CN109933736B - Method and device for safely accessing JSP (Java Server Page) of third party and storage medium - Google Patents
Method and device for safely accessing JSP (Java Server Page) of third party and storage medium Download PDFInfo
- Publication number
- CN109933736B CN109933736B CN201910174786.1A CN201910174786A CN109933736B CN 109933736 B CN109933736 B CN 109933736B CN 201910174786 A CN201910174786 A CN 201910174786A CN 109933736 B CN109933736 B CN 109933736B
- Authority
- CN
- China
- Prior art keywords
- party
- page
- jsp
- accessing
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention provides a method for safely accessing a third-party JSP page, which comprises the following steps: after receiving a jump request for jumping to a third-party page, an entry page calls an intermediate page and submits a js simulation form to a background servlet through the intermediate page; the js simulation form comprises parameters required for accessing the JSP page of the third party, and when the intermediate page is loaded, the js simulation form is submitted first and then deleted; forwarding, by the background servlet service, the jump request to a third-party JSP page; the transmission of parameters required for accessing the JSP page of the third party is realized simultaneously in the process of forwarding the request; and the third-party JSP page dynamically displays the parameters. The invention also provides an electronic device and a computer readable storage medium. The invention can perform safe data interaction with the third-party system on the premise of not exposing the url address of the third party, thereby improving the data security.
Description
Technical Field
The invention relates to the technical field of internet, in particular to a method and a device for safely accessing a third-party JSP page and a computer readable storage medium.
Background
In the process of daily project development, a jsp page provided by a third party is often required to be accessed to perform business operation and data interaction. When the third-party page is redirected by a conventional iframe (the iframe is an HTML tag, which is used as a document in the document, or a floating frame) forwarding or GET method, all the incoming parameters are shown in the url (uniform resource locator) of the third-party site in the clear.
The external network user can try out the access content of the service party through the parameter in the url, steal data, and even attack the service party through the url, so that data leakage or downtime is caused.
Therefore, a method for accessing the JSP page of the third party with high security is urgently needed.
Disclosure of Invention
The invention provides a method for safely accessing a JSP (Java server page) of a third party, an electronic device and a computer readable storage medium, and mainly aims to realize safe data interaction with a third party system on the premise of not exposing a URL (uniform resource locator) address of the third party.
In order to achieve the above object, the present invention provides a method for securely accessing a JSP page of a third party, the method comprising:
s110, after receiving a jump request for jumping to a third-party page, an entry page calls an intermediate page and submits a js simulation form to a background servlet through the intermediate page; the js simulation form comprises parameters required for accessing the third-party JSP page, when the intermediate page is loaded, the js simulation form is submitted first, and the js simulation form is deleted after the js simulation form is submitted;
s120, the background servlet service forwards the jump request to a third-party JSP page; the transmission of parameters required for accessing the JSP page of the third party is realized simultaneously in the process of forwarding the request;
and S130, dynamically displaying the parameters by the third-party JSP page.
Further, preferably, in the step 120, the third party interface accesses the third party JSP page through a POST.
Further, preferably, the forwarding of the skip request includes: using Response to redirect to a third party interface in the background servlet, and accessing a JSP page by the third party interface;
and when the Response is redirected to a third-party interface, parameters required for accessing the JSP page of the third party are stored in the Request.
Further, preferably, by setting 307 state codes of Response, the parameter stored in the Request in the forwarding process of the jump Request is prevented from being lost; in step S110, the js simulation form is submitted to the background servlet in a POST manner.
In addition, in order to achieve the above object, the present invention further provides a system for safely accessing a third party JSP page, including an intermediate page calling unit, a jump request forwarding unit, and a third party JSP page access unit; the intermediate page calling unit is used for calling an intermediate page and submitting a js simulation form including parameters required for accessing the JSP page of the third party to a background servlet through the intermediate page; the jump request forwarding unit is used for the background servlet service to forward the jump request to a third-party JSP page; the transmission of parameters is realized simultaneously in the process of forwarding the request; and the third-party JSP page access unit is used for accessing a third-party JSP page, and the third-party JSP page dynamically displays the parameters.
In addition, to achieve the above object, the present invention also provides an electronic device, including: the electronic device comprises a memory and a processor, wherein the memory comprises an access program of a third-party JSP page, and the access program of the third-party JSP page realizes the following steps when being executed by the processor: s110, after receiving a jump request for jumping to a third-party page, an entry page calls an intermediate page and submits a js simulation form to a background servlet through the intermediate page; the js simulation form comprises parameters required for accessing the JSP page of the third party, and when the intermediate page is loaded, the js simulation form is submitted first and then deleted; s120, the background servlet service forwards the jump request to a JSP page of a third party; the transmission of parameters required for accessing the JSP page of the third party is realized simultaneously in the process of forwarding the request; and S130, dynamically displaying the parameters by the third-party JSP page. In the step 120, the third party interface accesses the third party JSP page through a POST.
The skip request forwarding comprises: redirecting to a third party interface by using a Response in the background servlet, and accessing a third party JSP page by the third party interface; and when the Response is redirected to a third-party interface, parameters required for accessing the JSP page of the third party are stored in the Request. And setting 307 state codes of Response to prevent the parameters stored in the Request from being lost during the forwarding process of the jump Request.
In addition, in order to achieve the above object, the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes an access program of a third-party JSP page, and when the access program of the third-party JSP page is executed by a processor, the steps of the method for securely accessing the third-party JSP page as described above are implemented.
The method for safely accessing the JSP of the third party, the electronic device and the computer readable storage medium have the following beneficial effects that:
1. on the premise of not exposing the url address of the third party, carrying out safe data interaction with the third party system;
2. by improving the calling method, forwarding through a background servlet and redirecting the third-party address in a post mode so as to improve the data security;
3. in order to ensure that the parameter in the request is not lost, we need to jump using 307 state of response;
4. the method is suitable for interaction between the web application of the core system and the peripheral system in an external network environment; therefore, data security is improved, and the third-party system address is prevented from being exposed to hackers and being attacked.
Drawings
FIG. 1 is a flow chart of a preferred embodiment of the method for securely accessing a third party JSP page of the present invention;
FIG. 2 is a block diagram of a preferred embodiment of the system for secure access to third party JSP pages of the present invention;
fig. 3 is a schematic structural diagram of an electronic device according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
The invention provides a method for safely accessing a third-party JSP page. Referring to fig. 1, a flow chart of a preferred embodiment of the method for securely accessing a third party JSP page of the present invention is shown. The method may be performed by an apparatus, which may be implemented by software and/or hardware.
In this embodiment, the method for securely accessing a JSP page of a third party includes: step S110-step S130.
Step S110, after receiving a jump request for jumping to a third-party page, an entry page calls an intermediate page and submits a js simulation form to a background servlet through the intermediate page; in step S110, the js simulation form is submitted to the background servlet in a POST manner.
An exemplary illustration of the middle page is as follows:
that is, an intermediate page is accessed by instant jump, and the intermediate page is submitted to the background servlet through js simulation form. The js simulation form contains parameters required by a third-party page, and the js simulation form is submitted to the background servlet through a POST method.
In particular, response is characterized as follows: 1. skipping to a target page after all codes are executed; 2. after the browser jumps to the target page, the URL of the browser changes; 3. redirecting in the browser; 4. pages on other servers may be jumped to, for example, "hundredths". The forward jump is characterized in that 1, directly jumping to the code behind the target webpage is not executed; 2. after jumping to the target page, the URL is unchanged; 3. redirecting at a server side; 4. and the page on other servers cannot be jumped to.
An example of an intermediate page submission to a background servlet is as follows:
in addition, when the middle page is loaded, a js simulation form is submitted, and then the content of the form is deleted in js.
js simulation document code is as follows:
step S120, the background servlet service forwards the jump request to a third-party JSP page; and simultaneously realizing the transmission of parameters required for accessing the JSP page of the third party in the process of forwarding the request. The forwarding of the jump request comprises the following steps: redirecting to a third party interface by using a Response in the background servlet, and accessing a third party JSP page by the third party interface;
in a specific embodiment of the invention, the third-party interface accesses the JSP page of the third party in a POST mode, and the third-party interface returns a page path needing to be accessed.
In one embodiment of the invention, when the Response is redirected to the third party interface, parameters required for accessing the third party JSP page are stored in the Request. And setting 307 state codes of Response to prevent the parameters stored in the Request from being lost during the forwarding process of the jump Request.
It should be noted that Response is feedback of the server to the client, and the process of redirecting the page is as follows: when a client initiates a request to a server, the server gives the client a URL address again, so that the client initiates a new request again, in the process, header information carried by the first request of the client disappears, and a redirected page is displayed in an address bar after redirection, which is a client behavior. The Request is a Request of a client to a server, and the flow of the page jump is that when the client initiates a jump Request to the server, the server helps the client to load the jumped page into the current page, the address bar displays the page before the jump, and header information of the Request initiated by the client before the jump still exists. This is a kind of server behavior. So the attribute stored in the request is still reserved after a number of < jsp: forward page = "" > instructions. Only requests can be sent to resources under webapp via Forward.
In the present invention, the redirection procedure in the servlet is as follows:
and step S130, the third-party JSP page dynamically displays the parameters.
Referring to fig. 2, fig. 2 is a schematic diagram of a system structure for securely accessing a JSP page of a third party according to the present invention. The method comprises an intermediate page calling unit 210, a jump request forwarding unit 220 and a third-party JSP page access unit 230; the intermediate page calling unit 210 is configured to call an intermediate page, and submit a js simulation form including parameters required for accessing the JSP page of the third party to a background servlet through the intermediate page; the jump request forwarding unit 220 is configured to forward the jump request to a JSP page of a third party by the background servlet service; the transmission of parameters is realized simultaneously in the process of forwarding the request; the third-party JSP page access unit 230 is configured to access a third-party JSP page, where the third-party JSP page dynamically displays the parameter.
The above unit executes a step of a method for safely accessing a third party JSP page, which is not described herein again.
The system for safely accessing the JSP of the third party has high reusability and high safety, has better expandability compared with the prior art, can safely perform data interaction with the third party system, and has good popularization value.
The invention provides a method for safely accessing a third-party JSP page, which is applied to an electronic device 30. Referring to fig. 3, a schematic diagram of an electronic device for securely accessing a JSP page of a third party according to the present invention is shown.
In the embodiment, the electronic device 30 may be a terminal device having an arithmetic function, such as a server, a smart phone, a tablet computer, a portable computer, or a desktop computer.
The electronic device 30 includes: a processor 32, and a memory 31.
The memory 31 includes at least one type of readable storage medium. The at least one type of readable storage medium may be a non-volatile storage medium such as a flash memory, a hard disk, a multimedia card, a card-type memory 31, and the like. In some embodiments, the readable storage medium may be an internal storage unit of the electronic device 30, such as a hard disk of the electronic device 30. In other embodiments, the readable storage medium may also be an external memory 31 of the electronic apparatus 30, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, provided on the electronic apparatus 30.
In the present embodiment, the readable storage medium of the memory 31 is generally used for storing the access program 33 and the like of the JSP page of the third party installed in the electronic device 30. The memory 31 may also be used to temporarily store data that has been output or is to be output.
The processor 32 may be, in some embodiments, a Central Processing Unit (CPU), microprocessor or other data Processing chip, for running program code stored in the memory 31 or Processing data, such as the access program 33 of a third party JSP page, etc.
Fig. 3 only shows the electronic device 30 with components 31-33, but it is understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead.
In an embodiment of the present invention, the electronic device 30 may further include a user interface, the user interface may include an input unit such as a Keyboard (Keyboard), a voice input device such as a microphone (microphone) or other devices with voice recognition function, a voice output device such as a sound box, an earphone, or other devices, and optionally, the user interface may further include a standard wired interface or a wireless interface.
In addition, the electronic device 30 may further include a display, which may also be referred to as a display screen or a display unit. In some embodiments, the display device may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an Organic Light-Emitting Diode (OLED) touch device, or the like. The display is used for displaying information processed in the electronic device 30 and for displaying a visualized user interface.
In addition, the electronic device 30 further includes a touch sensor. The area provided by the touch sensor and used for a user to perform touch operation is called a touch area. Further, the touch sensor described herein may be a resistive touch sensor, a capacitive touch sensor, or the like. The touch sensor may include not only a contact type touch sensor but also a proximity type touch sensor. Further, the touch sensor may be a single sensor, or may be a plurality of sensors arranged in, for example, an array.
The area of the display of the electronic device 30 may be the same as or different from the area of the touch sensor. Optionally, a display is stacked with the touch sensor to form a touch display screen. The device detects touch operation triggered by a user based on the touch display screen.
Optionally, the electronic device 30 may further include a Radio Frequency (RF) circuit, a sensor, an audio circuit, and the like, which are not described in detail herein.
In the apparatus embodiment shown in FIG. 3, the memory 31, which is a type of computer storage medium, may include therein an operating system, and an access program 33 for third party JSP pages; the processor 32 implements the following steps when executing the access program 33 for a third party JSP page stored in the memory 31:
s110, after receiving a jump request for jumping to a third-party page, an entry page calls an intermediate page and submits a js simulation form to a background servlet through the intermediate page; the js simulation form comprises parameters required for accessing the third-party JSP page, when the intermediate page is loaded, the js simulation form is submitted first, and the js simulation form is deleted after the js simulation form is submitted; s120, the background servlet service forwards the jump request to a third-party JSP page; the transmission of parameters required for accessing the JSP page of the third party is realized simultaneously in the process of forwarding the request; and S130, dynamically displaying the parameters by the third-party JSP page.
In the electronic device according to the above embodiment, a large number of long-distance images and short-distance images of living bodies and non-living bodies of legitimate users are placed in the neural network for training, so that the neural network can learn the difference between the near-far ratios of the key points of the living bodies and the non-living bodies, thereby performing accurate estimation.
In other embodiments, the access program 33 of the third party JSP page may also be partitioned into one or more modules, which are stored in the memory 31 and executed by the processor 32 to accomplish the present invention. The modules referred to herein are referred to as a series of computer program instruction segments capable of performing specified functions.
The visitor 33 to the third party JSP page may be split into: the device comprises an intermediate page calling unit, a jump request forwarding unit and a third-party JSP page access unit. The intermediate page calling unit, the jump request forwarding unit and the third-party JSP page access unit; the functions or operational steps performed are similar to those described above and will not be described in detail here.
In addition, an embodiment of the present invention further provides a computer-readable storage medium, where the computer-readable storage medium includes an access program of a third-party JSP page, and when executed by a processor, the access program of the third-party JSP page implements the following operations:
the specific implementation of the computer readable storage medium of the present invention is substantially the same as the specific implementation of the method and the electronic device for securely accessing the JSP page of the third party, and is not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrases "comprising a," "8230," "8230," or "comprising" does not exclude the presence of another identical element in a process, apparatus, article, or method comprising the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments. Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention or portions thereof contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) as described above and includes several instructions for enabling a terminal device (which may be a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (4)
1. A method for safely accessing JSP pages of a third party is applied to an electronic device, and is characterized in that the method comprises the following steps:
s110, after receiving a jump request for jumping to a third-party page, the entry page calls an intermediate page and submits a js simulation form to a background servlet through the intermediate page; the js simulation form comprises parameters required for accessing the JSP page of the third party, and when the intermediate page is loaded, the js simulation form is submitted first and then deleted;
s120, the background servlet service forwards the jump request to a JSP page of a third party; the transmission of parameters required for accessing the JSP page of the third party is realized simultaneously in the process of forwarding the request;
s130, the third-party JSP page dynamically displays the parameters; in the step 120, a third party interface accesses the third party JSP page through a POST mode;
the skip request forwarding comprises: redirecting to a third party interface by using a Response in the background servlet, and accessing a third party JSP page by the third party interface;
when the Response is redirected to a third party interface, parameters required for accessing a JSP page of the third party are stored in a Request;
by setting 307 state codes of Response, preventing parameters stored in the Request from being lost in the forwarding process of the jump Request;
in step S110, the js simulation form is submitted to the background servlet in a POST manner.
2. An access system for a method of securely accessing a third party JSP page according to claim 1, comprising an intermediate page call unit, a jump request forwarding unit and a third party JSP page access unit;
the intermediate page calling unit is used for calling an intermediate page and submitting a js simulation form including parameters required for accessing the JSP page of the third party to a background servlet through the intermediate page;
the jump request forwarding unit is used for the background servlet service to forward the jump request to a third-party JSP page; the transmission of parameters is realized simultaneously in the process of forwarding the request;
and the third-party JSP page access unit is used for accessing a third-party JSP page, and the third-party JSP page dynamically displays the parameters.
3. An electronic device, comprising a memory and a processor, wherein the memory includes an access program of a third party JSP page, and the access program of the third party JSP page realizes the following steps when executed by the processor:
s110, after receiving a jump request for jumping to a third-party page, an entry page calls an intermediate page and submits a js simulation form to a background servlet through the intermediate page; the js simulation form comprises parameters required for accessing the third-party JSP page, when the intermediate page is loaded, the js simulation form is submitted first, and the js simulation form is deleted after the js simulation form is submitted;
s120, the background servlet service forwards the jump request to a JSP page of a third party; the transmission of parameters required for accessing the JSP page of the third party is realized simultaneously in the process of forwarding the request;
s130, the third-party JSP page dynamically displays the parameters; in the step 120, a third party interface accesses the third party JSP page through a POST;
the forwarding of the jump request comprises: redirecting to a third party interface by using a Response in the background servlet, and accessing a third party JSP page by the third party interface;
when the Response is redirected to a third party interface, parameters required for accessing a JSP page of the third party are stored in a Request;
and setting 307 state codes of Response to prevent the parameters stored in the Request from being lost during the forwarding process of the jump Request.
4. A computer readable storage medium including a third party JSP page access program which, when executed by a processor, performs the steps of the method of securely accessing a third party JSP page as recited in claim 1.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910174786.1A CN109933736B (en) | 2019-03-08 | 2019-03-08 | Method and device for safely accessing JSP (Java Server Page) of third party and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910174786.1A CN109933736B (en) | 2019-03-08 | 2019-03-08 | Method and device for safely accessing JSP (Java Server Page) of third party and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109933736A CN109933736A (en) | 2019-06-25 |
| CN109933736B true CN109933736B (en) | 2023-04-07 |
Family
ID=66986692
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910174786.1A Active CN109933736B (en) | 2019-03-08 | 2019-03-08 | Method and device for safely accessing JSP (Java Server Page) of third party and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109933736B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111159701B (en) * | 2019-12-25 | 2023-09-29 | 五八同城信息技术有限公司 | Third-party page loading method and device, electronic equipment and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020120677A1 (en) * | 2001-02-23 | 2002-08-29 | Goward Philip J. | Method and apparatus for using a servlet to interoperate with server pages |
| CN100437579C (en) * | 2005-12-20 | 2008-11-26 | 腾讯科技(深圳)有限公司 | Method for realizing AJAX webpage |
| CN105718559B (en) * | 2016-01-20 | 2018-02-13 | 百度在线网络技术(北京)有限公司 | Search forms pages and the method and apparatus of target pages transforming relationship |
| CN106100936A (en) * | 2016-08-10 | 2016-11-09 | 乐视控股(北京)有限公司 | Webpage method for monitoring performance and device and the webserver, client |
-
2019
- 2019-03-08 CN CN201910174786.1A patent/CN109933736B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN109933736A (en) | 2019-06-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10642904B2 (en) | Infrastructure enabling intelligent execution and crawling of a web application | |
| US10212179B2 (en) | Method and system for checking security of URL for mobile terminal | |
| CN101370010B (en) | Method and apparatus for secure web browsing | |
| US8527862B2 (en) | Methods for making ajax web applications bookmarkable and crawlable and devices thereof | |
| CN109543454B (en) | Anti-crawler method and related equipment | |
| US8910277B1 (en) | Process-based domain isolation | |
| CN102473171A (en) | Communicating information about a local machine to a browser application | |
| CN108140088A (en) | Disable the extension of malice browser | |
| CN112183045B (en) | Online document processing method and device and electronic equipment | |
| US20150113525A1 (en) | Method for a Reader to Provide Service, Reader and Computer-Readable Storage Medium | |
| CN112818270B (en) | Data cross-domain transfer method and device and computer equipment | |
| CN108494762A (en) | Web access method, device and computer readable storage medium, terminal | |
| CN107124477A (en) | Processing method, terminal and the server of web site contents | |
| CN106487662B (en) | Information sharing method and device | |
| CN109933736B (en) | Method and device for safely accessing JSP (Java Server Page) of third party and storage medium | |
| JP5753302B1 (en) | Program, method and system for warning access to web page | |
| CN108509228B (en) | Page loading method, terminal equipment and computer readable storage medium | |
| CN104253783A (en) | Web application realization code loading method, device, system and server | |
| CN110109674A (en) | Optimization method, device and the storage medium of time gate | |
| US9916391B2 (en) | Method, apparatus and terminal for webpage content browsing | |
| WO2017016458A1 (en) | Application internal page processing method and device | |
| CN106933666B (en) | Method for calling information input program and electronic equipment | |
| US20130332568A1 (en) | Method of data processing by a navigation module | |
| CN108650257B (en) | Security detection setting method and device based on website content and storage medium | |
| CN113051954A (en) | Code scanning login method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |