CN110058862A - Security deployment method, apparatus, equipment and storage medium for Jar file - Google Patents
Security deployment method, apparatus, equipment and storage medium for Jar file Download PDFInfo
- Publication number
- CN110058862A CN110058862A CN201811025870.9A CN201811025870A CN110058862A CN 110058862 A CN110058862 A CN 110058862A CN 201811025870 A CN201811025870 A CN 201811025870A CN 110058862 A CN110058862 A CN 110058862A
- Authority
- CN
- China
- Prior art keywords
- jar file
- file
- corresponding jar
- security deployment
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000003860 storage Methods 0.000 title claims abstract description 25
- 230000004044 response Effects 0.000 claims abstract description 7
- 230000015654 memory Effects 0.000 claims description 27
- 238000004590 computer program Methods 0.000 claims description 19
- 230000004048 modification Effects 0.000 claims description 19
- 238000012986 modification Methods 0.000 claims description 19
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 17
- 230000006870 function Effects 0.000 description 16
- 238000012545 processing Methods 0.000 description 13
- 238000004891 communication Methods 0.000 description 8
- 239000000203 mixture Substances 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 3
- 239000006185 dispersion Substances 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 241001269238 Data Species 0.000 description 2
- 230000009471 action Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000005611 electricity Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 230000001052 transient effect Effects 0.000 description 2
- RYGMFSIKBFXOCR-UHFFFAOYSA-N Copper Chemical compound [Cu] RYGMFSIKBFXOCR-UHFFFAOYSA-N 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 229910052802 copper Inorganic materials 0.000 description 1
- 239000010949 copper Substances 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000004080 punching Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44505—Configuring for program initiating, e.g. using registry, configuration files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The disclosure belongs to field of information security technology, is related to security deployment method, apparatus, equipment and storage medium for Jar file.The described method includes: each client that run corresponding Jar file receives and runs the script file for security deployment;And the operation in response to the script file, each client carry out security deployment automatically.By the presently disclosed embodiments, a kind of convenient, harmonized programme for for the progress automatic safe deployment of Jar file can be provided, ensure that network security and information security.
Description
Technical field
The invention belongs to field of information security technology, in particular to a kind of security deployment method for Jar file, dress
It sets, calculate equipment and computer readable storage medium.
Background technique
JAR (Java Archive, Java archive file) be with platform-independent file format, it allows many files
It is combined into a compressed file.Jar file format is based on popular ZIP file format.Unlike ZIP file, JAR
File is applied not only to compress and issue, but also for disposing and encapsulating library, component and plug-in card program, and can by as compiler and
Tool as JVM directly uses.For example, the Java application by SpringBoot creation can be packaged into Jar file.
The deployment of Jar file carries out different, the security deployment of deployment from by containers such as traditional Tomcat/Weblogic
Also different from traditional approach.
Summary of the invention
One or more of in order to solve the above problem, the embodiment of the invention provides a kind of safety for Jar file
Dispositions method, calculates equipment and computer readable storage medium at device.
According to a first aspect of the present application, a kind of security deployment method for Jar file is provided, comprising:
The each client for running corresponding Jar file receives and runs the script file for security deployment;And
In response to the operation of the script file, each client carries out security deployment automatically.
According to an exemplary embodiment, it includes one or more of following that the client carries out security deployment automatically:
For corresponding Jar file, operation user and its permission are set;
For corresponding Jar file, operation catalogue and its access authority are set;
For corresponding Jar file, Log Directory and its access authority are set;
For the configuration file of corresponding Jar file, modification authority is set;And
By corresponding Jar file locking.
According to an exemplary embodiment, in which:
For corresponding Jar file be arranged operation user and its permission include: by it is described operation user priority assignation be general
Logical user right;
Operation catalogue is set for corresponding Jar file and its access authority includes: by the access authority of the operation catalogue
Being set as only predesignated subscriber has access authority;
Log Directory is set for corresponding Jar file and its access authority includes: by the access authority of the Log Directory
Being set as only operation user and/or root user has access authority;
It include: to set the modification authority of the configuration file for the configuration file setting modification authority of corresponding Jar file
Being set to only root user has modification authority.
Include one or more of following by corresponding Jar file locking according to an exemplary embodiment:
Unsuppressible-suppression is set by the attribute of corresponding Jar file;
The attribute of corresponding Jar file is set as to modify;
It is set as the attribute of corresponding Jar file that can not form link;
Irremovable position is set by the attribute of corresponding Jar file;
Set not reproducible for the attribute of corresponding Jar file;
It is set as the attribute of corresponding Jar file that can only run user to run.
According to a second aspect of the present application, a kind of security deployment device for Jar file is provided comprising:
Script running module is configured as: each client that run corresponding Jar file being made to receive and run use
In the script file of security deployment;And
Security deployment module, is configured as: make each client end response in the operation of the script file and from
It is dynamic to carry out security deployment.
According to an exemplary embodiment, the security deployment module includes one or more of following:
User setting unit is run, is configured as: operation user and its permission are set for corresponding Jar file;
Catalogue setting unit is run, is configured as: for the corresponding Jar file setting operation catalogue of embodiment and its access
Permission;
Log Directory setting unit, is configured as: Log Directory and its access right is arranged for corresponding Jar file
Limit;
Configuration file setting unit, is configured as: the power of amendment is arranged for the configuration file of corresponding Jar file
Limit;And
Jar file locking unit, is configured as: by corresponding Jar file locking.
According to an exemplary embodiment, in which:
The priority assignation of the operation user is normal user permission by the operation user setting unit;
The access authority of the Log Directory is set only predesignated subscriber by operation catalogue setting unit access authority;
The Log Directory setting unit by the access authority of the Log Directory be set as only run user and/or
Root user has access authority;
The modification authority of the configuration file is set only root user by the configuration file setting unit modification
Permission.
According to an exemplary embodiment, the Jar file locking unit is configured to:
Unsuppressible-suppression is set by the attribute of corresponding Jar file;
The attribute of corresponding Jar file is set as to modify;
It is set as the attribute of corresponding Jar file that can not form link;
Irremovable position is set by the attribute of corresponding Jar file;
Set not reproducible for the attribute of corresponding Jar file;
It is set as the attribute of corresponding Jar file that can only run user to run.
According to the fourth aspect of the application, a kind of calculating equipment is provided, the calculating equipment includes memory and processor,
Computer program is stored in the memory, the computer program by the processor when being executed, so that the calculating
Equipment executes any of embodiment of the method as described above.
According to the 5th of the application the aspect, a kind of computer readable storage medium is provided, computer program is stored thereon with,
The computer program realizes any of embodiment of the method as described above when being executed by one or more processors.
The technical solution that embodiments herein provides can include the following benefits:
By the application each embodiment as described above and as described below, a kind of feasible Jar file peace can be provided
Full deployment scheme carries out security deployment automatically, uniformly.
It should be understood that the above general description and the following detailed description are merely exemplary, this can not be limited
It is open.
Detailed description of the invention
Fig. 1 is the simplified schematic diagram of implementation environment involved in the application shown according to an exemplary embodiment.
Fig. 2 is the signal stream according to the security deployment method for Jar file shown in one exemplary embodiment of the application
Cheng Tu.
Fig. 3 is that the example specific implementation of step S220 is shown in security deployment method shown in Fig. 2 corresponding embodiment
Meaning flow chart.
Fig. 4 is the signal composition block diagram according to the access control apparatus shown in one exemplary embodiment of the application.
Fig. 5 is the signal composition block diagram according to the calculating equipment shown in one exemplary embodiment of the application.
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right
Exemplary embodiment of the present invention is further elaborated.In the following description when referring to the accompanying drawings, unless otherwise indicated, it is different
Same numbers in attached drawing indicate the same or similar element.The not generation of embodiment described in following exemplary embodiment
The table all embodiments consistent with the application.On the contrary, they are only and as detailed in the attached claim, this Shen
The example of the consistent device and method of some aspects please.It should be appreciated that specific embodiment described herein is used only for
It explains the present invention, is not intended to limit the present invention.
Fig. 1 is the simplified schematic diagram of implementation environment involved in the application shown according to an exemplary embodiment.Such as Fig. 1 institute
Show there are one or more clients 120 (3 clients are shown in Fig. 1 as example) in system, by Jar file shape
The one or more application of formula is deployed in respectively in the one or more client 120, due to Jar file deployment particularity,
Need first to carry out security deployment before its operation to guarantee operational safety.Present inventor, which creatively proposes, to be passed through
The unified script file for being used for security deployment is handed down to the scheme of each client 120 by script management equipment 110 respectively.Its
In, the security deployment script file for being handed down to each client 120 is likewise, and can issue parallel.In script file
Define the security deployment step and parameter to be executed.It is passed through between script management equipment 110 and client 120 by SSH agreement
It is issued by port 22 to carry out script, and only root user just has permission and sees script, to improve communications security.
The script file that each client 120 is received by operation automatically can carry out security deployment for corresponding Jar file.Fig. 1
And above description is the exemplary embodiment of implementation environment involved in the application, it is to be understood that is suitable for the application
Implementation environment there are various deformations.
Fig. 2 is the signal according to the security deployment method for Jar file shown in the exemplary embodiment of the application
Flow chart.As shown in the exemplary embodiment of Fig. 2, this method may include step:
S210, each client that run corresponding Jar file receive and run the script file for security deployment.
Unified script file is handed down to each client by network or other communication links by script management equipment, often
A client receives and Run Script file is to carry out security deployment.When the time of Run Script file can be any appropriate
Between, for example, can be run immediately after receiving script file, can also be transported again after receiving script file through the predetermined time
Row, can also run at the scheduled time after receiving script file.In one example, before needing to carry out security deployment
Predetermined time Run Script file in advance, rather than just run when needing to carry out security deployment, in this case, such as
Fruit discovery script file is damaged or because other reasons are unable to successful operation script file, there are also time enough to obtain correctly
Or can run successful script file.
In one example, Jar file is executable Jar file.In another example, Jar file is that Jar not can be performed
File.
In one example, script file is shell script file.It is understood that being also possible to other kinds of
Script file.
S220, in response to the operation of the script file, each client carries out security deployment automatically.
As described above, defining the security deployment step and parameter to be executed in script file, the operation of script file makes
It obtains client and carries out security deployment automatically according to script file.
Fig. 3 is that the example specific implementation of step S220 is shown in security deployment method shown in Fig. 2 corresponding embodiment
Meaning flow chart, the i.e. exemplary schematic diagram of the specific steps of security deployment.These steps can be executed by each client.Such as figure
One or more of shown in 3, step S220 may include steps of:
S310, for corresponding Jar file setting operation user and its permission.
For each client, " corresponding Jar file " refers to the Jar file to run in this client.
In the present embodiment, it in order to increase the safety that Jar is run, is exclusively used in running the Jar file for the setting of Jar file
Operation user and be arranged operation user permission.In one example, by operation user setting at normal user permission.Pass through
The permission for running user is limited to normal user permission (rather than root user right), is applied so that Jar file is corresponding
When operation can not unauthorized access operating system, enhance safety in operation.
In one example, before setting runs user, client judges whether that having existed the operation being arranged uses
Family is no longer arranged if existing, if it does not exist, then being configured.
S320, for corresponding Jar file setting operation catalogue and its access authority.
Operation catalogue is mainly used for storage Jar file and its configuration file and needs to be arranged operation mesh for safety in operation
The access authority of record.In one example, minimization principle is followed in the access authority of setting operation catalogue, for example, will fortune
Column catalogue, which is set as only predesignated subscriber (for example, root user and/or other specific users), just has the access operation mesh
The permission of record.
Log Directory and its access authority is arranged for corresponding Jar file in S330.
Log Directory is used to store the journal file generated when the corresponding application of Jar file is run.In one example, will
The access authority of Log Directory, which is set as only root user and/or operation user, just access authority.
S340 is that modification authority is arranged in the configuration file of corresponding Jar file.
Configuration file is of crucial importance for the operational safety of application.In one example, by the power of amendment of configuration file
Limit, which is set as only root user, modification authority.
S350, by corresponding Jar file locking.
In one example, step S350 can be by executing one or more of following realize: by Jar file
Attribute is set as unsuppressible-suppression;The attribute of Jar file is set as to modify;Setting the attribute of Jar file to can not shape
At link;Irremovable position is set by the attribute of Jar file;Set not reproducible for the attribute of Jar file;By Jar
The attribute of file is set as that user can only be run to run.It is arranged by these, Jar file unsuppressible-suppression can be made, can not
Modification, can not be formed link for click access, irremovable position, it is not reproducible and/or can only by run user Lai
Operation guarantees that Jar file will not be destroyed, distorts, replicate to achieve the purpose that lock Jar file.
Above step S310-350 is security deployment step, their execution sequence in no particular order, can execute parallel,
It can also serially be executed with random order.In addition, each of these steps can provide safety for the operation of Jar file
Property, the purpose that Jar file carries out security deployment can be reached for using one or more of which.
By each embodiment as described above, feasible Jar file security deployment scheme is provided, by the way that Jar will be used for
The unified client for being issued to Jar file to be installed automatically of the script file of file security deployment, and make script file in client
Run on end, by the operation or order that are arranged in perform script file allow security deployment automatically, uniformly into
Row.
According to the another aspect of the application, the security deployment device for Jar file is also disclosed.Fig. 4 is according to this Shen
Please security deployment device shown in an exemplary embodiment signal composition block diagram.The device 401 is as described above for executing
Each embodiment of security deployment method.Device is as shown in figure 4, example user access control apparatus 401 includes:
Script running module 410, is configured as: each client that run corresponding Jar file being made to receive and transport
Row is used for the script file of security deployment;And
Security deployment module 420, is configured as: make each client end response in the operation of the script file and
It is automatic to carry out security deployment.
In one exemplary embodiment, security deployment module 420 may include one or more of following (in Fig. 4
Embodiment in security deployment module 420 is shown as to include following whole units):
User setting unit 421 is run, is configured as: operation user and its power are set for corresponding Jar file
Limit;
Run catalogue setting unit 422, be configured as: for embodiment corresponding Jar file setting operation catalogue and its
Access authority;
Log Directory setting unit 423, is configured as: Log Directory and its visit is arranged for corresponding Jar file
Ask permission;
Configuration file setting unit 424, is configured as: modification is arranged for the configuration file of corresponding Jar file
Permission;And
Jar file locking unit 425, is configured as: by corresponding Jar file locking.
In the exemplary embodiment:
The priority assignation of the operation user is normal user permission by the operation user setting unit 421;
The access authority of the Log Directory is set only predesignated subscriber by operation catalogue setting unit 422 access right
Limit;
The Log Directory setting unit 423 by the access authority of the Log Directory be set as only operation user and/
Or root user has access authority;
The configuration file setting unit 424 sets only root user for the modification authority of the configuration file and repairs
Change permission.
In one exemplary embodiment, Jar file locking unit 425 is configured to:
Unsuppressible-suppression is set by the attribute of corresponding Jar file;
The attribute of corresponding Jar file is set as to modify;
It is set as the attribute of corresponding Jar file that can not form link;
Irremovable position is set by the attribute of corresponding Jar file;
Set not reproducible for the attribute of corresponding Jar file;
It is set as the attribute of corresponding Jar file that can only run user to run.
Each unit/module function and the realization process and correlative detail of effect are specifically detailed in above-mentioned in above-mentioned apparatus
The realization process of step is corresponded in embodiment of the method, details are not described herein.
Installation practice in the above various embodiments can realize by way of hardware, software, firmware or combinations thereof,
And which can be implemented as an individual devices, also may be implemented as each composition units/modules and are dispersed in one or more
The logic integrated system of corresponding function is executed in a calculating equipment and respectively.For example, above-mentioned apparatus 501 can be realized by dispersion
In the client that each run Jar file, to execute each method embodiment as described above.
Each unit/module that the device is formed in the above various embodiments is divided according to logic function, they can be with
It is repartitioned according to logic function, such as can realize the device by more or fewer units/modules.These compositions
Units/modules can realize that they can be the independence of difference by way of hardware, software, firmware or combinations thereof respectively
Component is also possible to multiple components and combines execute integrated unit/module of corresponding logic function.The hardware, software,
The mode of firmware or combinations thereof may include: the hardware component of separation, by the functional module of programming mode realization, by that can compile
The functional module, etc. that journey logical device is realized, or with the combination of upper type.
According to an exemplary embodiment, which can be implemented as a kind of calculating equipment, which includes storage
Device and processor, computer program is stored in the memory, and the computer program makes when being executed by the processor
It obtains the processor and executes any of each method embodiment as described above, alternatively, the computer program is described
The function that processor makes the calculating equipment realize that component units/module of each embodiment of device as described above is realized when executing
Energy.
Processor described in above embodiment can refer to single processing unit, such as central processing unit CPU, can also
Be include multiple dispersions processing unit distributed processor system.
Memory described in above embodiment may include one or more memories, can be and calculates equipment
Internal storage, such as transient state or non-transient various memories, are also possible to be connected to calculating equipment by memory interface
External memory.
In one example, above-mentioned calculating equipment can be realized in each client that run Jar file by dispersion.
Fig. 5 shows the signal composition block diagram of such exemplary embodiment for calculating equipment 501.As shown in figure 5,
Calculating equipment 501 may include: processor 510, communication interface 520, memory 530 and bus 540.Storage in memory 530
There is the computer program that can be executed by processor 510.Processor 510 is realized in above-described embodiment when executing the computer program
Method and device function.The quantity of memory 530 and processor 510 can be respectively one or more.Communication interface 520
For the communication between processor 510 and external equipment.
Wherein, processor 510 can be central processing unit, general processor, digital signal processor, dedicated integrated electricity
Road, field programmable gate array or other programmable logic device, transistor logic, hardware component or its any group
It closes.It, which may be implemented or executes, combines various illustrative process steps, functional unit/mould described in the disclosure of invention
Block and/or circuit.The processor is also possible to realize the combination of computing function, such as includes one or more microprocessors group
Conjunction, digital signal processor etc..
Memory 530 may include volatile memory and/or nonvolatile memory, such as non-volatile dynamic random
Access memory, phase change random access memory devices, magnetic random access memory, magnetic disk storage, Electrical Erasable can be compiled
Journey read-only memory, flush memory device, semiconductor devices (such as solid state hard disk) etc..Memory 530 optionally can also be external
Remote storage.
It is total that bus 540 can be industry standard architecture (ISA, Industry Standard Architecture)
Line, external equipment interconnection (PCI, Peripheral Component) bus or extended industry-standard architecture (EISA,
Extended Industry Standard Component) bus etc..It is total that the bus can be divided into address bus, data
Line, control bus etc..Only to be indicated with a thick line in Fig. 5, it is not intended that an only bus or a type convenient for indicating
The bus of type.Optionally, if memory 530, processor 510 and communication interface 520 are integrated on one chip, memory
530, processor 510 and communication interface 520 can complete mutual communication by internal interface.
The above each method and Installation practice are also implemented as the form of computer program, are stored in storage medium
On, and can be distributed.Therefore, according to another aspect of the present disclosure, a kind of computer program product is also provided, the computer journey
Sequence product is stored on computer readable storage medium, and realize when being executed by processor each method as described above and
Any of Installation practice.According to the another aspect of the disclosure, a kind of computer readable storage medium is also provided, is deposited thereon
The computer program executed for processor is contained, the computer program is realized as described above each when being executed by processor
Any of method and apparatus embodiment.
The computer readable storage medium can be any finger that can be kept and store and can be used by instruction execution equipment
The tangible device of order.For example, it can be ,-- but is not limited to-- storage device electric, magnetic storage apparatus, light storage device, electricity
Magnetic storage apparatus, semiconductor memory apparatus or above-mentioned any appropriate combination.The more specific example of storage medium is (non-poor
The list of act) it include: portable computer diskette, hard disk, random access memory (RAM), read-only memory (ROM), erasable type
Programmable read only memory (EPROM or flash memory), static random access memory (SRAM), Portable compressed disk read-only memory
(CD-ROM), digital versatile disc (DVD), memory stick, floppy disk, mechanical coding equipment, the punching for being for example stored thereon with instruction
Card or groove internal projection structure and above-mentioned any appropriate combination.
Computer program/computer instruction as described herein can download to each meter from computer readable storage medium
Calculation/processing equipment, or outer computer is downloaded to by network, such as internet, local area network, wide area network and/or wireless network
Or External memory equipment.Network may include copper transmission cable, optical fiber transmission, wireless transmission, router, firewall, interchanger,
Gateway computer and/or Edge Server.Adapter or network interface in each calculating/processing equipment connect from network
Computer-readable program instructions are received, and forward the computer-readable program instructions, for being stored in each calculating/processing equipment
Computer readable storage medium in.
Computer program instructions described in the disclosure can be assembly instruction, instruction set architecture (ISA) instructs, machine refers to
It enables, machine-dependent instructions, microcode, firmware instructions, condition setup data or with any group of one or more programming languages
The source code or object code write are compiled in collaboration with, the programming language includes programming language-such as Smalltalk, C+ of object-oriented
+ etc., and conventional procedural programming languages-such as " C " language or similar programming language.Computer-readable program instructions
It can fully execute on the user computer, partly execute, held as an independent software package on the user computer
Part executes on the remote computer or holds on a remote computer or server completely on the user computer for row, part
Row.In situations involving remote computers, remote computer can include local area network (LAN) by the network-of any kind
Or wide area network (WAN)-is connected to subscriber computer, or, it may be connected to outer computer (such as utilize Internet service
Provider is connected by internet).In some embodiments, by the status information using computer-readable program instructions come
Personalized customization electronic circuit, such as programmable logic circuit, field programmable gate array (FPGA) or programmable logic array
(PLA), which can execute computer-readable program instructions, to realize various aspects of the invention.
Referring herein to according to the method for the embodiment of the present invention, the flow chart of device (system) and computer program product and/
Or block diagram describes various aspects of the invention.It should be appreciated that flowchart and or block diagram each box and flow chart and/
Or in block diagram each box combination, can be realized by computer-readable program instructions.
These computer-readable program instructions can be supplied to general purpose computer, special purpose computer or other programmable datas
The processor of processing unit, so that a kind of machine is produced, so that these instructions are passing through computer or other programmable datas
When the processor of processing unit executes, function specified in one or more boxes in implementation flow chart and/or block diagram is produced
The device of energy/movement.These computer-readable program instructions can also be stored in a computer-readable storage medium, these refer to
It enables so that computer, programmable data processing unit and/or other equipment work in a specific way, thus, it is stored with instruction
Computer-readable medium then includes a manufacture comprising in one or more boxes in implementation flow chart and/or block diagram
The instruction of the various aspects of defined function action.
Computer-readable program instructions can also be loaded into computer, other programmable data processing units or other
In equipment, so that series of operation steps are executed in computer, other programmable data processing units or other equipment, to produce
Raw computer implemented process, so that executed in computer, other programmable data processing units or other equipment
Instruct function action specified in one or more boxes in implementation flow chart and/or block diagram.
The flow chart and block diagram in the drawings show the system of multiple embodiments according to the present invention, method and computer journeys
The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation
One module of table, program segment or a part of instruction, the module, program segment or a part of instruction include one or more use
The executable instruction of the logic function as defined in realizing.In some implementations as replacements, function marked in the box
It can occur in a different order than that indicated in the drawings.For example, two continuous boxes can actually be held substantially in parallel
Row, they can also be executed in the opposite order sometimes, and this depends on the function involved.It is also noted that block diagram and/or
The combination of each box in flow chart and the box in block diagram and or flow chart, can the function as defined in executing or dynamic
The dedicated hardware based system made is realized, or can be realized using a combination of dedicated hardware and computer instructions.It is right
For those skilled in the art it is well known that, by hardware mode realize, by software mode realize and pass through software and
It is all of equal value that the mode of combination of hardware, which is realized,.
It should be noted that all the embodiments in this specification are described in a progressive manner, each embodiment weight
Point explanation is the difference from other embodiments, and the same or similar parts between the embodiments can be referred to each other.
But it will be clear for those skilled in the art that the various embodiments described above, which can according to need exclusive use or be combined with each other, to be made
With.In addition, for device embodiment, since it is corresponding with embodiment of the method, so describe fairly simple, it is related
Place referring to the corresponding part of embodiment of the method explanation.
The embodiments described above only express several embodiments of the present invention, and the description thereof is more specific and detailed, but simultaneously
Limitations on the scope of the patent of the present invention therefore cannot be interpreted as.It should be pointed out that for those of ordinary skill in the art
For, without departing from the inventive concept of the premise, various modifications and improvements can be made, these belong to guarantor of the invention
Protect range.Therefore, the scope of protection of the patent of the invention shall be subject to the appended claims.
Claims (10)
1. a kind of security deployment method for Jar file characterized by comprising
The each client for running corresponding Jar file receives and runs the script file for security deployment;And
In response to the operation of the script file, each client carries out security deployment automatically.
2. security deployment method as described in claim 1, which is characterized in that the client carries out security deployment automatically and includes
It is one or more of following:
For corresponding Jar file, operation user and its permission are set;
For corresponding Jar file, operation catalogue and its access authority are set;
For corresponding Jar file, Log Directory and its access authority are set;
For the configuration file of corresponding Jar file, modification authority is set;And
By corresponding Jar file locking.
3. security deployment method as claimed in claim 2, it is characterised in that:
For corresponding Jar file be arranged operation user and its permission include: by it is described operation user priority assignation be commonly to use
Family permission;
Operation catalogue is set for corresponding Jar file and its access authority includes: by the access authority setting of the operation catalogue
To only have predesignated subscriber to have access authority;
Log Directory is set for corresponding Jar file and its access authority includes: that the access authority of the Log Directory is arranged
There is access authority for only operation user and/or root user;
It include: to set the modification authority of the configuration file to for the configuration file setting modification authority of corresponding Jar file
Only root user has modification authority.
4. security deployment method as claimed in claim 2, which is characterized in that by corresponding Jar file locking include in following
One or more:
Unsuppressible-suppression is set by the attribute of corresponding Jar file;
The attribute of corresponding Jar file is set as to modify;
It is set as the attribute of corresponding Jar file that can not form link;
Irremovable position is set by the attribute of corresponding Jar file;
Set not reproducible for the attribute of corresponding Jar file;
It is set as the attribute of corresponding Jar file that can only run user to run.
5. a kind of security deployment device for Jar file characterized by comprising
Script running module is configured as: each client that run corresponding Jar file being made to receive and run for pacifying
The script file all affixed one's name to;And
Security deployment module, is configured as: make each client end response in the script file operation and automatically into
Row security deployment.
6. security deployment device as claimed in claim 5, which is characterized in that the security deployment module includes one in following
It is a or multiple:
User setting unit is run, is configured as: operation user and its permission are set for corresponding Jar file;
Catalogue setting unit is run, is configured as: for the corresponding Jar file setting operation catalogue of embodiment and its access right
Limit;
Log Directory setting unit, is configured as: Log Directory and its access authority is arranged for corresponding Jar file;
Configuration file setting unit, is configured as: modification authority is arranged for the configuration file of corresponding Jar file;With
And
Jar file locking unit, is configured as: by corresponding Jar file locking.
7. security deployment device as claimed in claim 6, it is characterised in that:
The priority assignation of the operation user is normal user permission by the operation user setting unit;
The access authority of the Log Directory is set only predesignated subscriber by operation catalogue setting unit access authority;
The Log Directory setting unit is set as the access authority of the Log Directory only to run user and/or root is used
There is access authority at family;
The modification authority of the configuration file is set only root user by the configuration file setting unit modification authority.
8. security deployment device as claimed in claim 7, which is characterized in that the Jar file locking unit is further matched
It is set to:
Unsuppressible-suppression is set by the attribute of corresponding Jar file;
The attribute of corresponding Jar file is set as to modify;
It is set as the attribute of corresponding Jar file that can not form link;
Irremovable position is set by the attribute of corresponding Jar file;
Set not reproducible for the attribute of corresponding Jar file;
It is set as the attribute of corresponding Jar file that can only run user to run.
9. a kind of calculating equipment, the calculating equipment includes memory and processor, computer journey is stored in the memory
Sequence, the computer program by the processor when being executed, so that the calculating equipment is executed as appointed in Claims 1-4
Security deployment method described in one.
10. a kind of computer readable storage medium is stored thereon with computer program, the computer program is by one or more
A processor realizes security deployment method according to any one of claims 1 to 4 when executing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811025870.9A CN110058862A (en) | 2018-09-04 | 2018-09-04 | Security deployment method, apparatus, equipment and storage medium for Jar file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811025870.9A CN110058862A (en) | 2018-09-04 | 2018-09-04 | Security deployment method, apparatus, equipment and storage medium for Jar file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110058862A true CN110058862A (en) | 2019-07-26 |
Family
ID=67315040
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811025870.9A Pending CN110058862A (en) | 2018-09-04 | 2018-09-04 | Security deployment method, apparatus, equipment and storage medium for Jar file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110058862A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111399861A (en) * | 2020-03-11 | 2020-07-10 | 中国建设银行股份有限公司 | Software automation deployment method and system |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120054490A1 (en) * | 2010-08-31 | 2012-03-01 | International Business Machines Corporation | Filesystem management and security system |
| CN102955915A (en) * | 2011-08-23 | 2013-03-06 | 中国移动通信集团公司 | Method and device for controlling safety access to Java applications |
| CN104714812A (en) * | 2013-12-13 | 2015-06-17 | 中国电信股份有限公司 | Method and system for quickly deploying and loading Java applications in cloud environment |
| CN105511872A (en) * | 2015-11-30 | 2016-04-20 | 国云科技股份有限公司 | Application automatic deployment method based on cloud computing platform |
| CN106533790A (en) * | 2016-12-12 | 2017-03-22 | 郑州云海信息技术有限公司 | Method, apparatus and system for deploying storage server, and storage server |
| CN107480534A (en) * | 2017-08-17 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of automated detection method for Apache configuration securities |
-
2018
- 2018-09-04 CN CN201811025870.9A patent/CN110058862A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120054490A1 (en) * | 2010-08-31 | 2012-03-01 | International Business Machines Corporation | Filesystem management and security system |
| CN102955915A (en) * | 2011-08-23 | 2013-03-06 | 中国移动通信集团公司 | Method and device for controlling safety access to Java applications |
| CN104714812A (en) * | 2013-12-13 | 2015-06-17 | 中国电信股份有限公司 | Method and system for quickly deploying and loading Java applications in cloud environment |
| CN105511872A (en) * | 2015-11-30 | 2016-04-20 | 国云科技股份有限公司 | Application automatic deployment method based on cloud computing platform |
| CN106533790A (en) * | 2016-12-12 | 2017-03-22 | 郑州云海信息技术有限公司 | Method, apparatus and system for deploying storage server, and storage server |
| CN107480534A (en) * | 2017-08-17 | 2017-12-15 | 郑州云海信息技术有限公司 | A kind of automated detection method for Apache configuration securities |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111399861A (en) * | 2020-03-11 | 2020-07-10 | 中国建设银行股份有限公司 | Software automation deployment method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11275838B2 (en) | Code package processing | |
| US9904614B2 (en) | Source code inspection and verification | |
| CN106156186B (en) | Data model management device, server and data processing method | |
| US10601871B2 (en) | Reconfiguration of security requirements for deployed components of applications | |
| CN111095338A (en) | System and method for executing different types of blockchain contracts | |
| US8806475B2 (en) | Techniques for conditional deployment of application artifacts | |
| US20240118915A1 (en) | Automated Management of Machine Images | |
| CN109032590B (en) | Configuration method, device, terminal and storage medium of visual development environment | |
| US10834059B2 (en) | Secure message handling of an application across deployment locations | |
| CN103677898A (en) | Method for checking loaded extension and/or plug-in on server side and server | |
| US11928605B2 (en) | Techniques for cyber-attack event log fabrication | |
| US20200034272A1 (en) | Handling request data with type safety in a remote service | |
| US10248535B2 (en) | On-demand automated locale seed generation and verification | |
| US20160253160A1 (en) | Using cloud patterns for installation on unmanaged physical machines and appliances | |
| WO2022103685A1 (en) | Continuous integration and development of code in a secure environment | |
| CN110058862A (en) | Security deployment method, apparatus, equipment and storage medium for Jar file | |
| US20190236269A1 (en) | Detecting third party software elements | |
| US9176974B1 (en) | Low priority, multi-pass, server file discovery and management | |
| US11803786B2 (en) | Enterprise integration platform | |
| CN110443034A (en) | The recognition methods of risk program file, calculates equipment and medium at device | |
| US10146529B2 (en) | Monitoring rules declaration and automatic configuration of the monitoring rules | |
| CN109298869A (en) | A kind of generation method and relevant apparatus of target channel packet | |
| US10296331B2 (en) | Log-based software porting | |
| US11977926B1 (en) | Deployment of pod cohorts | |
| US20230409716A1 (en) | Shared library customization |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |