CN113596096A - Communication method, communication device, electronic device and storage medium - Google Patents
Communication method, communication device, electronic device and storage medium Download PDFInfo
- Publication number
- CN113596096A CN113596096A CN202110734608.7A CN202110734608A CN113596096A CN 113596096 A CN113596096 A CN 113596096A CN 202110734608 A CN202110734608 A CN 202110734608A CN 113596096 A CN113596096 A CN 113596096A
- Authority
- CN
- China
- Prior art keywords
- connection
- server
- client
- socket
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 75
- 238000000034 method Methods 0.000 title claims abstract description 70
- 230000015654 memory Effects 0.000 claims description 32
- 238000012795 verification Methods 0.000 claims description 26
- 238000010586 diagram Methods 0.000 description 13
- 238000007726 management method Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 10
- 230000006870 function Effects 0.000 description 7
- 230000004044 response Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 4
- 238000012544 monitoring process Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
According to the communication method, the communication device, the electronic equipment and the storage medium, the connection manager establishes socket connection with the client and the server, receives a connection request which is sent by the client and aims at the server, verifies whether the client has the connection authority of the server or not, sends a target socket descriptor corresponding to a socket which establishes the socket connection with the client to the server if the client is determined to have the connection authority of the server, and sends a message which indicates that the client has the connection authority of the target server to the client after the target socket descriptor is determined to be successfully sent to the server, so that the client and the server communicate based on the target socket descriptor. In the scheme, the connection authority is verified through the connection manager, so that the connection safety is ensured, the connection authority management is not required to be performed by the server, the authority management consistency is improved, and the system complexity is reduced.
Description
Technical Field
The present application relates to the field of information security, and in particular, to a communication method, an apparatus, an electronic device, and a storage medium.
Background
Currently, the connection between the local API client of the embedded device and the server mainly has the following two ways: the first way is direct connection, i.e. the client establishes a connection directly with the server and then communicates. This approach has no rights management; the second method is that each server performs connection authority management independently, specifically, a client sends a connection request to the server, the server performs authority verification on the client, establishes connection with the client after the verification is passed, and rejects the connection request of the client if the verification is not passed.
The first connection mode brings security risk in a scene with high security level requirement, and a hacker can randomly connect the server and control the equipment by using the service provided by the server, so as to achieve the purpose of destroying the equipment; in the second connection mode, because each server needs to perform connection authority management independently, the authority management consistency is poor, higher complexity can be brought to the system, and more system resources are occupied.
Disclosure of Invention
To solve the technical problem or at least partially solve the technical problem, the present application provides a communication method, an apparatus, an electronic device, and a storage medium.
In a first aspect, the present application provides a communication method applied to a connection manager, where the method includes:
establishing socket connection with the client and the server respectively;
if a connection request aiming at the server and sent by the client is received, verifying whether the client has the connection authority to the server;
if the client side is determined to have the connection authority to the server, a target socket descriptor is sent to the server, wherein the target socket descriptor is a descriptor of a socket which is in the connection manager and establishes socket connection with the client side;
and after the target socket descriptor is successfully sent to the server, sending a message indicating that the client has the connection authority to the server to the client so that the client and the server communicate based on the target socket descriptor.
As a possible implementation manner, the verifying whether the client has the connection right to the server includes:
acquiring a preset authority configuration file corresponding to the client;
and determining whether the client has the connection authority to the server according to the authority configuration file.
As a possible implementation manner, the permission configuration file includes an identifier of a server to which the client has permission to connect;
the determining whether the client has the connection authority to the server according to the authority configuration file includes:
searching whether the authority configuration file contains the identifier of the server or not;
if the identifier of the server is found in the permission configuration file, determining that the client has the connection permission to the server;
and if the identifier of the server is not found in the permission configuration file, determining that the client does not have the connection permission to the server.
As a possible implementation manner, the permission configuration file includes permission information of the client to at least one server, and the permission information is provided with or without connection permission;
the determining whether the client has the connection authority to the server according to the authority configuration file includes:
searching the authority information of the client to the server from the authority configuration file;
if the authority information of the client to the server is provided with the connection authority, determining that the client has the connection authority to the server;
and if the authority information of the client to the server does not have the connection authority, determining that the client does not have the connection authority to the server.
In a second aspect, an embodiment of the present application further provides a communication method, which is applied to a client, where the method includes:
establishing a socket connection with a connection manager;
sending a connection request for a server to the connection manager to enable the connection manager to verify whether the client has the connection authority for the server based on the connection request;
and if receiving a message which is sent by the connection manager and indicates that the client has the connection authority to the server, communicating with the server based on a target socket descriptor, wherein the target socket descriptor is a descriptor of a socket which is used for establishing socket connection with the client in the connection manager.
In a third aspect, an embodiment of the present application further provides a communication method, which is applied to a server, and the method includes:
establishing a socket connection with a connection manager;
receiving a target socket descriptor sent by the connection manager under the condition that a client side is determined to have connection authority to the server, wherein the client side is a client side requesting connection with the server, and the target socket descriptor is a socket descriptor establishing socket connection with the client side in the connection manager;
communicating with the client based on the target socket descriptor.
In a fourth aspect, an embodiment of the present application further provides a communication apparatus, which is applied to a connection manager, where the apparatus includes:
the connection module is used for respectively establishing socket connection with the client and the server;
the verification module is used for verifying whether the client has the connection authority to the server or not if receiving a connection request aiming at the server and sent by the client;
a first sending module, configured to send a target socket descriptor to the server if it is determined that the client has a connection right to the server, where the target socket descriptor is a descriptor of a socket in the connection manager, the socket being connected to the client;
and the second sending module is used for sending a message indicating that the client has the connection authority to the server to the client after the target socket descriptor is successfully sent to the server, so that the client and the server communicate based on the target socket descriptor.
In a fifth aspect, an embodiment of the present application further provides a communication apparatus, which is applied to a client, where the apparatus includes:
a connection module for establishing a socket connection with the connection manager;
a sending module, configured to send a connection request for a server to the connection manager, so that the connection manager verifies, based on the connection request, whether the client has a connection right to the server;
and the communication module is used for communicating with the server based on a target socket descriptor if receiving a message which is sent by the connection manager and indicates that the client has the connection authority to the server, wherein the target socket descriptor is the descriptor of a socket which is used for establishing socket connection with the client in the connection manager.
In a sixth aspect, an embodiment of the present application further provides a communication apparatus, which is applied to a server, and the apparatus includes:
a connection module for establishing a socket connection with the connection manager;
a receiving module, configured to receive a target socket descriptor sent by the connection manager when it is determined that a client has a connection right to the server, where the client is a client that requests connection with the server, and the target socket descriptor is a descriptor of a socket in the connection manager that establishes a socket connection with the client;
a communication module to communicate with the client based on the target socket descriptor.
In a seventh aspect, an embodiment of the present invention further provides an electronic device, including: a processor and a memory, the processor being configured to execute a communication method program stored in the memory to implement the communication method of the first, second or third aspect.
Compared with the prior art, the technical scheme provided by the embodiment of the application has the following advantages:
in the communication method provided by the embodiment of the application, the connection manager establishes socket connection with the client and the server, receives a connection request for the server sent by the client, verifies whether the client has the connection right for the server, sends a target socket descriptor corresponding to a socket for establishing socket connection with the client to the server if the client has the connection right for the server, and sends a message indicating that the client has the connection right for the target server to the client after the target socket descriptor is successfully sent to the server, so that the client and the server communicate based on the target socket descriptor. In the scheme, the connection authority is verified through the connection manager, so that the connection safety is ensured, the connection authority management is not required to be performed by the server, the authority management consistency is improved, and the system complexity is reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
Fig. 1 is a schematic diagram illustrating information interaction of a communication system according to an example embodiment.
Fig. 2 is a flow diagram illustrating a communication method according to an example embodiment.
Fig. 3 is a flow diagram illustrating a communication method according to another example embodiment.
Fig. 4 is a flow chart diagram illustrating a communication method according to yet another exemplary embodiment.
Fig. 5 is a block diagram illustrating a communication device according to an example embodiment.
Fig. 6 is a block diagram illustrating a communication device according to another example embodiment.
Fig. 7 is a block diagram illustrating a communication device according to yet another example embodiment.
FIG. 8 is a schematic diagram illustrating an electronic device in accordance with an exemplary embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
The connection between the client and the server currently includes the following two ways:
the first way is that the client is directly connected with the server without connection authority verification.
The second way is that the client sends a connection request to the server, the server verifies the connection authority of the client, if the verification is passed, the connection is established with the client, and if the verification is not passed, the connection request of the client is rejected.
When the first mode is adopted for connection, because the connection authority verification is not carried out, the safety performance is lower, the data safety is not facilitated, and when the second mode is adopted for connection, although the safety performance is improved, the connection authority verification needs to be carried out by each connected server independently, the connection authority verification modes of different servers are possibly different, the authority verification consistency is poor, and the complexity of the system is higher.
In order to reduce the complexity of the system on the premise of ensuring the safety performance, the application provides a new communication system and a method.
Referring to fig. 1, an information interaction diagram of a communication system provided in an embodiment of the present application is shown in fig. 1, where the communication system includes a client 101, a connection manager 102, and a server 103, where the connection manager 102 may be an intermediate server.
As an embodiment, the communication system may also include a plurality of clients and/or a plurality of servers, and this embodiment is described by taking only one client and one server as an example.
In the embodiment of the present application, socket connections are respectively established between the client 101 and the connection manager 102, and between the connection manager 102 and the server 103.
As shown in fig. 1, when a client 101 is to make a communication connection with a server 103, the client 101 sends a connection request for the server 103 to a connection manager 102, the connection manager 102 may then verify whether the client 101 has the connection right to the server 103 based on the connection request sent by the client 101, and if it is determined that the client 101 has the connection right to the server 103, the connection manager 102 will send the target socket descriptor to the server 103, and after the server 103 receives the target socket descriptor, an acknowledgement is sent to connection manager 102 indicating receipt of the target socket descriptor, and upon receipt of the acknowledgement by connection manager 102, a message indicating that the client 101 has the connection right of the server 103 is transmitted to the client 101, and the client 101 receives the message and communicates with the server 103 based on the target socket descriptor.
I.e. can communicate with the client 101 directly based on the target socket descriptor, which is the descriptor of the socket in the connection manager 102 for establishing the socket connection with the client 101.
As can be seen from the above, the connection manager in the communication system provided in the embodiment of the present application performs the connection right verification, which not only ensures the security of the connection, but also solves the problems of poor consistency of the right verification, high system complexity, and the like in the prior art in which the server is used for performing the connection right verification.
The following describes a communication method based on the above communication system, with reference to the accompanying drawings, with a connection manager, a client, and a server as execution entities.
Referring to fig. 2, a flow chart of a communication method provided for an embodiment of the present application, the method is applied to, for example, the connection manager 102 shown in fig. 1, and referring to fig. 2, the method may include the following steps:
and S21, establishing socket connection with the client and the server.
Socket connection is a way to perform two-way communication between application processes on different hosts in a network, and connecting socket connections between different hosts is to establish connections between sockets on different hosts.
As an embodiment, the establishing, by the connection manager, the socket connection with the client mainly includes the following steps:
step 1: the connection manager creates a listening socket.
The listening socket is bound with an address, the address can comprise an IP (Internet protocol) and a port number of the connection manager, and the listening socket is used for listening socket connection requests aiming at the bound address.
Step 2: the client sends a socket connection request to the connection manager.
In one embodiment, the socket connection request carries the address of the listening socket binding so that the listening socket can listen for the socket connection request.
And step 3: after monitoring a socket connection request sent by the client, a monitoring socket in the connection manager creates a first connection socket and a first thread for communicating with the client, and returns response information to the client, wherein the response information comprises a descriptor of the first connection socket.
The created first connection socket is a socket used for establishing socket connection with the client in the connection manager.
At this point, the socket connection between the connection manager and the client is established.
As an embodiment, the method for establishing the socket connection between the connection manager and the server mainly comprises the following steps:
step 1: the connection manager creates a listening socket.
The listening socket is bound with an address, the address can comprise an IP (Internet protocol) and a port number of the connection manager, and the listening socket is used for listening socket connection requests aiming at the bound address.
Step 2: the server sends a socket connection request to the connection manager.
In one embodiment, the socket connection request carries the address of the listening socket binding so that the listening socket can listen for the socket connection request.
And step 3: after the monitoring socket in the connection manager monitors the socket connection request sent by the server, a second connection socket and a second thread used for communicating with the server are created, and response information is returned to the server, wherein the response information comprises a descriptor of the second connection socket.
And the created second connection socket is a socket used for establishing socket connection with the server in the connection manager.
At this point, the socket connection between the connection manager and the client is established.
And S22, if a connection request aiming at the server and sent by the client is received, verifying whether the client has the connection authority to the server.
After the socket connection is established between the client and the connection manager, the client may send a connection request to the connection manager to indicate that the client needs to connect with the server, and the connection manager may receive the connection request sent by the client through the established second thread.
In practical applications, a communication system usually includes a plurality of servers, that is, a plurality of servers may establish socket connections with a connection manager, and a client may request to connect to different servers according to actual requirements, so that the connection manager determines a server to which the client is to connect (hereinafter referred to as a target server for convenience of description), and a connection request may carry an identifier of the target server.
In order to ensure the connection security between the client and the target server, after receiving the connection request sent by the client, the connection manager can analyze the connection request, determine the target server to which the client is to be connected, and then verify whether the client has the connection right to the target server.
As an embodiment, a permission profile corresponding to the client may be stored in the connection manager in advance, and then whether the client has a connection permission to the target server may be verified based on the permission profile. The authority configuration file is a file which can represent whether a client has a connection authority to a server in the communication system, and can be configured in advance by a manager of the communication system.
As an optional implementation manner, the permission configuration file may include an identifier of a server to which the client has permission to connect, that is, the client has connection permission to the server corresponding to the identifier included in the permission configuration file. Based on this, the connection manager can verify whether the client has the connection authority to the target server in the following way:
and searching whether the permission configuration file contains the identifier of the target server, if the identifier of the target server is searched in the permission configuration file, determining that the client has the connection permission to the target server, and if the identifier of the target server is not searched in the permission configuration file, determining that the client does not have the connection permission to the target server.
As another optional implementation manner, the permission configuration file may include permission information of the client to at least one server in the communication system, where the permission information is provided with or without connection permission, and based on this, the connection manager may verify whether the client has the connection permission to the target server in the following manner:
and searching the authority information of the client to the target server from the authority configuration file, if the authority information of the client to the target server has the connection authority, determining that the client has the connection authority to the target server, and if the authority information of the client to the target server does not have the connection authority, determining that the client does not have the connection authority to the target server. Specifically, the authority information in the authority configuration file may be stored in correspondence with the server identifier, and therefore, the authority information corresponding to the identifier of the target server may be searched from the authority configuration file as the authority information of the target server based on the identifier of the target server carried in the connection request. Further, if the authority configuration file does not have the authority information corresponding to the identifier of the target server, it is determined that the client does not have the connection authority for the target server, and further, prompt information indicating that the current authority configuration file does not have the authority information of the server can be generated and sent to a communication system manager in a mail, short message and other manners, so that the manager can update the authority configuration file in time.
In practical application, under the condition that a plurality of clients are included in a communication system, a plurality of permission configuration files can be stored in a connection manager in advance, each permission configuration file corresponds to one client, and different permission configuration files correspond to different clients.
As can be seen from this step, in the embodiment of the present application, the connection manager performs the connection right verification based on the connection request sent by the client, and the verification process does not require the participation of a server, thereby solving the problems of poor consistency of the right verification and high system load, which are caused by the server performing the connection right verification.
And S23, if the client side is determined to have the connection authority to the server, sending the target socket descriptor to the server.
The target socket descriptor is a descriptor of a socket in the connection manager, which establishes a socket connection with the client, that is, a descriptor of the first connection socket. Each socket corresponds to a descriptor, and therefore, the target socket descriptor is sent to the target server, so that the target server can directly communicate with the client based on the target socket descriptor.
In the embodiment of the application, after determining that the client has the connection right to the target server, it is determined that the client can be connected with the target server, at this time, the connection manager directly sends the descriptor of the target socket to the target server, and the target server receives the descriptor and then directly communicates with the client according to the descriptor.
As one embodiment, the connection manager may send the target socket descriptor to the target server using a second thread through the auxiliary data delivery functions of the sockets sendmsg and recvmsg. By utilizing the auxiliary data transmission function of sendmsg and recvmsg of the socket, the target socket descriptor is directly transmitted to the corresponding target server, so that the client is connected with the connection manager, and the target server can be automatically connected after the client passes verification, the overhead of reconnection of the target server is saved, and the safe connection process is simpler and more efficient.
Further, as an embodiment, after the server establishes the socket connection with the connection manager, in order to ensure the security of the communication between the connection manager and the server, before sending the target socket descriptor to the target server, the service registration for the target server is also required.
As an embodiment, the step of service registration may comprise: the server sends a service registration request to the connection manager, and the connection manager can register the service for the server after receiving the service registration request.
And S24, after the target socket descriptor is successfully sent to the server, sending a message indicating that the client has the connection authority to the server to the client so that the target server and the client communicate based on the file descriptor.
As an embodiment, in order to facilitate the connection manager to determine whether the target socket descriptor is successfully sent, the target server may return, to the connection manager, response information indicating that the target socket descriptor is received after receiving the target socket descriptor, so that after receiving, by the connection manager, the response information indicating that the target socket descriptor is received, which is returned by the target server, it may be determined that the target socket descriptor is successfully sent to the target server. Further, if the response information which is returned by the target server and represents the target socket descriptor is not received within the preset time length, it is determined that the target socket descriptor is not successfully sent to the target server.
Because the target server and the client need to communicate based on the target socket descriptor, it can be determined that the conditions for communication between the client and the server are met only after the target socket descriptor is successfully sent to the target server, and if the target socket descriptor is not successfully sent to the target server, the client and the target server cannot communicate. Therefore, after determining that the target socket descriptor is successfully sent to the target server, the connection manager sends a message indicating that the connection client has the connection right to the target server to the client so as to inform the client that the client can start communication with the target server, so that normal communication between the client and the target server can be ensured, and failure of sending the message to the target server by the client is avoided.
In the communication method provided by the embodiment of the application, the connection manager establishes socket connection with the client and the server, receives a connection request for the server sent by the client, verifies whether the client has the connection right for the server, sends a target socket descriptor corresponding to a socket for establishing socket connection with the client to the server if the client has the connection right for the server, and sends a message indicating that the client has the connection right for the target server to the client after the target socket descriptor is successfully sent to the server, so that the client and the server communicate based on the target socket descriptor. In the scheme, the connection authority is verified through the connection manager, so that the connection safety is ensured, the connection authority management does not need to be carried out by the server, the authority management consistency is improved, and the system complexity is reduced.
Referring to fig. 3, a flow chart of a communication method provided for another embodiment of the present application, the method is applied to, for example, the client 101 shown in fig. 1, and referring to fig. 3, the method may include the following steps:
s31, establishing socket connection with the connection manager.
The process of establishing the connection may refer to the related description in S21, and is not described herein again.
S32, sending a connection request aiming at the server to the connection manager. As an embodiment, after determining to establish a socket connection with the connection manager, a target server to be connected may be determined according to requirements, and a corresponding connection request is generated, because the connection manager may establish connections with multiple servers, in order to facilitate the connection manager to determine a target server to which a client needs to connect, an identifier of the target server may be added in the process of generating the connection request, so as to generate a connection request carrying the identifier of the target server, and then send the generated connection request to the connection manager.
In the embodiment of the present application, the purpose of sending the connection request to the connection manager is to enable the connection manager to verify whether the client has the connection right to the server based on the connection request. For how the connection manager verifies whether the client has the connection right to the target server, reference may be made to the above detailed description of S22, which is not described herein again.
And S33, if receiving a message which is sent by the connection manager and indicates that the client has the connection authority to the server, communicating with the server based on a target socket descriptor, wherein the target socket descriptor is a descriptor of a socket which is used for establishing socket connection with the client in the connection manager.
In the embodiment of the application, under the condition that the connection manager determines that the client has the connection authority to the target server, the target socket descriptor is sent to the target server, so that the client is connected with the connection manager, and the client can be connected with the target server after passing the verification, thereby saving the overhead of re-connecting the target server and ensuring that the safe connection process is simpler and more efficient.
And the connection manager sends a message indicating that the client has the connection authority to the server to the client under the condition that the client is determined to have the connection authority to the target server and the target socket descriptor is successfully sent to the target server, and the client can communicate with the target server after receiving the message.
In the communication method provided by the embodiment of the application, the connection manager establishes socket connection with the client and the server, receives a connection request for the server sent by the client, verifies whether the client has the connection right for the server, sends a target socket descriptor corresponding to a socket for establishing socket connection with the client to the server if the client has the connection right for the server, and sends a message indicating that the client has the connection right for the target server to the client after the target socket descriptor is successfully sent to the server, so that the client and the server communicate based on the target socket descriptor. In the scheme, the connection authority is verified through the connection manager, so that the connection safety is ensured, the connection authority management does not need to be carried out by the server, the authority management consistency is improved, and the system complexity is reduced.
Referring to fig. 4, a flow chart of a communication method provided for another embodiment of the present application, the method is applied to, for example, the server 103 shown in fig. 1, and referring to fig. 4, the method may include the following steps:
s41, establishing a socket connection with the connection manager.
The manner of establishing the socket connection may be referred to the related description in S21, and is not described herein again.
As an embodiment, to facilitate security of subsequent communication with the connection manager, after the connection manager establishes the socket connection, the server may also send a service registration request to the connection manager to cause the connection manager to register for the service with the server based on the service registration request.
And S42, receiving a target socket descriptor sent by the connection manager under the condition that the connection manager determines that a client side has a connection authority to the server, wherein the client side is the client side requesting to be connected with the server, and the target socket descriptor is the descriptor of a socket in the connection manager, which establishes socket connection with the client side.
In a case that the client wants to perform communication connection with the server, the client sends a connection request for requesting connection with the server to the connection manager, and the connection manager verifies whether the client has a connection right to the server based on the connection request, where the specific verification process is described in detail in S22, and is not described herein again.
When the connection manager determines that the client has the connection right to the server, the connection manager sends the target socket descriptor to the server, so that the server can directly communicate with the client according to the target socket descriptor, the overhead of the client connecting with the server again is saved, and the safe connection process is simpler and more efficient.
In the communication method provided by the embodiment of the application, the connection manager establishes socket connection with the client and the server, receives a connection request for the server sent by the client, verifies whether the client has the connection right for the server, sends a target socket descriptor corresponding to a socket for establishing socket connection with the client to the server if the client has the connection right for the server, and sends a message indicating that the client has the connection right for the target server to the client after the target socket descriptor is successfully sent to the server, so that the client and the server communicate based on the target socket descriptor. In the scheme, the connection authority is verified through the connection manager, so that the connection safety is ensured, the connection authority management is not required to be performed by the server, the authority management consistency is improved, and the system complexity is reduced.
Referring to fig. 5, fig. 5 is a schematic diagram of a communication device according to another embodiment of the present application, which may be applied to the connection manager 102 shown in fig. 1, and as shown in fig. 5, the communication device according to this embodiment may include:
a connection module 501, configured to establish socket connections with a client and a server respectively;
a verification module 502, configured to verify whether the client has a connection right to the server if a connection request for the server sent by the client is received;
a first sending module 503, configured to send a target socket descriptor to the server if it is determined that the client has a connection right to the server, where the target socket descriptor is a descriptor of a socket in the connection manager, where the socket connection is established with the client;
a second sending module 504, configured to send, to the client, a message indicating that the client has a connection right to the server after the target socket descriptor is successfully sent to the server, so that the client and the server communicate based on the target socket descriptor.
As an embodiment, the verification module 502 is specifically configured to:
acquiring a preset authority configuration file corresponding to the client;
and determining whether the client has the connection authority to the server according to the authority configuration file.
As an embodiment, the permission configuration file includes an identifier of a server to which the client has permission to connect;
the verification module 502 determines whether the client has the connection right to the server according to the right configuration file, including:
searching whether the authority configuration file contains the identifier of the server or not;
if the identifier of the server is found in the permission configuration file, determining that the client has the connection permission to the server;
and if the identifier of the server is not found in the permission configuration file, determining that the client does not have the connection permission to the server.
As an embodiment, the permission configuration file includes permission information of the client to at least one server, and the permission information is that the client has a connection permission or does not have a connection permission;
the verification module 502 determines whether the client has the connection right to the server according to the right configuration file, including:
searching the authority information of the client to the server from the authority configuration file;
if the authority information of the client to the server is provided with the connection authority, determining that the client has the connection authority to the server;
and if the authority information of the client to the server does not have the connection authority, determining that the client does not have the connection authority to the server.
Referring to fig. 6, fig. 6 is a schematic diagram of a communication apparatus according to another embodiment of the present application, which may be applied to the client 101 shown in fig. 1, and as shown in fig. 6, the communication apparatus according to this embodiment may include:
a connection module 601, configured to establish a socket connection with a connection manager;
a sending module 602, configured to send a connection request for a server to the connection manager, so that the connection manager verifies, based on the connection request, whether the client has a connection right to the server;
a communication module 603, configured to communicate with the server based on a target socket descriptor if receiving a message that indicates that the client has a connection right to the server and is sent by the connection manager, where the target socket descriptor is a descriptor of a socket in the connection manager, the socket establishing a socket connection with the client.
Referring to fig. 7, fig. 7 is a schematic diagram of a communication apparatus provided in another embodiment of the present application, which may be applied to the server 103 shown in fig. 1, and as shown in fig. 7, the communication apparatus provided in this embodiment may include:
a connection module 701, configured to establish a socket connection with a connection manager;
a receiving module 702, configured to receive a target socket descriptor sent by the connection manager when it is determined that a client has a connection right to the server, where the client is a client that requests to connect to the server, and the target socket descriptor is a descriptor of a socket in the connection manager, where the socket is established with the client in a socket connection;
a communication module 703 configured to communicate with the client based on the target socket descriptor.
Referring to fig. 8, fig. 8 is a schematic structural diagram of an electronic device according to another embodiment of the present application.
As shown in fig. 8, the electronic device provided in this embodiment includes: at least one processor 801, memory 802, at least one network interface 803, and other user interfaces 804. The various components in the electronic device 800 are coupled together by a bus system 805. It is understood that the bus system 805 is used to enable communications among the components connected. The bus system 805 includes a power bus, a control bus, and a status signal bus in addition to a data bus. For clarity of illustration, however, the various buses are labeled as bus system 805 in FIG. X.
The user interface 804 may include, among other things, a display, a keyboard, or a pointing device (e.g., a mouse, trackball, touch pad, or touch screen, among others.
It will be appreciated that the memory 802 in embodiments of the invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double Data Rate Synchronous Dynamic random access memory (ddr Data Rate SDRAM, ddr SDRAM), Enhanced Synchronous SDRAM (ESDRAM), synchlronous SDRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The memory 802 described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
In some embodiments, memory 802 stores elements, executable units or data structures, or a subset thereof, or an expanded set thereof as follows: an operating system 8021 and second application programs 8022.
The operating system 8021 includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The second application 8022 includes various second applications, such as a Media Player (Media Player), a Browser (Browser), and the like, for implementing various application services. A program implementing a method according to an embodiment of the present invention may be included in second application program 8022.
In the embodiment of the present invention, the processor 801 is configured to execute the method steps provided by each method embodiment by calling the program or instruction stored in the memory 802, specifically, the program or instruction stored in the second application program 8022, for example, including:
establishing socket connection with the client and the server respectively; if a connection request aiming at the server and sent by the client is received, verifying whether the client has the connection authority to the server; if the client side is determined to have the connection authority to the server, a target socket descriptor is sent to the server, wherein the target socket descriptor is a descriptor of a socket which is in the connection manager and establishes socket connection with the client side; and after the target socket descriptor is successfully sent to the server, sending a message indicating that the client has the connection authority to the server to the client so that the client and the server communicate based on the target socket descriptor.
Or
Establishing a socket connection with a connection manager; sending a connection request for a server to the connection manager to enable the connection manager to verify whether the client has the connection authority for the server based on the connection request; and if receiving a message which is sent by the connection manager and indicates that the client has the connection authority to the server, communicating with the server based on a target socket descriptor, wherein the target socket descriptor is a descriptor of a socket which is used for establishing socket connection with the client in the connection manager.
Or
Establishing a socket connection with a connection manager; receiving a target socket descriptor sent by the connection manager under the condition that a client side is determined to have connection authority to the server, wherein the client side is a client side requesting connection with the server, and the target socket descriptor is a socket descriptor establishing socket connection with the client side in the connection manager; communicating with the client based on the target socket descriptor.
The methods disclosed in the embodiments of the present invention described above may be implemented in the processor 801 or implemented by the processor 801. The processor 801 may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware or instructions in the form of software in the processor 801. The Processor 801 may be a general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components. The various methods, steps and logic blocks disclosed in the embodiments of the present invention may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of the method disclosed in connection with the embodiments of the present invention may be directly implemented by a hardware decoding processor, or implemented by a combination of hardware and software elements in the decoding processor. The software elements may be located in ram, flash, rom, prom, or eprom, registers, among other storage media that are well known in the art. The storage medium is located in the memory 802, and the processor 801 reads the information in the memory 802, and combines the hardware to complete the steps of the method.
It is to be understood that the embodiments described herein may be implemented in hardware, software, firmware, middleware, microcode, or any combination thereof. For a hardware implementation, the Processing units may be implemented in one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), general purpose processors, controllers, micro-controllers, microprocessors, other electronic units configured to perform the functions of the present Application, or a combination thereof.
For a software implementation, the techniques herein may be implemented by means of units performing the functions herein. The software codes may be stored in a memory and executed by a processor. The memory may be implemented within the processor or external to the processor.
The embodiment of the invention also provides a storage medium (computer readable storage medium). The storage medium herein stores one or more programs. Among others, the storage medium may include volatile memory, such as random access memory; the memory may also include non-volatile memory, such as read-only memory, flash memory, a hard disk, or a solid state disk; the memory may also comprise a combination of memories of the kind described above.
When one or more programs in the storage medium are executable by one or more processors, to implement the above-described communication method performed on the electronic device side.
The processor is used for executing the communication method program stored in the memory to realize the following steps of the communication method executed on the electronic equipment side:
establishing socket connection with the client and the server respectively; if a connection request aiming at the server and sent by the client is received, verifying whether the client has the connection authority to the server; if the client side is determined to have the connection authority to the server, a target socket descriptor is sent to the server, wherein the target socket descriptor is a descriptor of a socket which is in the connection manager and establishes socket connection with the client side; and after the target socket descriptor is successfully sent to the server, sending a message indicating that the client has the connection authority to the server to the client so that the client and the server communicate based on the target socket descriptor.
Or
Establishing a socket connection with a connection manager; sending a connection request for a server to the connection manager to enable the connection manager to verify whether the client has the connection authority for the server based on the connection request; and if receiving a message which is sent by the connection manager and indicates that the client has the connection authority to the server, communicating with the server based on a target socket descriptor, wherein the target socket descriptor is a descriptor of a socket which is used for establishing socket connection with the client in the connection manager.
Or
Establishing a socket connection with a connection manager; receiving a target socket descriptor sent by the connection manager under the condition that a client side is determined to have connection authority to the server, wherein the client side is a client side requesting connection with the server, and the target socket descriptor is a socket descriptor establishing socket connection with the client side in the connection manager; communicating with the client based on the target socket descriptor.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
It is understood that the same or similar parts in the above embodiments may be mutually referred to, and the same or similar parts in other embodiments may be referred to for the content which is not described in detail in some embodiments.
It should be noted that, in the description of the present application, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. Further, in the description of the present application, the meaning of "a plurality" means at least two unless otherwise specified.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and the scope of the preferred embodiments of the present application includes other implementations in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present application.
It should be understood that portions of the present application may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.
In addition, functional units in the embodiments of the present application may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.
The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc.
In the description herein, reference to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.
Claims (10)
1. A communication method applied to a connection manager, the method comprising:
establishing socket connection with the client and the server respectively;
if a connection request aiming at the server and sent by the client is received, verifying whether the client has the connection authority to the server;
if the client side is determined to have the connection authority to the server, a target socket descriptor is sent to the server, wherein the target socket descriptor is a descriptor of a socket which is in the connection manager and establishes socket connection with the client side;
and after the target socket descriptor is successfully sent to the server, sending a message indicating that the client has the connection authority to the server to the client so that the client and the server communicate based on the target socket descriptor.
2. The method of claim 1, wherein the verifying whether the client has the connection right to the server comprises:
acquiring a preset authority configuration file corresponding to the client;
and determining whether the client has the connection authority to the server according to the authority configuration file.
3. The method according to claim 2, wherein the permission profile includes an identification of a server to which the client has permission to connect;
the determining whether the client has the connection authority to the server according to the authority configuration file includes:
searching whether the authority configuration file contains the identifier of the server or not;
if the identifier of the server is found in the permission configuration file, determining that the client has the connection permission to the server;
and if the identifier of the server is not found in the permission configuration file, determining that the client does not have the connection permission to the server.
4. The method according to claim 2, wherein the permission configuration file includes permission information of the client to at least one server, and the permission information is that the client has a connection permission or does not have a connection permission;
the determining whether the client has the connection authority to the server according to the authority configuration file includes:
searching the authority information of the client to the server from the authority configuration file;
if the authority information of the client to the server is provided with the connection authority, determining that the client has the connection authority to the server;
and if the authority information of the client to the server does not have the connection authority, determining that the client does not have the connection authority to the server.
5. A communication method applied to a client, the method comprising:
establishing a socket connection with a connection manager;
sending a connection request for a server to the connection manager to enable the connection manager to verify whether the client has the connection authority for the server based on the connection request;
and if receiving a message which is sent by the connection manager and indicates that the client has the connection authority to the server, communicating with the server based on a target socket descriptor, wherein the target socket descriptor is a descriptor of a socket which is used for establishing socket connection with the client in the connection manager.
6. A communication method, applied to a server, the method comprising:
establishing a socket connection with a connection manager;
receiving a target socket descriptor sent by the connection manager under the condition that a client side is determined to have connection authority to the server, wherein the client side is a client side requesting connection with the server, and the target socket descriptor is a socket descriptor establishing socket connection with the client side in the connection manager;
communicating with the client based on the target socket descriptor.
7. A communication apparatus, applied to a connection manager, the apparatus comprising:
the connection module is used for respectively establishing socket connection with the client and the server;
the verification module is used for verifying whether the client has the connection authority to the server or not if receiving a connection request aiming at the server and sent by the client;
a first sending module, configured to send a target socket descriptor to the server if it is determined that the client has a connection right to the server, where the target socket descriptor is a descriptor of a socket in the connection manager, the socket being connected to the client;
and the second sending module is used for sending a message indicating that the client has the connection authority to the server to the client after the target socket descriptor is successfully sent to the server, so that the client and the server communicate based on the target socket descriptor.
8. A communication apparatus, applied to a client, the apparatus comprising:
a connection module for establishing a socket connection with the connection manager;
a sending module, configured to send a connection request for a server to the connection manager, so that the connection manager verifies, based on the connection request, whether the client has a connection right to the server;
and the communication module is used for communicating with the server based on a target socket descriptor if receiving a message which is sent by the connection manager and indicates that the client has the connection authority to the server, wherein the target socket descriptor is the descriptor of a socket which is used for establishing socket connection with the client in the connection manager.
9. A communication apparatus, applied to a server, the apparatus comprising:
a connection module for establishing a socket connection with the connection manager;
a receiving module, configured to receive a target socket descriptor sent by the connection manager when it is determined that a client has a connection right to the server, where the client is a client that requests connection with the server, and the target socket descriptor is a descriptor of a socket in the connection manager that establishes a socket connection with the client;
a communication module to communicate with the client based on the target socket descriptor.
10. An electronic device, comprising: a processor and a memory, the processor being configured to execute a communication method program stored in the memory to implement the communication method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110734608.7A CN113596096A (en) | 2021-06-30 | 2021-06-30 | Communication method, communication device, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110734608.7A CN113596096A (en) | 2021-06-30 | 2021-06-30 | Communication method, communication device, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113596096A true CN113596096A (en) | 2021-11-02 |
Family
ID=78245270
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110734608.7A Pending CN113596096A (en) | 2021-06-30 | 2021-06-30 | Communication method, communication device, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113596096A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115086214A (en) * | 2022-06-13 | 2022-09-20 | 新华三半导体技术有限公司 | Nest plate detection system and method, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102984277A (en) * | 2012-12-17 | 2013-03-20 | 北京奇虎科技有限公司 | System and method for preventing malicious connection |
| US9288225B1 (en) * | 2013-04-17 | 2016-03-15 | Ca, Inc. | Server port sharing based on shared socket |
| CN105516061A (en) * | 2014-09-25 | 2016-04-20 | 中兴通讯股份有限公司 | Remote server access method and web server |
| CN112261094A (en) * | 2020-10-10 | 2021-01-22 | 厦门网宿有限公司 | Message processing method and proxy server |
-
2021
- 2021-06-30 CN CN202110734608.7A patent/CN113596096A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102984277A (en) * | 2012-12-17 | 2013-03-20 | 北京奇虎科技有限公司 | System and method for preventing malicious connection |
| US9288225B1 (en) * | 2013-04-17 | 2016-03-15 | Ca, Inc. | Server port sharing based on shared socket |
| CN105516061A (en) * | 2014-09-25 | 2016-04-20 | 中兴通讯股份有限公司 | Remote server access method and web server |
| CN112261094A (en) * | 2020-10-10 | 2021-01-22 | 厦门网宿有限公司 | Message processing method and proxy server |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115086214A (en) * | 2022-06-13 | 2022-09-20 | 新华三半导体技术有限公司 | Nest plate detection system and method, electronic equipment and storage medium |
| CN115086214B (en) * | 2022-06-13 | 2024-01-19 | 新华三半导体技术有限公司 | System and method for detecting set, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108833521B (en) | Message pushing method, device, system, computer equipment and storage medium | |
| CN106657130B (en) | MQTT-based access authentication method and equipment | |
| US8220042B2 (en) | Creating secure interactive connections with remote resources | |
| CN110278187B (en) | Multi-terminal single sign-on method, system, synchronous server and medium | |
| CN112612985A (en) | Websocket-based multi-user and multi-type message pushing system and method | |
| WO2023011016A1 (en) | Internet of things device binding method, apparatus and system, and cloud server and storage medium | |
| CN112654100B (en) | Information processing method and related network equipment | |
| CN112492017A (en) | Websocket connection method and system based on token authentication | |
| WO2018001023A1 (en) | Virtual desktop login method and device for cloud terminal | |
| CN111404921A (en) | Webpage application access method, device, equipment, system and storage medium | |
| CN113596096A (en) | Communication method, communication device, electronic device and storage medium | |
| CN105812380A (en) | Verification method and device | |
| CN111241523B (en) | Authentication processing method, device, equipment and storage medium | |
| CN113691516A (en) | Streaming media data transmission method and device, electronic equipment and storage medium | |
| CN110708383B (en) | Network connection method of block chain node and related equipment | |
| EP4087206A1 (en) | Internet-of-things device registration method and apparatus, device and storage medium | |
| CN114389890B (en) | User request proxy method, server and storage medium | |
| CN111416851A (en) | Method for session synchronization among multiple load balancers and load balancer | |
| CN107172082B (en) | File sharing method and system | |
| CN116032546A (en) | Resource access method and device and electronic equipment | |
| CN112104605B (en) | Network management method, device and storage medium | |
| WO2023056713A1 (en) | Cloud platform binding method and system for internet of things card, and device and medium | |
| CN108021459B (en) | Method and device for sending dotting logs across processes | |
| CN113949562B (en) | Portal authentication method, device, system, electronic equipment and storage medium | |
| CN114501425B (en) | Device binding method and device, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |