CN110781476A - Flexible micro-service security access control method and system - Google Patents
Flexible micro-service security access control method and system Download PDFInfo
- Publication number
- CN110781476A CN110781476A CN201910976719.1A CN201910976719A CN110781476A CN 110781476 A CN110781476 A CN 110781476A CN 201910976719 A CN201910976719 A CN 201910976719A CN 110781476 A CN110781476 A CN 110781476A
- Authority
- CN
- China
- Prior art keywords
- service
- security
- micro
- access control
- policy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000011217 control strategy Methods 0.000 claims abstract description 16
- 230000014509 gene expression Effects 0.000 claims description 10
- 230000004044 response Effects 0.000 claims description 10
- 238000013475 authorization Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 6
- 230000007246 mechanism Effects 0.000 claims description 5
- 235000006719 Cassia obtusifolia Nutrition 0.000 claims description 3
- 235000014552 Cassia tora Nutrition 0.000 claims description 3
- 244000201986 Cassia tora Species 0.000 claims description 3
- 238000005728 strengthening Methods 0.000 claims description 3
- 230000001172 regenerating effect Effects 0.000 claims description 2
- 238000001914 filtration Methods 0.000 abstract description 5
- 238000011045 prefiltration Methods 0.000 abstract description 4
- 239000008186 active pharmaceutical agent Substances 0.000 description 21
- 238000012545 processing Methods 0.000 description 7
- 238000013507 mapping Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 235000010627 Phaseolus vulgaris Nutrition 0.000 description 1
- 244000046052 Phaseolus vulgaris Species 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 230000003014 reinforcing effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1014—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to tokens
Abstract
The invention discloses a flexible micro-service security access control method and a system, which are composed of a micro-service API gateway, a lightweight micro-service access token, a security policy service and policy template, a unified authority service, a Redis cluster, a micro-service configuration center and a Docker container security policy. The security policy template supporting the conventional security policy and the custom security policy is flexibly defined, the flexible security access control is better realized, and the instant release and application of the security policy are realized through the unified configuration service and the message bus service. A layered interception and filtration mode is adopted in the micro-service API gateway, and safety access control and fault tolerance are better realized by combining links such as pre-filtration, routing, post-filtration and exception handling and the like with a safety strategy; in the aspect of service access tokens, a security access control strategy is combined to dynamically generate a lightweight service access token, so that the operability and performance of security access control are enhanced, and the flexibility of micro-service security access control is improved.
Description
Technical Field
The invention relates to the technical field of computer software, in particular to a flexible microservice security access control method and system.
Background art:
micro-service architecture and open source technology thereof are becoming mature day by day and gradually become mainstream technical architecture in internet and enterprise level projects, with the refinement of field service design based on the micro-service architecture, more independent micro-service processes are generated, the frequency of micro-service invocation among the processes is more frequent, stateless micro-service invocation requests need authentication every time, a performance bottleneck of authentication service is caused when a large number of users access concurrently, and how to ensure the security access control among stateless services while ensuring the service performance is a key problem faced by the micro-service security architecture.
Four solutions and corresponding problems currently prevailing include: (1) single sign-on. The authentication service must be interacted with before each service access, which results in a large amount of trivial network traffic and repetitive work, and the impact is significant when the micro-service scale increases. (2) A distributed session. User authenticated information is stored in the shared store, and user data may be retrieved from the shared store when a user accesses the microservice, typically by distributed hash mapping implemented by a user session as a query key. The disadvantage of this scheme is that the shared memory needs a certain protection mechanism, needs to be accessed through a secure link, and has high implementation complexity and significant performance loss. (3) A client token. The token is generated at the client, signed by the authentication service, and must contain enough information so that the user identity can be established in all microservices. A token is attached to each request to provide user authentication for the microservice, which is a relatively good solution, but the short-term token and frequent check of the authentication service are required for authentication de-registration, with a slight loss of performance. (4) The client token is integrated with the API gateway. All service requests are firstly routed to the API gateway, and the API gateway converts the original user token of the request into an internal session token, so that the token problem during identity logout is effectively avoided. Compared with the fourth scheme, the scheme has obvious advantages, but the granularity and frequency of service authentication during authentication cannot be balanced, and a flexibly-adapted security access control strategy is lacked.
The existing solution has a large amount of trivial network flow and repeated work, and has the problems of high implementation complexity, obvious performance loss, slightly performance loss, unbalanced granularity and frequency of service authentication during authentication and lack of a flexible adaptive security access control strategy.
Disclosure of Invention
The invention aims to provide a method and a system for controlling the security access of a flexible micro-service, which aim to overcome the defect of lack of a security access control strategy with flexible adaptation in the prior art.
A flexible microservice security access control method, the method comprising the steps of:
receiving micro-service request information sent by an accessor, and authenticating according to a security access control strategy;
after the authentication is passed, adding the generated access token to the micro-service request information and sending the access token to the visitor;
saving the generated access token;
verifying the microservice request information with the access token sent by the visitor again;
and returning a request result to the visitor after the verification is passed.
Further, the method for generating the access token comprises the following steps:
acquiring a dynamically generated security access control strategy;
an access token is generated according to the security access control policy.
Further, the security access control policy is dynamically generated according to the security access control policy template.
Further, the step of checking the microservice request information with the access token issued again by the visitor comprises the following steps:
verifying the access token according to the encrypted private key;
after the verification is passed, the access token is confirmed to be valid, and the micro-service request information is normally processed and a response is returned;
otherwise, response information of forbidding access is returned, and whether the stored access token needs to be updated is checked.
Further, the method for updating the access token comprises the following steps:
checking whether the validity period of the saved access token expires;
if yes, regenerating an access token, adding the access token into the head return of the microservice request information, and adding an access token updating mark;
and updating the stored access token according to the updating mark.
A flexible microservice security access control system, the system comprising:
the security policy service module is used for subscribing security policy configuration from the micro service message bus;
the security policy template module is used for describing security policies and defining expansion and is connected with the security policy service module through a message bus;
the micro-service configuration center module is used for providing a security policy definition mode of a security access control policy template and is connected with the micro-service message bus;
the micro service API gateway module is connected with the security policy service module through a message bus, is used for uniformly configuring, intercepting and routing request information of micro services, and is an entrance of all micro service request information;
the micro-service unified authority module is respectively connected with the security policy service module and the micro-service API gateway module and is used for providing authentication and authorization service based on a security policy;
the service access token is generated by the micro-service unified authority module and is used for authenticating and authenticating micro-service requests and realizing a stateless session mechanism when micro-services are mutually called;
the Redis cluster module is connected with the security policy service module and used for storing centralized session of the microservice request information and storing the access token;
and the containerized security access control strategy module is used for strengthening the security access control of the micro service host environment.
Further, the security policy includes one or more of a user authentication policy, a password strength policy, a resource authentication authorization policy, and a black and white list policy;
the definition extensions include extensions to Java beans and security policy expressions.
Further, the service access token comprises an access token and a refresh token.
The invention has the advantages that: the method and the system for controlling the safety access of the flexible micro-service comprise the following steps: the method improves the flexible safety control capability of the micro-service by combining the characteristics of the micro-service API gateway, the safety strategy service and template module, the lightweight micro-service access token construction method, the flexibly-adapted micro-service safety control strategy and the like. A security access control strategy template supporting a conventional security strategy and a custom security strategy is introduced, flexible security access control is better realized, and instant release and application of the security strategy are realized through unified configuration service and message bus service. Reinforcing a service boundary through a container security policy after service containerization; a layered interception and filtration mode is adopted in the micro-service API gateway, and safety access control and fault tolerance are better realized by combining links such as pre-filtration, routing, post-filtration and exception handling and the like with a safety strategy; in the aspect of service access token, RFC7519[1] standard protocol format is adopted, and security access control strategy is combined to dynamically generate lightweight service access token, so that the operability and performance of security access control are enhanced, and the flexibility of micro-service security access control is improved. Considering that container-based microservice construction is gradually becoming the main mode of microservice architecture floor deployment, the framework adopts containerized security access control strategies to enhance microservice security access control capabilities.
Drawings
Fig. 1 is a schematic diagram of the framework of the present invention.
Fig. 2 is a schematic view of a security policy configuration interface of a microservice configuration center according to the present invention.
FIG. 3 is a schematic diagram of the internal structure of the micro service API gateway interceptor of the present invention.
FIG. 4 is a schematic flow chart of the method of the present invention.
Fig. 5 is a formalized description diagram of a security access control policy template of the present invention.
Fig. 6 is a formalized depiction of a security access control token of the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further described with the specific embodiments.
As shown in fig. 1 to 6, fig. 1 is a schematic diagram of a flexible microservice security access control model architecture of the present invention, and the whole system architecture includes: the system comprises a security policy service module, a security policy template module, a micro-service configuration center module, a micro-service API gateway module, a micro-service unified authority module, a lightweight security service access token, a Redis cluster module and a containerized security access control policy module.
A security policy service module: for subscribing to security policy configuration from the message bus at regular intervals; the security policy configuration describes security policy mapping of a request URL rule by a regular expression, and sets a rule for authenticating and authenticating the micro-service request, a generation rule for defining a micro-service access token and the like.
A security policy template module: the method is used for describing user authentication strategies, password intensity strategies, resource authentication authorization strategies, black and white list strategies and the like, and besides conventional security strategies, the definition extension of JavaBean and security strategy expressions is supported. Changes to the security policy template are published through the microservice configuration center and sent to a specified topic on the message bus in a publish/subscribe mode.
The micro-service configuration center module: describing the security policy mapping of the request URL rule by a regular expression, providing a security policy definition mode based on a micro-service security access control policy template, and dynamically generating a security access control policy according to the security access control policy template, as shown in FIG. 2;
the definition mode comprises the following steps: name, execution role, identity token source, token validation expression, and token validity period.
The micro-service unified authority module: the authentication service in the unified authority service matches the request data with the user identity and the authentication information in the database, and comprises the step of matching the user authentication information and the user identity role information in the request with the information of the user password, the role, the micro-service resources which can be accessed by the role and the like which are registered in the database.
Microservice API gateway module: the request routing is used for uniformly configuring, intercepting and controlling the micro-service and realizing the function of uniformly accessing the domain name by a reverse proxy, and the request routing is an entrance of all micro-service access requests; and realizing micro-service authentication processing based on the uniform access entry. The structure of the internal interceptor of the API gateway is shown in fig. 3, where a service consumer sends a request, and the request is first filtered by a pre-filter or a custom filter in the micro-service gateway, and then requests a service provider to obtain a response, and the response is returned to the service consumer after being filtered by the post-filter.
Lightweight secure service access token: the method is used for authentication of micro-service requests, comprises an access token and a refresh token, realizes a time-consuming stateless session mechanism for inter-modulation between micro-services, and combines the service access token and the request refresh token to give consideration to service safety and performance.
Redis Cluster Module: centralized session storage for microservices and refresh token storage based on lightweight microservice access tokens, the access efficiency of requesting session tokens is achieved by utilizing the high performance and high availability of Redis;
a containerized security access control policy module: the method is used for strengthening the security access control of the micro-service host Docker environment, Docker containers are created and set through Kubernets, custom security policy description files are established for all containers in batches based on the linux kernel operating system security policy in Docker images, and the security of the micro-service host is achieved.
Fig. 4 is an implementation step of a microservice security access control model architecture framework processing method in the embodiment of the present invention:
step S101: the method comprises the steps of constructing a micro-service operation host environment, constructing each micro-service as an independent Docker mirror image, creating Docker containers through Kubernets, constructing custom security policy description files for all containers in batches based on linux kernel operating system security policies in the Docker mirror images, achieving micro-service host security, and constructing copies of the Docker service environment based on the Kubernets to be highly available.
Step S102: the method comprises the steps of constructing a micro service API gateway, a Redis cluster and a micro service unified authority service, configuring a micro service route and a default authentication strategy in the micro service API gateway, and submitting user authentication information to the authentication service with unified authority in a POST mode in an API gateway pre-filter through the micro service API gateway when a service consumer requests.
Step S103: and constructing a micro-service configuration center, uniformly maintaining the security policy configuration based on a security access control policy template through the micro-service configuration center, automatically issuing the configuration change to an appointed security policy theme of a message bus, and supporting clustering, load balancing and high availability by the configuration center. The security policy service periodically subscribes to the security policy configuration from the message bus. The security policy configuration describes the security policy mapping of the request URL rule in a regular expression. The definition of the security access control template file adopts YAML format, and comprises 4 parts which are related to each other: inbound, route, outbound, exception handling. The four parts are respectively provided with different security policies, and the security policies of the inbound part comprise policies such as authorization access based on a service access token, request parameter encryption, request header setting association identification, directory level security control, attribute security control and the like; the routing part security policy comprises service monitoring and locking control; the security policy of the outbound part comprises a cross-domain policy, a cache policy, a jump policy and the like. The security policy template defines the mapping of services and security policies in the form of URL regular expressions and supports the processing Bean injection of custom security policies. The security policy formalization in fig. 5 describes the processing manner of token generation expression and token verification expression after authentication and authorization of the token and the state of the inbound.
Step S104: and starting the micro-service Docker container, wherein the starting sequence is micro-service configuration center-security policy service module-micro-service unified authority module-Redis cluster-security policy service module.
Step S105: the micro service consumer sends a request to request a lightweight security access token, the micro service API gateway intercepts the request and sends the request to the micro service uniform authority module, the micro service uniform authority module carries out authentication and authorization, data in the request is matched with information in a database, a security policy service is called to obtain a security access control policy corresponding to a request URL after the matching is successful, dynamically generating a service access token with encrypted signature according to the security policy logic, returning the service access token and the authentication result to the micro-service API gateway, meanwhile, the access token information is stored in the Redis cluster, the micro service API gateway adds the service access token into the head of the request and routes the service access token to the service provider, the service provider caches the access token locally, the access token is convenient to be multiplexed in the validity period of the access token to improve the performance, and then the access token is added into the head of the request object to send out the service request again.
Step S106: and after receiving the request with the service access token at the head, the service provider directly checks the token according to the agreed encryption private key, normally processes the request and returns a response if the access token is confirmed to be valid after the check is passed, and otherwise returns response information for forbidding access. And meanwhile, comparing whether the validity period of the access token in the Redis cluster expires, if so, generating a refresh token and adding the refresh token to the head of the request for returning, and adding an access token update mark to the head of the request, so that the service consumer updates the access token in the local client cache according to the access token update mark and the refresh token in the response request head after acquiring the response.
As shown in fig. 6:
the service access token consists of three parts: header information (header), message body (payload), and signature (signature), the header information specifying the signature algorithm used by the token. The message body contains authorization information such as the visitor's credentials. Since the client data can be tampered, the framework adopts a key signature technology to verify the validity of the token and prevent malicious attacks, and the framework provides signature algorithm based on the secret SM3 and SM2 encryption algorithm implementation. In order to avoid CSRF and XSS attacks and at the same time avoid performance loss due to frequent token update, the framework regularly monitors the token validity period and notifies the service consumer when the next service request is made after the token expires, and the service consumer applies for a new service access token by refreshing the token to ensure the validity of the security service access control.
Step S107: and the micro service API gateway performs next post-filtering processing or exception processing according to the returned authentication result and returns the processing result to the requested object.
The above is a detailed description of the security policy-based Docker container creation method, the flexible definition of the security policy template, the asynchronous transmission based on the message bus, the definition and storage update mechanism of the lightweight microservice API access token, the security authentication and authentication based on the microservice API gateway routing, the interceptor, and the security policy configuration, and other processing logics, which are provided by the embodiments of the present invention.
It will be appreciated by those skilled in the art that the invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The embodiments disclosed above are therefore to be considered in all respects as illustrative and not restrictive. All changes which come within the scope of or equivalence to the invention are intended to be embraced therein.
Claims (8)
1. A flexible micro-service security access control method is characterized by comprising the following steps:
receiving micro-service request information sent by an accessor, and authenticating according to a security access control strategy;
after the authentication is passed, adding the generated access token to the micro-service request information and sending the access token to the visitor;
saving the generated access token;
verifying the microservice request information with the access token sent by the visitor again;
and returning a request result to the visitor after the verification is passed.
2. The flexible microservice security access control method of claim 1, wherein: the generation method of the access token comprises the following steps:
acquiring a dynamically generated security access control strategy;
an access token is generated according to the security access control policy.
3. The flexible microservice security access control method of claim 2, wherein: and the security access control strategy is dynamically generated according to the security access control strategy template.
4. The flexible microservice security access control method of claim 1, wherein: the verification of the microservice request information with the access token sent by the visitor again comprises the following steps:
verifying the access token according to the encrypted private key;
after the verification is passed, the access token is confirmed to be valid, and the micro-service request information is normally processed and a response is returned;
otherwise, response information of forbidding access is returned, and whether the stored access token needs to be updated is checked.
5. The flexible microservice security access control method of claim 4, wherein: the updating method of the access token comprises the following steps:
checking whether the validity period of the saved access token expires;
if yes, regenerating an access token, adding the access token into the head return of the microservice request information, and adding an access token updating mark;
and updating the stored access token according to the updating mark.
6. A flexible micro-service security access control system is characterized in that: the system comprises:
the security policy service module is used for subscribing security policy configuration from the micro service message bus;
the security policy template module is used for describing security policies and defining expansion and is connected with the security policy service module through a message bus;
the micro-service configuration center module is used for providing a security policy definition mode of a security access control policy template and is connected with the micro-service message bus;
the micro service API gateway module is connected with the security policy service module through a message bus, is used for uniformly configuring, intercepting and routing request information of micro services, and is an entrance of all micro service request information;
the micro-service unified authority module is respectively connected with the security policy service module and the micro-service API gateway module and is used for providing authentication and authorization service based on a security policy;
the service access token is generated by the micro-service unified authority module and is used for authenticating and authenticating micro-service requests and realizing a stateless session mechanism when micro-services are mutually called;
the Redis cluster module is connected with the security policy service module and used for storing centralized session of the microservice request information and storing the access token;
and the containerized security access control strategy module is used for strengthening the security access control of the micro service host environment.
7. The flexible microservice security access control system of claim 6, wherein: the security policy comprises one or more of a user authentication policy, a password intensity policy, a resource authentication authorization policy and a black and white list policy;
the definition extensions include extensions to Java beans and security policy expressions.
8. The flexible microservice security access control system of claim 6, wherein: the service access token includes an access token and a refresh token.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910976719.1A CN110781476A (en) | 2019-10-15 | 2019-10-15 | Flexible micro-service security access control method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910976719.1A CN110781476A (en) | 2019-10-15 | 2019-10-15 | Flexible micro-service security access control method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110781476A true CN110781476A (en) | 2020-02-11 |
Family
ID=69385408
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910976719.1A Pending CN110781476A (en) | 2019-10-15 | 2019-10-15 | Flexible micro-service security access control method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110781476A (en) |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110995450A (en) * | 2020-02-27 | 2020-04-10 | 中科星图股份有限公司 | Authentication and authorization method and system based on Kubernetes |
| CN111314380A (en) * | 2020-03-20 | 2020-06-19 | 浪潮通用软件有限公司 | Authentication system, equipment and medium based on micro service |
| CN111399980A (en) * | 2020-03-16 | 2020-07-10 | 中国联合网络通信集团有限公司 | Safety authentication method, device and system for container organizer |
| CN111478771A (en) * | 2020-03-31 | 2020-07-31 | 招商局金融科技有限公司 | Method for safety access between micro services and micro service system |
| CN111488595A (en) * | 2020-03-27 | 2020-08-04 | 腾讯科技(深圳)有限公司 | Method for realizing authority control and related equipment |
| CN111586092A (en) * | 2020-03-25 | 2020-08-25 | 深圳壹账通智能科技有限公司 | Full link monitoring method, system and CAT client |
| CN111756733A (en) * | 2020-06-23 | 2020-10-09 | 恒生电子股份有限公司 | Identity authentication method and related device |
| CN111786879A (en) * | 2020-07-01 | 2020-10-16 | 内蒙古显鸿科技股份有限公司 | Intelligent fusion terminal gateway supporting containerization |
| CN111865920A (en) * | 2020-06-18 | 2020-10-30 | 多加网络科技(北京)有限公司 | Gateway authentication and identity authentication platform and method thereof |
| CN112153012A (en) * | 2020-09-01 | 2020-12-29 | 珠海市卓轩科技有限公司 | Multi-terminal contact access method, device and storage medium |
| CN112217882A (en) * | 2020-09-25 | 2021-01-12 | 航天信息股份有限公司 | Distributed gateway system for service opening |
| CN112256351A (en) * | 2020-10-26 | 2021-01-22 | 卫宁健康科技集团股份有限公司 | Implementation method of Feign component, micro-service calling method and device |
| CN112416528A (en) * | 2020-12-04 | 2021-02-26 | 福建福诺移动通信技术有限公司 | Method for realizing non-invasive micro-service room interface safe calling |
| CN112597183A (en) * | 2020-12-23 | 2021-04-02 | 深圳迅策科技有限公司 | Data service platform based on micro-service system |
| CN112637125A (en) * | 2020-11-23 | 2021-04-09 | 中信银行股份有限公司 | Message processing method and device, electronic equipment and computer readable storage medium |
| CN112671861A (en) * | 2020-12-15 | 2021-04-16 | 交控科技股份有限公司 | Method and device for improving security of micro-service system |
| CN112804244A (en) * | 2021-01-26 | 2021-05-14 | 广州欢网科技有限责任公司 | Method, device and equipment for intelligently controlling bottom micro-service flow by API gateway |
| CN112968960A (en) * | 2021-02-22 | 2021-06-15 | 同济大学 | Micro-service architecture based on open source component |
| CN113225394A (en) * | 2021-04-30 | 2021-08-06 | 中核武汉核电运行技术股份有限公司 | API gateway management system based on container cluster |
| CN113239373A (en) * | 2021-04-30 | 2021-08-10 | 中核武汉核电运行技术股份有限公司 | Authority management system |
| CN113268309A (en) * | 2021-04-07 | 2021-08-17 | 中国电子科技集团公司第二十九研究所 | Military chess deduction system oriented to SaaS application mode |
| CN113271283A (en) * | 2020-02-14 | 2021-08-17 | 宁波吉利汽车研究开发有限公司 | Message access method and system |
| CN113347261A (en) * | 2021-06-09 | 2021-09-03 | 广州易行数字技术有限公司 | Mechanism for filling access token information based on business field |
| CN113420312A (en) * | 2021-07-08 | 2021-09-21 | 山东云缦智能科技有限公司 | Method for dynamically controlling API interface access |
| CN113596040A (en) * | 2021-08-02 | 2021-11-02 | 中国建设银行股份有限公司 | Security policy deployment method, access control method and device and access control system |
| CN113672901A (en) * | 2021-08-30 | 2021-11-19 | 济南浪潮数据技术有限公司 | Access request processing method, container cloud platform, electronic device and storage medium |
| CN113810468A (en) * | 2021-08-13 | 2021-12-17 | 济南浪潮数据技术有限公司 | Method, system, device and storage medium for distributing request by gateway under K8s architecture |
| CN114157709A (en) * | 2021-11-05 | 2022-03-08 | 广州九尾信息科技有限公司 | Method for encrypting and desensitizing distributed service data |
| CN114205191A (en) * | 2021-12-13 | 2022-03-18 | 四川启睿克科技有限公司 | API gateway system and operation method |
| CN114398612A (en) * | 2021-12-08 | 2022-04-26 | 国网辽宁省电力有限公司 | ICT virtual operation safety access control method based on micro-service |
| WO2022126968A1 (en) * | 2020-12-15 | 2022-06-23 | 平安科技(深圳)有限公司 | Micro-service access method, apparatus and device, and storage medium |
| CN115208693A (en) * | 2022-09-09 | 2022-10-18 | 中国电子科技集团公司第十五研究所 | Security access control method and device based on micro-service |
| WO2023051232A1 (en) * | 2021-09-28 | 2023-04-06 | 阿里巴巴(中国)有限公司 | Computing cluster system, security authentication method, node device and storage medium |
| CN116049860A (en) * | 2023-03-06 | 2023-05-02 | 深圳前海环融联易信息科技服务有限公司 | Access control method, device, computer equipment and storage medium |
| CN116991472A (en) * | 2023-09-27 | 2023-11-03 | 深圳鲲云信息科技有限公司 | Method for managing global resources and computing device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
-
2019
- 2019-10-15 CN CN201910976719.1A patent/CN110781476A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110086822A (en) * | 2019-05-07 | 2019-08-02 | 北京智芯微电子科技有限公司 | The realization method and system of unified identity authentication strategy towards micro services framework |
Non-Patent Citations (1)
| Title |
|---|
| 刘一田 等: "柔性微服务安全访问控制框架", 《计算机系统应用》 * |
Cited By (55)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113271283B (en) * | 2020-02-14 | 2022-11-04 | 宁波吉利汽车研究开发有限公司 | Message access method and system |
| CN113271283A (en) * | 2020-02-14 | 2021-08-17 | 宁波吉利汽车研究开发有限公司 | Message access method and system |
| CN110995450B (en) * | 2020-02-27 | 2020-06-23 | 中科星图股份有限公司 | Authentication and authorization method and system based on Kubernetes |
| CN110995450A (en) * | 2020-02-27 | 2020-04-10 | 中科星图股份有限公司 | Authentication and authorization method and system based on Kubernetes |
| CN111399980A (en) * | 2020-03-16 | 2020-07-10 | 中国联合网络通信集团有限公司 | Safety authentication method, device and system for container organizer |
| CN111314380A (en) * | 2020-03-20 | 2020-06-19 | 浪潮通用软件有限公司 | Authentication system, equipment and medium based on micro service |
| CN111314380B (en) * | 2020-03-20 | 2023-01-24 | 浪潮通用软件有限公司 | Authentication system, equipment and medium based on micro service |
| CN111586092A (en) * | 2020-03-25 | 2020-08-25 | 深圳壹账通智能科技有限公司 | Full link monitoring method, system and CAT client |
| CN111488595B (en) * | 2020-03-27 | 2023-03-28 | 腾讯科技(深圳)有限公司 | Method for realizing authority control and related equipment |
| CN111488595A (en) * | 2020-03-27 | 2020-08-04 | 腾讯科技(深圳)有限公司 | Method for realizing authority control and related equipment |
| CN111478771B (en) * | 2020-03-31 | 2023-04-18 | 招商局金融科技有限公司 | Method for safety access between micro services and micro service system |
| CN111478771A (en) * | 2020-03-31 | 2020-07-31 | 招商局金融科技有限公司 | Method for safety access between micro services and micro service system |
| CN111865920B (en) * | 2020-06-18 | 2022-06-10 | 庞茂林 | Gateway authentication and identity authentication platform and method thereof |
| CN111865920A (en) * | 2020-06-18 | 2020-10-30 | 多加网络科技(北京)有限公司 | Gateway authentication and identity authentication platform and method thereof |
| CN111756733A (en) * | 2020-06-23 | 2020-10-09 | 恒生电子股份有限公司 | Identity authentication method and related device |
| CN111786879A (en) * | 2020-07-01 | 2020-10-16 | 内蒙古显鸿科技股份有限公司 | Intelligent fusion terminal gateway supporting containerization |
| CN112153012A (en) * | 2020-09-01 | 2020-12-29 | 珠海市卓轩科技有限公司 | Multi-terminal contact access method, device and storage medium |
| CN112153012B (en) * | 2020-09-01 | 2021-07-06 | 珠海市卓轩科技有限公司 | Multi-terminal contact access method, device and storage medium |
| CN112217882B (en) * | 2020-09-25 | 2024-03-26 | 航天信息股份有限公司 | Distributed gateway system for service opening |
| CN112217882A (en) * | 2020-09-25 | 2021-01-12 | 航天信息股份有限公司 | Distributed gateway system for service opening |
| CN112256351B (en) * | 2020-10-26 | 2023-11-17 | 卫宁健康科技集团股份有限公司 | Method for realizing Feign component, method and device for calling micro-service |
| CN112256351A (en) * | 2020-10-26 | 2021-01-22 | 卫宁健康科技集团股份有限公司 | Implementation method of Feign component, micro-service calling method and device |
| CN112637125A (en) * | 2020-11-23 | 2021-04-09 | 中信银行股份有限公司 | Message processing method and device, electronic equipment and computer readable storage medium |
| CN112416528B (en) * | 2020-12-04 | 2024-03-22 | 福建福诺移动通信技术有限公司 | Method for realizing non-invasive micro service interface safety call |
| CN112416528A (en) * | 2020-12-04 | 2021-02-26 | 福建福诺移动通信技术有限公司 | Method for realizing non-invasive micro-service room interface safe calling |
| CN112671861B (en) * | 2020-12-15 | 2023-03-24 | 交控科技股份有限公司 | Method and device for improving security of micro-service system |
| CN112671861A (en) * | 2020-12-15 | 2021-04-16 | 交控科技股份有限公司 | Method and device for improving security of micro-service system |
| WO2022126968A1 (en) * | 2020-12-15 | 2022-06-23 | 平安科技(深圳)有限公司 | Micro-service access method, apparatus and device, and storage medium |
| CN112597183A (en) * | 2020-12-23 | 2021-04-02 | 深圳迅策科技有限公司 | Data service platform based on micro-service system |
| CN112804244A (en) * | 2021-01-26 | 2021-05-14 | 广州欢网科技有限责任公司 | Method, device and equipment for intelligently controlling bottom micro-service flow by API gateway |
| CN112804244B (en) * | 2021-01-26 | 2023-03-14 | 广州欢网科技有限责任公司 | Method, device and equipment for intelligently controlling bottom micro-service flow by API gateway |
| CN112968960A (en) * | 2021-02-22 | 2021-06-15 | 同济大学 | Micro-service architecture based on open source component |
| CN113268309A (en) * | 2021-04-07 | 2021-08-17 | 中国电子科技集团公司第二十九研究所 | Military chess deduction system oriented to SaaS application mode |
| CN113225394A (en) * | 2021-04-30 | 2021-08-06 | 中核武汉核电运行技术股份有限公司 | API gateway management system based on container cluster |
| CN113239373A (en) * | 2021-04-30 | 2021-08-10 | 中核武汉核电运行技术股份有限公司 | Authority management system |
| CN113347261A (en) * | 2021-06-09 | 2021-09-03 | 广州易行数字技术有限公司 | Mechanism for filling access token information based on business field |
| CN113420312A (en) * | 2021-07-08 | 2021-09-21 | 山东云缦智能科技有限公司 | Method for dynamically controlling API interface access |
| CN113420312B (en) * | 2021-07-08 | 2022-04-26 | 山东浪潮超高清视频产业有限公司 | Method for dynamically controlling API interface access |
| CN113596040A (en) * | 2021-08-02 | 2021-11-02 | 中国建设银行股份有限公司 | Security policy deployment method, access control method and device and access control system |
| CN113810468A (en) * | 2021-08-13 | 2021-12-17 | 济南浪潮数据技术有限公司 | Method, system, device and storage medium for distributing request by gateway under K8s architecture |
| CN113672901B (en) * | 2021-08-30 | 2024-03-29 | 济南浪潮数据技术有限公司 | Access request processing method, container cloud platform, electronic device and storage medium |
| CN113672901A (en) * | 2021-08-30 | 2021-11-19 | 济南浪潮数据技术有限公司 | Access request processing method, container cloud platform, electronic device and storage medium |
| WO2023051232A1 (en) * | 2021-09-28 | 2023-04-06 | 阿里巴巴(中国)有限公司 | Computing cluster system, security authentication method, node device and storage medium |
| CN114157709B (en) * | 2021-11-05 | 2024-03-15 | 广州九尾信息科技有限公司 | Distributed service data encryption and desensitization method |
| CN114157709A (en) * | 2021-11-05 | 2022-03-08 | 广州九尾信息科技有限公司 | Method for encrypting and desensitizing distributed service data |
| CN114398612A (en) * | 2021-12-08 | 2022-04-26 | 国网辽宁省电力有限公司 | ICT virtual operation safety access control method based on micro-service |
| CN114398612B (en) * | 2021-12-08 | 2024-05-03 | 国网辽宁省电力有限公司 | ICT virtual operation safety access control method based on micro-service |
| CN114205191A (en) * | 2021-12-13 | 2022-03-18 | 四川启睿克科技有限公司 | API gateway system and operation method |
| CN114205191B (en) * | 2021-12-13 | 2023-09-15 | 四川启睿克科技有限公司 | API gateway system and operation method |
| CN115208693B (en) * | 2022-09-09 | 2022-12-20 | 中国电子科技集团公司第十五研究所 | Security access control method and device based on micro-service |
| CN115208693A (en) * | 2022-09-09 | 2022-10-18 | 中国电子科技集团公司第十五研究所 | Security access control method and device based on micro-service |
| CN116049860B (en) * | 2023-03-06 | 2023-06-02 | 深圳前海环融联易信息科技服务有限公司 | Access control method, device, computer equipment and storage medium |
| CN116049860A (en) * | 2023-03-06 | 2023-05-02 | 深圳前海环融联易信息科技服务有限公司 | Access control method, device, computer equipment and storage medium |
| CN116991472B (en) * | 2023-09-27 | 2023-12-22 | 深圳鲲云信息科技有限公司 | Method for managing global resources and computing device |
| CN116991472A (en) * | 2023-09-27 | 2023-11-03 | 深圳鲲云信息科技有限公司 | Method for managing global resources and computing device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110781476A (en) | Flexible micro-service security access control method and system | |
| US11695757B2 (en) | Fast smart card login | |
| US11641361B2 (en) | Dynamic access control to network resources using federated full domain logon | |
| US8782757B2 (en) | Session sharing in secure web service conversations | |
| CN112422532B (en) | Service communication method, system and device and electronic equipment | |
| US10122703B2 (en) | Federated full domain logon | |
| US9621355B1 (en) | Securely authorizing client applications on devices to hosted services | |
| US11683213B2 (en) | Autonomous management of resources by an administrative node network | |
| US20210136068A1 (en) | Telecom node control via blockchain | |
| US8695076B2 (en) | Remote registration for enterprise applications | |
| JP2005521279A (en) | Secure service access providing system and method | |
| US11552948B1 (en) | Domain management intermediary service | |
| US10218704B2 (en) | Resource access control using named capabilities | |
| US20120227095A1 (en) | Systems and methods for generating modular security delegates for applications | |
| AU2021328466A1 (en) | Self-authorizing identification and applications therefor | |
| CN108243164B (en) | Cross-domain access control method and system for E-government cloud computing | |
| Fugkeaw et al. | Multi-Application Authentication based on Multi-Agent System. | |
| CN109905365B (en) | Distributed deployed single sign-on and service authorization system and method | |
| CN116319096B (en) | Access system, method, device, equipment and medium of computing power network operation system | |
| CN116956247B (en) | Information processing system based on BIM | |
| US11870781B1 (en) | Enterprise access management system for external service providers | |
| CN116032616A (en) | Identity verification method and related equipment | |
| Loutsios | A holistic approach to network security in OGSA-based grid systems | |
| Pastore | Authorization and Access Control to Secure Web Services in a Grid Infrastructure. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200211 |