阅读说明：本技术 一种http请求鉴权方法及装置 (HTTP request authentication method and device ) 是由 蔡实楷 邱小宁 于 2018-07-03 设计创作，主要内容包括：本发明提供了一种HTTP请求鉴权方法及装置,所述方法包括,接收用户端发送过来的进行URL拼接的HTTP请求；根据所述HTTP请求,验证用户请求来源URL地址信息及用户身份信息是否合法；当所述用户请求来源URL地址信息及用户身份信息合法时,将所述HTTP请求中的业务数据以JSON格式输出。本发明通过对用户请求来源URL地址信息与用户身份信息进行验证,从而保证了指定URL和指定授权人才能使用数据服务,可以保障数据的安全性和服务器的安全性。(The invention provides an HTTP request authentication method and device, wherein the method comprises the steps of receiving an HTTP request for URL splicing sent by a user side; verifying whether the URL address information of the user request source and the user identity information are legal or not according to the HTTP request; and when the URL address information of the user request source and the user identity information are legal, outputting the service data in the HTTP request in a JSON format. The invention verifies the URL address information of the user request source and the user identity information, thereby ensuring that the appointed URL and the appointed authorized person can use the data service, and ensuring the safety of data and the safety of a server.)

1. An HTTP request authentication method, characterized by: comprises the steps of (a) carrying out,

s20, receiving an HTTP request for URL splicing sent by a user side;

s30, verifying whether the URL address information of the user request source and the user identity information are legal or not according to the HTTP request;

and S40, when the URL address information of the user request source and the user identity information are legal, outputting the service data in the HTTP request in a JSON format.

2. The HTTP request authentication method as recited in claim 1, wherein: in step S30, the step of verifying whether the URL address information of the user request source is legal specifically includes,

comparing the URL address information of the user request source with the credit granting source address information in the credit granting list, judging whether the URL address information of the user request source exists in the credit granting list, and if so, verifying the URL address information of the user request source.

3. The HTTP request authentication method as recited in claim 1, wherein: in step S30, verifying whether the user identity information is legal specifically includes,

and comparing the user identity information with the user identity information in the credit granting list, and if the user identity information is consistent with the user identity information in the credit granting list, the user identity information passes the verification.

4. The HTTP request authentication method as recited in claim 1, wherein: the method also comprises the step of carrying out the following steps,

s10, configuring the authorized user request source URL address information and the user identity information into the credit granting list.

5. An HTTP request authentication apparatus, characterized in that: comprises the steps of (a) preparing a mixture of a plurality of raw materials,

the receiving module is used for receiving an HTTP request for URL splicing sent by a user side;

the verification module is used for verifying whether the URL address information of the user request source and the user identity information are legal or not according to the HTTP request;

and the output module is used for outputting the service data in the HTTP request in a JSON format when the URL address information of the user request source and the user identity information are legal.

6. The HTTP request authentication apparatus as recited in claim 5, wherein: the authentication module includes a verification module for verifying the authentication of the mobile terminal,

and the URL address information verification unit is used for comparing the URL address information of the user request source with the credit granting source address information in the credit granting list, judging whether the URL address information of the user request source exists in the credit granting list or not, and if so, verifying the URL address information of the user request source.

7. The HTTP request authentication apparatus as recited in claim 5, wherein: the authentication module may further comprise a verification module for verifying the authentication of the mobile terminal,

and the user identity information verification unit is used for comparing the user identity information with the user identity information in the credit granting list, and if the user identity information is consistent with the user identity information in the credit granting list, the user identity information passes the verification.

8. The HTTP request authentication apparatus as recited in claim 5, wherein: the device also comprises a control device for controlling the operation of the device,

and the credit granting list configuration module is used for configuring the authorized user request source URL address information and the user identity information into the credit granting list.

Technical Field

The present invention relates to an authentication method and device, and more particularly, to an HTTP request authentication method and device.

Background

At present, in the prior art, data interaction is performed through an HTTP interface, which generally refers to a domain name or an IP address of an authentication server, and does not perform effective authentication on a URL of a user; therefore, the interfaces used by the URLs cannot be effectively managed, the offline pages cannot be recycled, great information safety hazards exist, and the unauthorized URLs can also use HTTP interfaces for data interaction. Therefore, how to safely and conveniently enable an authorizer to use the HTTP interface and enable an unauthorized user to not use the HTTP interface is a technical problem to be solved by those skilled in the art.

Disclosure of Invention

The technical problem to be solved by the invention is as follows: an HTTP request authentication method and device are provided.

In order to solve the technical problems, the invention adopts the technical scheme that: an HTTP request authentication method includes the steps of,

s20, receiving an HTTP request for URL splicing sent by a user side;

s30, verifying whether the URL address information of the user request source and the user identity information are legal or not according to the HTTP request;

and S40, when the URL address information of the user request source and the user identity information are legal, outputting the service data in the HTTP request in a JSON format.

Preferably, the step S30 of verifying whether the URL address information of the user request source is legal specifically includes,

comparing the URL address information of the user request source with the credit granting source address information in the credit granting list, judging whether the URL address information of the user request source exists in the credit granting list, and if so, verifying the URL address information of the user request source.

Preferably, in step S30, verifying whether the user identity information is legal specifically includes,

and comparing the user identity information with the user identity information in the credit granting list, and if the user identity information is consistent with the user identity information in the credit granting list, the user identity information passes the verification.

Preferably, the HTTP request authentication method, further comprises the steps of,

s10, configuring the authorized user request source URL address information and the user identity information into the credit granting list.

In order to solve the technical problem, the invention adopts another technical scheme as follows: an HTTP request authentication device includes a server,

the receiving module is used for receiving an HTTP request for URL splicing sent by a user side;

the verification module is used for verifying whether the URL address information of the user request source and the user identity information are legal or not according to the HTTP request;

and the output module is used for outputting the service data in the HTTP request in a JSON format when the URL address information of the user request source and the user identity information are legal.

Preferably, the verification module comprises, in response to the verification request,

and the URL address information verification unit is used for comparing the URL address information of the user request source with the credit granting source address information in the credit granting list, judging whether the URL address information of the user request source exists in the credit granting list or not, and if so, verifying the URL address information of the user request source.

Preferably, the verification module further comprises,

and the user identity information verification unit is used for comparing the user identity information with the user identity information in the credit granting list, and if the user identity information is consistent with the user identity information in the credit granting list, the user identity information passes the verification.

Preferably, the apparatus further comprises a control unit,

and the credit granting list configuration module is used for configuring the authorized user request source URL address information and the user identity information into the credit granting list.

The invention verifies the URL address information of the user request source and the user identity information, thereby ensuring that the appointed URL and the appointed authorized person can use the data service, and for the URL needing to be off-line, only needing to recycle in the credit granting address list, and ensuring the safety of data and the safety of a server.

Drawings

The following detailed description of the invention refers to the accompanying drawings.

FIG. 1 is a flow chart of a HTTP request authentication method of the present invention;

fig. 2 is a block diagram of an HTTP request authentication apparatus according to the present invention.

Detailed Description

In order to explain technical contents, structural features, and objects and effects of the present invention in detail, the following detailed description is given with reference to the accompanying drawings in conjunction with the embodiments.

Referring to fig. 1, an HTTP request authentication method includes the steps of,

s20, receiving an HTTP request for URL splicing sent by a user side;

s30, verifying whether the URL address information of the user request source and the user identity information are legal or not according to the HTTP request;

and S40, when the URL address information of the user request source and the user identity information are legal, outputting the service data in the HTTP request in a JSON format.

In the technical scheme, the HTTP request needs to be subjected to URL splicing according to a uniform specification standard, request parameters of the HTTP request comprise fixed parameters and service parameters, and the fixed parameters comprise request source URL information and user identity information; comparing the URL information and the identity information of the user request source with authorized users in the credit granting address list, and if the comparison results are consistent, analyzing the service parameters if the URL information and the identity information of the user request source are legal; the service parameters comprise query conditions, such as service numbers, time and region information; submitting information parameters such as contact addresses, contact calls and contact information; and after the service data is analyzed, the data is output to a foreground in a JSON format.