CN109033877A - A kind of distributed user permission processing method and system - Google Patents

A kind of distributed user permission processing method and system Download PDF

Info

Publication number
CN109033877A
CN109033877A CN201810871688.9A CN201810871688A CN109033877A CN 109033877 A CN109033877 A CN 109033877A CN 201810871688 A CN201810871688 A CN 201810871688A CN 109033877 A CN109033877 A CN 109033877A
Authority
CN
China
Prior art keywords
user
page
redis cluster
data
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810871688.9A
Other languages
Chinese (zh)
Inventor
陆宇峰
张勇
夏雪锐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Qibo Technology Co Ltd
Original Assignee
Hangzhou Qibo Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Qibo Technology Co Ltd filed Critical Hangzhou Qibo Technology Co Ltd
Priority to CN201810871688.9A priority Critical patent/CN109033877A/en
Publication of CN109033877A publication Critical patent/CN109033877A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a kind of distributed user permission processing method and systems, wherein method includes: after user first logs into, it will be stored in Redis cluster from the data that database is read, user data can be imported the processing routine of current page by the access any required page logged in when user is in logging state in this way by resolver.By the present invention in that saving the data of user right with Redis cluster, even if system increases third platform server, from newly-increased third platform server access when user accesses again, as long as being connected to Redis cluster, data can be got, user does not need the step of operation bidirectional logs in.

Description

A kind of distributed user permission processing method and system
Technical field
The present invention relates to field of computer technology more particularly to a kind of distributed user permission processing methods and system.
Background technique
In distributed system, system amount of access is often huger.It has been unable to complete in a server and user has been weighed When the task that limit data are handled, increasing server becomes inevitable choice.But after possessing multiple servers, just When being likely to occur this user access, related data are stored on No. 1 server by system;Next user is come when accessing, reception The user be No. 2 servers.However there is no the data of the user on No. 2 servers, user must just be logged in.In this way, Many unnecessary troubles are brought to user, user experience is not high.
Summary of the invention
The present invention since the server of system storing data changes and needs to use in existing computer system Family again login system the problem of, a kind of distributed user permission processing method and system are provided, saved using Redis cluster The data of user right.Even if system increases third platform Web (World Wide Web, WWW) server, user is again It is accessed when access from newly-increased third platform Web server, as long as being connected to Redis cluster, so that it may get data, not need The step of operation bidirectional logs in.
Distributed user permission processing method provided by the invention, comprising the following steps:
After user first logs into, user data, and the user data that will be read are read from system database It is stored in Redis cluster;
In the page that access needs to log under user is in logging state, the user data that will be stored in Redis cluster Import the processing routine of current page.
As an embodiment, distributed user permission processing method of the invention, further comprising the steps of:
After the user data changes, the user data stored in Redis cluster is updated.
As an embodiment, in the page that access needs to log under user is in logging state, by Redis collection The user data stored in group imports the processing routine of current page, comprising the following steps:
In the page that access needs to log under user is in logging state, read described in storage from Redis cluster User data;
After reading the user data, judge whether user has access authority to the current request page;
If there is access authority, the user data stored in Redis cluster is imported to the processing routine of current page, for working as The preceding page uses, to be returned to user requests webpage.
As an embodiment, judge whether user has access authority, including following step to the current request page It is rapid:
In response to the login page request of user, requested using blocker technical intercept user;
The address and preset user right information requested access to according to the user intercepted judges user to current request Whether the page has access authority.
As an embodiment, when accessing any required page logged under user is in logging state, from It is further comprising the steps of before reading the user data of storage in Redis cluster:
Judge whether the user data has stored in Redis cluster;
If so, reading the user data of storage from Redis cluster;
If it is not, then reading the data of active user, and it is saved in Redis cluster.
Correspondingly, distributed user authorization process system provided by the invention, including cache module and import modul;
The cache module for after user first logs into, reading user data from system database, and will be read To the user data be stored in Redis cluster;
The import modul, under user is in logging state access need log in the page when, by Redis cluster The user data of middle storage imports the processing routine of current page.
Distributed user authorization process system provided by the invention, further includes update module;
The update module, for updating the user stored in Redis cluster after the user data changes Data.
As an embodiment, the import modul includes reading unit, access authority judging unit and importing Unit;
The reading unit, under user is in logging state access need log in the page when, from Redis cluster The middle user data for reading storage;
The access authority judging unit, for judging user couple after the reading unit reads the user data Whether the current request page has access authority;
The import unit, for will be stored in Redis cluster when user has access authority to the current request page User data import current page processing routine, for current page use.
As an embodiment, the access authority judging unit is also used to the logging request in response to user, benefit The address requested access to blocker technical intercept user, and the address requested access to according to the user intercepted and preset use Family authority information judges whether user has access authority to the current request page.
As an embodiment, the import modul further includes caching judging unit;
The caching judging unit is for judging whether the user data has stored in Redis cluster;If so, The user data of storage is read from Redis cluster;If it is not, then read the data of active user, and by the data of reading It saves into Redis cluster.
Compared with prior art, the technical program has the advantage that
Distributed user permission processing method and system provided by the invention will be from databases after user first logs into The data read are stored in Redis cluster, the access any required page logged in when such user is in logging state, User data can be imported to the processing routine of current page by resolver.By the present invention in that being protected with Redis cluster The data of user right are deposited, even if system increases third platform Web server, from newly-increased third platform when user accesses again Web server access, as long as being connected to Redis cluster, so that it may get data, user does not need the step of operation bidirectional login Suddenly.
Detailed description of the invention
Fig. 1 is the flow diagram for the distributed user permission processing method that the embodiment of the present invention one provides;
Fig. 2 is the structural schematic diagram of distributed user authorization process system provided by Embodiment 2 of the present invention;
Fig. 3 is the operational process schematic diagram of distributed user permission processing method provided by the invention.
Specific embodiment
Below in conjunction with attached drawing, the technical characteristic and advantage above-mentioned and other to the present invention are clearly and completely described, Obviously, described embodiment is only section Example of the invention, rather than whole embodiments.
The present invention saves the user data after user first logs into using Redis cluster (except code data).Even if System increases third platform Web server, accesses when user accesses again from third platform Web server, as long as being connected to Redis Cluster, so that it may get user data, user does not have to the step of operation bidirectional logs in.The use of Redis cluster, can be to avoid Single Point of Faliure causes entirely to service unavailable.
It noting herein, Redis cluster is the set that several Redis servers combine according to configuration, The appearance of Redis cluster is in order to avoid Single Point of Faliure.When one is unavailable from node in cluster, entire cluster is still available, One host node is unavailable, and having one becomes host node (during this, if system by voting protocol election from node 3 can be more than or equal to host node, cluster entirely can be used, of short duration unavailable if it is less than 3), the presence of Redis cluster is The premise of this technology.Certainly, other modes of Redis server also can be used, such as master slave mode, sentry's mode.
The distributed user permission processing method provided referring to Fig. 1, the embodiment of the present invention one, comprising the following steps:
S100, after user first logs into, user data, and the user data that will be read are read from system database It is stored in Redis cluster;
S200, in the page that access needs to log under user is in logging state, the user that will be stored in Redis cluster The processing routine of data importing current page.
The distributed user permission processing method that the embodiment of the present invention one provides, firstly the need of sentencing before logging in system by user Whether disconnected user has the permission of login system.Specifically, it when client initiates the request of login system, is blocked with Spring blocker Request is stopped, different judgements are done according to request data.If it is the request (such as picture, CSS, JS) of static resource file, directly It connected;If allowing directly to access comprising specified note in request data;If not including the note, need to sentence It is disconnected whether to log in.
At PC (personal computer, personal computer) end by judging whether there is specified cookie come really Recognize and whether have logged on, if there is the cookie, it is believed that has logged on, the request page before allowing user to go to, if do not had There is the cookie, then it is assumed that be not logged in, jump to login page, prompt user to input account number cipher and log in.If account Password is correct, and the page requested before jumping to user provides miscue if incorrect, and user is allowed to carry out account number cipher Modification.
The distributed user permission processing method that the present embodiment one provides will be read after user first logs into from database The data got are stored in Redis cluster, the access any required page logged in when such user is in logging state, User data to be imported to the processing routine of current page, does not need additionally to log on by resolver.
User data in the present embodiment refers to the other users load right data in addition to user password data.
Further, further comprising the steps of before step S200:
S110, judge whether user data has stored in Redis cluster;
S120, if so, reading the user data of storage from Redis cluster;
S130, if it is not, then read the data of active user, and be saved in Redis cluster.
Specifically, step S200 can specifically be realized by following steps:
S210, under user is in logging state access need log in the page when, from Redis cluster read storage User data;
S220, after reading user data, judge whether user has access authority to the current request page;
If S230, having access authority, the user data stored in Redis cluster is imported to the processing journey of current page Sequence is used for current page, so that it returns to user requests webpage.
Step S220 can be requested in response to the login page of user, be requested using blocker technical intercept user.At this Interception is not only to intercept address, other data such as incoming relevant parameter are also intercepted together.Further, according to the use intercepted The address and preset user right information that family requests access to judge whether user has access authority to the current request page.It is logical The address accessed using blocker technical intercept user is crossed, judges that user is according to whether address and user right information match No permission to access address.If user is not logged in, login page is jumped to, carries out register for user.If with Family has logged in, and has corresponding permission, so that it may the address be accessed;If user has logged in, but no corresponding permission, The lack of competence page can be returned to, user is prompted.
Further, the distributed user permission processing method that the present embodiment one provides, has any variation in user data Later, it can update in first time to Redis and cache, to guarantee that the data that user gets every time are all newest.
Based on the same inventive concept, second embodiment of the present invention provides a kind of distributed user authorization process system, this is It unites identical as the principle of aforementioned distributed user permission processing method, the implementation of the system can refer to preceding method realization, repeat Place, it is no longer redundant later.
Referring to fig. 2, distributed user authorization process system provided by Embodiment 2 of the present invention, including 100 He of cache module Import modul 200.Wherein, cache module 100 is used for after user first logs into, and user data is read from system database, And the user data read is stored in Redis cluster;Import modul 200 in the case where user is in logging state for accessing When the page for needing to log in, the user data stored in Redis cluster is imported to the processing routine of current page.
Further, the distributed user authorization process system that the present embodiment two provides, further includes update module 300.More New module 300 is used for after user data changes, and updates the user data stored in Redis cluster.
Further, import modul 200 includes reading unit 210, access authority judging unit 220 and import unit 230。
Reading unit 210 is used in the page that access needs to log under user is in logging state, from Redis cluster Read the user data of storage;
Access authority judging unit 220 is used for after reading unit 210 reads user data, judges user to current request Whether the page has access authority;Specifically, access authority judging unit 220 is used to be requested access to according to the user intercepted Address and preset user right information judge whether user has access authority to the current request page.
Import unit 230 is used for when user has access authority to the current request page, by what is stored in Redis cluster User data imports the processing routine of current page, and returns to user requests webpage.
Import modul 200 further includes caching judging unit 240, and whether caching judging unit 240 is for judging user data It has stored in Redis cluster;If so, reading the data of active user, and it is saved in Redis cluster.
It is opened by user: for http://mp.dianmob.com/ enters login interface, of the invention being met the tendency of below Process is illustrated.
As shown in figure 3, whether system first determines whether that user logs in and succeeds after user carries out register;
If logined successfully, Redis cluster is connected;
If login failure, login interface is returned to, user need to re-start register.
After being connected to Redis cluster, judge whether user information has been buffered in Redis cluster;If so, reading It is data cached;If it is not, then save user data to Redis cluster cache, and by data cached reading.
After reading data cached, further judge whether user has permission the current request page;If so, blocker Allow the request to pass through, and system is transferred to normally to handle, and returns to user requests webpage;If nothing, the lack of competence page is jumped to, Prompt user does not have permission.
When user information has any update, updated user information data are sent to user's Redis cluster by blocker, It is updated.
Distributed user permission processing method and system provided by the invention will be from databases after user first logs into The data read are stored in Redis cluster, the access any required page logged in when such user is in logging state, User data can be imported to the processing routine of current page by resolver.By the present invention in that being protected with Redis cluster The data of user right are deposited, even if system increases third platform Web server, from newly-increased third platform when user accesses again Web server access, as long as being connected to Redis cluster, so that it may get data, user does not need the step of operation bidirectional login Suddenly.
Although the invention has been described by way of example and in terms of the preferred embodiments, but it is not for limiting the present invention, any this field Technical staff without departing from the spirit and scope of the present invention, may be by the methods and technical content of the disclosure above to this hair Bright technical solution makes possible variation and modification, therefore, anything that does not depart from the technical scheme of the invention, and according to the present invention Technical spirit any simple modifications, equivalents, and modifications to the above embodiments, belong to technical solution of the present invention Protection scope.

Claims (10)

1. a kind of distributed user permission processing method, which comprises the following steps:
After user first logs into, user data is read from system database, and the user data read is stored In Redis cluster;
In the page that access needs to log under user is in logging state, the user data stored in Redis cluster is imported The processing routine of current page.
2. distributed user permission processing method according to claim 1, which is characterized in that further comprising the steps of:
After the user data changes, the user data stored in Redis cluster is updated.
3. distributed user permission processing method according to claim 1 or 2, which is characterized in that be in and log in user When the page that access needs to log under state, the user data stored in Redis cluster is imported to the processing routine of current page, The following steps are included:
In the page that access needs to log under user is in logging state, the user of storage is read from Redis cluster Data;
After reading the user data, judge whether user has access authority to the current request page;
If there is access authority, the user data stored in Redis cluster is imported to the processing routine of current page, for current page Face uses.
4. distributed user permission processing method according to claim 3, which is characterized in that judge user to current request Whether the page has access authority, comprising the following steps:
In response to the login page request of user, requested using blocker technical intercept user;
The address and preset user right information requested access to according to the user intercepted judges user to the current request page Whether there is access authority.
5. distributed user permission processing method according to claim 3, which is characterized in that be in logging state in user It further include following before the user data for reading storage in Redis cluster when the page of the lower any required login of access Step:
Judge whether the user data has stored in Redis cluster;
If so, reading the user data of storage from Redis cluster;
If it is not, then reading the data of active user, and the data of reading are saved into Redis cluster.
6. a kind of distributed user authorization process system, which is characterized in that including cache module and import modul;
The cache module for after user first logs into, reading user data from system database, and will be read The user data is stored in Redis cluster;
The import modul, for will be deposited in Redis cluster in the page that access needs to log under user is in logging state The user data of storage imports the processing routine of current page.
7. distributed user authorization process system according to claim 6, which is characterized in that further include update module;
The update module, for updating the number of users stored in Redis cluster after the user data changes According to.
8. distributed user authorization process system according to claim 6 or 7, which is characterized in that the import modul packet Include reading unit, access authority judging unit and import unit;
The reading unit, for being read from Redis cluster in the page that access needs to log under user is in logging state Take the user data of storage;
The access authority judging unit, for judging user to current after the reading unit reads the user data Whether request page has access authority;
The import unit, the use for will be stored in Redis cluster when user has access authority to the current request page User data imports the processing routine of current page, uses for current page.
9. distributed user authorization process system according to claim 8, which is characterized in that the access authority judgement is single Member is also used to the logging request in response to user, the address requested access to using blocker technical intercept user, and according to interception To the address that requests access to of user and preset user right information judge whether user has access to the current request page Permission.
10. distributed user authorization process system according to claim 8, which is characterized in that the import modul is also wrapped Include caching judging unit;
The caching judging unit is for judging whether the user data has stored in Redis cluster;If so, from The user data of storage is read in Redis cluster;If it is not, then reading the data of active user, and the data of reading are protected It deposits into Redis cluster.
CN201810871688.9A 2018-08-02 2018-08-02 A kind of distributed user permission processing method and system Pending CN109033877A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810871688.9A CN109033877A (en) 2018-08-02 2018-08-02 A kind of distributed user permission processing method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810871688.9A CN109033877A (en) 2018-08-02 2018-08-02 A kind of distributed user permission processing method and system

Publications (1)

Publication Number Publication Date
CN109033877A true CN109033877A (en) 2018-12-18

Family

ID=64648787

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810871688.9A Pending CN109033877A (en) 2018-08-02 2018-08-02 A kind of distributed user permission processing method and system

Country Status (1)

Country Link
CN (1) CN109033877A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110750747A (en) * 2019-10-22 2020-02-04 杭州安恒信息技术股份有限公司 Page jump method, device, equipment and readable storage medium
CN111090882A (en) * 2019-12-18 2020-05-01 北京浪潮数据技术有限公司 Operation control method, device and equipment for redis database

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090265391A1 (en) * 2008-04-18 2009-10-22 Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. Apparatus and method for managing network storage
CN104506542A (en) * 2014-12-29 2015-04-08 深圳中兴网信科技有限公司 Security certification method and security certification system
CN106487744A (en) * 2015-08-25 2017-03-08 北京京东尚科信息技术有限公司 A kind of Shiro verification method based on Redis storage
CN107911357A (en) * 2017-11-09 2018-04-13 北京锐安科技有限公司 A kind of method, apparatus of single-sign-on, server and storage medium
CN108108597A (en) * 2016-11-25 2018-06-01 沈阳美行科技有限公司 Authentication method and device based on NGTP architecture
CN108183918A (en) * 2018-01-16 2018-06-19 北京安博通科技股份有限公司 A kind of AAA high concurrents authentication method and system
CN108196837A (en) * 2017-12-25 2018-06-22 国云科技股份有限公司 A kind of system authority control method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090265391A1 (en) * 2008-04-18 2009-10-22 Hong Fu Jin Precision Industry (Shenzhen) Co., Ltd. Apparatus and method for managing network storage
CN104506542A (en) * 2014-12-29 2015-04-08 深圳中兴网信科技有限公司 Security certification method and security certification system
CN106487744A (en) * 2015-08-25 2017-03-08 北京京东尚科信息技术有限公司 A kind of Shiro verification method based on Redis storage
CN108108597A (en) * 2016-11-25 2018-06-01 沈阳美行科技有限公司 Authentication method and device based on NGTP architecture
CN107911357A (en) * 2017-11-09 2018-04-13 北京锐安科技有限公司 A kind of method, apparatus of single-sign-on, server and storage medium
CN108196837A (en) * 2017-12-25 2018-06-22 国云科技股份有限公司 A kind of system authority control method
CN108183918A (en) * 2018-01-16 2018-06-19 北京安博通科技股份有限公司 A kind of AAA high concurrents authentication method and system

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110750747A (en) * 2019-10-22 2020-02-04 杭州安恒信息技术股份有限公司 Page jump method, device, equipment and readable storage medium
CN111090882A (en) * 2019-12-18 2020-05-01 北京浪潮数据技术有限公司 Operation control method, device and equipment for redis database
CN111090882B (en) * 2019-12-18 2022-08-05 北京浪潮数据技术有限公司 Operation control method, device and equipment for redis database

Similar Documents

Publication Publication Date Title
CN104025539B (en) The method and apparatus for promoting single-sign-on services
CN112597472B (en) Single sign-on method, device and storage medium
CN102857484B (en) A kind of method, system and device realizing single-sign-on
AU2009222468B2 (en) Segregating anonymous access to dynamic content on a web server, with cached logons
US7827280B2 (en) System and method for domain name filtering through the domain name system
CN106778260B (en) Attack detection method and device
US20020082820A1 (en) Data model for automated server configuration
WO2014004412A1 (en) Identity risk score generation and implementation
US11223602B2 (en) IP address access based on security level and access history
US11568596B2 (en) Non-blocking token authentication cache
CN111475795A (en) Method and device for unified authentication and authorization facing to multiple applications
CN111581631B (en) Single sign-on method based on redis
EP2370928A1 (en) Access control
CN106060004A (en) Database access method and database agent node
CN106254528A (en) A kind of resource downloading method and buffer memory device
JP2019503021A (en) System environment and user behavior analysis based self-defense security device and its operation method
CN109033877A (en) A kind of distributed user permission processing method and system
US7519694B1 (en) Method and a system to dynamically update/reload agent configuration data
JP5208613B2 (en) Server system
US10985998B1 (en) Domain controller configurability for directories
US11522863B2 (en) Method and system for managing resource access permissions within a computing environment
US11379463B1 (en) Atomic enforcement of cross-page data constraints in decoupled multi-writer databases
CN114326605A (en) Tube sheet production informatization management optimization system and optimization method thereof
CN113468579A (en) Data access method, device, equipment and storage medium
CN108337225A (en) A kind of implementation method of hadoop platform safeties interface

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181218