and obtaining the second call result, the method further includes: The first call result and the second call result are fed back to the target platform. The first call result includes: first successful call information indicating that the first call operation successfully called the target library authorization interface, or first call failure information indicating that the first call operation failed to call the target table authorization interface. The second call result includes: second successful call information indicating that the second call operation successfully called the target table authorization interface, or second call failure information indicating that the second call operation failed to call the target table authorization interface.

6. An interface licensing device, characterized in that, include: The acquisition module is used to acquire permission acquisition requests from the target platform. The permission acquisition requests include: a library permission acquisition sub-request and a table permission acquisition sub-request. The library permission is the permission of the Hive library, and the table permission is the permission of the Hive library table. The module is configured to, in response to the library permission acquisition sub-request, perform a first invocation operation on the target library authorization interface and obtain a first invocation result, including: obtaining target Hive library information from the library permission acquisition sub-request through a first interface; performing the first invocation operation on the target library authorization interface through the first interface and based on the target Hive library information; generating the first invocation result by determining whether the target library authorization interface was successfully invoked after the first invocation operation, wherein the first invocation result is used to indicate whether the target library authorization interface was successfully invoked; and, in response to the table permission acquisition sub-request, perform a second invocation operation on the target table authorization interface and obtain a second invocation result, including: obtaining target Hive library table information from the table permission acquisition sub-request through a second interface; performing the second invocation operation on the target table authorization interface through the second interface and based on the target Hive library table information; generating the second invocation result by determining whether the target table authorization interface was successfully invoked after the second invocation operation, wherein the target table used for authorization by the target table authorization interface is located in the target path of the target library used for authorization by the target library authorization interface, and the second invocation result is used to indicate whether the target table authorization interface was successfully invoked. The authorization module is used to perform an interface authorization operation when it is determined that the first call result and the second call result meet the preset authorization requirements. The interface authorization operation is used to authorize the target library authorization interface and / or the target table authorization interface to the target platform.

7. An electronic device comprising a processor, a communication interface, a memory, and a communication bus, wherein, The processor, the communication interface, and the memory communicate with each other via the communication bus, characterized in that... The memory is used to store computer programs; The processor is configured to perform the method steps of any one of claims 1 to 5 by running the computer program stored in the memory.

8. A computer-readable storage medium, characterized in that, The storage medium stores a computer program, wherein the computer program is configured to execute the steps of the method described in any one of claims 1 to 5 when it is run.