CN111200596B - File service system based on Web technology and design method thereof - Google Patents
File service system based on Web technology and design method thereof Download PDFInfo
- Publication number
- CN111200596B CN111200596B CN201911351741.3A CN201911351741A CN111200596B CN 111200596 B CN111200596 B CN 111200596B CN 201911351741 A CN201911351741 A CN 201911351741A CN 111200596 B CN111200596 B CN 111200596B
- Authority
- CN
- China
- Prior art keywords
- service
- node
- user
- request
- central
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 238000005516 engineering process Methods 0.000 title claims abstract description 20
- 238000013461 design Methods 0.000 title claims abstract description 15
- 230000008569 process Effects 0.000 claims abstract description 14
- 238000013475 authorization Methods 0.000 claims description 11
- 235000014510 cooky Nutrition 0.000 claims description 7
- 238000012545 processing Methods 0.000 claims description 6
- 238000012546 transfer Methods 0.000 claims description 5
- 230000006870 function Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application discloses a file service system design method based on Web technology, which comprises the following steps: the central service receives a node list request of a user browser for accessing the central service, processes the node list request and returns a node list to the user; the user clicks the node in the returned node list to send a node directory request to the central service, and the central service processes the node directory request and redirects the node directory request to the node service; the node service processes the node directory request and returns the node directory content with node service URL information to the user. It is an object of the present application to enable secure and convenient access to a file system of a wide area network node.
Description
Technical Field
The application relates to the technical field of wide area network file service management, in particular to a file service system based on Web technology and a design method thereof.
Background
Currently, many enterprises or research institutions in China have their own high-performance clusters, the scale of the high-performance clusters is often determined according to the peak value of resources such as calculation or storage required by a user, but in most cases, the utilization rate of the high-performance cluster resources is often very low, which results in the waste of a large amount of precious resources.
Under the push of sharing economy, a platform is expected to integrate domestic distributed high-performance cluster resources so as to share idle cluster resources for wider consumers and improve resource value.
A platform file management system is necessary to make it more convenient and secure for consumers to browse or process their own files. Meanwhile, the actual storage of the files is each cluster, which means that the file management system of the platform is across a wide area network. The method mentioned in this patent is intended to solve the above problems.
The patent emphasizes solving the problem of file service across wide area networks, and is different from a distributed file system in a local area network.
The problems existing in the prior art are as follows:
existing file service systems manage files on nodes within a local area network. If the node is in the wide area network, the service System needs to open a port, which has a great security problem, for example, communication between nodes of a Hadoop Distributed File System (HDFS) depends on an SSH (Secure Shell protocol) protocol.
There are also many service systems providing a unified access portal through which both request and response data need to be forwarded when accessing node file information on a wide area network, which causes a problem of doubling the request response time.
Disclosure of Invention
In view of the above problems in the related art, the present application provides a file service system based on Web technology and a design method thereof, which can at least safely and conveniently access a file system of a wide area network node.
The technical scheme of the application is realized as follows:
a file service system design method based on Web technology is provided, which comprises the following steps:
the central service receives a node list request of a user browser for accessing the central service, processes the node list request and returns a node list to the user;
the user clicks the node in the returned node list to send a node directory request to the central service, and the central service processes the node directory request and redirects the node directory request to the node service;
the node service processes the node directory request and returns the node directory content with node service URL (Uniform Resource Locator) information to the user.
According to the embodiment of the present application, the Central Service processing node list request means that if the user is not authenticated, the Central Service initiates a first CAS (Central Authentication Service, an independent open command protocol) Authentication Service to the user.
According to an embodiment of the present application, a first CAS authentication service includes:
the central service redirects the node list request to the CAS authentication service;
the CAS authentication service returns a login interface to the user, and after the user successfully logs in, the CAS authentication service returns a ticket TGT (ticket queuing ticket) for ticket authorization and a ticket for ticket authorization for access authorization of the central service to the user.
According to an embodiment of the present application, the first CAS authentication service further includes:
the user browser saves a ticket TGT for ticket authorization to a CAS authentication service Cookie (the Cookie is a simple text file saved in a client), and carries a ticket authorized for central service access to initiate a node list request to the central service again;
the central service obtains and stores user information from the CAS authentication service by means of a ticket authorizing access to the central service.
According to an embodiment of the application, a central service processes a node directory request, comprising:
the central service queries the node service metadata based on the node ID (IDentity) of the node directory request, concatenates the access node service URLs and redirects the node directory request to the node service.
According to an embodiment of the application, the node service processing the node directory request means that if the user is not authenticated, the node service initiates a second CAS authentication service to the user.
According to an embodiment of the present application, the second CAS authentication service includes:
the node service redirects the node directory request to the CAS authentication service and takes the access node service URL as a request parameter;
the user browser initiates an authentication request to the CAS authentication service, which generates and returns a ticket authorizing access to the node service to the user.
According to an embodiment of the present application, the second CAS authentication service further includes:
the user browser uses the ticket authorized for the node service access as a request parameter to send a request to the node service again, and the node service acquires user information from the CAS by means of the ticket authorized for the node service access.
The beneficial technical effect of this application lies in:
unified access entry;
unified authentication is carried out, and user access authorization is carried out;
all requests are based on an HTTPS (Hypertext Transfer Protocol Secure) Protocol, and an open port is safer;
data are directly transmitted, so that the time cost of transfer transmission is saved;
a more secure and convenient service is provided for accessing file systems across nodes of a wide area network.
Drawings
In order to more clearly illustrate the embodiments of the present application, the drawings needed for the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings can be obtained by those skilled in the art without inventive effort.
FIG. 1 is a schematic diagram of a file service system design method based on Web technology according to an embodiment of the present application;
fig. 2 is a timing diagram of a file service system design method applying Web-based technology according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments that can be derived from the embodiments given herein by a person of ordinary skill in the art are intended to be within the scope of the present disclosure.
According to the embodiment of the application, a file service system design method based on Web technology is provided. Fig. 1 shows a schematic diagram of a file service system design method based on Web technology according to an embodiment of the application. Referring to fig. 1, the file service system design method based on Web technology of the present invention includes: a user sends a node list request for accessing the center service through a browser, and if the user is not authenticated, the center service returns the node list to the user after initiating the CAS authentication service for the first time; the user clicks the returned node list to request the node list directory content from the central service, the central service processes the node list directory content request, and if the user is not authenticated, the node service initiates the CAS authentication service for the second time and then returns the node list directory content with the node service URL information to the user.
The technical scheme of the invention provides a safer and more convenient method for accessing the file system of the cross-wide area network node by supporting the file service system based on the Web technology. Thus, unified access to the portals is enabled; unified authentication, user access authorization is carried out; all requests are based on an HTTPS (Hypertext Transfer Protocol Secure) Protocol, and an open port is safer; data are directly transmitted, so that the time cost of transfer transmission is saved; a more secure and convenient service is provided for accessing file systems across nodes of a wide area network.
Browser 11 shown in fig. 1: installed on a user's PC (Personal Computer), the user's tool or way to access the service. The method mainly has the following functions: storing Cookie with CAS authentication service, storing Cookie with central service, storing Cookie with node service, initiating access request and displaying access result.
Central service at 12 shown in fig. 1: as a unified portal for accessing services. The method mainly has the following functions: managing metadata of the node service, redirecting access requests of the file service to the node service, monitoring the state of the node service, and providing a user login function.
The CAS authentication service at 13 shown in FIG. 1: and providing authentication service for the whole system.
Node service at 14 shown in fig. 1: the method is deployed on each node served by the access center and provides service for the local file system of the access node. The following functions are important: and interface access authority control, directory management and file management of node services.
Fig. 2 shows a sequence diagram of a file service system design method based on the Web technology by taking browsing directories as examples, and the overall process is described as follows:
at 201 shown in fig. 2, a list of nodes served by the access center is accessed, and if the user is not authenticated, step 202 is performed; otherwise, go to step 207.
At 202 shown in FIG. 2, the request is redirected to the CAS authentication service, which returns a login interface.
At 203 in fig. 2, the user enters a username and password to log in.
At 204 shown in FIG. 2, after the login is successful, the CAS authentication service returns a TGT (ticket for ticket authorization) and a ticket (ticket for access authorization to the central service).
At 205 shown in FIG. 2, the browser saves the TGT to the CAS authentication service Cookie and initiates the request again to the central service with ticket as the request parameter.
At 206 shown in fig. 2, the central service obtains the user information from the CAS authentication service by means of ticket and stores the user information in the session.
At 207 shown in fig. 2, the central service returns a list of nodes.
At 208 in FIG. 2, the user clicks on a node in the list to browse the directory for that node.
As shown in 209 in fig. 2, after the central service receives the request, it queries the node service metadata according to the node ID, and concatenates the URLs of the visited node services, assuming that the URL value is a nodeServiceURL. The request is then redirected to the node service.
At 210 shown in fig. 2, after the node service receives the request, if it finds that the session is not authorized by authentication, step 211 is performed; otherwise 216 is performed.
At 211 shown in FIG. 2, the node service redirects the request to the CAS authentication service with the nodeServiceURL as a request parameter.
At 212 of FIG. 2, the browser initiates an authentication request to the CAS authentication service. Since the browser has an authenticated session with the CAS authentication service after step 4, the browser can directly access.
At 213 shown in FIG. 2, the CAS authentication service generates a ticket that accesses the nodeServiceURL and returns it to the browser.
At 214 shown in fig. 2, the browser again accesses the nodeServiceURL and takes ticket as a request parameter.
As shown at 215 in fig. 2, after receiving the request, the node service obtains the user information from the CAS authentication service by means of ticket.
At 216 in FIG. 2, the node service returns the directory content. All elements in the file list in the directory carry a URL to access the node service, so that subsequent accesses are initiated directly to the node service.
The process of requesting the upload and download of the file is the same as the above-described process. Since many browsers limit the size of uploaded files, the method provides a file block uploading function based on an HTML5(HyperText Markup Language 5) technology.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (6)
1. A file service system design method based on Web technology is characterized by comprising the following steps:
the method comprises the steps that a central service receives a node list request of a user browser for accessing to the central service, and the central service processes the node list request and returns a node list to a user;
clicking a node in the returned node list by a user to send a node directory request to the central service, and processing the node directory request and redirecting the node directory request to the node service by the central service;
the node service processes the node directory request and returns the node directory content with node service URL information to the user,
wherein the node is a wide area network node, all requests are based on Hypertext transfer secure protocol (HTTPS),
the central service processing the node list request means that if the user is not authenticated, the central service initiates a first CAS authentication service to the user,
the node service processing the node directory request means that if the user is not authenticated, the node service initiates a second CAS authentication service to the user, wherein the second CAS authentication service includes:
the node service redirects the node directory request to a CAS authentication service and an access node service URL as a request parameter,
the user browser initiates an authentication request to the CAS authentication service, and the CAS authentication service generates and returns a ticket authorizing access to the node service to the user.
2. The file service system design method based on Web technology as claimed in claim 1, wherein the first CAS authentication service includes:
the central service redirecting the node list request to a CAS authentication service;
the CAS authentication service returns the login interface to the user, and after the user successfully logs in, the CAS authentication service returns a ticket TGT for ticket authorization and a ticket for central service access authorization to the user.
3. The method for designing a file service system based on Web technology as claimed in claim 2, wherein the first CAS authentication service further comprises:
the user browser stores the ticket TGT for ticket authorization into a CAS (CAS authentication System) authentication service Cookie, and carries the ticket authorized for central service access to initiate the node list request to the central service again;
the central service acquires and stores user information from the CAS authentication service by means of the ticket authorizing access to the central service.
4. The Web technology-based file service system design method as claimed in claim 1, wherein the central service processing the node directory request includes:
and the central service inquires node service metadata according to the node ID of the node directory request, splices an access node service URL and redirects the node directory request to the node service.
5. The method for designing a file service system based on Web technology as claimed in claim 1, wherein the second CAS authentication service further comprises:
and the user browser initiates a request to the node service again by taking the ticket authorized for the access of the node service as a request parameter, and the node service acquires the user information from the CAS by means of the ticket authorized for the access of the node service.
6. A file service system based on Web technology, comprising: a storage medium storing a program executed to implement the file service system designing method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911351741.3A CN111200596B (en) | 2019-12-25 | 2019-12-25 | File service system based on Web technology and design method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911351741.3A CN111200596B (en) | 2019-12-25 | 2019-12-25 | File service system based on Web technology and design method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111200596A CN111200596A (en) | 2020-05-26 |
| CN111200596B true CN111200596B (en) | 2022-09-02 |
Family
ID=70747583
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911351741.3A Active CN111200596B (en) | 2019-12-25 | 2019-12-25 | File service system based on Web technology and design method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111200596B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102104483A (en) * | 2009-12-18 | 2011-06-22 | 杭州华三通信技术有限公司 | Single sign-on method, system and load balancing equipment based on load balance |
| CN105187523A (en) * | 2015-08-28 | 2015-12-23 | 北京奇艺世纪科技有限公司 | Method and device for accessing directory |
| CN109462600A (en) * | 2018-12-13 | 2019-03-12 | 东软集团股份有限公司 | Access method, user equipment, login service device and the storage medium of application |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107172054B (en) * | 2017-05-26 | 2020-09-22 | 睿智合创(北京)科技有限公司 | Authority authentication method, device and system based on CAS |
| CN109547508B (en) * | 2017-09-21 | 2022-03-22 | 阿里巴巴集团控股有限公司 | Method, device and system for realizing resource access |
| CN109495486B (en) * | 2018-11-30 | 2020-12-22 | 成都知道创宇信息技术有限公司 | Single-page Web application integration CAS method based on JWT |
| CN110120946B (en) * | 2019-04-29 | 2021-07-20 | 武汉理工大学 | Unified authentication system and method for Web and micro-service |
-
2019
- 2019-12-25 CN CN201911351741.3A patent/CN111200596B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102104483A (en) * | 2009-12-18 | 2011-06-22 | 杭州华三通信技术有限公司 | Single sign-on method, system and load balancing equipment based on load balance |
| CN105187523A (en) * | 2015-08-28 | 2015-12-23 | 北京奇艺世纪科技有限公司 | Method and device for accessing directory |
| CN109462600A (en) * | 2018-12-13 | 2019-03-12 | 东软集团股份有限公司 | Access method, user equipment, login service device and the storage medium of application |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111200596A (en) | 2020-05-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230370464A1 (en) | Systems and methods for controlling sign-on to web applications | |
| US6865680B1 (en) | Method and apparatus enabling automatic login for wireless internet-capable devices | |
| EP2375688B1 (en) | Managing automatic log in to Internet target resources | |
| JP4615247B2 (en) | Computer system | |
| US10356153B2 (en) | Transferring session data between network applications accessible via different DNS domains | |
| US9699169B2 (en) | Computer readable storage media for selective proxification of applications and method and systems utilizing same | |
| US11204971B1 (en) | Token-based authentication for a proxy web scraping service | |
| CN112995219A (en) | Single sign-on method, device, equipment and storage medium | |
| US6785705B1 (en) | Method and apparatus for proxy chaining | |
| US11882159B2 (en) | Executing code injected into an intercepted application response message to eliminate accumulation of stale computing sessions | |
| CN112202813B (en) | Network access method and device | |
| CN111200596B (en) | File service system based on Web technology and design method thereof | |
| EP4227828A1 (en) | Web scraping through use of proxies, and applications thereof | |
| US20230018983A1 (en) | Traffic counting for proxy web scraping | |
| US20240176829A1 (en) | Token-based authentication for a proxy web scraping service | |
| WO2023104117A1 (en) | Resource access method and system, electronic device, and computer-readable storage medium | |
| WO2023280593A1 (en) | Web scraping through use of proxies, and applications thereof | |
| CN114357422A (en) | Platform integration login and management based implementation method | |
| CA2569446A1 (en) | Method and system for providing distributed applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240328 Address after: 266100 room 211, area a, software park, 169 Songling Road, Laoshan District, Qingdao City, Shandong Province Patentee after: Zhongke Shuguang International Information Industry Co.,Ltd. Country or region after: China Address before: 100193 No. 36 Building, No. 8 Hospital, Wangxi Road, Haidian District, Beijing Patentee before: Dawning Information Industry (Beijing) Co.,Ltd. Country or region before: China |
|
| TR01 | Transfer of patent right |