CN112822173A - Request processing method and device based on hierarchical authentication and storage medium - Google Patents
Request processing method and device based on hierarchical authentication and storage medium Download PDFInfo
- Publication number
- CN112822173A CN112822173A CN202011624419.6A CN202011624419A CN112822173A CN 112822173 A CN112822173 A CN 112822173A CN 202011624419 A CN202011624419 A CN 202011624419A CN 112822173 A CN112822173 A CN 112822173A
- Authority
- CN
- China
- Prior art keywords
- authentication
- sub
- access request
- original access
- modules
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Abstract
The invention relates to the technical field of data processing, and discloses a request processing method based on hierarchical authentication, which comprises the following steps: the original access request is guided to a multi-core authentication service area; distributing the original access request to each authentication sub-module in the multi-core authentication service area according to the sequence of the original access request reaching the multi-core authentication service area; respectively authenticating the original access request based on the authentication sub-modules, and acquiring an authentication result corresponding to the original access request; sending the authentication result corresponding to the original access request to a voting area to obtain a voting result corresponding to the original access request; and performing request processing on the original access request according to the voting result. The invention also relates to a block chain technology, and the multi-core authentication service area is stored in the block chain. The processing method and the processing system can improve the safety and the timeliness of request processing.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method and an apparatus for request processing based on hierarchical authentication, an electronic device, and a computer-readable storage medium.
Background
At present, the request of identity authentication is an important field related to authentication in websites, platforms and systems, especially for data-based platforms of finance, consumption and information. In such systems, top-level companies in the industry, such as Payment, Amazon, etc., have their own architectures for requests, data, authentication, etc. In the request access, different authentication levels can be divided according to information of a requester, request duration, request address, request data and the like, and the use safety of system data can be improved according to different authentication levels, so that the safety quality of service provided by enterprises can be helped, and the customer satisfaction can be improved.
The traditional authentication request needs a whole set of serial chain type verification, complex, long and tedious verification chains such as the correctness of an account number password of a user, the identity authority of the user, the user rights and interests verification and the like need to be verified in strict sequence, long-time waiting is easy to occur in the verification process, and poor experience is easy to cause for the user. Meanwhile, when the system access volume is increased along with the service volume and the client volume, the solidified chained request verification mode becomes the bottleneck of the system user access request volume, so that the system requests are blocked in verification, and the user experience is greatly influenced.
Disclosure of Invention
The invention provides a request processing method and device based on hierarchical authentication, electronic equipment and a computer readable storage medium, and mainly aims to improve the data security and efficiency of request processing.
In order to achieve the above object, the present invention provides a request processing method based on hierarchical authentication, which includes: the original access request is guided to a multi-core authentication service area;
distributing the original access request to each authentication sub-module in the multi-core authentication service area according to the sequence of the original access request reaching the multi-core authentication service area;
respectively authenticating the original access request based on the authentication sub-modules, and acquiring an authentication result corresponding to the original access request;
sending the authentication result corresponding to the original access request to a voting area to obtain a voting result corresponding to the original access request;
and performing request processing on the original access request according to the voting result.
Optionally, the multi-core authentication service area is stored in a block chain, and the step of directing the original access request into the multi-core authentication service area includes:
presetting a multi-core authentication service area; meanwhile, an original access request of a user is obtained;
the original access request is guided into the multi-core authentication service area through a front-end shunting component; wherein the multi-core authentication service area comprises: a user account password authentication submodule, a user account role authentication submodule, a user data authority authentication submodule and a user request access security authentication submodule.
Optionally, the step of performing respective authentication on the original access request based on the authentication sub-modules and obtaining an authentication result corresponding to the original access request includes:
distributing original access requests arriving in the multi-core authentication service area to the authentication sub-modules based on a preset allocation component;
the original access request is authenticated through the authentication sub-modules, and a sub-authentication result corresponding to the authentication sub-module is obtained;
and acquiring an authentication result corresponding to the original access request based on the sub-authentication results of all the authentication sub-modules.
Optionally, the process of performing authentication processing on the original access request through each authentication sub-module and obtaining a sub-authentication result corresponding to the authentication sub-module includes:
acquiring a target authentication submodule in each authentication submodule; the target authentication submodule is all submodules which need to be sequentially authenticated in all the authentication submodules;
performing associated storage on the target authentication submodule through a linked list;
and controlling the target authentication sub-module to perform sequential authentication based on the execution sequence corresponding to the linked list, and acquiring a sub-authentication result corresponding to the authentication sub-module.
Optionally, a heartbeat mechanism of timing communication is established between the authentication sub-modules, a heartbeat detection report packet is mutually sent between the authentication sub-modules at a fixed time, and the heartbeat detection report includes sub-authentication results of the corresponding authentication sub-modules;
when the sub-authentication result of any one of the authentication sub-modules is failed, issuing the failed sub-authentication result to each authentication sub-module through a corresponding heartbeat detection packet;
and the authentication sub-modules stop the authentication of the original access request according to the received heartbeat detection report of the failed sub-authentication result.
Optionally, the sending the authentication result of each authentication sub-module to a voting area, and the obtaining the voting result corresponding to the original access request includes:
when the sub-authentication results of the authentication sub-modules are all indicated to be successful, the bidding result is passed;
when the sub-authentication results of the authentication sub-modules all indicate failure, the bidding result is failed;
when the sub-authentication results of the authentication sub-modules are successful and failed at the same time, the voting result is undetermined; and the number of the first and second electrodes,
feeding back the failed sub-authentication result to the multi-core authentication service area for secondary authentication; and feeding back the voting result to the multi-core authentication service area for caching.
Optionally, the step of performing request processing on the original access request according to the voting result includes:
when the voting result is passed, the original access request corresponding to the voting result is transferred to a corresponding background service logic area, and the original access request is responded through the background service logic area;
and when the voting result is that the original access request does not pass through, the original access request is refused to access the background service logic area.
In order to solve the above problem, the present invention further provides a request processing apparatus based on hierarchical authentication, including:
the request diversion unit is used for diverting the original access request into the multi-core authentication service area;
the request dispatching unit is used for dispatching the original access request to each authentication sub-module in the multi-core authentication service area according to the sequence of the original access request reaching the multi-core authentication service area;
an authentication result obtaining unit, configured to respectively authenticate the original access request based on the authentication sub-modules, and obtain an authentication result corresponding to the original access request;
the voting result acquisition unit is used for sending the authentication result corresponding to the original access request to a voting area and acquiring the voting result corresponding to the original access request;
and the request processing unit is used for performing request processing on the original access request according to the voting result.
In order to solve the above problem, the present invention also provides an electronic device, including:
a memory storing at least one instruction; and
and the processor executes the instructions stored in the memory to realize the request processing method based on hierarchical authentication.
In order to solve the above problem, the present invention further provides a computer-readable storage medium, which stores at least one instruction, where the at least one instruction is executed by a processor in an electronic device to implement the request processing method based on hierarchical authentication.
The embodiment of the invention can effectively reduce the time loss for requesting authentication through a request access system based on hierarchical authentication and multi-core comparison, and can flexibly configure according to complicated and variable authentication requirements. Meanwhile, the legalization of the access request is quickly decided through a voting mode, the loss stopping is fused in time, and the authentication process is complemented in a result feedback mode, so that the whole process is closed-loop front and back. The use safety of system data can be improved according to different authentication levels, and the safety quality of enterprise service and the customer satisfaction are improved.
Drawings
Fig. 1 is a schematic flowchart illustrating a request processing method based on hierarchical authentication according to an embodiment of the present invention;
fig. 2 is a block diagram of a request processing apparatus based on hierarchical authentication according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an internal structure of an electronic device implementing a request processing method based on hierarchical authentication according to an embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention provides a request processing method based on hierarchical authentication. Fig. 1 is a schematic flow chart of a request processing method based on hierarchical authentication according to an embodiment of the present invention. The method may be performed by an apparatus, which may be implemented by software and/or hardware.
In this embodiment, the request processing method based on hierarchical authentication includes:
s110: and guiding the original access request into the multi-core authentication service area.
The multi-core authentication service area can be stored in a block chain, and the step of guiding the original access request into the multi-core authentication service area comprises the following steps:
s111: presetting a multi-core authentication service area; at the same time, the user can select the desired position,
s112: acquiring an original access request of a user;
s113: the method comprises the steps that an original access request is guided into a multi-core authentication service area through a front-end shunting component; wherein, the multi-core authentication service area includes: a user account password authentication submodule, a user account role authentication submodule, a user data authority authentication submodule and a user request access security authentication submodule.
And the original access request, namely the user access request, is subjected to drainage processing through a front-end shunting component so as to drain the user access request into the multi-core authentication service area for hierarchical authentication.
Specifically, the multi-core authentication service area may also be understood as a multi-core authentication server, and the multi-core authentication server includes, but is not limited to, the following authentication sub-modules: "user account authentication", "user account role authentication", "user data authority authentication", and "user request access security authentication". The authentication sub-modules are all deployed in the same resource pool, and stateless deployment is realized, so that no binding relationship between the authentication sub-service and the resource pool is ensured, the deployed number of the authentication sub-modules can be flexibly adjusted as required, and the purpose of plug and play along with the change of a service peak value can be realized.
It can be known that the authentication sub-modules of the multi-core authentication service area may be configured according to a specific application scenario, and are not limited to the four authentication sub-modules.
It should be emphasized that, in order to further ensure the privacy and security of the multi-core authentication service area, the multi-core authentication service area may also be stored in a node of a block chain.
S120: and distributing the original access request to each authentication sub-module in the multi-core authentication service area according to the sequence of the original access request reaching the multi-core authentication service area.
S130: and respectively authenticating the original access request based on the authentication sub-modules, and acquiring an authentication result corresponding to the original access request.
The steps of respectively authenticating the original access request based on each authentication submodule and obtaining an authentication result corresponding to the original access request comprise:
s131: distributing original access requests arriving in a multi-core authentication service area to each authentication sub-module based on a preset allocation component;
s132: the original access request is authenticated through each authentication submodule, and a sub-authentication result corresponding to the authentication submodule is obtained;
s133: and acquiring an authentication result corresponding to the original access request based on the sub-authentication results of all the authentication sub-modules.
Specifically, after the original access request enters the multi-core authentication service area. First, the authentication request is distributed to different authentication submodules through a distribution component according to the arrival sequence of the original access request. The assignment component is configured to assign each access request to different authentication sub-modules in parallel according to a configured assignment policy, each assignment also follows the above stateless design concept, so that work between the authentication sub-modules is independent and has no front-back dependency, and further, the original access request can be authenticated by all the authentication sub-modules respectively according to the sequence of the original access request reaching the multi-core authentication service area, that is, the original access request needs to be authenticated by all the authentication sub-modules in the multi-core authentication service area.
In addition, when a specific application scenario or a special authentication requirement exists, certain sequence requirements may exist in the execution of the authentication sub-modules, namely, part of the authentication sub-modules need to have the sequence requirements, and part of the authentication sub-modules do not have the sequence requirements, at this time, the authentication sub-modules which need to be executed sequentially can be stored through a linked list structure, the authentication sub-modules which do not need the sequence requirements are still stateless, and the authentication sub-modules can be executed in parallel in the authentication process.
For example, the process of performing authentication processing on the original access request by each authentication sub-module in the step S132 and obtaining the sub-authentication result corresponding to the authentication sub-module includes:
s1321: acquiring a target authentication submodule in each authentication submodule; the target authentication submodule is all submodules which need to be sequentially authenticated in each authentication submodule;
s1322: performing associated storage on the target authentication submodule through a linked list;
s1323: and controlling the target authentication submodule to perform sequential authentication based on the execution sequence corresponding to the linked list, and acquiring a sub-authentication result corresponding to the authentication submodule.
In the above steps, the target authentication sub-module mainly refers to an authentication sub-module with a certain execution sequence requirement, after the target authentication sub-module is determined, a linked list can be set among the target authentication sub-modules and stored in association, and in a specific authentication process, when the authentication sub-module with the linked list is executed, the authentication sub-modules in the target authentication sub-module can be sequentially authenticated according to a preset sequence through the preset linked list. The authentication sequence of the target authentication submodule can be set and adjusted through a linked list.
In a specific embodiment of the present invention, a heartbeat mechanism of timing communication may also be established between the authentication sub-modules, and the authentication sub-modules send heartbeat detection report packets to each other at regular time, where the heartbeat detection report includes sub-authentication results of the corresponding authentication sub-modules;
when the sub-authentication result of any one of the authentication sub-modules is failed, issuing the failed sub-authentication result to each authentication sub-module through a corresponding heartbeat detection packet;
and each authentication submodule stops the authentication of the original access request according to the received heartbeat detection report of the failed sub-authentication result.
Specifically, a heartbeat mechanism of timing communication is established in each authentication submodule, and different authentication submodules send heartbeat detection packets to each other at regular time to ensure effective calling among the different authentication submodules. Meanwhile, the heartbeat detection packet also comprises the feedback result of the authentication in each current sub-module. If it is found that the authentication of the user in one of the authentication sub-modules fails, the sub-module needs to issue the failure information to other authentication sub-modules in a broadcast manner for information synchronization, so that the other authentication sub-modules can stop the authentication of the access request in time to stop loss in time.
In addition, the establishment of the heartbeat mechanism can be configured according to a specific service scene, when the service scene requires that the authentication requirements among the authentication sub-modules are in a 'yes' relationship, all the authentication sub-modules need to return true to be authenticated successfully, and in this case, the heartbeat mechanism can be adopted, and when the authentication of one authentication sub-module fails, the heartbeat mechanism is broadcast as a whole, and the operation of other authentication sub-modules is stopped. However, when the service scenario requires that the authentication requirements among the authentication sub-modules are in an "or" relationship, when some authentication sub-modules return false, the performance of other sub-modules is not affected, and only the false result needs to be recorded and secondary authentication is performed, and in this case, a failure broadcast operation is not required.
S140: and sending the authentication result corresponding to the original access request to a voting area to obtain a voting result corresponding to the original access request.
Sending the authentication result of each authentication submodule to a voting area, and acquiring the voting result corresponding to the original access request comprises the following steps:
when the sub-authentication results of the authentication sub-modules are all indicated to be successful, the bidding result is passed;
when the sub-authentication results of the authentication sub-modules all show failure, the bidding result is failed;
when the sub-authentication results of the authentication sub-modules are successful and failed at the same time, the voting result is undetermined; and, the failed sub-authentication result is fed back to the multi-core authentication service area for secondary authentication; and feeding back the voting result to the multi-core authentication service area for caching.
Specifically, after passing through the multi-core authentication service area, the access request and the authentication result thereof are sent to the voting area in batches. As the respective physical resources and the business processes in the authentication submodules in the multi-core authentication service area are different, the time sequence of the same original access request entering the voting area is possibly different, and a user can configure a corresponding voting strategy according to an application scene and vote the authentication result of each authentication submodule to determine whether the access request passes or not.
Specifically, the cases that the authentication results of all the authentication submodules are fed back to the voting area within a specified time are mainly classified into three types: if the authentication results of all the authentication sub-modules in the first type are successful, the user request smoothly enters the feedback area and then subsequent service access is carried out; secondly, if all authentication results show failure, the user request smoothly enters a feedback area, but subsequent service access is refused; thirdly, if part of the authentication results show success and part of the returned results show failure, returning the failed authentication results to the service area of the multi-core authentication area for secondary authentication according to the sequence of heartbeat feedback. If the continuous results are not uniform, the request access is given up.
S150: and performing request processing on the original access request according to the voting result.
The step of performing request processing on the original access request according to the voting result comprises the following steps:
when the voting result is passed, the original access request corresponding to the voting result is transferred to the corresponding background service logic area, and the original access request is responded through the background service logic area;
and when the voting result is that the voting does not pass, the original access request is refused to access the background service logic area.
Therefore, the request processing method based on the hierarchical authentication can effectively reduce the time loss for requesting the authentication and can be flexibly configured according to the complicated and changeable authentication requirements. And the legalization of the access request is quickly decided by a voting way, and the loss stopping is fused in time. And finally, the authentication process is complemented in a feedback result mode, so that the whole process is closed-loop front and back. The use safety of the system data is improved according to different authentication levels, so that the safety quality of service provided by enterprises can be helped, and the customer satisfaction is improved.
Fig. 2 is a functional block diagram of a request processing device based on hierarchical authentication according to the present invention.
The request processing device 100 based on hierarchical authentication according to the present invention can be installed in an electronic device. According to the implemented functions, the request processing device based on hierarchical authentication may include a request diversion unit 101, a request dispatching unit 102, an authentication result obtaining unit 103, a voting result obtaining unit 104, and a request processing unit 105. A module according to the present invention, which may also be referred to as a unit, refers to a series of computer program segments that can be executed by a processor of an electronic device and that can perform a fixed function, and that are stored in a memory of the electronic device.
In the present embodiment, the functions regarding the respective modules/units are as follows:
and the request diversion unit 101 is configured to divert an original access request into the multi-core authentication service area.
A request dispatching unit 102, configured to dispatch the original access request to each authentication sub-module in the multi-core authentication service area according to an order in which the original access request arrives at the multi-core authentication service area.
An authentication result obtaining unit 103, configured to respectively authenticate the original access request based on the authentication sub-modules, and obtain an authentication result corresponding to the original access request.
A voting result obtaining unit 104, configured to send the authentication result corresponding to the original access request to a voting area, and obtain a voting result corresponding to the original access request.
A request processing unit 105, configured to perform request processing on the original access request according to the voting result.
Specifically, the embodiment of the request processing apparatus 100 based on hierarchical authentication may refer to the description in the embodiment of the request processing method based on hierarchical authentication, and is not repeated here.
Fig. 3 is a schematic structural diagram of an electronic device implementing the request processing method based on hierarchical authentication according to the present invention.
The electronic device 1 may comprise a processor 10, a memory 11 and a bus, and may further comprise a computer program, such as a request handling program 12 based on hierarchical authentication, stored in the memory 11 and executable on the processor 10.
The memory 11 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 11 may in some embodiments be an internal storage unit of the electronic device 1, such as a removable hard disk of the electronic device 1. The memory 11 may also be an external storage device of the electronic device 1 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 1. Further, the memory 11 may also include both an internal storage unit and an external storage device of the electronic device 1. The memory 11 may be used not only to store application software installed in the electronic device 1 and various types of data, such as codes of request processing programs based on hierarchical authentication, etc., but also to temporarily store data that has been output or is to be output.
The processor 10 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same or different functions, including one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The processor 10 is a Control Unit (Control Unit) of the electronic device, connects various components of the whole electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 1 by running or executing programs or modules (e.g., request processing programs based on hierarchical authentication, etc.) stored in the memory 11 and calling data stored in the memory 11.
The bus may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. The bus is arranged to enable connection communication between the memory 11 and at least one processor 10 or the like.
Fig. 3 only shows an electronic device with components, it will be understood by a person skilled in the art that the structure shown in fig. 2 does not constitute a limitation of the electronic device 1, and may comprise fewer or more components than shown, or a combination of certain components, or a different arrangement of components.
For example, although not shown, the electronic device 1 may further include a power supply (such as a battery) for supplying power to each component, and preferably, the power supply may be logically connected to the at least one processor 10 through a power management device, so as to implement functions of charge management, discharge management, power consumption management, and the like through the power management device. The power supply may also include any component of one or more dc or ac power sources, recharging devices, power failure detection circuitry, power converters or inverters, power status indicators, and the like. The electronic device 1 may further include various sensors, a bluetooth module, a Wi-Fi module, and the like, which are not described herein again.
Further, the electronic device 1 may further include a network interface, and optionally, the network interface may include a wired interface and/or a wireless interface (such as a WI-FI interface, a bluetooth interface, etc.), which are generally used for establishing a communication connection between the electronic device 1 and other electronic devices.
Optionally, the electronic device 1 may further comprise a user interface, which may be a Display (Display), an input unit (such as a Keyboard), and optionally a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch device, or the like. The display, which may also be referred to as a display screen or display unit, is suitable for displaying information processed in the electronic device 1 and for displaying a visualized user interface, among other things.
It is to be understood that the described embodiments are for purposes of illustration only and that the scope of the appended claims is not limited to such structures.
The request processing program 12 based on hierarchical authentication stored in the memory 11 of the electronic device 1 is a combination of instructions that, when executed in the processor 10, may implement:
the original access request is guided to a multi-core authentication service area;
distributing the original access request to each authentication sub-module in the multi-core authentication service area according to the sequence of the original access request reaching the multi-core authentication service area;
respectively authenticating the original access request based on the authentication sub-modules, and acquiring an authentication result corresponding to the original access request;
sending the authentication result corresponding to the original access request to a voting area to obtain a voting result corresponding to the original access request;
and performing request processing on the original access request according to the voting result.
Optionally, the multi-core authentication service area is stored in a block chain, and the step of directing the original access request into the multi-core authentication service area includes:
presetting a multi-core authentication service area; meanwhile, an original access request of a user is obtained;
the original access request is guided into the multi-core authentication service area through a front-end shunting component; wherein the multi-core authentication service area comprises: a user account password authentication submodule, a user account role authentication submodule, a user data authority authentication submodule and a user request access security authentication submodule.
Optionally, the step of performing respective authentication on the original access request based on the authentication sub-modules and obtaining an authentication result corresponding to the original access request includes:
distributing original access requests arriving in the multi-core authentication service area to the authentication sub-modules based on a preset allocation component;
the original access request is authenticated through the authentication sub-modules, and a sub-authentication result corresponding to the authentication sub-module is obtained;
and acquiring an authentication result corresponding to the original access request based on the sub-authentication results of all the authentication sub-modules.
Optionally, the process of performing authentication processing on the original access request through each authentication sub-module and obtaining a sub-authentication result corresponding to the authentication sub-module includes:
acquiring a target authentication submodule in each authentication submodule; the target authentication submodule is all submodules which need to be sequentially authenticated in all the authentication submodules;
performing associated storage on the target authentication submodule through a linked list;
and controlling the target authentication sub-module to perform sequential authentication based on the execution sequence corresponding to the linked list, and acquiring a sub-authentication result corresponding to the authentication sub-module.
Optionally, a heartbeat mechanism of timing communication is established between the authentication sub-modules, a heartbeat detection report packet is mutually sent between the authentication sub-modules at a fixed time, and the heartbeat detection report includes sub-authentication results of the corresponding authentication sub-modules;
when the sub-authentication result of any one of the authentication sub-modules is failed, issuing the failed sub-authentication result to each authentication sub-module through a corresponding heartbeat detection packet;
and the authentication sub-modules stop the authentication of the original access request according to the received heartbeat detection report of the failed sub-authentication result.
Optionally, the sending the authentication result of each authentication sub-module to a voting area, and the obtaining the voting result corresponding to the original access request includes:
when the sub-authentication results of the authentication sub-modules are all indicated to be successful, the bidding result is passed;
when the sub-authentication results of the authentication sub-modules all indicate failure, the bidding result is failed;
when the sub-authentication results of the authentication sub-modules are successful and failed at the same time, the voting result is undetermined; and the number of the first and second electrodes,
feeding back the failed sub-authentication result to the multi-core authentication service area for secondary authentication; and feeding back the voting result to the multi-core authentication service area for caching.
Optionally, the step of performing request processing on the original access request according to the voting result includes:
when the voting result is passed, the original access request corresponding to the voting result is transferred to a corresponding background service logic area, and the original access request is responded through the background service logic area;
and when the voting result is that the original access request does not pass through, the original access request is refused to access the background service logic area.
Further, the integrated modules/units of the electronic device 1, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method can be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof.
The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
Furthermore, it is obvious that the word "comprising" does not exclude other elements or steps, and the singular does not exclude the plural. A plurality of units or means recited in the system claims may also be implemented by one unit or means in software or hardware. The terms second, etc. are used to denote names, but not any particular order.
Finally, it should be noted that the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, and although the present invention is described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made on the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (10)
1. A request processing method based on hierarchical authentication, the method comprising:
the original access request is guided to a multi-core authentication service area;
distributing the original access request to each authentication sub-module in the multi-core authentication service area according to the sequence of the original access request reaching the multi-core authentication service area;
respectively authenticating the original access request based on the authentication sub-modules, and acquiring an authentication result corresponding to the original access request;
sending the authentication result corresponding to the original access request to a voting area to obtain a voting result corresponding to the original access request;
and performing request processing on the original access request according to the voting result.
2. The request processing method based on hierarchical authentication as claimed in claim 1, wherein the multi-core authentication service area is stored in a block chain, and the step of directing the original access request into the multi-core authentication service area comprises:
presetting a multi-core authentication service area; meanwhile, an original access request of a user is obtained;
the original access request is guided into the multi-core authentication service area through a front-end shunting component; wherein the multi-core authentication service area comprises: a user account password authentication submodule, a user account role authentication submodule, a user data authority authentication submodule and a user request access security authentication submodule.
3. The request processing method based on hierarchical authentication as claimed in claim 1, wherein the step of authenticating the original access request respectively based on the authentication sub-modules and obtaining the authentication result corresponding to the original access request comprises:
distributing original access requests arriving in the multi-core authentication service area to the authentication sub-modules based on a preset allocation component;
the original access request is authenticated through the authentication sub-modules, and a sub-authentication result corresponding to the authentication sub-module is obtained;
and acquiring an authentication result corresponding to the original access request based on the sub-authentication results of all the authentication sub-modules.
4. The request processing method based on hierarchical authentication as claimed in claim 3, wherein the process of performing authentication processing on the original access request through the authentication sub-modules and obtaining sub-authentication results corresponding to the authentication sub-modules comprises:
acquiring a target authentication submodule in each authentication submodule; the target authentication submodule is all submodules which need to be sequentially authenticated in all the authentication submodules;
performing associated storage on the target authentication submodule through a linked list;
and controlling the target authentication sub-module to perform sequential authentication based on the execution sequence corresponding to the linked list, and acquiring a sub-authentication result corresponding to the authentication sub-module.
5. The request processing method based on hierarchical authentication as claimed in claim 3,
establishing a heartbeat mechanism of timing communication among the authentication sub-modules, and sending heartbeat detection report packets among the authentication sub-modules at regular time, wherein the heartbeat detection report comprises sub-authentication results of the corresponding authentication sub-modules;
when the sub-authentication result of any one of the authentication sub-modules is failed, issuing the failed sub-authentication result to each authentication sub-module through a corresponding heartbeat detection packet;
and the authentication sub-modules stop the authentication of the original access request according to the received heartbeat detection report of the failed sub-authentication result.
6. The request processing method based on hierarchical authentication as claimed in claim 1, wherein said sending the authentication result of each authentication sub-module to a voting area, and obtaining the voting result corresponding to the original access request comprises:
when the sub-authentication results of the authentication sub-modules are all indicated to be successful, the bidding result is passed;
when the sub-authentication results of the authentication sub-modules all indicate failure, the bidding result is failed;
when the sub-authentication results of the authentication sub-modules are successful and failed at the same time, the voting result is undetermined; and the number of the first and second electrodes,
feeding back the failed sub-authentication result to the multi-core authentication service area for secondary authentication; and feeding back the voting result to the multi-core authentication service area for caching.
7. The request processing method based on hierarchical authentication as claimed in claim 6, wherein the step of performing request processing on the original access request according to the voting result comprises:
when the voting result is passed, the original access request corresponding to the voting result is transferred to a corresponding background service logic area, and the original access request is responded through the background service logic area;
and when the voting result is that the original access request does not pass through, the original access request is refused to access the background service logic area.
8. A request processing apparatus based on hierarchical authentication, the apparatus comprising:
the request diversion unit is used for diverting the original access request into the multi-core authentication service area;
the request dispatching unit is used for dispatching the original access request to each authentication sub-module in the multi-core authentication service area according to the sequence of the original access request reaching the multi-core authentication service area;
an authentication result obtaining unit, configured to respectively authenticate the original access request based on the authentication sub-modules, and obtain an authentication result corresponding to the original access request;
the voting result acquisition unit is used for sending the authentication result corresponding to the original access request to a voting area and acquiring the voting result corresponding to the original access request;
and the request processing unit is used for performing request processing on the original access request according to the voting result.
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the steps of the hierarchical authentication based request processing method according to any one of claims 1 to 7.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method for processing a request based on hierarchical authentication according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011624419.6A CN112822173B (en) | 2020-12-31 | 2020-12-31 | Request processing method, device and storage medium based on hierarchical authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011624419.6A CN112822173B (en) | 2020-12-31 | 2020-12-31 | Request processing method, device and storage medium based on hierarchical authentication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112822173A true CN112822173A (en) | 2021-05-18 |
| CN112822173B CN112822173B (en) | 2023-05-09 |
Family
ID=75854726
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011624419.6A Active CN112822173B (en) | 2020-12-31 | 2020-12-31 | Request processing method, device and storage medium based on hierarchical authentication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112822173B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101464811A (en) * | 2008-12-29 | 2009-06-24 | 艾默生网络能源有限公司 | Multitask monitoring management system |
| CN102148722A (en) * | 2011-01-20 | 2011-08-10 | 深圳市同洲电子股份有限公司 | Method and system for detecting data interaction state by using heartbeats, and proxy server |
| CN102831017A (en) * | 2012-08-31 | 2012-12-19 | 河海大学 | High-efficiency distributed parallel authentication system |
| CN107147634A (en) * | 2017-04-28 | 2017-09-08 | 四川长虹电器股份有限公司 | The WEB service layering method for authenticating applied support platform more |
| CN108182635A (en) * | 2017-12-18 | 2018-06-19 | 深圳前海微众银行股份有限公司 | Block chain common recognition method, system and computer readable storage medium |
| CN111585985A (en) * | 2020-04-24 | 2020-08-25 | 广东职业技术学院 | Business identity recognition and authentication method and system based on block chain |
-
2020
- 2020-12-31 CN CN202011624419.6A patent/CN112822173B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101464811A (en) * | 2008-12-29 | 2009-06-24 | 艾默生网络能源有限公司 | Multitask monitoring management system |
| CN102148722A (en) * | 2011-01-20 | 2011-08-10 | 深圳市同洲电子股份有限公司 | Method and system for detecting data interaction state by using heartbeats, and proxy server |
| CN102831017A (en) * | 2012-08-31 | 2012-12-19 | 河海大学 | High-efficiency distributed parallel authentication system |
| CN107147634A (en) * | 2017-04-28 | 2017-09-08 | 四川长虹电器股份有限公司 | The WEB service layering method for authenticating applied support platform more |
| CN108182635A (en) * | 2017-12-18 | 2018-06-19 | 深圳前海微众银行股份有限公司 | Block chain common recognition method, system and computer readable storage medium |
| CN111585985A (en) * | 2020-04-24 | 2020-08-25 | 广东职业技术学院 | Business identity recognition and authentication method and system based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112822173B (en) | 2023-05-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108200050B (en) | Single sign-on server, method and computer readable storage medium | |
| US20220038289A1 (en) | Multi-access edge computing node with distributed ledger | |
| KR102315794B1 (en) | Methods and devices for connecting to accounts and providing service processes | |
| CN110838065A (en) | Transaction data processing method and device | |
| CN102957666B (en) | License control method and license control system | |
| CN112073289B (en) | Instant messaging control method and device | |
| CN111401871A (en) | Transaction processing method, device, equipment and system | |
| CN107111511B (en) | Access control method, device and system | |
| CN104951712A (en) | Data safety protection method in Xen virtualization environment | |
| CN110177088A (en) | A kind of temporary identity authentication method, apparatus and system | |
| CN105119886A (en) | Account ownership determination method and device | |
| WO2019154857A1 (en) | System for authorising data access | |
| CN112822173B (en) | Request processing method, device and storage medium based on hierarchical authentication | |
| CN114553727A (en) | Data processing method and device based on content distribution network | |
| CN113657914A (en) | Commodity tracing method based on block chain, computer device and storage medium | |
| JP2023521901A (en) | Mobile application forgery/falsification detection method, computer program, computer-readable recording medium and computer device using user identifier and signature collection | |
| CN106534047A (en) | Information transmitting method and apparatus based on Trust application | |
| CN108307081B (en) | Harassment data batch processing method and device | |
| CN110866827A (en) | Method and device for processing general certificate, storage medium and server | |
| CN116361753B (en) | Authority authentication method, device, equipment and medium | |
| CN106330821B (en) | A kind of authentication code acquisition methods, the apparatus and system of integrated circuit card | |
| CN111324338B (en) | Customer group creation method and system | |
| CN115225360A (en) | Resource distribution method, device, equipment and storage medium based on authority configuration | |
| CN113094659B (en) | Method, device, platform equipment and system for publishing application file | |
| CN115052011B (en) | Information interaction method and device based on blockchain, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |