CN111327613B

CN111327613B - Distributed service authority control method and device and computer readable storage medium

Info

Publication number: CN111327613B
Application number: CN202010105203.2A
Authority: CN
Inventors: 赖俊凡
Original assignee: Shenzhen Tencent Computer Systems Co Ltd
Current assignee: Shenzhen Tencent Computer Systems Co Ltd
Priority date: 2020-02-20
Filing date: 2020-02-20
Publication date: 2022-06-21
Anticipated expiration: 2040-02-20
Also published as: CN111327613A

Abstract

The application provides a distributed service authority control method, a distributed service authority control device and a computer readable storage medium, wherein the method comprises the following steps: acquiring authority information stored in a Zookeeper cluster, and respectively storing the authority information into a shared memory of each server in the distributed service, so that a service providing system corresponding to each server performs authority control based on the authority information in the corresponding shared memory; and if the authority information in the Zookeeper cluster is updated, acquiring the updated authority information from the Zookeeper cluster, and updating the authority information in the shared memory of each server respectively based on the updated authority information. The updating process of the authority information of the authority control does not need the restarting of the service providing system, the stability of the service providing system is ensured, the identity verification function in the authority control of the distributed service is enabled to be stably operated all the time, and the stability of the distributed service is further ensured.

Description

Distributed service authority control method and device and computer readable storage medium

Technical Field

The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for controlling authority of a distributed service, and a computer-readable storage medium.

Background

The Distributed Service (Distributed Service) refers to that data and a Distributed application program are not located on the same server, but are Distributed to a plurality of servers, wherein the Distributed application program may be a front-end page or a client, and the data is a database which needs to be accessed when the Distributed application program runs or a Service providing system which stores corresponding data. The distributed service is in a theoretical calculation model server form taking geographic information data distributed dispersedly on a network and database operation influenced by the geographic information data as research objects. The distribution is beneficial to the distribution and optimization on the whole computer system, and the defects that the traditional centralized system causes the resource shortage of the central host and the response bottleneck are overcome.

The authority control of the distributed service refers to that when a user accesses the service providing system through a client or a front-end page, the authority of the client or the front-end page is verified and controlled. Specifically, a user sends a request for accessing a data system through a client or a front-end page, and a service providing system verifies information contained in the request according to configured authority information, so as to determine whether the client or the front-end interface has an access authority or specific content corresponding to the access authority of the client or the front-end interface.

At present, in distributed services, authority information is generally written into a fixed configuration file, and the fixed configuration file is configured for each service providing system during development, but in this way, whenever the authority information is updated, the service providing system needs to be restarted to update the fixed configuration file, and the updated authority information is read from the updated configuration file again, and frequent restarting can bring great instability to the service providing system.

Disclosure of Invention

The purpose of this application is to solve at least one of the above technical defects, and the technical solution provided by this application embodiment is as follows:

in a first aspect, an embodiment of the present application provides a method for controlling an authority of a distributed service, including:

acquiring authority information stored in a Zookeeper cluster, and respectively storing the authority information into a shared memory of each server in the distributed service, so that a service providing system corresponding to each server performs authority control based on the authority information in the corresponding shared memory;

and if the authority information in the Zookeeper cluster is updated, acquiring the updated authority information from the Zookeeper cluster, and updating the authority information in the shared memory of each server respectively based on the updated authority information.

In an optional embodiment of the present application, the method further comprises:

sending authority updating query information to the Zookeeper cluster at each interval of preset time interval, and receiving a query result fed back by the Zookeeper cluster responding to the authority updating query information;

if the permission information in the Zookeeper cluster is updated, acquiring the updated permission information from the Zookeeper cluster, wherein the authority information comprises:

and if the query result indicates that the permission information in the Zookeeper cluster is updated, acquiring the updated permission information from the Zookeeper cluster.

when the authority information in the Zookeeper cluster is updated, receiving an update notification sent by the Zookeeper cluster;

and when receiving the update notification, acquiring the updated authority information from the Zookeeper cluster.

acquiring a first permission updating request sent by a user;

and based on the first permission updating request, acquiring a second permission updating request corresponding to the Zookeeper cluster, and sending the second permission updating request to the Zookeeper cluster so as to enable the Zookeeper cluster to update the permission information based on the second permission updating request.

In an optional embodiment of the present application, the first permission update request includes an update type, a service party identifier, and update content, and the obtaining, based on the first permission update request, a second permission update request corresponding to the Zookeeper cluster includes:

and packaging the updating type, the service party identifier and the updating content into a function corresponding to the Zookeeper cluster to obtain a second permission updating request.

and receiving authority updating feedback information fed back by the Zookeeper cluster after the authority information is updated based on the second authority updating request, wherein the authority updating feedback information is used for indicating whether the authority updating is successful or not.

In a second aspect, an embodiment of the present application provides a method for controlling an authority of a distributed service, including:

the method comprises the steps that after an Agent corresponding to each server in the distributed service obtains authority information and stores the authority information into a shared memory of each server in the distributed service, an update notification is sent to each Agent when the authority information is updated, so that each Agent responds to the update notification to obtain the updated authority information, and the authority information in the shared memory of each server is updated based on the updated authority information;

and the service providing system corresponding to each server performs authority control based on the authority information in the corresponding shared memory.

In an optional embodiment of the present application, the permission information is updated as follows:

receiving a second permission updating request sent by each Agent;

and updating the authority information based on each second authority updating request.

In an optional embodiment of the present application, before each Agent acquires the authority information, the method further includes:

configuring a storage path of the authority information, and storing the authority information to each node under the storage path;

updating the authority information based on each second authority updating request, including:

and updating the authority information based on the storage path and each second authority updating request.

In a third aspect, an embodiment of the present application provides a method for controlling an authority of a distributed service, including:

receiving authority information which is sent by a corresponding Agent and acquired from the Zookeeper cluster and storing the authority information into a corresponding shared memory so that a service providing system corresponding to each server in the distributed service carries out authority control based on the authority information in the corresponding shared memory;

and if the authority information in the Zookeeper cluster is updated, receiving the updated authority information acquired by the corresponding Agent from the Zookeeper cluster, and updating the authority information in the corresponding shared memory based on the updated authority information.

In a fourth aspect, an embodiment of the present application provides an authority control device for distributed services, including:

the authority information acquisition module is used for acquiring the authority information stored in the Zookeeper cluster and respectively storing the authority information into the shared memory of each server in the distributed service so as to enable the service providing system corresponding to each server to carry out authority control based on the authority information in the corresponding shared memory;

and the updating information acquisition module is used for acquiring the updated authority information from the Zookeeper cluster if the authority information in the Zookeeper cluster is updated, and respectively updating the authority information in the shared memory of each server based on the updated authority information.

In an optional embodiment of the present application, the apparatus further includes an authority update query module, configured to:

correspondingly, the update information acquisition module is specifically configured to:

In an optional embodiment of the present application, the apparatus further includes an update notification receiving module, configured to:

In an optional embodiment of the present application, the apparatus further comprises an authority updating module for updating the authority

Acquiring a first permission updating request sent by a user;

In an optional embodiment of the present application, the first permission update request includes an update type, a service party identifier, and an update content, and accordingly, the permission update module is specifically configured to:

In an optional embodiment of the present application, the apparatus further includes an authority update feedback module, configured to:

In a fifth aspect, an embodiment of the present application provides an authority control device for distributed services, including:

the updating notification sending module is used for acquiring the authority information by the Agent agents corresponding to the servers in the distributed service, respectively storing the authority information into the shared memory of each server in the distributed service, and then sending updating notifications to the agents when the authority information is updated, so that each Agent responds to the updating notifications to acquire the updated authority information, and respectively updating the authority information in the shared memory of each server based on the updated authority information;

In an optional embodiment of the present application, the apparatus further includes an authority updating module, configured to:

receiving a second permission updating request sent by each Agent;

In an optional embodiment of the present application, the apparatus further includes a storage path configuration module, configured to:

correspondingly, the update notification sending module is specifically configured to:

In a sixth aspect, an embodiment of the present application provides an authority control device for distributed services, including:

the permission information receiving module is used for receiving permission information which is sent by a corresponding Agent and acquired from the Zookeeper cluster and storing the permission information into a corresponding shared memory so as to enable a service providing system corresponding to each server in the distributed service to carry out permission control based on the permission information in the corresponding shared memory;

and the update information receiving module is used for receiving the updated authority information acquired by the corresponding Agent from the Zookeeper cluster if the authority information in the Zookeeper cluster is updated, and updating the authority information in the corresponding shared memory based on the updated authority information.

In a seventh aspect, an embodiment of the present application provides an electronic device, including a memory and a processor;

the memory has a computer program stored therein;

a processor configured to execute a computer program to implement the methods provided in the embodiments of the first aspect, any optional embodiment of the first aspect, the embodiments of the second aspect, or any optional embodiment of the second aspect, the embodiments of the third aspect, or any optional embodiment of the third aspect.

In an eighth aspect, an embodiment of the present application provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and the computer program, when executed by a processor, implements the method provided in the embodiment of the first aspect, any optional embodiment of the first aspect, the embodiment of the second aspect, or any optional embodiment of the second aspect, the embodiment of the third aspect, or any optional embodiment of the third aspect.

The beneficial effect that technical scheme that this application provided brought is:

according to the scheme, the service providing system acquires the authority information from the shared memory of the server where the service providing system is located, and performs access authority control on the service party sending the access request to the service party based on the acquired authority, wherein the authority information in the shared memory is acquired from the Zookeeper cluster through the corresponding Agent, when the authority information in the Zookeeper cluster is updated, the Agent acquires the updated authority information from the Zookeeper cluster, and updates the authority information in the corresponding shared memory based on the updated authority information, the authority information updating process does not need the service providing system to restart, the stability of the service providing system is guaranteed, and the stability of the distributed service is further guaranteed.

Drawings

In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.

Fig. 1 is an architecture diagram of a distributed service authority control system provided in an embodiment of the present application;

fig. 2 is a schematic flowchart of an authority control method for distributed services provided in the present application;

FIG. 3 is a schematic diagram of a rights update process provided herein;

fig. 4 is a schematic diagram of request data processing in an authority updating process according to an embodiment of the present application;

fig. 5 is a schematic flowchart of an authority control method for a distributed service according to an embodiment of the present application;

fig. 6 is a schematic view of an interaction flow between an Agent and a Zookeeper in an authority control process according to an embodiment of the present application;

fig. 7 is a schematic flowchart of an authority control method for a distributed service according to an embodiment of the present application;

fig. 8 is an alternative structural diagram of a distributed system applied to a blockchain system according to an embodiment of the present disclosure;

fig. 9 is an alternative schematic diagram of a block structure according to an embodiment of the present application;

fig. 10 is a block diagram illustrating a structure of a distributed service authorization control device according to an embodiment of the present application;

fig. 11 is a block diagram illustrating a structure of a distributed service authorization control device provided in the present application;

fig. 12 is a block diagram illustrating a structure of a distributed service authorization control device according to an embodiment of the present disclosure;

fig. 13 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present invention.

As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.

In the embodiment of the application, the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, a middleware service, a domain name service, a security service, a CDN, a big data and artificial intelligence platform, and the like. The terminal may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like. The terminal and the server may be directly or indirectly connected through wired or wireless communication, and the application is not limited herein.

Cloud technology refers to a hosting technology for unifying serial resources such as hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data.

Cloud technology (Cloud technology) is based on a general term of network technology, information technology, integration technology, management platform technology, application technology and the like applied in a Cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.

Cloud computing (cloud computing) refers to a delivery and use mode of an IT infrastructure, and refers to obtaining required resources in an on-demand and easily-extensible manner through a network; the generalized cloud computing refers to a delivery and use mode of a service, and refers to obtaining a required service in an on-demand and easily-extensible manner through a network. Such services may be IT and software, internet related, or other services. Cloud Computing is a product of development and fusion of traditional computers and Network Technologies, such as Grid Computing (Grid Computing), distributed Computing (distributed Computing), Parallel Computing (Parallel Computing), Utility Computing (Utility Computing), Network Storage (Network Storage Technologies), Virtualization (Virtualization), Load balancing (Load Balance), and the like.

With the development of diversification of internet, real-time data stream and connecting equipment and the promotion of demands of search service, social network, mobile commerce, open collaboration and the like, cloud computing is rapidly developed. Different from the prior parallel distributed computing, the generation of cloud computing can promote the revolutionary change of the whole internet mode and the enterprise management mode in concept.

A distributed cloud storage system (hereinafter, referred to as a storage system) refers to a storage system that aggregates a large number of storage devices (storage devices are also referred to as storage nodes) of various types in a network through application software or application interfaces to cooperatively work through functions such as cluster application, grid technology, and a distributed storage file system, and provides data storage and service access functions to the outside.

At present, a storage method of a storage system is as follows: logical volumes are created, and when created, each logical volume is allocated physical storage space, which may be the disk composition of a certain storage device or of several storage devices. The client stores data on a certain logical volume, that is, the data is stored on a file system, the file system divides the data into a plurality of parts, each part is an object, the object not only contains the data but also contains additional information such as data identification (ID, ID entry), the file system writes each object into a physical storage space of the logical volume, and the file system records storage location information of each object, so that when the client requests to access the data, the file system can allow the client to access the data according to the storage location information of each object.

The process of allocating physical storage space for the logical volume by the storage system specifically includes: physical storage space is pre-partitioned into stripes according to a set of capacity measures of objects stored in the logical volumes (which often have a large margin with respect to the capacity of the actual objects to be stored) and Redundant Array of Independent Disks (RAID), and a logical volume can be understood as a stripe, thereby allocating physical storage space to the logical volume.

Database (Database), which can be regarded as an electronic file cabinet in short, a place for storing electronic files, a user can add, query, update, delete, etc. to data in files. A "database" is a collection of data that is stored together in a manner that can be shared by multiple users, has as little redundancy as possible, and is independent of the application.

A Database Management System (DBMS) is a computer software System designed for managing a Database, and generally has basic functions of storage, interception, security assurance, backup, and the like. The database management system may classify the database according to the database model it supports, such as relational, XML (Extensible Markup Language); or classified according to the type of computer supported, e.g., server cluster, mobile phone; or sorted according to the Query Language used, such as SQL (Structured Query Language), XQuery, or sorted according to performance impulse emphasis, such as max size, maximum operating speed, or other sorting.

Cloud Security (Cloud Security) refers to a generic term for Security software, hardware, users, organizations, secure Cloud platforms for Cloud-based business model applications. The cloud security integrates emerging technologies and concepts such as parallel processing, grid computing and unknown virus behavior judgment, abnormal monitoring of software behaviors in the network is achieved through a large number of meshed clients, the latest information of trojans and malicious programs in the internet is obtained and sent to the server for automatic analysis and processing, and then the virus and trojan solution is distributed to each client.

The main research directions of cloud security include: 1. the cloud computing security mainly researches how to guarantee the security of the cloud and various applications on the cloud, including the security of a cloud computer system, the secure storage and isolation of user data, user access authentication, information transmission security, network attack protection, compliance audit and the like; 2. the cloud of the security infrastructure mainly researches how to adopt cloud computing to newly build and integrate security infrastructure resources and optimize a security protection mechanism, and comprises the steps of constructing a super-large-scale security event and an information acquisition and processing platform through a cloud computing technology, realizing the acquisition and correlation analysis of mass information, and improving the handling control capability and the risk control capability of the security event of the whole network; 3. the cloud security service mainly researches various security services such as anti-virus services and the like provided for users based on a cloud computing platform.

Private Cloud (Private Cloud) is a method for creating Cloud infrastructure and software and hardware resources in a firewall so that each department in an organization or enterprise can share the resources in a data center. A private cloud is created, typically with cloud as a Service (IaaS) software in addition to hardware resources.

The private cloud computing also comprises three layers of cloud hardware, a cloud platform and cloud service. In contrast, the cloud hardware is the user's own personal computer or server, not the cloud computing vendor's data center. Cloud computing vendors build data centers to provide public cloud services for millions of users, and therefore need to have tens of millions of servers. Private cloud computing serves only friends and relatives for an individual and the employees and customers and suppliers of the enterprise for the enterprise, so that the personal computer or server of the individual or enterprise is sufficient to provide cloud services.

Public Cloud (Public Cloud) generally refers to a Cloud that can be used and provided by a third-party provider for a user, the Public Cloud can be generally used through the Internet and can be free or low-cost, and the core attribute of the Public Cloud is a shared resource service. There are many instances of such a cloud that can provide services throughout today's open public network.

Hybrid Cloud (Hybrid Cloud) blends Public Cloud (Public Cloud) and Private Cloud (Private Cloud), which is the main mode and development direction of Cloud computing in recent years. The private cloud is mainly oriented to enterprise users, for safety, enterprises prefer to store data in the private cloud, but meanwhile hope to obtain computing resources of the public cloud, in the situation, the hybrid cloud is adopted more and more, the public cloud and the private cloud are mixed and matched to obtain the best effect, and the personalized solution achieves the purposes of saving money and being safe.

To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.

The terms referred to in this application will first be introduced and explained:

agent: agents, in the field of distributed computing, are often referred to as Agents, computing entities that are continually acting autonomously, interactively, reactively, and proactively, in a distributed system.

Zookeeper: the distributed application cooperative service is distributed and open source code distributed application cooperative service, and mainly provides software of consistent service for distributed application, and the provided functions comprise: configuration maintenance, domain name service, distributed synchronization, group service, etc.

The authority control of the distributed service refers to that when a user accesses the service providing system through a client or a front-end page, the authority of the client or the front-end page is verified and controlled. Specifically, a user sends a request for accessing a data system through a client or a front-end page, and the service providing system verifies information contained in the request according to configured authority information, so as to determine whether the client or the front-end interface has an access authority or whether specific content corresponding to the access authority of the client or the front-end interface exists. At present, in distributed services, authority information is generally written into a fixed configuration file, and the fixed configuration file is configured for each service providing system during development, but in this way, whenever the authority information is updated, the service providing system needs to be restarted to update the fixed configuration file, and the updated authority information is read from the updated configuration file again, and frequent restarting can bring great instability to the service providing system. In view of the above problems, an embodiment of the present application provides a method for controlling an authority of a distributed service.

The distributed service authority control method provided by the present application is implemented based on the distributed service authority control system shown in fig. 1, and before describing the distributed service authority control method provided by the present application, the distributed service authority control system is described first, and an architecture of the distributed service authority control system is shown in fig. 1, and includes: a plurality of servers, a plurality of agents (agents), and a zookeeper cluster corresponding to the distributed service.

And a service providing system running on the server acquires the authority information from the shared memory and carries out authority verification on the received access request based on the acquired authority information so as to complete authority control. The authority information in the shared memory of each server is obtained from the Zookeeper through a corresponding Agent (Agent), and each Agent can interact with the Zookeeper cluster and a corresponding distributed server respectively so as to obtain the authority information from the Zookeeper cluster and store the authority information in the shared memory of each server.

Specifically, the right control system may initialize a fixed-size memory in each server before the service providing system starts running. Since the authority control generally controls the identity, authority size, etc. of the visitor (service party) by the service providing system, the authority information stored in the shared memory generally may include identification information of the service party, access content of the service party, access frequency of the service party, etc., and different service parties correspond to different authority information.

For example, the code of the storage form of the authority information corresponding to a certain service party of a certain financial wind control service providing system in the shared memory is as follows:

{

appid 1001,// service identity 1001

Authip: [10.121.121.2,10.131.23.1]// authentication IP is 10.121.121.2,10.131.23.1

AuthQry:

{

Model [10,11,26,100],// resource Model allowing access

url [ "/longlosan", "/repair", "/riskScore" ]// resource type allowed to access

},

Freq:

{

Second 500,// maximum number of requests per Second

Day 100000,// maximum number of requests per Day

}

After a business side sends an access request to the financial wind control service providing system, the financial wind control service providing system performs authority control on the business side based on authority information corresponding to the codes, firstly, the business side is authenticated through business side identification (content corresponding to 'APPid' in the codes) and business side IP (content corresponding to 'Authip' in the codes), namely whether the business side has authority for accessing the financial wind control service providing system is determined, based on the authority information, only if the APPid of the business side is 1001 and the IP address of the business side is 10.121.121.2 or 10.131.23.1, the authentication can be passed, and the business side passing the authentication can access data in the financial wind control service providing system. Further, the authority information specifically limits the authority content (content corresponding to "AuthQry" in the code) of the authenticated business party, wherein the financial service providing system sets a plurality of resource models, and numbers (for example, number "10" represents a liability resource model) for each resource model, and sets resource types, such as "longloan", "repair", and "riskScore", based on the authority information, the authenticated business party can only access 4 resource models with numbers 10,11,26, and 100, and can only access the resource types of "longloan", "repair", and "riskScore". Further, the authority information specifically defines the maximum number of times of access per second and the maximum number of times of access per day of the service party for which the authentication is passed (the content corresponding to "Freq" in the code), and based on the authority information, the maximum number of requests per second is 500 and the maximum number of requests per day is 100000 for the service party for which the authentication is passed.

One or more agents may be included in the authority control system, and an Agent in the authority control system may be understood as a "logical layer" in the system, and is used for realizing interaction with each server and the zookeeper cluster respectively. When a plurality of agents are available, parallel interaction can be realized, and the interaction efficiency is greatly improved.

The zookeeper cluster in the authority control system may be understood as a "storage layer" in the system, and the authority control system may configure zookeeper cluster information before the service providing system starts running, where the zookeeper cluster information may include: the storage address of the authority information, the authentication mode of the zookeeper cluster, the user name and the password, the path address of the resource needing to be monitored and the like.

For example, the code of a certain zookeeper cluster information is as follows:

storage address of Host 9.21.112.48:5000,9.21.123.20:5000,100.7.17.32:5000// permission information in zookeeper cluster

Authentication mode of Scheme (digest)/zookeeper cluster

Authenticated username and password for a cluster of certs system pwd @ systems// zookeeper

Watchpath ═ system/auth/appid// resource path to be monitored

Specifically, the zookeeper cluster can configure zookeeper cluster information during initialization, authority information corresponding to different service providing systems can be stored in different addresses (content corresponding to "Host" in the code) in the zookeeper cluster, and based on the zookeeper cluster information, the storage addresses of the authority information in the zookeeper cluster are 9.21.112.48:5000,9.21.123.20:5000,100.7.17.32: 5000. The authentication mode of the zookeeper cluster is 'Scheme', the user name and the password are 'system' and 'pwd @ system', respectively, and after the user passes the authentication in a preset authentication mode (for example, the Scheme mode) through the user name and the password, the user logs in a configuration interface of the zookeeper cluster to configure zookeeper cluster information. Further, the zookeeper cluster has a function of monitoring the resources stored therein, and may set a resource path (content corresponding to "Watchpath" in the code) to be monitored, and based on the zookeeper cluster information, it may be known that the resource whose path is "/system/auth/approximate" needs to be monitored.

Fig. 2 is a schematic flow diagram of an authority control method for a distributed service provided in the present application, and as shown in fig. 2, an execution subject of the method may be an Agent (logic layer), and the method may include:

step S201, obtaining the authority information stored in the Zookeeper cluster, and storing the authority information into the shared memory of each server in the distributed service, so that the service providing system corresponding to each server performs authority control based on the authority information in the corresponding shared memory.

Each Agent acquires corresponding authority information from the Zookeeper cluster respectively, and then stores the authority information into a shared memory of a corresponding server, and it needs to be explained that each Agent corresponds to one or more servers, so the number of the agents can be one or more, when the number of the agents is multiple, parallel interaction can be realized with both the Zookeeper cluster and the distributed server, and the interaction efficiency of the system is improved.

Specifically, each Agent reads and stores the authority information stored in the Zookeeper cluster into the shared memory of each server, and when a service providing system running on the server receives an access request of a service party (a client or a front-end interface), the service providing system performs authority verification on the access request by using the authority information stored in the shared memory to realize authority control.

Step S202, if the authority information in the Zookeeper cluster is updated, acquiring the updated authority information from the Zookeeper cluster, and respectively updating the authority information in the shared memory of each server based on the updated authority information.

In particular, there are many situations where rights information involved in a distributed service needs to be updated, for example, a business party needs to be added, the specific rights content of a business party needs to be modified, or a business party needs to be deleted. After the authority information in the Zookeeper cluster is updated, each Agent acquires the updated authority information from the Zookeeper cluster, and updates the authority information in the shared memory of each server based on the acquired updated authority information, so that the authority information in the shared memories of all the servers is updated finally, and the service providing system on each server performs authority verification on the access request based on the updated authority information in the shared memory.

In the process, since the authority information used by the service providing system during authority control is stored in the shared memory, the authority information stored in the shared memory is only required to be correspondingly updated after the authority information is updated, the service providing system does not need to be restarted, the service providing system can be ensured to be always on line, and the stability of the service providing system is ensured.

Meanwhile, in the scheme of the application, all the authority information is stored in the Zookeeper cluster, the safety of authority information storage is ensured by means of the characteristics of high availability and strong consistency of the Zookeeper service, and meanwhile, the problem of inconsistency in the distributed service is also avoided. And then, carrying out information interaction with the Zookeeper cluster by using the Agent, and automatically pulling and updating the authority information by virtue of the self-interactivity of the Agent so as to ensure the real-time performance of the whole distributed service authority control. On the other hand, the service providing system only needs to pay attention to the logic of the service providing system, and directly uses the authority information acquired by the corresponding Agent to carry out authority identification, frequency control and the like. By adopting the authority control mode, the operation of the service providing system and the authority file configuration management are separated, developers only need to pay attention to the authority control logic of the service providing system and do not need to maintain all authority information, and the complexity of the distributed service authority control system can be greatly simplified. Besides, the work of developers is simplified, for operation and maintenance personnel, the Agent is used for managing the configuration authority information, the change of an online system is not needed, the working efficiency is improved, and the possibility that the whole system fails due to manual operation is reduced.

In an optional embodiment of the present application, the method may further comprise:

and sending authority updating query information to the Zookeeper cluster at preset time intervals, and receiving a query result fed back by the Zookeeper cluster responding to the authority updating query information.

Specifically, in order to know whether the authority information in the Zookeeper cluster is updated, each Agent may send authority update query information to the Zookeeper cluster at preset time intervals, and determine whether the authority information is updated according to an indication of a query result fed back by the Zookeeper cluster. The preset time interval may be set according to an actual payment, and is not limited herein.

And when the query result indicates that the permission information is updated, each Agent learns that the permission information in the Zookeeper cluster is updated, and needs to acquire the updated permission information for updating the permission information in the corresponding shared memory, so that the permission information in the shared memories of all the servers is updated finally.

and when the authority information in the Zookeeper cluster is updated, receiving an update notification sent by the Zookeeper cluster.

Specifically, the Zookeeper cluster has a function of monitoring the resources stored therein, that is, sending a notification when the resources in a certain path change, so that the Zookeeper cluster can monitor the authority information, and when the authority information in the Zookeeper cluster is updated, each Agent receives the update notification sent by the Zookeeper cluster to know that the authority information in the Zookeeper cluster is updated.

If the permission information in the Zookeeper cluster is updated, acquiring the updated permission information from the Zookeeper cluster, wherein the acquiring comprises the following steps:

Specifically, when the update notification is received, the updated authority information is acquired from the Zookeeper cluster, that is, once the authority information is updated, the Zookeeper cluster immediately informs each Agent that the authority information is updated through the update notification, so that each Agent can acquire the updated authority information more timely and update the authority information in the corresponding shared memory, and the real-time performance of updating the authority information in the shared memory is ensured.

It should be noted that, as can be seen from the foregoing description, there are two ways in which each Agent learns that the permission information in the Zookeeper cluster is updated, one is an inquiry way for sending permission update inquiry information at preset time intervals, and the other is a notification way for receiving permission Zookeeper cluster update notification.

acquiring a first permission updating request sent by a user;

and acquiring a second permission updating request corresponding to the Zookeeper cluster based on the first permission updating request, and sending the second permission updating request to the Zookeeper cluster so as to enable the Zookeeper cluster to update the permission information based on the second permission updating request.

The user may be an operator of a service provider or an operator of a service providing system, and when the authority information needs to be updated, the user may send a first authority update request to the Agent. The first permission updating request can comprise an updating type, a service party identification, updating content and the like. The update types may include add, delete, and modify.

For example, in the authority information corresponding to the financial risk control service providing system, the authority information of a certain service party needs to be added, and the code of the first authority updating request sent by the user is as follows:

{

opt0,// update type is new

Appid 1001,// service identity 1001

AuthQry:

{

Model [10,11,26,100],// resource Model allowing access

url [ "/longlosan", "/repair", "/riskScore" ]// resource type allowed to access

},

Freq:

{

Second 500,// maximum number of requests per Second

Day 100000,// maximum number of requests per Day

}

Wherein, the update type (content corresponding to "opt" in the code) opt0 indicates that an addition operation is performed, and so on, opt1 and opt2 may respectively indicate deletion and change operations. The content represented by the specific content of the new rights information is as described above, and is not described herein again.

Specifically, as shown in fig. 3, the user updates the authority information in the Zookeeper through the Agent, and the user initiates an authority updating operation, that is, sends out a first authority updating request. It should be noted that, when a user needs to complete multiple update operations, that is, needs to send multiple first permission update requests, multiple first permission update requests may be sequentially sent to the same Agent, or multiple first permission update requests may be sent to different agents, obviously, the latter manner may be executed in parallel, so that the permission information update operation is more efficient.

The function corresponding to the Zookeeper cluster may be a C library function, and the specific functions used in the process of converting the first permission update request into the second permission update request include:

int zo _ add _ auth ()// permission operation function

int zo _ create ()// newly-added Zookeeper node

int zo _ delete ()// delete Zookeeper node

int zo _ get ()// obtaining Zookeeper node information

int zo _ set ()// setting Zookeeper node information

int zo _ get _ child ()// obtaining child node information of Zookeeper node

Specifically, the update type, the service party identifier, and the update content in the first permission update request are converted into a function (e.g., a C library function) corresponding to the Zookeeper cluster, and then the second permission update request can be obtained by respectively encapsulating the functions with corresponding api functions. And the Zookeeper cluster correspondingly operates the nodes under the authority information storage address based on the second authority updating request so as to update the authority information.

and receiving authority updating feedback information fed back by the Zookeeper cluster after the authority information is updated based on the second authority updating request, wherein the authority updating feedback information is used for indicating whether the authority updating is successful.

Specifically, after updating the permission information based on the second permission update request, the Zookeeper cluster sends permission update feedback information to the Agent that sent the second permission update request, and the Agent forwards the permission update feedback information to the user that sent the first permission update request, so as to inform the user whether the permission update is successful.

The specific implementation process of the permission update is shown in fig. 4, and the actions performed by the Agent may include: 1. receiving authority updating operation (namely a first authority updating request) initiated by a user, 2, packaging the user request into a corresponding Zookeeper request (namely a second authority updating request), 3, sending the operation to a Zookeeper cluster, 4, obtaining an operation result (namely authority updating feedback information) of the Zookeeper cluster and returning the operation result to the user.

Fig. 5 is a schematic flowchart of an authority control method for a distributed service according to an embodiment of the present application, where as shown in fig. 5, an execution subject of the method may be a Zookeeper cluster, and the method may include:

step 501, after acquiring the authority information by the Agent corresponding to each server in the distributed service and respectively storing the authority information into the shared memory of each server in the distributed service, when the authority information is updated, sending an update notification to each Agent, so that each Agent responds to the update notification to acquire the updated authority information, and respectively updating the authority information in the shared memory of each server based on the updated authority information;

Specifically, after the authority information in the Zookeeper cluster is updated, an update notification is sent to each Agent based on the monitoring function of the Zookeeper cluster. And responding to the update notification, each Agent acquires the updated authority information from the Zookeeper cluster, and updates the authority information in the shared memory of each server based on the acquired updated authority information, so that the authority information in the shared memories of all the servers is updated finally, and the service providing system on each server performs authority verification on the access request based on the updated authority information in the shared memory.

Meanwhile, in the scheme of the application, all the authority information is stored in the Zookeeper cluster, the safety of authority information storage is ensured by means of the characteristics of high availability and strong consistency of the Zookeeper service, and meanwhile, the problem of inconsistency in the distributed service is also avoided. And then, carrying out information interaction by using the Agent and the Zookeeper cluster, and automatically pulling and updating the authority information by virtue of the self-interactivity of the Agent so as to ensure the real-time property of the whole distributed service authority control. On the other hand, the service providing system only needs to pay attention to the logic of the service providing system, and directly uses the authority information acquired by the corresponding Agent to carry out authority identification, frequency control and the like. By adopting the authority control mode, the operation of the service providing system and the authority file configuration management are separated, developers only need to pay attention to the authority control logic of the service providing system and do not need to maintain all authority information, and the complexity of the distributed service authority control system can be greatly simplified. Besides, the work of developers is simplified, for operation and maintenance personnel, the Agent is used for managing the configuration authority information, the change of an online system is not needed, the working efficiency is improved, and the possibility that the whole system fails due to manual operation is reduced.

receiving a second permission updating request sent by each Agent;

After receiving a first permission updating request sent by a user, each Agent needs to convert the first permission updating request into a second permission updating request operable by the Zookeeper cluster, so that the Zookeeper cluster can update the permission information stored in the Zookeeper cluster according to the second permission updating request.

and configuring a storage path of the authority information, and storing the authority information to each node under the storage path.

Wherein, the method can be carried out in Zookeeper cluster

Specifically, the second permission updating request is a request that can be identified by a node in the Zookeeper cluster, and is sent to the nodes according to a storage path corresponding to the node storing the permission information, so that the nodes are correspondingly operated based on the second permission updating request to update the permission information.

In the process of authority control, the interaction flow between the Agent and the Zookeeper is shown in fig. 6, and may include: 1. initializing a shared memory by each server, 2, configuring Zookeeper cluster information by a Zookeeper, 3, setting a Zookeeper monitoring condition and a callback function, wherein the monitoring condition is that authority information is updated, the callback function is used for pulling the updated authority information from the Zookeeper cluster by an Agent when the monitoring condition is met, 4, circularly pulling the Zookeeper cluster information by the Agent, namely acquiring the authority information in the Zookeeper cluster at preset time intervals to acquire the updated authority information, and 5, updating the pulled information into the shared memory.

Fig. 7 is a schematic flowchart of an authority control method for a distributed service according to an embodiment of the present application, and as shown in fig. 7, the method may include:

step 701, receiving and storing the permission information acquired from the Zookeeper cluster sent by the corresponding Agent into the corresponding shared memory, so that the service providing system corresponding to each server in the distributed service performs permission control based on the permission information in the corresponding shared memory.

Step 702, if the permission information in the Zookeeper cluster is updated, receiving the updated permission information acquired by the corresponding Agent from the Zookeeper cluster, and updating the permission information in the corresponding shared memory based on the updated permission information.

Specifically, after the authority information in the Zookeeper cluster is updated, each Agent acquires the updated authority information from the Zookeeper cluster, and updates the authority information in the shared memory of each server based on the acquired updated authority information, so that the authority information in the shared memories of all the servers is updated finally, and the service providing system on each server performs authority verification on the access request based on the updated authority information in the shared memory.

According to the scheme, the service providing system acquires the authority information from the shared memory of the server where the service providing system is located, and performs access authority control on the service side sending the access request to the service side based on the acquired authority, wherein the authority information in the shared memory is acquired from the Zookeeper cluster through the corresponding Agent, when the authority information in the Zookeeper cluster is updated, the Agent acquires the updated authority information from the Zookeeper cluster and updates the authority information in the corresponding shared memory based on the updated authority information, the authority information updating process does not need to restart the service providing system, the stability of the service providing system is guaranteed, and the stability of the distributed service is further guaranteed.

The system related to the embodiment of the present application may be a distributed system formed by a client, a plurality of nodes (any form of computing devices in an access network, such as a server, a user terminal) connected through a network communication form.

Taking a distributed system as an example of a blockchain system, referring To fig. 8, fig. 8 is an optional structural schematic diagram of a distributed system 800 applied To a blockchain system provided in this embodiment of the present application, and is formed by a plurality of nodes 801 (computing devices in any form in an access network, such as servers and user terminals) and a client 802, a Peer-To-Peer (P2P, Peer To Peer) network is formed between the nodes, and a P2P Protocol is an application layer Protocol operating on a Transmission Control Protocol (TCP). In a distributed system, any machine, such as a server or a terminal, can join to become a node, and the node comprises a hardware layer, a middle layer, an operating system layer and an application layer.

Referring to the functions of each node in the blockchain system shown in fig. 8, the functions involved include:

1) routing, a basic function that a node has, is used to support communication between nodes.

Besides the routing function, the node may also have the following functions:

2) the application is used for being deployed in a block chain, realizing specific services according to actual service requirements, recording data related to the realization functions to form recording data, carrying a digital signature in the recording data to represent a source of task data, and sending the recording data to other nodes in the block chain system, so that the other nodes add the recording data to a temporary block when the source and integrity of the recording data are verified successfully.

For example, the services implemented by the application include:

2.1) wallet, for providing the function of transaction of electronic money, including initiating transaction (i.e. sending the transaction record of current transaction to other nodes in the blockchain system, after the other nodes are successfully verified, storing the record data of transaction in the temporary blocks of the blockchain as the response of confirming the transaction is valid; of course, the wallet also supports the querying of the remaining electronic money in the electronic money address;

and 2.2) sharing the account book, wherein the shared account book is used for providing functions of operations such as storage, query and modification of account data, record data of the operations on the account data are sent to other nodes in the block chain system, and after the other nodes verify the validity, the record data are stored in a temporary block as a response for acknowledging that the account data are valid, and confirmation can be sent to the node initiating the operations.

2.3) Intelligent contracts, computerized agreements, which can execute the terms of a certain contract, are realized by codes deployed on a shared account for execution when certain conditions are met, are used for completing automated transactions according to actual business requirement codes, such as inquiring the logistics status of goods purchased by a buyer, and transferring the electronic money of the buyer to the address of a merchant after the buyer signs the goods; of course, smart contracts are not limited to executing contracts for trading, but may also execute contracts that process received information.

3) And the Block chain comprises a series of blocks (blocks) which are mutually connected according to the generated chronological order, new blocks cannot be removed once being added into the Block chain, and recorded data submitted by nodes in the Block chain system are recorded in the blocks.

Referring to fig. 9, fig. 9 is an optional schematic diagram of a Block Structure (Block Structure) provided in the embodiment of the present application, where each Block includes a hash value of a transaction record stored in the Block (hash value of the Block) and a hash value of a previous Block, and the blocks are connected by the hash values to form a Block chain. The block may include information such as a time stamp at the time of block generation. A block chain (Blockchain), which is essentially a decentralized database, is a string of data blocks associated by using cryptography, and each data block contains related information for verifying the validity (anti-counterfeiting) of the information and generating a next block.

Fig. 10 is a block diagram of a structure of an authority control apparatus for distributed services according to an embodiment of the present application, and as shown in fig. 10, the apparatus 1000 may include: a rights information acquisition module 1001 and an update information acquisition module 1002. Wherein:

the authority information acquiring module 1001 is configured to acquire authority information stored in a Zookeeper cluster, and store the authority information in a shared memory of each server in the distributed service, so that a service providing system corresponding to each server performs authority control based on the authority information in the corresponding shared memory;

the update information obtaining module 1002 is configured to, if the permission information in the Zookeeper cluster is updated, obtain the updated permission information from the Zookeeper cluster, and update the permission information in the shared memory of each server based on the updated permission information.

In an optional embodiment of the present application, the apparatus further comprises an update notification receiving module, configured to:

Acquiring a first permission updating request sent by a user;

Fig. 11 is a block diagram illustrating a structure of an authority control apparatus for distributed services according to the present application, and as shown in fig. 11, the apparatus 1100 may include: an update notification sending module 1101, wherein:

the update notification sending module 1101 is configured to obtain the authority information by the Agent corresponding to each server in the distributed service, store the authority information in the shared memory of each server in the distributed service, and send an update notification to each Agent when the authority information is updated, so that each Agent obtains updated authority information in response to the update notification, and update the authority information in the shared memory of each server based on the updated authority information;

receiving a second permission updating request sent by each Agent;

In an optional embodiment of the present application, the apparatus further comprises a storage path configuration module, configured to:

Fig. 12 is a block diagram of a structure of an authority control device for distributed services according to an embodiment of the present application, and as shown in fig. 12, the authority control device 1200 may include: a permission information receiving module 1201 and an update information receiving module 1202. Wherein:

the permission information receiving module 1201 is configured to receive permission information, which is sent by a corresponding Agent and acquired from the Zookeeper cluster, and store the permission information in a corresponding shared memory, so that a service providing system corresponding to each server in the distributed service performs permission control based on the permission information in the corresponding shared memory;

the update information receiving module 1202 is configured to receive updated authority information, which is obtained by a corresponding Agent from a Zookeeper cluster, if the authority information in the Zookeeper cluster is updated, and update the authority information in a corresponding shared memory based on the updated authority information.

Based on the same principle, an embodiment of the present application further provides an electronic device, where the electronic device includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the method provided in any optional embodiment of the present application is implemented, and specifically, the following situations are implemented:

the first condition is as follows: acquiring authority information stored in a Zookeeper cluster, and respectively storing the authority information into a shared memory of each server in the distributed service, so that a service providing system corresponding to each server performs authority control based on the authority information in the corresponding shared memory;

And a second condition: after acquiring authority information at an Agent corresponding to each server in the distributed service and respectively storing the authority information in a shared memory of each server in the distributed service, when the authority information is updated, sending an update notification to each Agent so that each Agent responds to the update notification to acquire updated authority information, and respectively updating the authority information in the shared memory of each server based on the updated authority information;

Case three: receiving authority information which is sent by a corresponding Agent and acquired from the Zookeeper cluster and stored in a corresponding shared memory, so that a service providing system corresponding to each server in the distributed service performs authority control based on the authority information in the corresponding shared memory;

and if the permission information in the Zookeeper cluster is updated, receiving the updated permission information acquired by the corresponding Agent from the Zookeeper cluster, and updating the permission information in the corresponding shared memory based on the updated permission information.

The embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements the method shown in any embodiment of the present application.

It is understood that the medium may store a computer program corresponding to an image processing method or a video processing method.

Fig. 13 is a schematic structural diagram of an electronic device to which an embodiment of the present application is applied, and as shown in fig. 13, an electronic device 1300 shown in fig. 13 includes: a processor 1301 and a memory 1303. Processor 1301 is coupled to memory 1303, such as via bus 1302. Further, the electronic device 1300 may also include a transceiver 1304, and the electronic device 1300 may interact with other electronic devices through the transceiver 1304. It should be noted that the transceiver 1304 is not limited to one in practical applications, and the structure of the electronic device 1300 is not limited to the embodiment of the present application.

The processor 1301, applied in the embodiment of the present application, may be configured to implement the functions of the authority information obtaining module and the update information obtaining module shown in fig. 10, or to implement the function of the update notification sending module shown in fig. 11, or to implement the functions of the authority information receiving module and the update information receiving module shown in fig. 12.

Processor 1301 may be a CPU, general purpose processor, DSP, ASIC, FPGA or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 1301 may also be a combination that performs a computing function, including, for example, one or more microprocessors, DSPs, and microprocessors, among others.

Bus 1302 may include a path that conveys information between the aforementioned components. The bus 1302 may be a PCI bus or an EISA bus, etc. The bus 1302 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 13, but this is not intended to represent only one bus or type of bus.

The memory 1303 may be, but is not limited to, ROM or other types of static storage devices that can store static information and instructions, RAM or other types of dynamic storage devices that can store information and instructions, EEPROM, CD-ROM or other optical disk storage, optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.

The memory 1303 is used for storing application program codes for executing the scheme of the present application, and is controlled by the processor 1301 to execute the application program codes. The processor 1301 is configured to execute the application program code stored in the memory 1303, so as to implement the actions of the authority control device of the distributed service provided by the embodiment shown in fig. 10,11 or 12.

It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of execution is not necessarily sequential, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.

The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.

Claims

1. A method for controlling authority of distributed service is characterized by comprising the following steps:

acquiring authority information stored in a Zookeeper cluster through a logic layer in an authority control system, and respectively storing the authority information into a shared memory of each server in distributed service, so that a data system service providing system corresponding to each server performs authority control based on the authority information in the corresponding shared memory, wherein the logic layer is one or more computing entities for automatically pulling and updating the authority information in the authority control system;

the shared memory is a fixed-size memory obtained by initializing the authority control system in each server before the service providing system is started to operate; when the number of the logic layers is multiple, the multiple logic layers respectively perform parallel interaction with the Zookeeper cluster and the servers;

if the authority information in the Zookeeper cluster is updated, acquiring the updated authority information from the Zookeeper cluster through the logic layer, and respectively updating the authority information in the shared memory of each server based on the updated authority information;

after a first permission updating request sent by a user is obtained through the logic layer, the first permission updating request is converted through the logic layer to obtain a second permission updating request corresponding to the Zookeeper cluster, the second permission updating request is sent to the Zookeeper cluster to enable the Zookeeper cluster to update the permission information based on the second permission updating request, and the second permission updating request indicates that permission information in the Zookeeper cluster is newly added, deleted or modified;

wherein the manner in which the logic layer learns that the permission information in the Zookeeper cluster is updated comprises at least one of a query manner and a notification manner, and the query manner is to send permission update query information to the Zookeeper cluster through the logic layer; and the notification mode is to receive an update notification sent by the Zookeeper cluster.

2. The method of claim 1, further comprising:

sending authority updating query information to the Zookeeper cluster at each interval of preset time interval, and receiving a query result fed back by the Zookeeper cluster in response to the authority updating query information;

if the permission information in the Zookeeper cluster is updated, acquiring the updated permission information from the Zookeeper cluster, wherein the acquiring comprises:

3. The method according to claim 1 or 2, characterized in that the method further comprises:

and when the update notification is received, acquiring updated authority information from the Zookeeper cluster.

4. The method according to claim 1, wherein the first permission update request includes an update type, a service party identifier, and an update content, and the converting the first permission update request to obtain a second permission update request corresponding to the Zookeeper cluster includes:

and encapsulating the update type, the service party identifier and the update content into a function corresponding to the Zookeeper cluster to obtain the second permission update request.

5. The method of claim 4, further comprising:

and receiving permission updating feedback information fed back by the Zookeeper cluster after the permission information is updated based on the second permission updating request, wherein the permission updating feedback information is used for indicating whether permission updating is successful or not.

6. A method for controlling authority of distributed service is characterized by comprising the following steps:

acquiring authority information in a Zookeeper cluster at a logic layer in an authority control system, respectively storing the authority information in a shared memory of each server in distributed service, and sending an updating notification to the logic layer when the authority information is updated, so that the logic layer responds to the updating notification to acquire updated authority information and respectively updates the authority information in the shared memory of each server based on the updated authority information, wherein the logic layer is one or more computing entities for automatically pulling and updating the authority information in the authority control system;

the service providing system corresponding to each server performs authority control based on the authority information in the corresponding shared memory; the shared memory is a memory with a fixed size obtained by initializing the authority control system in each server before the service providing system starts to operate; when the number of the logic layers is multiple, the multiple logic layers respectively perform parallel interaction with the Zookeeper cluster and the servers;

wherein the manner in which the logic layer learns that the permission information in the Zookeeper cluster is updated comprises at least one of a query manner and a notification manner, and the query manner is to send permission update query information to the Zookeeper cluster through the logic layer; the notification mode is to receive an update notification sent by the Zookeeper cluster;

wherein the permission information is updated as follows: receiving a second permission updating request sent by the logic layer; and updating the permission information based on each second permission updating request, wherein the second permission updating request is obtained by converting the logic layer based on the acquired first permission updating request, and the second permission updating request indicates to add, delete or modify the permission information in the Zookeeper cluster.

7. The method of claim 6, before the logic layer acquires the permission information in the Zookeeper cluster, further comprising:

the updating the authority information based on each second authority updating request includes:

and updating the authority information based on the storage path and the second authority updating requests.

8. A method for controlling authority of distributed service is characterized by comprising the following steps:

receiving authority information acquired from a Zookeeper cluster and sent by a logic layer in an authority control system and storing the authority information into a corresponding shared memory so as to enable a service providing system corresponding to each server in the distributed service to perform authority control based on the authority information in the corresponding shared memory, wherein the logic layer is one or more computing entities for automatically pulling and updating the authority information in the authority control system;

if the authority information in the Zookeeper cluster is updated, receiving updated authority information acquired by the logic layer from the Zookeeper cluster, and updating the authority information in the corresponding shared memory based on the updated authority information;

wherein the Zookeeper cluster updates the permission information in the following manner: receiving a second permission updating request sent by the logic layer; and updating the permission information based on each second permission updating request, wherein the second permission updating request is obtained by converting the logic layer based on the acquired first permission updating request, and the second permission updating request indicates to add, delete or modify the permission information in the Zookeeper cluster.

9. An apparatus for controlling authority of a distributed service, comprising:

the system comprises an authority information acquisition module, a permission control module and a permission information updating module, wherein the authority information acquisition module is used for acquiring authority information stored in a Zookeeper cluster through a logic layer in an authority control system and respectively storing the authority information into a shared memory of each server in distributed service so as to enable a service providing system corresponding to each server to perform authority control based on the authority information in the corresponding shared memory, and the logic layer is one or more computing entities which automatically pull and update the authority information in the authority control system;

an update information obtaining module, configured to obtain, if the permission information in the Zookeeper cluster is updated, updated permission information from the Zookeeper cluster through the logic layer, and update, based on the updated permission information, the permission information in the shared memory of each server;

10. An apparatus for controlling authority of a distributed service, comprising:

an update notification sending module, configured to, after a logic layer in an authority control system obtains authority information in a Zookeeper cluster, and stores the authority information in a shared memory of each server in a distributed service, respectively, and when the authority information is updated, send an update notification to the logic layer, so that the logic layer obtains updated authority information in response to the update notification, and updates the authority information in the shared memory of each server based on the updated authority information, where the logic layer is one or more computing entities that automatically pull and update the authority information in the authority control system;

the service providing system corresponding to each server performs authority control based on the authority information in the corresponding shared memory; the shared memory is a fixed-size memory obtained by initializing the authority control system in each server before the service providing system starts to operate; when the number of the logic layers is multiple, the multiple logic layers respectively interact with the Zookeeper cluster and the servers in parallel;

11. An apparatus for controlling authority of a distributed service, comprising:

the permission information receiving module is used for receiving permission information which is sent by a logic layer in a permission control system and acquired from the Zookeeper cluster and storing the permission information into a corresponding shared memory so as to enable a service providing system corresponding to each server in the distributed service to carry out permission control based on the permission information in the corresponding shared memory, and the logic layer is one or more computing entities which automatically pull and update the permission information in the distributed system;

an update information receiving module, configured to receive updated authority information obtained by the logic layer from the Zookeeper cluster if the authority information in the Zookeeper cluster is updated, and update the authority information in the corresponding shared memory based on the updated authority information;

the method for the logic layer to know that the permission information in the Zookeeper cluster is updated comprises at least one of a query mode and a notification mode, wherein the query mode is to send permission update query information to the Zookeeper cluster through the logic layer; the notification mode is to receive an update notification sent by the Zookeeper cluster;

12. An electronic device comprising a memory and a processor;

the memory has stored therein a computer program;

the processor for executing the computer program to implement the method of any one of claims 1 to 8.

13. A computer-readable storage medium, characterized in that a computer program is stored on the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method of any one of claims 1 to 8.