CN112491981A - Distributed cache authentication method and device, electronic equipment and readable storage medium - Google Patents
Distributed cache authentication method and device, electronic equipment and readable storage medium Download PDFInfo
- Publication number
- CN112491981A CN112491981A CN202011267619.0A CN202011267619A CN112491981A CN 112491981 A CN112491981 A CN 112491981A CN 202011267619 A CN202011267619 A CN 202011267619A CN 112491981 A CN112491981 A CN 112491981A
- Authority
- CN
- China
- Prior art keywords
- node
- link
- distributed cache
- authentication
- authentication information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 51
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000012795 verification Methods 0.000 claims description 10
- 238000004590 computer program Methods 0.000 claims description 5
- 238000012986 modification Methods 0.000 claims description 5
- 230000004048 modification Effects 0.000 claims description 5
- 239000000126 substance Substances 0.000 claims description 3
- 238000004891 communication Methods 0.000 abstract description 9
- 230000006870 function Effects 0.000 description 7
- 238000013475 authorization Methods 0.000 description 4
- 230000007246 mechanism Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000010586 diagram Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000005034 decoration Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 235000019800 disodium phosphate Nutrition 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000011022 operating instruction Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
- G06F16/24552—Database cache management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Computational Linguistics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to the technical field of computer network security, in particular to a distributed cache authentication method, a distributed cache authentication device, electronic equipment and a readable storage medium, wherein the method comprises the steps that a first node receives a link request of a second node; wherein the link request includes an IP address and authentication information of the second node; determining that the link white list of the first node contains the second node according to the acquired IP address of the second node; and verifying the authentication information of the second node, and after the authentication is passed, establishing a link between the first node and the second node. According to the technical scheme, the communication efficiency is improved while the communication safety of the cache nodes of the distributed cache system is ensured.
Description
Technical Field
The present application relates to the field of computer network security technologies, and in particular, to a distributed cache authentication method and apparatus, an electronic device, and a readable storage medium.
Background
With the rapid increase of the service access volume of the computer device, the traditional relational database becomes a bottleneck of performance more and more, and in order to relieve the pressure of the database, the performance can be effectively improved by adopting a mode of combining the distributed cache and the traditional database. Meanwhile, the distributed cache can also be independently used as a memory database, and even can completely replace the traditional database in the coming years. However, since the distributed structure is complex, as the application becomes more complex, the usage of different authorization and access control modes by each application device becomes more complex and difficult to control. Therefore, the authentication and authorization of the user in different devices in the distributed device can be messy, and the key for ensuring the safe access between the nodes is the development of the application market of the distributed cache.
Disclosure of Invention
The present application aims to solve at least one of the above technical drawbacks. The technical scheme adopted by the application is as follows:
in a first aspect, an embodiment of the present application provides a distributed cache authentication method, which is applied to a distributed cache system, and the method includes:
a first node receives a link request of a second node; wherein the link request includes an IP address and authentication information of the second node;
determining that the link white list of the first node contains the second node according to the acquired IP address of the second node;
and verifying the authentication information of the second node, and after the authentication is passed, establishing a link between the first node and the second node.
In an optional embodiment, the verifying the authentication information of the second node comprises:
matching and verifying the authentication information of the second node with the password file stored in the first node; wherein the authentication information comprises a username and password used by the second node to request the first node to establish the link.
In an optional embodiment, after the first node establishes the link with the second node, the method further includes:
according to the preset access authority of the second node, the second node executes an access instruction in the preset authority; wherein the access instruction is for accessing storage data stored in the first node storage area.
In an optional embodiment, after the first node establishes the link with the second node, the method further includes:
the first node is linked with the second node;
the second node initiates a link request to the first node;
and the first node and the second node establish a link successfully.
In an alternative embodiment, the white list of links of the first node receives user-defined modifications.
In an alternative embodiment, the method further comprises:
the password file of the first node and the authentication information of the second node may be periodically updated and hot loaded.
In an alternative embodiment, the method further comprises:
determining that the link white list of the first node does not contain the second node according to the acquired IP address of the second node;
feeding back a link setup failure message to the second node.
In a second aspect, an embodiment of the present application provides a distributed cache authentication apparatus, which is applied to a distributed cache system, and the apparatus includes: the system comprises an interface module, a verification module and a transmission module; wherein the content of the first and second substances,
the interface module is used for the first node to receive a link request of the second node; wherein the link request includes an IP address and authentication information of the second node;
the verification module is configured to determine that the link white list of the first node includes the second node according to the IP address of the second node acquired by the interface module;
the verification module is further configured to verify authentication information of the second node;
and the transmission module is used for controlling the first node to establish the link with the second node after the authentication is passed.
In a third aspect, an embodiment of the present invention provides an electronic device, including a processor and a memory;
the memory is used for storing operation instructions;
the processor is used for executing the distributed cache authentication method by calling the operation instruction.
In a fourth aspect, a computer-readable storage medium has stored thereon a computer program which, when executed by a processor, implements the method of distributed cache authentication described above.
The distributed cache authentication scheme disclosed by the embodiment of the application specifically comprises the steps that a first node receives a link request of a second node; wherein the link request includes an IP address and authentication information of the second node; determining that the link white list of the first node contains the second node according to the acquired IP address of the second node; and verifying the authentication information of the second node, and after the authentication is passed, establishing a link between the first node and the second node. The beneficial effects brought by the technical scheme provided by the embodiment of the application at least comprise one of the following:
(1) the authentication method and the authentication system have the advantages that authentication is not needed before communication every time after the authentication link is established once between the nodes, the problem that the existing distributed cache nodes can only pass SSL and handshake transmission is established during data transmission every time is solved, and transmission efficiency is improved.
(2) Compared with the single encryption rule of Ignite itself. The authentication scheme of the embodiment of the application can be decoupled from a specific encryption and decryption mechanism, any encryption algorithm can be expanded, and the security of the authentication of the distributed cache nodes is improved. Different systems can use different user names and passwords to connect with the same server, so that the difficulty of a hacker to violently crack the passwords is increased.
(3) The authentication scheme of the embodiment of the application supports hot loading of the password file. Password updating can be completed without restarting the service of the cache component. The request established before password updating is not influenced by updating the password. And the new connection after the password is updated is authenticated by adopting the new password.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic flowchart of a distributed cache authentication method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a distributed cache authentication apparatus according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present invention.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To more clearly describe the embodiments of the present application, some definitions, concepts or devices that may be used in the embodiments are described below:
the distributed cache is used for solving the bottleneck between the database server and the Web server, and if the flow of a website is large, the bottleneck is obvious, and the time consumed by each database query is not optimistic. For sites with not fast update speed, staticizing can be adopted to avoid excessive data query, and Freemarker or Velocity can be used to realize page staticizing. Staticizing is not ideal for sites that update data on the order of seconds, and can be solved by distributed caching devices, such as Redis, MemCache, SSDB, and the like.
The Apache Ignite is a distributed high-performance cache device, and the memory array organization framework is a high-performance, integrated and distributed memory computing and transaction platform used for large-scale data set processing. The Ignite provides a high-performance framework for organizing and managing data in a distributed memory between an application and different data sources.
JVM is an abbreviation of Java Virtual Machine (Java Virtual Machine), a specification for computing devices, which is an imaginary computer implemented by emulating and simulating various computer functions on a real computer.
As mentioned above, the communication security of the distributed cache nodes is a key for expanding the application field of the distributed cache, and the existing distributed cache technology mainly has two ways for ensuring the secure access between the distributed nodes:
the first mode is that an SSL or TLS encryption channel is opened between nodes for data transmission, which requires a secure link to be established during each communication between the nodes, and multiple handshake requests are added after the communication is opened, which seriously affects performance and is not suitable for high-concurrency devices.
The second mode is that the distributed cache device provides a self-contained authentication mechanism, namely, a super user is established every time the super user is started, but the mode cannot rename and authorize the super user, is low in safety, only supports a single encryption rule, is low in password expansibility, and is not high enough to be used in a production environment.
Based on this application, a distributed cache authentication scheme is disclosed to solve at least one of the above technical problems.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments in conjunction with the accompanying drawings. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
To make the purpose, technical solution and advantages of the present application clearer, fig. 1 discloses a flowchart of a distributed cache authentication method provided in an embodiment of the present application, where the method is applied to a distributed cache system, as shown in fig. 1, and the method includes:
s101, a first node receives a link request of a second node; wherein the link request includes an IP address and authentication information of the second node;
s102, determining that the link white list of the first node contains the second node according to the acquired IP address of the second node;
s103, verifying the authentication information of the second node, and after the authentication is passed, establishing a link between the first node and the second node.
In the embodiment of the present application, the distributed cache system is Apache Ignite, which is a distributed high performance cache. In an optional implementation of the present application, the distributed cache has a plurality of cache nodes, and each cache node corresponds to a respective fragmented storage area.
In an optional embodiment, the verifying the authentication information of the second node comprises:
matching and verifying the authentication information of the second node with the password file stored in the first node; wherein the authentication information comprises a username and password used by the second node to request the first node to establish the link.
In an optional embodiment, after the first node establishes the link with the second node, the method further includes:
according to the preset access authority of the second node, the second node executes an access instruction in the preset authority; wherein the access instruction is for accessing storage data stored in the first node storage area. That is, the second node can operate the designated table according to the preset authority, wherein the authorized content includes: tables (caches), tasks, system permissions, accessible services, etc., each system may control the required permissions by defining a permission list through the node in which the accessible tables, tasks, system permissions, and services are defined.
In a specific embodiment, after the link between the first node and the second node is established, the method further comprises a distributed cache access authorization scheme, wherein the scheme comprises a system A and a system B, and passwords of the system A and the system B are stored in a password file; when the distributed cache system is started, the passwords of the system A and the system B are loaded into a cached memory database; when the client of the system A establishes connection, the user name and the password of the system A need to be uploaded; similarly, the user name and password of the system B need to be uploaded when the client of the system B establishes connection. A. The system B can access the memory database at the same time by using different passwords, and the memory database can enable the system A to only access the resources of the system A and the system B to only access the resources of the system B through an authorization mechanism.
In an optional embodiment, after the first node establishes the link with the second node, the method further includes:
the first node is linked with the second node;
the second node initiates a link request to the first node;
and the first node and the second node establish a link successfully.
Based on the method and the device, the authentication is only carried out once when the link is established, and the subsequent communication is directly accessed.
In an alternative embodiment, the white list of links of the first node receives user-defined modifications.
In an alternative embodiment, the method further comprises:
the password file of the first node and the authentication information of the second node may be periodically updated and hot loaded. The specific implementation process comprises the following steps:
step 1, loading data of an old password file into a memory when a cached memory database is started;
step 2, after the client sends the old password server to pass the password verification, the connection is successfully established; the client accesses the cached database data through a particular node or nodes.
And 3, replacing the new password file, changing the path configuration of the password file, and loading the new password into the memory by the memory database server.
And 4, establishing connection between the client and the server only through the new password, wherein the old password is invalid. But the previously established connection is not broken until the connection is automatically closed.
Based on the embodiment, the password file and the white list file both support hot loading, once the content is changed, the user name and the password in the memory of the current node can be automatically updated by the node, the updated password is used when the next new link comes, and the node which has established the link is not affected. When the password is due and needs to be updated, the cache is not needed to be restarted, and only the password file and the configuration need to be updated. The authentication scheme of the embodiment of the application supports hot loading of the password file. Password updating can be completed without restarting the service of the cache component. The request established before password updating is not influenced by updating the password. And the new connection after the password is updated is authenticated by adopting the new password.
In an optional embodiment of the present application, the connection between nodes and the connection between the client and the server are different processes, and if the connection between nodes adopts the same configuration, the client is connected with the server, and the client does not need to configure a white list, and only needs to provide a decrypted user name and password, that is, to provide authentication information.
In an alternative embodiment, the method further comprises:
determining that the link white list of the first node does not contain the second node according to the acquired IP address of the second node;
feeding back a link setup failure message to the second node.
The authentication scheme of the embodiment of the application can be decoupled from a specific encryption and decryption mechanism, any encryption algorithm can be expanded, and the security of the authentication of the distributed cache nodes is improved. Different systems can use different user names and passwords to connect with the same server, so that the difficulty of a hacker to violently crack the passwords is increased.
In order to more clearly introduce the distributed cache authentication scheme described in the embodiments of the present application, the following description is provided with specific examples.
In an optional embodiment of the present application, the first node receives a link request of the second node, and the following example may be referred to for a process of completing authentication based on the link request sent by the second node: taking the first node IP as 22.5.6.1, the second node IP as 22.5.6.2 as an example,
step 1, adding jar packages developed based on the embodiment of the application under an IGNITE _ HOME/libs directory;
step 2, adding account. ini password files under the appointed directory of the server;
step 3, adding a white list IP list in the configuration file;
and 4, starting the first node of the server, reading and decrypting the account. And meanwhile, whether a white list IP list exists or not is judged, if the IP does not exist, the white list control is not added to the cluster, and if the IP exists, the IP list is read into the memory.
And 5, starting the second node to establish connection with the first node according to the steps 1-3.
Step 6, the first node receives the link of the second node and then judges whether the second node is in a white list IP list, if yes, the user authority list is returned after the password verification is successful, otherwise, the user authority list is returned to fail;
and 7, the second node is started successfully after acquiring the authority list and is added into the cluster where the first node is located.
Based on the distributed cache authentication method provided by the embodiment shown in fig. 1, fig. 2 shows a distributed cache authentication apparatus provided by the embodiment of the present application, and as shown in fig. 2, the apparatus may mainly include: the device comprises: 201 interface module, 202 verification module and 203 transmission module; wherein the content of the first and second substances,
the 201 interface module is used for the first node to receive the link request of the second node; wherein the link request includes an IP address and authentication information of the second node;
the 202 verification module is configured to determine, according to the IP address of the second node obtained by the interface module, that the link white list of the first node includes the second node;
the 202 verifying module is further configured to verify authentication information of the second node;
and the 203 transmission module is used for controlling the first node to establish a link with the second node after the authentication is passed.
It is understood that the modules of the distributed cache authentication apparatus in the present embodiment have functions of implementing the corresponding steps of the method in the embodiment shown in fig. 1. The function can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the functions described above. The modules can be software and/or hardware, and each module can be implemented independently or by integrating a plurality of modules. For the functional description of each module, reference may be specifically made to the corresponding description of the method in the embodiment shown in fig. 1, and details are not repeated here.
The embodiment of the application provides an electronic device, which comprises a processor and a memory;
a memory for storing operating instructions;
the processor is used for executing the distributed cache authentication method provided by any embodiment of the application by calling the operation instruction.
As an example, fig. 3 shows a schematic structural diagram of an electronic device to which an embodiment of the present application is applicable, and as shown in fig. 3, the electronic device 2000 includes: a processor 2001 and a memory 2003. Wherein the processor 2001 is coupled to a memory 2003, such as via a bus 2002. Optionally, the electronic device 2000 may also include a transceiver 2004. It should be noted that the transceiver 2004 is not limited to one in practical applications, and the structure of the electronic device 2000 is not limited to the embodiment of the present application.
The processor 2001 is applied to the embodiment of the present application to implement the method shown in the above method embodiment. The transceiver 2004 may include a receiver and a transmitter, and the transceiver 2004 is applied to the embodiments of the present application to implement the functions of the electronic device of the embodiments of the present application to communicate with other devices when executed.
The Processor 2001 may be a CPU (Central Processing Unit), general Processor, DSP (Digital Signal Processor), ASIC (Application Specific Integrated Circuit), FPGA (Field Programmable Gate Array) or other Programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 2001 may also be a combination of computing functions, e.g., comprising one or more microprocessors, DSPs and microprocessors, and the like.
The Memory 2003 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.
Optionally, the memory 2003 is used for storing application program code for performing the disclosed aspects, and is controlled in execution by the processor 2001. The processor 2001 is configured to execute the application program code stored in the memory 2003 to implement the distributed cache authentication method provided in any of the embodiments of the present application.
The electronic device provided by the embodiment of the application is applicable to any embodiment of the method, and is not described herein again.
The embodiment of the present application provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements the distributed cache authentication method shown in the foregoing method embodiment.
The computer-readable storage medium provided in the embodiments of the present application is applicable to any of the embodiments of the foregoing method, and is not described herein again.
The distributed cache authentication scheme disclosed by the embodiment of the application comprises the steps that a first node receives a link request of a second node; wherein the link request includes an IP address and authentication information of the second node; determining that the link white list of the first node contains the second node according to the acquired IP address of the second node; and verifying the authentication information of the second node, and after the authentication is passed, establishing a link between the first node and the second node. According to the technical scheme, the communication efficiency is improved while the communication safety of the cache nodes of the distributed cache system is ensured.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (10)
1. A distributed cache authentication method is applied to a distributed cache system, and is characterized by comprising the following steps:
a first node receives a link request of a second node; wherein the link request includes an IP address and authentication information of the second node;
determining that the link white list of the first node contains the second node according to the acquired IP address of the second node;
and verifying the authentication information of the second node, and after the authentication is passed, establishing a link between the first node and the second node.
2. The distributed cache authentication method of claim 1, wherein the verifying the authentication information of the second node comprises:
matching and verifying the authentication information of the second node with the password file stored in the first node; wherein the authentication information comprises a username and password used by the second node to request the first node to establish the link.
3. The distributed cache authentication method of claim 2, wherein after the first node establishes the link with the second node, the method further comprises:
according to the preset access authority of the second node, the second node executes an access instruction in the preset authority; wherein the access instruction is for accessing storage data stored in the first node storage area.
4. The distributed cache authentication method of claim 3, wherein after the first node establishes the link with the second node, the method further comprises:
the first node is linked with the second node;
the second node initiates a link request to the first node;
and the first node and the second node establish a link successfully.
5. The distributed cache authentication method of claim 4, wherein the linked whitelist of the first node receives user-defined modifications.
6. The distributed cache authentication method of claim 5, further comprising:
the password file of the first node and the authentication information of the second node may be periodically updated and hot loaded.
7. The distributed cache authentication method of any one of claims 1-6, wherein the method further comprises:
determining that the link white list of the first node does not contain the second node according to the acquired IP address of the second node;
feeding back a link setup failure message to the second node.
8. A distributed cache authentication device is applied to a distributed cache system, and is characterized by comprising: the system comprises an interface module, a verification module and a transmission module; wherein the content of the first and second substances,
the interface module is used for the first node to receive a link request of the second node; wherein the link request includes an IP address and authentication information of the second node;
the verification module is configured to determine that the link white list of the first node includes the second node according to the IP address of the second node acquired by the interface module;
the verification module is further configured to verify authentication information of the second node;
and the transmission module is used for controlling the first node to establish the link with the second node after the authentication is passed.
9. An electronic device comprising a processor and a memory;
the memory is used for storing operation instructions;
the processor is used for executing the method of any one of claims 1-7 by calling the operation instruction.
10. A computer-readable storage medium, characterized in that the storage medium has stored thereon a computer program which, when being executed by a processor, carries out the method of any one of claims 1-7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011267619.0A CN112491981A (en) | 2020-11-13 | 2020-11-13 | Distributed cache authentication method and device, electronic equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011267619.0A CN112491981A (en) | 2020-11-13 | 2020-11-13 | Distributed cache authentication method and device, electronic equipment and readable storage medium |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112491981A true CN112491981A (en) | 2021-03-12 |
Family
ID=74930142
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011267619.0A Pending CN112491981A (en) | 2020-11-13 | 2020-11-13 | Distributed cache authentication method and device, electronic equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112491981A (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107800695A (en) * | 2017-10-17 | 2018-03-13 | 郑州云海信息技术有限公司 | File access method, device based on Samba agreements, system |
CN110213230A (en) * | 2019-04-26 | 2019-09-06 | 特斯联(北京)科技有限公司 | A kind of network security verification method and device for distributed communication |
WO2020143196A1 (en) * | 2019-01-11 | 2020-07-16 | 平安科技(深圳)有限公司 | Communication method and device between blockchain nodes, storage medium and electronic apparatus |
CN111737679A (en) * | 2020-06-29 | 2020-10-02 | 苏州浪潮智能科技有限公司 | Security authentication method and device, electronic equipment and storage medium |
-
2020
- 2020-11-13 CN CN202011267619.0A patent/CN112491981A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107800695A (en) * | 2017-10-17 | 2018-03-13 | 郑州云海信息技术有限公司 | File access method, device based on Samba agreements, system |
WO2020143196A1 (en) * | 2019-01-11 | 2020-07-16 | 平安科技(深圳)有限公司 | Communication method and device between blockchain nodes, storage medium and electronic apparatus |
CN110213230A (en) * | 2019-04-26 | 2019-09-06 | 特斯联(北京)科技有限公司 | A kind of network security verification method and device for distributed communication |
CN111737679A (en) * | 2020-06-29 | 2020-10-02 | 苏州浪潮智能科技有限公司 | Security authentication method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107948167B (en) | Single sign-on method and device | |
US10055561B2 (en) | Identity risk score generation and implementation | |
JP5516821B2 (en) | System and method for remote maintenance of multiple clients in an electronic network using virtualization and authentication | |
CN112632164B (en) | Universal cross-chain programming interface method for realizing trusted authority access | |
US9325695B2 (en) | Token caching in trust chain processing | |
CN110489996B (en) | Database data security management method and system | |
CN108289098B (en) | Authority management method and device of distributed file system, server and medium | |
US10318747B1 (en) | Block chain based authentication | |
US20230370265A1 (en) | Method, Apparatus and Device for Constructing Token for Cloud Platform Resource Access Control | |
KR20040049272A (en) | Methods and systems for authentication of a user for sub-locations of a network location | |
CN112149105A (en) | Data processing system, method, related device and storage medium | |
US11146552B1 (en) | Decentralized application authentication | |
CN107145531B (en) | Distributed file system and user management method of distributed file system | |
CN113271289A (en) | Method, system and computer storage medium for resource authorization and access | |
CN116192483A (en) | Authentication method, device, equipment and medium | |
US20140007197A1 (en) | Delegation within a computing environment | |
CN111988262B (en) | Authentication method, authentication device, server and storage medium | |
CN109284622B (en) | Contact information processing method and device and storage medium | |
WO2022193494A1 (en) | Permission control method, server, terminal, storage medium, and computer program | |
CN117157623A (en) | System and method for protecting secrets when used in conjunction with containerized applications | |
CN112491981A (en) | Distributed cache authentication method and device, electronic equipment and readable storage medium | |
CN115001707A (en) | Block chain-based equipment authentication method and related equipment | |
CN111339552A (en) | Database access method and device | |
US11849041B2 (en) | Secure exchange of session tokens for claims-based tokens in an extensible system | |
CN114157420B (en) | Token invalidation method and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210312 |