A kind of license resources access method and system
Technical field
This application involves resource access techniques fields, in particular to a kind of license resources access method and system.
Background technique
Enterprise operation business is usually required using specified program or hardware resource, by taking program resource as an example, program money
Source generally includes application program license resources corresponding with the application program.
In general, enterprise operates in the license resources of the application program of purchase in license server, by application program
It is mounted in terminal device, and preparatory installation license card broker program or License Management Procedure on the terminal device.User exists
Before application program, configure what the application program to be accessed in licence broker program or License Management Procedure in advance
It the address of license server can be according to the address of preconfigured target license server when using application program
Access target license server, to obtain license resources required for the application program.
But in the access method of above-mentioned license resources, installation license card management on the terminal device is needed in advance
Program, since the system configuration scenarios of terminal device are irregular, security procedure and application program on terminal device are very
It is easy to clash with License Management Procedure, causes License Management Procedure installation, the time of maintenance and upgrade and cost very
Height can not be promoted rapidly on a large scale;Meanwhile the address of license server is directly exposed to terminal device, be easy to cause license
Demonstrate,prove resource leakage.
Summary of the invention
In view of this, the embodiment of the present application is designed to provide a kind of license resources access method and system, terminal
Equipment can request needed for application module without installation license card management program without the address for knowing license server
The license resources wanted solve the problems, such as that other programs of License Management Procedure and terminal device clash, protect simultaneously
The safety of license server access is demonstrate,proved.
In a first aspect, the embodiment of the present application provides a kind of license resources access method, it is applied to terminal device and is permitted
Gateway can be demonstrate,proved, wherein the address of the licensing gateway is configured in the system environment variable of the terminal device;
The described method includes:
The terminal device is after receiving application module enabled instruction, according to the address of the licensing gateway,
License resources request corresponding with the application module is sent to licensing gateway;Wherein, the license resources are asked
Seek the description information of license resources required for carrying authentication information and the application module;
The licensing gateway is after receiving the license resources request, if detecting the license resources
Authentication information in request is legal, then according to preset resource dispatching strategy, from being currently able to provide the description information description
The application module required for license resources at least one license server in selection target license server,
And license resources request is transmitted to the target license server;
The terminal device is receiving what the target license server was returned based on license resources request
Behind license service address, obtained from the target license server according to the license service address described using mould
License resources required for block.
With reference to first aspect, the embodiment of the present application provides the first possible embodiment of first aspect, wherein institute
It states license resources request and carries certification identification information, the licensing gateway, which is also stored with to identify with the certification, to be believed
At least one corresponding blacklist is ceased, includes the first standard authentication information of license resources in the blacklist;The license
Card gateway detects the legal method of the authentication information in the license resources request, comprising:
If detecting, at least one target corresponding with the certification identification information in license resources request is black
The authentication information is then compared by list with the first standard authentication information at least one described target blacklist;
If the authentication information is mismatched with the first standard authentication information in target blacklist described in each, really
The fixed authentication information is legal.
The possible embodiment of with reference to first aspect the first, the embodiment of the present application provide second of first aspect
Possible embodiment, wherein license resources request carries certification identification information, in the licensing gateway
It is stored with white list corresponding with the certification identification information, includes the second standard authentication of license resources in the white list
Information;The licensing gateway detects the legal method of the authentication information in the license resources request, comprising:
It, will if detecting target white list corresponding with the certification identification information in license resources request
The authentication information is compared with the second standard authentication information in the target white list;
If the authentication information matches with the second standard authentication information, it is determined that the authentication information is legal.
The possible embodiment of second with reference to first aspect, the embodiment of the present application provide the third of first aspect
Possible embodiment, wherein when the white list is multiple, be also stored with the white name in the licensing gateway
Single level information;
If described detect target white list corresponding with the certification identification information in license resources request,
Then the authentication information is compared with the second standard authentication information in the target white list, comprising:
If detecting multiple target white lists corresponding with the certification identification information in license resources request,
Then according to the level information of multiple target white lists, the target of highest priority is selected from multiple target white lists
White list;Wherein, level information more high priority is higher;
The authentication information is compared with the second standard authentication information in the target white list of highest priority.
The possible embodiment of second with reference to first aspect, the embodiment of the present application provide the 4th kind of first aspect
Possible embodiment, wherein the priority of the blacklist is higher than the priority of the white list;The licensing gateway is set
The legal method of the standby authentication information detected in the license resources request, further includes:
If detecting target blacklist corresponding with the certification identification information in license resources request and mesh
White list is marked, then is compared the authentication information with the first standard authentication information in the target blacklist;
It, will if the authentication information is mismatched with the first standard authentication information in target blacklist described in each
The authentication information is compared with the second standard authentication information in the target white list;
If the authentication information matches with the second standard authentication information, it is determined that the authentication information is legal.
Second aspect, the embodiment of the present application also provides a kind of license resources to access system, comprising: terminal device is permitted
Gateway and license server can be demonstrate,proved;It is set in the system environment variable of the terminal device configured with the licensing gateway
Standby address;
The terminal device, for after receiving application module enabled instruction, according to the licensing gateway
Address sends license resources request corresponding with the application module to the licensing gateway;Wherein, the license
The description information of license resources required for authentication information and the application module is carried in card resource request;
The licensing gateway, for after receiving license resources request, if detecting the license
The authentication information demonstrate,proved in resource request is legal, then according to preset resource dispatching strategy, believes from being currently able to provide the description
Cease selection target licensing at least one license server of license resources required for the application module of description
Server, and license resources request is transmitted to the target license server;
The license server, for being sent to the terminal device after receiving the license resources request
License service address;
The terminal device is also used to after receiving the license service address, according to the license service
Location obtains license resources required for the application module from the target license server.
In conjunction with second aspect, the embodiment of the present application provides the first possible embodiment of second aspect, wherein institute
It states license resources request and carries certification identification information, the licensing gateway, which is also stored with to identify with the certification, to be believed
At least one corresponding blacklist is ceased, includes the first standard authentication information of license resources in the blacklist;The license
Gateway is demonstrate,proved, is specifically used for:
If detecting, at least one target corresponding with the certification identification information in license resources request is black
The authentication information is then compared by list with the first standard authentication information at least one described target blacklist;
If the authentication information is mismatched with the first standard authentication information in target blacklist described in each, really
The fixed authentication information is legal.
In conjunction with the first possible embodiment of second aspect, the embodiment of the present application provides second of second aspect
Possible embodiment, wherein license resources request carries certification identification information, in the licensing gateway
It is stored with white list corresponding with the certification identification information, includes the second standard authentication of license resources in the white list
Information;The licensing gateway, is specifically used for:
It, will if detecting target white list corresponding with the certification identification information in license resources request
The authentication information is compared with the second standard authentication information in the target white list;
If the authentication information matches with the second standard authentication information, it is determined that the authentication information is legal.
In conjunction with second of possible embodiment of second aspect, the embodiment of the present application provides the third of second aspect
Possible embodiment, wherein the priority of the blacklist is higher than the priority of the white list;The licensing gateway is set
It is standby, it is specifically used for:
If detecting target blacklist corresponding with the certification identification information in license resources request and mesh
White list is marked, then is compared the authentication information with the first standard authentication information in the target blacklist;
It, will if the authentication information is mismatched with the first standard authentication information in target blacklist described in each
The authentication information is compared with the second standard authentication information in the target white list;
If the authentication information matches with the second standard authentication information, it is determined that the authentication information is legal.
In conjunction with second aspect, second aspect the first possible embodiment to second aspect the third possible reality
Any possible embodiment in mode is applied, the embodiment of the present application provides the 4th kind of possible embodiment party of second aspect
Formula, wherein the license resources access system includes licensing gateway cluster, the licensing gateway cluster
Including multiple licensing gateways, the actual address of multiple licensing gateways is mapped as a virtual address;Institute
Multiple licensing gateways can be accessed by the virtual address by stating terminal device;
Multiple licensing gateway shared file storage systems, it is spare when main licensing gateway device failure
Licensing gateway is switched to new main licensing gateway, and comes from the end based on document storage system processing
The license resources of end equipment are requested.
A kind of license resources access method and system provided by the embodiments of the present application, terminal device can not installed perhaps
It is unified to licensing net by the address of the licensing gateway configured in system under the premise of agency or management program can be demonstrate,proved
It closes equipment and goes license resources required for request application module, license resources tune is uniformly carried out by licensing gateway
Degree solves the problems, such as that the License Management Procedure of the installation on terminal device is easy to clash with other software, saves
License Management Procedure installation, maintenance and upgrade cost.Meanwhile terminal device passes through unique licensing gateway address
Apply for required license resources, by licensing gateway distributes application module in real time according to preset resource control scheme
Required license resources, terminal device ensure that license server without the address for knowing license server
The safety of access.
To enable the above objects, features, and advantages of the application to be clearer and more comprehensible, preferred embodiment is cited below particularly, and cooperate
Appended attached drawing, is described in detail below.
Detailed description of the invention
Technical solution in ord to more clearly illustrate embodiments of the present application, below will be to needed in the embodiment attached
Figure is briefly described, it should be understood that the following drawings illustrates only some embodiments of the application, therefore is not construed as pair
The restriction of range for those of ordinary skill in the art without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 shows a kind of structural schematic diagram of license resources access system provided by the embodiment of the present application.
Fig. 2 shows a kind of flow charts of license resources access method provided by the embodiment of the present application.
Fig. 3 shows the flow chart of another kind license resources access method provided by the embodiment of the present application.
Fig. 4 shows the flow chart of another kind license resources access method provided by the embodiment of the present application.
Fig. 5 shows the flow chart of another kind license resources access method provided by the embodiment of the present application.
Fig. 6 shows the flow chart of another kind license resources access method provided by the embodiment of the present application.
Fig. 7 shows the flow chart of another kind license resources access method provided by the embodiment of the present application.
Specific embodiment
To keep the purposes, technical schemes and advantages of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application
Middle attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only
It is some embodiments of the present application, instead of all the embodiments.The application being usually described and illustrated herein in the accompanying drawings is real
The component for applying example can be arranged and be designed with a variety of different configurations.Therefore, below to the application's provided in the accompanying drawings
The detailed description of embodiment is not intended to limit claimed scope of the present application, but is merely representative of the selected reality of the application
Apply example.Based on embodiments herein, those skilled in the art institute obtained without making creative work
There are other embodiments, shall fall in the protection scope of this application.
Existing granting resources access method major defect concentrates on the following aspects:
1. license server is dispersed, need that license server address and end is respectively configured in client when in use
Mouthful, it is not easy to operate.
2. the agreement address (Internet Protocol, IP) interconnected between the network of license server and port are straight
It connects and is exposed to user terminal, granting resources is be easy to cause to reveal, safety is bad.
3. license server uses at random, more people are be easy to cause on the server when sharing the same license server
License resources are insufficient, and resource vacancy in other license servers.
4. for big enterprise, all license servers of information centre of group require to be deployed on group's public network,
Can not access control and progress resource allocation.
5. existing granting resources management program needs install client-side program on each tabletop machine in the market, do not accomplish
Zero-configuration client, line service amount are big;It is limited by terminal device, environmental suitability is poor, can not popularize in an all-round way in enterprises.
In view of the above-mentioned problems, a kind of license resources access method provided by the embodiments of the present application and system, terminal device
It can be under the premise of licence broker or management program be installed, by the address of unique licensing gateway to the ground
License resources required for the corresponding licensing gateway application application module in location, by the license in licensing gateway
Gateway module is demonstrate,proved according to the preset resource control scheme of administrator, distributes corresponding license resources in real time.
Fig. 1 shows a kind of structural schematic diagram of license resources access system provided by the embodiments of the present application, such as Fig. 1 institute
Show, the license resources access system includes: terminal device 10, licensing gateway 20 and license server 30;Its
In, multiple application modules are equipped in terminal device 10, and (application module here refers to the softwares such as application program or hard
Part), licensing gateway module is installed in licensing gateway 20 and (in the embodiment of the present application, licensing gateway mould is installed
The server of block is licensing gateway 20);It is set in the system environment variable of terminal device 10 configured with licensing gateway
Standby 20 address, the application module can address by licensing gateway 20 and the licensing gateway module communication links
It connects;Lmgrd service is installed, the licensing gateway module can connect with the lmgrd communication for service in license server 30
It connects;The licensing gateway module is for managing above-mentioned license server 30, the specific lmgrd service as described in monitoring
Location, license resources information and scheduling grant card server 30 etc..
The embodiment of the present application provides a kind of license resources access method, is applied to terminal device 10 and licensing gateway
Equipment 20, wherein the address of the licensing gateway is configured in the system environment variable of the terminal device 10;Such as figure
Shown in 2 and Fig. 3, which comprises
S101, the terminal device are after receiving application module enabled instruction, according to the licensing gateway
Address sends license resources request corresponding with the application module to licensing gateway;Wherein, the licensing money
The description information of license resources required for authentication information and the application module is carried in the request of source.
In the embodiment of the present application, after actuation, this is answered the application module (application module, that is, application program) in terminal device
License resources request (namely lmgrd request) can be sent to the address of licensing gateway with program, since this applies journey
The transmission address of the lmgrd request of sequence is previously configured as the address of licensing gateway, and therefore, above-mentioned lmgrd requests meeting
It is sent to licensing gateway.
In the prior art, when user by terminal device (PC (personal computer, PC) terminal or
Mobile terminal etc.) starting application program when, generally require to specify corresponding license server by hand for each application program
Address and port;Licence broker or management software currently on the market can help with positioning the server of required licensing
Location, but need to install local agent program on the terminal device to obtain the starting information of application.In actual use, because eventually
The system configuration scenarios of end equipment are irregular, and the security software and application software on terminal device are easy to act on behalf of journey with this kind of
Sequence clashes, and causes client-side program installation, the time of maintenance and upgrade and cost very high, can not promote rapidly on a large scale.
In the embodiment of the present application, terminal device uses the scheme of zero-configuration client (or for zero agency), and the terminal of user is set
It is standby upper without additionally installing or running any program, it is only necessary to which that environmental variance, (environmental variance is for matching on the terminal device
Set the transmission address of the lmgrd request of application program) it is set as the port and address of licensing gateway, such as " LM_
LICENSE_FILE=22000 192.168.10.100 ", in this way, application program after actuation all can be to licensing gateway
Lmgrd request is issued, and application program is not necessarily to know the address of specific license server, thus reduces and even solves
The address of license server is directly exposed to the problem of license resources are revealed caused by the terminal device of user, improves
The safety of the access of license server.
Application program is configured licensing and unifies access interface, and by the configuration of the environmental variance of application program, terminal is set
Standby upper all application modules all set license resources application (namely above-mentioned license resources are requested) licensure gateway
It is standby to be uniformly processed, by licensing gateway (specifically by the licensing gateway module in licensing gateway) according to inside
The license server of registration specifies license resources automatically.
In addition, the license resources request in the embodiment of the present application carries authentication information (can such as answer for user information
With the user account information etc. of program, which may include personal user information and department's information) and terminal device letter
(address of such as terminal device, device number) etc. is ceased, the purpose of the authentication information is for the subsequent authentication user or the end
Whether end equipment has the request qualification for the license resources for requesting the application program.Wherein, above-mentioned terminal address can be for eventually
The agreement address (Internet Protocol, IP) interconnected between the network at end or physical address (Media Access
Control Medium Access Control, MAC Address).
The description information for the target license resources that license resources request carries can want the license of request for user
Demonstrate,prove type, version and the quantity etc. of resource, such as type are as follows: microsoft office, 2017 versions and quantity are 10 etc..
The purpose of the description information is to be able to inform that licensing gateway goes license resources required for request application module,
So that licensing gateway takes according to the optimal licensing that the description information goes scheduling to be capable of providing above-mentioned license resources
Business device.
S102, the licensing gateway are after receiving the license resources request, if detecting the license
The authentication information demonstrate,proved in resource request is legal, then according to preset resource dispatching strategy, believes from being currently able to provide the description
Cease selection target licensing at least one license server of license resources required for the application module of description
Server, and license resources request is transmitted to the target license server.
In the embodiment of the present application, the certification letter in middle verifying license resources request is stored in advance in licensing gateway
Breath whether legal blacklist and/or white list;Be provided with relevant standard authentication information in blacklist and white list in advance.Such as
Fruit only has blacklist, and when the authentication information in license resources request is not in blacklist, authentication information is verified;If
Only white list, when the authentication information in license resources request is in white list, authentication information is verified;If both wrapped
Include white list, and including in blacklist, authentication information had not only been not belonging to blacklist but also had belonged to white list, then authentication information verifying is logical
It crosses.
Wherein, licensing gateway is after the authentication information for determining license resources request is verified, selection target
The preset resource dispatching strategy that license server uses can be the shared scheduling of resource quota management strategy, resource fairness
Strategy, Network Priority scheduling strategy, fragment priority scheduling strategy, resource, which merge, seizes scheduling plan using scheduling strategy and priority
Slightly etc., the management and distribution of license resources can be effectively realized by these scheduling strategies, are improved and are permitted for user
The response efficiency of resource request and the utilization rate of license resources can be demonstrate,proved.
After licensing gateway, which is based on above-mentioned scheduling strategy, has chosen target license server, by the licensing
Resource request is transmitted to the lmgrd service of the target license server, so that lmgrd service can be by the vendor of license
(i.e. supplier's demons, the program are specifically capable of providing license resources required for the application program) address daemon returns
(corresponding application program in terminal device specifically be fed back to) in terminal device.
S103, the terminal device receive the target license server be based on the license resources request return
Return license service address after, obtained from the target license server according to the license service address described in answer
The license resources required for module.
Here, terminal device sends to this address after receiving the address vendor daemon and carries the target
The license resources of the description information of license resources are requested, and the lmgrd service of target license server is provided according to licensing
It requests to return to the feedback information for carrying target license resources required for application program to terminal device in source.Terminal device exists
After receiving feedback information, application program can service in the feedback information returned from lmgrd detects required target license
Demonstrate,prove resource.
A kind of license resources access method provided by the embodiments of the present application, terminal device can not install licensing generation
It is unified to licensing gateway by the address of the licensing gateway configured in system under the premise of reason or management program
License resources required for request application module are gone, license resources scheduling is uniformly carried out by licensing gateway, are solved
The License Management Procedure of installation on terminal device is easy the problem of clashing with other software, saves licensing pipe
Manage the cost of program installation, maintenance and upgrade.Meanwhile terminal device by unique licensing gateway address to apply
License resources are needed, required for distributing application module in real time according to preset resource control scheme as licensing gateway
License resources, terminal device ensure that the peace of the access of license server without the address for knowing license server
Quan Xing.
Further, as shown in figure 4, license resources access method provided by the embodiments of the present application, the licensing money
Source request carries certification identification information, and the licensing gateway is also stored with corresponding extremely with the certification identification information
Lack a blacklist, includes the first standard authentication information of license resources in the blacklist;In step 102, the license
Card gateway detects the legal method of the authentication information in the license resources request, comprising:
If S201, detecting at least one mesh corresponding with the certification identification information in license resources request
Blacklist is marked, then is compared the authentication information and the first standard authentication information at least one described target blacklist
Compared with.
In the embodiment of the present application, licensing gateway, which is provided in advance, not to be allowed to identify using the certification of certain licensing
Information (such as user information mark, end message mark and License Identification) corresponding blacklist is stored in blacklist and is used for
Verify the first standard authentication information of authentication information in license resources request.When user passes through terminal device to licensing gateway
After equipment sends license resources request, the certification identification information lookup that licensing gateway is carried according to the request is recognized with this
Demonstrate,prove the corresponding blacklist of identification information, wherein above-mentioned end message mark can be terminal name or terminal address.Licensing
Gateway is after finding blacklist, by the authentication information in requesting license resources and the blacklist found
The first standard authentication information being arranged is compared, and licensing gateway believes the personal user information being listed in blacklist, department
The request of breath or end message, which is given, to be refused, and access permission is not allowed to demonstrate,prove resource.
In the embodiment of the present application, licensing gateway establishes the user information and department's information for belonging to same department
Mapping relations, in this way, when needed to configure in blacklist certification mark letter be some department's information when, as long as department is believed
In breath deposit blacklist.Licensing gateway is in the license for receiving some target user's information from the department
It, can be according to the mapping relations of department's information and department's information and user information in blacklist, to test after demonstrate,proving resource request
It whether legal demonstrate,proves target user's information, in this way while guaranteeing to realize authentication, saves the resource of blacklist.
In addition, in the embodiment of the present application, multiple blacklists with different stage can be configured, it specifically can be from user
Tri- information, terminal device address (IP address of such as terminal device) and licensing vendor dimensions are configured, and correspondence is above-mentioned
Three ranks, also there are three ranks for the range of blacklist to come into force: system-level, vendor grades and licensed service grade.It is system-level right
All applications or the license resources request of equipment are all worked, and vendor grades to some application or all licenses of device manufacturer
Card resource request works, and licensed service grade only works to some license service.The control of these three ranks can
To enable simultaneously, fine control is carried out to the access authority of license resources.
Here, system-level blacklist can cover vendor grades of blacklist, and vendor grades of blacklist can cover category
In the application or the blacklist of the licensed service grade of equipment.When blacklist has it is multiple when, authentication information need it is black with each
The first standard authentication information in list is compared.
If the first standard authentication information in S202, the authentication information and each described target blacklist is not
Match, it is determined that the authentication information is legal.
Here, determining authentication information, legal mode may is that when the first mark in authentication information and each blacklist
Quasi- authentication information mismatches, and just determines that the authentication information is legal;When the first mark in authentication information and an at least blacklist
Quasi- authentication information matches, it is determined that the authentication information is illegal.
Alternatively, the priority of the blacklist of licensing gateway configuration different stage, by authentication information prior to preferential
The highest blacklist of grade is matched, if matching, it is determined that the authentication information is illegal;If mismatch, again with it is remaining
The blacklist of highest priority is matched in blacklist;If matching, it is determined that the authentication information is illegal;If mismatching,
If the step of return is matched with the blacklist of highest priority in remaining blacklist again, until all black names
It is single all to have matched, the whether legal result of authentication output information.
Further, as shown in figure 5, license resources access method provided by the embodiments of the present application, the licensing money
Source request carries certification identification information, is stored in the licensing gateway corresponding white with the certification identification information
List includes the second standard authentication information of license resources in the white list;In step 102, the licensing gateway is set
The legal method of the standby authentication information detected in the license resources request, comprising:
If S301, detecting the white name of target corresponding with the certification identification information in license resources request
It is single, then the authentication information is compared with the second standard authentication information in the target white list.
In the embodiment of the present application, licensing gateway is pre-configured with the certification identification information that certain licensing can be used
(such as user information mark, end message mark and License Identification) corresponding white list is stored with for verifying in white list
Second standard authentication information of authentication information in license resources request.When user passes through terminal device to licensing gateway
After sending license resources request, certification identification information that licensing gateway is carried according to the request (such as user account with
Terminal address) search white list corresponding with the certification identification information;Wherein, above-mentioned end message mark can be terminal name
Or terminal address.Licensing gateway benefit passes through recognizing in requesting license resources after the white list found
The second standard authentication information being arranged in card information and the white list found is compared, and licensing gateway will be not included in white
The request of personal user information, department's information or end message in list, which is given, to be refused, and does not allow to access the license resources.
If S302, the authentication information match with the second standard authentication information, it is determined that the authentication information closes
Method.
Further, as shown in fig. 6, license resources access method provided by the embodiments of the present application, when the white list
When being multiple, the level information of the white list is also stored in the licensing gateway;If step 301, the detection
To with the corresponding target white list of the certification identification information in license resources request, then by the authentication information with
The second standard authentication information in the target white list is compared, comprising:
If S3011, detecting multiple targets corresponding with the certification identification information in license resources request
White list selects priority most from multiple target white lists then according to the level information of multiple target white lists
High target white list;Wherein, level information more high priority is higher.
S3012, the second standard authentication information in the authentication information and the target white list of highest priority is carried out
Compare.
In conjunction with step 3011 and step 3012, in the embodiment of the present application, licensing gateway foundation have belong to it is same
The mapping relations of the user information of department and department's information, in this way, when the certification mark letter needed to configure in white list is certain
When one department's information, as long as department's information is stored in white list, licensing gateway is being received from the portion
It, can be according to the department's information and department's letter in white list after the license resources request of some target user's information of door
The mapping relations of breath and user information are guaranteeing to realize the same of authentication in this way to verify whether target user's information is legal
When, save the resource of white list.
In addition, in the embodiment of the present application, multiple white lists with different stage can be configured, it specifically can be from user
Tri- information, terminal device address (IP address of such as terminal device) and licensing vendor dimensions are configured, and correspondence is above-mentioned
Three ranks, also there are three ranks for the range of white list to come into force: system-level, vendor grades and licensed service grade.It is system-level right
All applications or the license resources request of equipment are all worked, and vendor grades to some application or all licenses of device manufacturer
Card resource request works, and licensed service grade only works to some license service.The control of these three ranks can
To enable simultaneously, fine control is carried out to the access authority of license resources.
Here, system-level white list can cover vendor grades of white list, and vendor grades of white list can cover category
In the white list of the licensed service grade of the application.Licensing gateway configures the priority of the white list of different stage, will recognize
Card information is preferentially matched with the white list of highest priority, if matching, it is determined that the authentication information is legal;If not
Match, is matched again with the white list of highest priority in remaining white list;If matching, it is determined that the authentication information closes
Method;If mismatching, the step of being matched again with the white list of highest priority in remaining white list is returned to, until all
White list all matched, the whether legal result of authentication output information.
Further, as shown in fig. 7, license resources access method provided by the embodiments of the present application, the blacklist
Priority is higher than the priority of the white list;Step 102, the licensing gateway detects the license resources request
In the legal method of authentication information, further includes:
If S401, detecting target blacklist corresponding with the certification identification information in license resources request
With target white list, then the authentication information is compared with the first standard authentication information in the target blacklist.
In the embodiment of the present application, the priority of blacklist is higher than the priority of white list, therefore, is permitted detecting with described
After the corresponding target blacklist of the certification identification information and the target white list in resource request can be demonstrate,proved, first by authentication information
It is compared with the first standard authentication information in the target blacklist.
When target blacklist be it is multiple, can use above-mentioned multiple blacklists verification mode.When target white list is more
It is a, the verification mode of above-mentioned multiple target white lists can be used.
If the first standard authentication information in S402, the authentication information and each described target blacklist is not
Match, is then compared the authentication information with the second standard authentication information in the target white list;
In the embodiment of the present application, after the authentication information in license resources request passes through the verifying of blacklist, inciting somebody to action
The verifying of authentication information progress white list.
If S403, the authentication information match with the second standard authentication information, it is determined that the authentication information closes
Method.
In the embodiment of the present application, if license resources request in authentication information also by white list verifying, really
It is legal to determine authentication information.
License resources access method provided by the embodiments of the present application has the advantage that
1. zero-configuration client is installed: not needing to install the relevant Resource Broker of any licensing or money on the terminal device of user
Source control client-side program, it is only necessary in existing system environmental variance, configure network address and the port of resource gateway, to
Family desktop terminal or mobile terminal system do not make any changes;
2. licensing unifies access interface: all license servers are all types of by resource gateway unified monitoring
License resources request is all submitted to licensing gateway and is uniformly processed, and user requires no knowledge about specific license server institute
Address, by licensing gateway automatically specify license server on granting resources;
3. license resources unified access control: the license resources that can be formulated according to administrative department access limitation arrangement
For the access white and black list of specific licenc e, vendor grades of system scope, licensing is uniformly carried out by resource gateway
Not and licensing feature rank be directed to user, department, project access control.
As shown in Figure 1, a kind of license resources provided by the embodiments of the present application access system, comprising: terminal device 10 is permitted
Gateway 20 and license server 30 can be demonstrate,proved;The licensing is configured in the system environment variable of the terminal device 10
Gateway sets 20 standby addresses;
Terminal device 10, for after receiving application module enabled instruction, according to the licensing gateway 20
Address sends license resources request corresponding with the application module to the licensing gateway 20;Wherein, described to be permitted
The description information of license resources required for carrying authentication information and the application module in resource request can be demonstrate,proved;
Licensing gateway 20, for after receiving license resources request, if detecting the licensing
Authentication information in resource request is legal, then according to preset resource dispatching strategy, from being currently able to provide the description information
Selection target licensing at least one license server 30 of license resources required for the application module of description
Server, and license resources request is transmitted to the target license server;
License server 30, for being sent to the terminal device 10 after receiving the license resources request
License service address;
Terminal device 10 is also used to after receiving the license service address, according to the license service address
The target license resources are obtained from the target license server 30.
A kind of license resources provided by the embodiments of the present application access system, and terminal device can not install licensing generation
It is unified to licensing gateway by the address of the licensing gateway configured in system under the premise of reason or management program
License resources required for request application module are gone, license resources scheduling is uniformly carried out by licensing gateway, are solved
The License Management Procedure of installation on terminal device is easy the problem of clashing with other software, saves licensing pipe
Manage the cost of program installation, maintenance and upgrade.Meanwhile terminal device by unique licensing gateway address to apply
License resources are needed, required for distributing application module in real time according to preset resource control scheme as licensing gateway
License resources, terminal device ensure that the peace of the access of license server without the address for knowing license server
Quan Xing.
Further, license resources provided by the embodiments of the present application access system, and the license resources request carries
There is certification identification information, licensing gateway 20 is also stored at least one black name corresponding with the certification identification information
It is single, it include the first standard authentication information of license resources in the blacklist;Licensing gateway 20, is specifically used for:
If detecting, at least one target corresponding with the certification identification information in license resources request is black
The authentication information is then compared by list with the first standard authentication information at least one described target blacklist;
If the authentication information is mismatched with the first standard authentication information in target blacklist described in each, really
The fixed authentication information is legal.
Further, license resources provided by the embodiments of the present application access system, and the license resources request carries
There is certification identification information, white list corresponding with the certification identification information is stored in licensing gateway 20, it is described white
It include the second standard authentication information of license resources in list;Licensing gateway 20, is specifically used for:
It, will if detecting target white list corresponding with the certification identification information in license resources request
The authentication information is compared with the second standard authentication information in the target white list;
If the authentication information matches with the second standard authentication information, it is determined that the authentication information is legal.
Further, license resources provided by the embodiments of the present application access system, when the white list is multiple, perhaps
The level information that the white list is also stored in gateway 20 can be demonstrate,proved;Licensing gateway 20, is specifically used for:
If detecting multiple target white lists corresponding with the certification identification information in license resources request,
Then according to the level information of multiple target white lists, the target of highest priority is selected from multiple target white lists
White list;Wherein, level information more high priority is higher;
The authentication information is compared with the second standard authentication information in the target white list of highest priority.
Further, license resources provided by the embodiments of the present application access system, and the priority of the blacklist is higher than
The priority of the white list;Licensing gateway 20, is specifically used for:
If detecting target blacklist corresponding with the certification identification information in license resources request and mesh
White list is marked, then is compared the authentication information with the first standard authentication information in the target blacklist;
It, will if the authentication information is mismatched with the first standard authentication information in target blacklist described in each
The authentication information is compared with the second standard authentication information in the target white list;
If the authentication information matches with the second standard authentication information, it is determined that the authentication information is legal.
Further, license resources provided by the embodiments of the present application access system, including licensing gateway cluster,
The licensing gateway cluster includes multiple licensing gateways 20, the actual address of multiple licensing gateways 20
A corresponding virtual address;Terminal device 10 can access multiple licensing gateways 20 by the virtual address;
Multiple 20 shared file storage systems of licensing gateway, it is spare to be permitted when main licensing gateway device failure
Gateway can be demonstrate,proved and be switched to new main licensing gateway, and terminal device is come from based on document storage system processing
10 license resources request.
In the embodiment of the present application, licensing gateway 20 is by the way of server cluster, to guarantee licensing gateway
The high availability of equipment;Specifically, starting multiple servers and on each server installation license card gateway module, obtain more
A licensing gateway 20 forms licensing gateway cluster (i.e. server cluster), makes licensing gateway cluster
In licensing gateway 20 be mutually backups, i.e., ought wherein licensing gateway 20 break down, others license
The terminal device 10 that card gateway 20 can continue as user provides granting resources application service.
A kind of license resources provided by the embodiments of the present application access system, and terminal device can not install licensing generation
It is unified to licensing gateway by the address of the licensing gateway configured in system under the premise of reason or management program
License resources required for request application module are gone, license resources scheduling is uniformly carried out by licensing gateway, are solved
The License Management Procedure of installation on terminal device is easy the problem of clashing with other software, saves licensing pipe
Manage the cost of program installation, maintenance and upgrade.Meanwhile terminal device by unique licensing gateway address to apply
License resources are needed, required for distributing application module in real time according to preset resource control scheme as licensing gateway
License resources, terminal device ensure that the peace of the access of license server without the address for knowing license server
Quan Xing.
The corresponding device of license resources access method provided by the embodiment of the present application can be specific hard in equipment
Part or the program being installed in equipment or firmware etc..Device provided by the embodiment of the present application, realization principle and generation
Technical effect is identical with preceding method embodiment, and to briefly describe, Installation practice part does not refer to place, can refer to aforementioned side
Corresponding contents in method embodiment.It is apparent to those skilled in the art that for convenience and simplicity of description, it is aforementioned
System, the specific work process of device and unit of description, the corresponding process during reference can be made to the above method embodiment, herein
It repeats no more.
In embodiment provided herein, it should be understood that disclosed device and method, it can be by others side
Formula is realized.The apparatus embodiments described above are merely exemplary, for example, the division of the unit, only one kind are patrolled
Function division is collected, there may be another division manner in actual implementation, in another example, multiple units or components can combine or can
To be integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual
Coupling, direct-coupling or communication connection can be INDIRECT COUPLING or communication link by some communication interfaces, device or unit
It connects, can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
In addition, each functional unit in embodiment provided by the present application can integrate in one processing unit, it can also
To be that each unit physically exists alone, can also be integrated in one unit with two or more units.
It, can be with if the function is realized and when sold or used as an independent product in the form of program function unit
It is stored in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially in other words
The part of the part that contributes to existing technology or the technical solution can embody in the form of a program product, the meter
Calculation machine program product is stored in a storage medium, including some instructions are used so that a computer equipment (can be a
People's computer, server or network equipment etc.) execute each embodiment the method for the application all or part of the steps.
And storage medium above-mentioned includes: that USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited
The various media that can store program code such as reservoir (RAM, Random Access Memory), magnetic or disk.
It should also be noted that similar label and letter indicate similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined in a attached drawing, does not then need that it is further defined and explained in subsequent attached drawing, in addition, term " the
One ", " second ", " third " etc. are only used for distinguishing description, are not understood to indicate or imply relative importance.
Finally, it should be noted that embodiment described above, the only specific embodiment of the application, to illustrate the application
Technical solution, rather than its limitations, the protection scope of the application is not limited thereto, although with reference to the foregoing embodiments to this Shen
It please be described in detail, those skilled in the art should understand that: anyone skilled in the art
Within the technical scope of the present application, it can still modify to technical solution documented by previous embodiment or can be light
It is readily conceivable that variation or equivalent replacement of some of the technical features;And these modifications, variation or replacement, do not make
The essence of corresponding technical solution is detached from the spirit and scope of the embodiment of the present application technical solution.The protection in the application should all be covered
Within the scope of.Therefore, the protection scope of the application should be based on the protection scope of the described claims.