CN109033877A - A kind of distributed user permission processing method and system - Google Patents
A kind of distributed user permission processing method and system Download PDFInfo
- Publication number
- CN109033877A CN109033877A CN201810871688.9A CN201810871688A CN109033877A CN 109033877 A CN109033877 A CN 109033877A CN 201810871688 A CN201810871688 A CN 201810871688A CN 109033877 A CN109033877 A CN 109033877A
- Authority
- CN
- China
- Prior art keywords
- user
- page
- redis cluster
- data
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a kind of distributed user permission processing method and systems, wherein method includes: after user first logs into, it will be stored in Redis cluster from the data that database is read, user data can be imported the processing routine of current page by the access any required page logged in when user is in logging state in this way by resolver.By the present invention in that saving the data of user right with Redis cluster, even if system increases third platform server, from newly-increased third platform server access when user accesses again, as long as being connected to Redis cluster, data can be got, user does not need the step of operation bidirectional logs in.
Description
Technical field
The present invention relates to field of computer technology more particularly to a kind of distributed user permission processing methods and system.
Background technique
In distributed system, system amount of access is often huger.It has been unable to complete in a server and user has been weighed
When the task that limit data are handled, increasing server becomes inevitable choice.But after possessing multiple servers, just
When being likely to occur this user access, related data are stored on No. 1 server by system;Next user is come when accessing, reception
The user be No. 2 servers.However there is no the data of the user on No. 2 servers, user must just be logged in.In this way,
Many unnecessary troubles are brought to user, user experience is not high.
Summary of the invention
The present invention since the server of system storing data changes and needs to use in existing computer system
Family again login system the problem of, a kind of distributed user permission processing method and system are provided, saved using Redis cluster
The data of user right.Even if system increases third platform Web (World Wide Web, WWW) server, user is again
It is accessed when access from newly-increased third platform Web server, as long as being connected to Redis cluster, so that it may get data, not need
The step of operation bidirectional logs in.
Distributed user permission processing method provided by the invention, comprising the following steps:
After user first logs into, user data, and the user data that will be read are read from system database
It is stored in Redis cluster;
In the page that access needs to log under user is in logging state, the user data that will be stored in Redis cluster
Import the processing routine of current page.
As an embodiment, distributed user permission processing method of the invention, further comprising the steps of:
After the user data changes, the user data stored in Redis cluster is updated.
As an embodiment, in the page that access needs to log under user is in logging state, by Redis collection
The user data stored in group imports the processing routine of current page, comprising the following steps:
In the page that access needs to log under user is in logging state, read described in storage from Redis cluster
User data;
After reading the user data, judge whether user has access authority to the current request page;
If there is access authority, the user data stored in Redis cluster is imported to the processing routine of current page, for working as
The preceding page uses, to be returned to user requests webpage.
As an embodiment, judge whether user has access authority, including following step to the current request page
It is rapid:
In response to the login page request of user, requested using blocker technical intercept user;
The address and preset user right information requested access to according to the user intercepted judges user to current request
Whether the page has access authority.
As an embodiment, when accessing any required page logged under user is in logging state, from
It is further comprising the steps of before reading the user data of storage in Redis cluster:
Judge whether the user data has stored in Redis cluster;
If so, reading the user data of storage from Redis cluster;
If it is not, then reading the data of active user, and it is saved in Redis cluster.
Correspondingly, distributed user authorization process system provided by the invention, including cache module and import modul;
The cache module for after user first logs into, reading user data from system database, and will be read
To the user data be stored in Redis cluster;
The import modul, under user is in logging state access need log in the page when, by Redis cluster
The user data of middle storage imports the processing routine of current page.
Distributed user authorization process system provided by the invention, further includes update module;
The update module, for updating the user stored in Redis cluster after the user data changes
Data.
As an embodiment, the import modul includes reading unit, access authority judging unit and importing
Unit;
The reading unit, under user is in logging state access need log in the page when, from Redis cluster
The middle user data for reading storage;
The access authority judging unit, for judging user couple after the reading unit reads the user data
Whether the current request page has access authority;
The import unit, for will be stored in Redis cluster when user has access authority to the current request page
User data import current page processing routine, for current page use.
As an embodiment, the access authority judging unit is also used to the logging request in response to user, benefit
The address requested access to blocker technical intercept user, and the address requested access to according to the user intercepted and preset use
Family authority information judges whether user has access authority to the current request page.
As an embodiment, the import modul further includes caching judging unit;
The caching judging unit is for judging whether the user data has stored in Redis cluster;If so,
The user data of storage is read from Redis cluster;If it is not, then read the data of active user, and by the data of reading
It saves into Redis cluster.
Compared with prior art, the technical program has the advantage that
Distributed user permission processing method and system provided by the invention will be from databases after user first logs into
The data read are stored in Redis cluster, the access any required page logged in when such user is in logging state,
User data can be imported to the processing routine of current page by resolver.By the present invention in that being protected with Redis cluster
The data of user right are deposited, even if system increases third platform Web server, from newly-increased third platform when user accesses again
Web server access, as long as being connected to Redis cluster, so that it may get data, user does not need the step of operation bidirectional login
Suddenly.
Detailed description of the invention
Fig. 1 is the flow diagram for the distributed user permission processing method that the embodiment of the present invention one provides;
Fig. 2 is the structural schematic diagram of distributed user authorization process system provided by Embodiment 2 of the present invention;
Fig. 3 is the operational process schematic diagram of distributed user permission processing method provided by the invention.
Specific embodiment
Below in conjunction with attached drawing, the technical characteristic and advantage above-mentioned and other to the present invention are clearly and completely described,
Obviously, described embodiment is only section Example of the invention, rather than whole embodiments.
The present invention saves the user data after user first logs into using Redis cluster (except code data).Even if
System increases third platform Web server, accesses when user accesses again from third platform Web server, as long as being connected to Redis
Cluster, so that it may get user data, user does not have to the step of operation bidirectional logs in.The use of Redis cluster, can be to avoid
Single Point of Faliure causes entirely to service unavailable.
It noting herein, Redis cluster is the set that several Redis servers combine according to configuration,
The appearance of Redis cluster is in order to avoid Single Point of Faliure.When one is unavailable from node in cluster, entire cluster is still available,
One host node is unavailable, and having one becomes host node (during this, if system by voting protocol election from node
3 can be more than or equal to host node, cluster entirely can be used, of short duration unavailable if it is less than 3), the presence of Redis cluster is
The premise of this technology.Certainly, other modes of Redis server also can be used, such as master slave mode, sentry's mode.
The distributed user permission processing method provided referring to Fig. 1, the embodiment of the present invention one, comprising the following steps:
S100, after user first logs into, user data, and the user data that will be read are read from system database
It is stored in Redis cluster;
S200, in the page that access needs to log under user is in logging state, the user that will be stored in Redis cluster
The processing routine of data importing current page.
The distributed user permission processing method that the embodiment of the present invention one provides, firstly the need of sentencing before logging in system by user
Whether disconnected user has the permission of login system.Specifically, it when client initiates the request of login system, is blocked with Spring blocker
Request is stopped, different judgements are done according to request data.If it is the request (such as picture, CSS, JS) of static resource file, directly
It connected;If allowing directly to access comprising specified note in request data;If not including the note, need to sentence
It is disconnected whether to log in.
At PC (personal computer, personal computer) end by judging whether there is specified cookie come really
Recognize and whether have logged on, if there is the cookie, it is believed that has logged on, the request page before allowing user to go to, if do not had
There is the cookie, then it is assumed that be not logged in, jump to login page, prompt user to input account number cipher and log in.If account
Password is correct, and the page requested before jumping to user provides miscue if incorrect, and user is allowed to carry out account number cipher
Modification.
The distributed user permission processing method that the present embodiment one provides will be read after user first logs into from database
The data got are stored in Redis cluster, the access any required page logged in when such user is in logging state,
User data to be imported to the processing routine of current page, does not need additionally to log on by resolver.
User data in the present embodiment refers to the other users load right data in addition to user password data.
Further, further comprising the steps of before step S200:
S110, judge whether user data has stored in Redis cluster;
S120, if so, reading the user data of storage from Redis cluster;
S130, if it is not, then read the data of active user, and be saved in Redis cluster.
Specifically, step S200 can specifically be realized by following steps:
S210, under user is in logging state access need log in the page when, from Redis cluster read storage
User data;
S220, after reading user data, judge whether user has access authority to the current request page;
If S230, having access authority, the user data stored in Redis cluster is imported to the processing journey of current page
Sequence is used for current page, so that it returns to user requests webpage.
Step S220 can be requested in response to the login page of user, be requested using blocker technical intercept user.At this
Interception is not only to intercept address, other data such as incoming relevant parameter are also intercepted together.Further, according to the use intercepted
The address and preset user right information that family requests access to judge whether user has access authority to the current request page.It is logical
The address accessed using blocker technical intercept user is crossed, judges that user is according to whether address and user right information match
No permission to access address.If user is not logged in, login page is jumped to, carries out register for user.If with
Family has logged in, and has corresponding permission, so that it may the address be accessed;If user has logged in, but no corresponding permission,
The lack of competence page can be returned to, user is prompted.
Further, the distributed user permission processing method that the present embodiment one provides, has any variation in user data
Later, it can update in first time to Redis and cache, to guarantee that the data that user gets every time are all newest.
Based on the same inventive concept, second embodiment of the present invention provides a kind of distributed user authorization process system, this is
It unites identical as the principle of aforementioned distributed user permission processing method, the implementation of the system can refer to preceding method realization, repeat
Place, it is no longer redundant later.
Referring to fig. 2, distributed user authorization process system provided by Embodiment 2 of the present invention, including 100 He of cache module
Import modul 200.Wherein, cache module 100 is used for after user first logs into, and user data is read from system database,
And the user data read is stored in Redis cluster;Import modul 200 in the case where user is in logging state for accessing
When the page for needing to log in, the user data stored in Redis cluster is imported to the processing routine of current page.
Further, the distributed user authorization process system that the present embodiment two provides, further includes update module 300.More
New module 300 is used for after user data changes, and updates the user data stored in Redis cluster.
Further, import modul 200 includes reading unit 210, access authority judging unit 220 and import unit
230。
Reading unit 210 is used in the page that access needs to log under user is in logging state, from Redis cluster
Read the user data of storage;
Access authority judging unit 220 is used for after reading unit 210 reads user data, judges user to current request
Whether the page has access authority;Specifically, access authority judging unit 220 is used to be requested access to according to the user intercepted
Address and preset user right information judge whether user has access authority to the current request page.
Import unit 230 is used for when user has access authority to the current request page, by what is stored in Redis cluster
User data imports the processing routine of current page, and returns to user requests webpage.
Import modul 200 further includes caching judging unit 240, and whether caching judging unit 240 is for judging user data
It has stored in Redis cluster;If so, reading the data of active user, and it is saved in Redis cluster.
It is opened by user: for http://mp.dianmob.com/ enters login interface, of the invention being met the tendency of below
Process is illustrated.
As shown in figure 3, whether system first determines whether that user logs in and succeeds after user carries out register;
If logined successfully, Redis cluster is connected;
If login failure, login interface is returned to, user need to re-start register.
After being connected to Redis cluster, judge whether user information has been buffered in Redis cluster;If so, reading
It is data cached;If it is not, then save user data to Redis cluster cache, and by data cached reading.
After reading data cached, further judge whether user has permission the current request page;If so, blocker
Allow the request to pass through, and system is transferred to normally to handle, and returns to user requests webpage;If nothing, the lack of competence page is jumped to,
Prompt user does not have permission.
When user information has any update, updated user information data are sent to user's Redis cluster by blocker,
It is updated.
Distributed user permission processing method and system provided by the invention will be from databases after user first logs into
The data read are stored in Redis cluster, the access any required page logged in when such user is in logging state,
User data can be imported to the processing routine of current page by resolver.By the present invention in that being protected with Redis cluster
The data of user right are deposited, even if system increases third platform Web server, from newly-increased third platform when user accesses again
Web server access, as long as being connected to Redis cluster, so that it may get data, user does not need the step of operation bidirectional login
Suddenly.
Although the invention has been described by way of example and in terms of the preferred embodiments, but it is not for limiting the present invention, any this field
Technical staff without departing from the spirit and scope of the present invention, may be by the methods and technical content of the disclosure above to this hair
Bright technical solution makes possible variation and modification, therefore, anything that does not depart from the technical scheme of the invention, and according to the present invention
Technical spirit any simple modifications, equivalents, and modifications to the above embodiments, belong to technical solution of the present invention
Protection scope.
Claims (10)
1. a kind of distributed user permission processing method, which comprises the following steps:
After user first logs into, user data is read from system database, and the user data read is stored
In Redis cluster;
In the page that access needs to log under user is in logging state, the user data stored in Redis cluster is imported
The processing routine of current page.
2. distributed user permission processing method according to claim 1, which is characterized in that further comprising the steps of:
After the user data changes, the user data stored in Redis cluster is updated.
3. distributed user permission processing method according to claim 1 or 2, which is characterized in that be in and log in user
When the page that access needs to log under state, the user data stored in Redis cluster is imported to the processing routine of current page,
The following steps are included:
In the page that access needs to log under user is in logging state, the user of storage is read from Redis cluster
Data;
After reading the user data, judge whether user has access authority to the current request page;
If there is access authority, the user data stored in Redis cluster is imported to the processing routine of current page, for current page
Face uses.
4. distributed user permission processing method according to claim 3, which is characterized in that judge user to current request
Whether the page has access authority, comprising the following steps:
In response to the login page request of user, requested using blocker technical intercept user;
The address and preset user right information requested access to according to the user intercepted judges user to the current request page
Whether there is access authority.
5. distributed user permission processing method according to claim 3, which is characterized in that be in logging state in user
It further include following before the user data for reading storage in Redis cluster when the page of the lower any required login of access
Step:
Judge whether the user data has stored in Redis cluster;
If so, reading the user data of storage from Redis cluster;
If it is not, then reading the data of active user, and the data of reading are saved into Redis cluster.
6. a kind of distributed user authorization process system, which is characterized in that including cache module and import modul;
The cache module for after user first logs into, reading user data from system database, and will be read
The user data is stored in Redis cluster;
The import modul, for will be deposited in Redis cluster in the page that access needs to log under user is in logging state
The user data of storage imports the processing routine of current page.
7. distributed user authorization process system according to claim 6, which is characterized in that further include update module;
The update module, for updating the number of users stored in Redis cluster after the user data changes
According to.
8. distributed user authorization process system according to claim 6 or 7, which is characterized in that the import modul packet
Include reading unit, access authority judging unit and import unit;
The reading unit, for being read from Redis cluster in the page that access needs to log under user is in logging state
Take the user data of storage;
The access authority judging unit, for judging user to current after the reading unit reads the user data
Whether request page has access authority;
The import unit, the use for will be stored in Redis cluster when user has access authority to the current request page
User data imports the processing routine of current page, uses for current page.
9. distributed user authorization process system according to claim 8, which is characterized in that the access authority judgement is single
Member is also used to the logging request in response to user, the address requested access to using blocker technical intercept user, and according to interception
To the address that requests access to of user and preset user right information judge whether user has access to the current request page
Permission.
10. distributed user authorization process system according to claim 8, which is characterized in that the import modul is also wrapped
Include caching judging unit;
The caching judging unit is for judging whether the user data has stored in Redis cluster;If so, from
The user data of storage is read in Redis cluster;If it is not, then reading the data of active user, and the data of reading are protected
It deposits into Redis cluster.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810871688.9A CN109033877A (en) | 2018-08-02 | 2018-08-02 | A kind of distributed user permission processing method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810871688.9A CN109033877A (en) | 2018-08-02 | 2018-08-02 | A kind of distributed user permission processing method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109033877A true CN109033877A (en) | 2018-12-18 |
Family
ID=64648787
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810871688.9A Pending CN109033877A (en) | 2018-08-02 | 2018-08-02 | A kind of distributed user permission processing method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109033877A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110750747A (en) * | 2019-10-22 | 2020-02-04 | 杭州安恒信息技术股份有限公司 | Page jump method, device, equipment and readable storage medium |
CN111090882A (en) * | 2019-12-18 | 2020-05-01 | 北京浪潮数据技术有限公司 | Operation control method, device and equipment for redis database |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090265391A1 (en) * | 2008-04-18 | 2009-10-22 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. | Apparatus and method for managing network storage |
CN104506542A (en) * | 2014-12-29 | 2015-04-08 | 深圳中兴网信科技有限公司 | Security certification method and security certification system |
CN106487744A (en) * | 2015-08-25 | 2017-03-08 | 北京京东尚科信息技术有限公司 | A kind of Shiro verification method based on Redis storage |
CN107911357A (en) * | 2017-11-09 | 2018-04-13 | 北京锐安科技有限公司 | A kind of method, apparatus of single-sign-on, server and storage medium |
CN108108597A (en) * | 2016-11-25 | 2018-06-01 | 沈阳美行科技有限公司 | Authentication method and device based on NGTP architecture |
CN108183918A (en) * | 2018-01-16 | 2018-06-19 | 北京安博通科技股份有限公司 | A kind of AAA high concurrents authentication method and system |
CN108196837A (en) * | 2017-12-25 | 2018-06-22 | 国云科技股份有限公司 | A kind of system authority control method |
-
2018
- 2018-08-02 CN CN201810871688.9A patent/CN109033877A/en active Pending
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090265391A1 (en) * | 2008-04-18 | 2009-10-22 | Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. | Apparatus and method for managing network storage |
CN104506542A (en) * | 2014-12-29 | 2015-04-08 | 深圳中兴网信科技有限公司 | Security certification method and security certification system |
CN106487744A (en) * | 2015-08-25 | 2017-03-08 | 北京京东尚科信息技术有限公司 | A kind of Shiro verification method based on Redis storage |
CN108108597A (en) * | 2016-11-25 | 2018-06-01 | 沈阳美行科技有限公司 | Authentication method and device based on NGTP architecture |
CN107911357A (en) * | 2017-11-09 | 2018-04-13 | 北京锐安科技有限公司 | A kind of method, apparatus of single-sign-on, server and storage medium |
CN108196837A (en) * | 2017-12-25 | 2018-06-22 | 国云科技股份有限公司 | A kind of system authority control method |
CN108183918A (en) * | 2018-01-16 | 2018-06-19 | 北京安博通科技股份有限公司 | A kind of AAA high concurrents authentication method and system |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110750747A (en) * | 2019-10-22 | 2020-02-04 | 杭州安恒信息技术股份有限公司 | Page jump method, device, equipment and readable storage medium |
CN111090882A (en) * | 2019-12-18 | 2020-05-01 | 北京浪潮数据技术有限公司 | Operation control method, device and equipment for redis database |
CN111090882B (en) * | 2019-12-18 | 2022-08-05 | 北京浪潮数据技术有限公司 | Operation control method, device and equipment for redis database |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104025539B (en) | The method and apparatus for promoting single-sign-on services | |
CN112597472B (en) | Single sign-on method, device and storage medium | |
CN102857484B (en) | A kind of method, system and device realizing single-sign-on | |
AU2009222468B2 (en) | Segregating anonymous access to dynamic content on a web server, with cached logons | |
US7827280B2 (en) | System and method for domain name filtering through the domain name system | |
CN106778260B (en) | Attack detection method and device | |
US20020082820A1 (en) | Data model for automated server configuration | |
WO2014004412A1 (en) | Identity risk score generation and implementation | |
US11223602B2 (en) | IP address access based on security level and access history | |
US11568596B2 (en) | Non-blocking token authentication cache | |
CN111475795A (en) | Method and device for unified authentication and authorization facing to multiple applications | |
CN111581631B (en) | Single sign-on method based on redis | |
EP2370928A1 (en) | Access control | |
CN106060004A (en) | Database access method and database agent node | |
CN106254528A (en) | A kind of resource downloading method and buffer memory device | |
JP2019503021A (en) | System environment and user behavior analysis based self-defense security device and its operation method | |
CN109033877A (en) | A kind of distributed user permission processing method and system | |
US7519694B1 (en) | Method and a system to dynamically update/reload agent configuration data | |
JP5208613B2 (en) | Server system | |
US10985998B1 (en) | Domain controller configurability for directories | |
US11522863B2 (en) | Method and system for managing resource access permissions within a computing environment | |
US11379463B1 (en) | Atomic enforcement of cross-page data constraints in decoupled multi-writer databases | |
CN114326605A (en) | Tube sheet production informatization management optimization system and optimization method thereof | |
CN113468579A (en) | Data access method, device, equipment and storage medium | |
CN108337225A (en) | A kind of implementation method of hadoop platform safeties interface |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181218 |