WO2021218328A1 - Multi-tenant access service implementation method, apparatus and device, and storage medium - Google Patents

Multi-tenant access service implementation method, apparatus and device, and storage medium Download PDF

Info

Publication number
WO2021218328A1
WO2021218328A1 PCT/CN2021/078046 CN2021078046W WO2021218328A1 WO 2021218328 A1 WO2021218328 A1 WO 2021218328A1 CN 2021078046 W CN2021078046 W CN 2021078046W WO 2021218328 A1 WO2021218328 A1 WO 2021218328A1
Authority
WO
WIPO (PCT)
Prior art keywords
tenant
access service
identification information
access
client
Prior art date
Application number
PCT/CN2021/078046
Other languages
French (fr)
Chinese (zh)
Inventor
杨越
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2021218328A1 publication Critical patent/WO2021218328A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles

Definitions

  • This application relates to the field of artificial intelligence, and in particular to a method, device, equipment and storage medium for implementing multi-tenant access services.
  • microservices As a new technology for deploying applications and services in the cloud, microservices have become the latest hot topic.
  • the development of microservice technology is first to solve the problems of traditional large-scale software development, testing, deployment and maintenance.
  • the modification of each functional module needs to consider the overall changes of the software application, and the microservice technology divides the entire large application into multiple Independent small modules, each small module basically only needs to be responsible for its own business function development, testing, deployment, operation and maintenance.
  • microservices are the leader in software application model innovation. From traditional enterprise internal deployment of software products to cloud deployment, a new delivery method is defined, which reduces the large upfront investment required for local deployment and integrates software The application returns to its essential service attributes.
  • Today's microservices use a multi-tenant architecture.
  • the same set of services is for multiple customers and needs to meet the needs of multiple tenants as much as possible.
  • the platform only needs to meet public needs.
  • the inventor realizes that for enterprise users, it needs to be satisfied as much as possible, but due to the various customer needs and even conflicts, it is difficult to develop for enterprise users. Often in order to meet the needs of one tenant, it affects the businesses of other tenants. So how to provide multiple sets of customized services on the multi-tenant architecture to meet the needs of different users?
  • the main purpose of this application is to solve the problem of how to provide multiple sets of customized services on a multi-tenant architecture to meet the needs of different users.
  • the first aspect of this application provides a multi-tenant access service implementation method, including: reading a tenant configuration file, the tenant configuration file contains the customized function implementation class corresponding to each tenant access service and/or General function realization class; based on the custom function realization class and/or general function realization class corresponding to each tenant access service, create the application context corresponding to each tenant access service; receive and parse the access service request initiated by the tenant client to obtain The tenant credential information corresponding to the tenant client; obtain and parse the corresponding tenant information according to the tenant credential information to obtain tenant identification information; determine the application context corresponding to the tenant client to access the service according to the tenant identification information And assigned to the thread where the access service request is located.
  • the second aspect of the present application provides a device for implementing multi-tenant access services, including a memory, a processor, and computer-readable instructions stored on the memory and running on the processor, and the processor executes the
  • the computer-readable instructions implement the following steps: read the tenant configuration file, the tenant configuration file contains the customized function implementation class and/or the general function implementation class corresponding to each tenant access service; based on the corresponding tenant access service Customize function implementation classes and/or general function implementation classes to create an application context corresponding to each tenant's access service; receive and parse the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; The tenant credential information obtains and analyzes the corresponding tenant information to obtain tenant identification information; according to the tenant identification information, the application context corresponding to the tenant client's access service is determined and assigned to the thread where the access service request is located.
  • the third aspect of the present application provides a computer-readable storage medium, which stores computer instructions, and when the computer instructions are run on the computer, the computer executes the following steps: read the tenant configuration file ,
  • the tenant configuration file contains the customized function realization class and/or general function realization class corresponding to each tenant access service; based on the custom function realization class and/or general function realization class corresponding to each tenant access service, each An application context corresponding to the tenant's access service; receiving and parsing an access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; according to the tenant credential information, obtaining the corresponding tenant information and analyzing it to obtain the tenant Identification information; according to the tenant identification information, the application context corresponding to the tenant client's access service is determined and assigned to the thread where the access service request is located.
  • the fourth aspect of the application provides a device for implementing multi-tenant access services, including: a receiving module for reading tenant configuration files, the tenant configuration files containing customized function implementation classes corresponding to each tenant access service and/or General function realization class; creation module, used to create the application context corresponding to each tenant access service based on the custom function realization class and/or general function realization class corresponding to each tenant access service; parsing module, used to receive tenant customers Access service request initiated by the client and parsed to obtain the tenant credential information corresponding to the tenant client; according to the tenant credential information, the corresponding tenant information is obtained and parsed to obtain the tenant identification information; the allocation module is used to obtain the tenant identification information according to the tenant credential information.
  • the identification information determines the application context corresponding to the access service of the tenant client and assigns it to the thread where the access service request is located.
  • the tenant configuration file is read, and the tenant configuration file contains the customized function realization class and/or the general function realization class corresponding to each tenant access service; based on the customization corresponding to each tenant access service
  • the function realization class and/or the general function realization class create the application context corresponding to each tenant's access service; receive and analyze the service access request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client;
  • the credential information obtains and analyzes corresponding tenant information to obtain tenant identification information; according to the tenant identification information, the application context corresponding to the tenant client access service is determined and assigned to the thread where the access service request is located.
  • the beneficial effect of providing multiple sets of customized services on a multi-tenant architecture is obtained.
  • FIG. 1 is a schematic diagram of an embodiment of a method for implementing multi-tenant access services in an embodiment of the application
  • FIG. 2 is a schematic diagram of another embodiment of a method for implementing multi-tenant access services in an embodiment of the application
  • Fig. 3 is a schematic diagram of an embodiment of a device for implementing multi-tenant access services in an embodiment of the application
  • FIG. 4 is a schematic diagram of another embodiment of a device for implementing multi-tenant access services in an embodiment of the application
  • Figure 5 is a schematic diagram of an embodiment of a device for implementing multi-tenant access services in an embodiment of the application.
  • the embodiments of the present application provide a method, device, device and storage medium for implementing multi-tenant access services.
  • the application context that adapts to a set of tenant access services on the same platform is modified to adapt.
  • Multiple sets of independent tenants access the application context of the service, and configure common function realization classes and tenant customization function realization classes for each set of tenant access services, and start the corresponding instance of each function realization class through the application context interface programming; in the service startup phase , First load the corresponding application context for each set of tenant access services; in the service running process, obtain the corresponding application context through the tenant credential information of the tenant client and access the current thread, and start the corresponding tenant access service to obtain optimized multi-tenancy
  • the architecture meets the beneficial effects of the different needs of multiple users.
  • An embodiment of the method for implementing multi-tenant access services in the embodiment of the present application includes:
  • tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
  • the execution subject of this application may be a device for implementing multi-tenant access services, and may also be a terminal or a server, which is not specifically limited here.
  • the embodiment of the present application takes the server as the execution subject as an example for description.
  • tenant access service A includes Comonbean1, Comonbean2, Coonbean3, and Comonbean4; tenant access service B includes Comonbean1, Comonbean3, bean110, and bean121.
  • Comonbean is a generic function implementation class, and bean is a custom function implementation class.
  • spring belongs to a kind of container framework.
  • the platform server obtains the customized function implementation class and/or common function implementation class of each tenant access service.
  • the corresponding interface programming is marked.
  • Each custom function realization class marks its own realization interface and its own tenant, and each general function realization class marks its own realization interface.
  • a tag interface is associated with a corresponding function implementation class, and an application context corresponding to each tenant's access service is generated.
  • tenant access service A is marked to use interface 1, interface 2, interface 3 in the application context, interface 1, interface 3, interface 4, Comonbean1 mark to realize interface 1, Comonbean2 mark to realize interface 2, bean mark to realize interface 3, and Belonging to tenant A and bean4 mark to implement interface 4 and belong to tenant A, then in the application context environment of tenant access A, associate Comonbean1 with interface 1, bean113 and interface 3, bean114 and interface 4, and get the exclusive application context of tenant access service A .
  • a tenant client accesses the virtual application platform built by the spring framework, it needs to initiate an access service request to the platform server to enter the corresponding application interface.
  • the header of the access service request carries the tenant credential information of the tenant client. , Used for the platform server to verify the identity of the tenant client.
  • tenant identity token an example of which is: field A, field B, and field C.
  • the most important information of the tenant identity token is the load field "field B" between the two ".”s.
  • This field represents the tenant client ID of the tenant identity token and is used to help retrieve the creation time and time of the tenant client. The expiration time indicates the identity and validity of this tenant's identity token.
  • tenant credential information obtain and analyze corresponding tenant information to obtain tenant identification information
  • each tenant access service stores a set of configured tenant information, which is marked with tenant identification information.
  • the tenant client ID of the user is bound to the tenant identification information corresponding to the tenant information of the tenant to access the service.
  • the platform server can call the tenant access services required by the tenant client, and It can be used for the subsequent platform server to call the corresponding function implementation class for the required customized service of the tenant client.
  • the tenant credential information when the tenant credential information is a tenant security token, it includes the signed "field B", and the tenant client ID in the payload field is obtained after decoding. If the tenant client ID is bound to the tenant identification information I of the tenant information T, Then, the tenant identification information I is retrieved and the corresponding tenant information T is obtained.
  • the tenant identification information determine the application context corresponding to the tenant client to access the service and assign it to the thread where the service access request is located.
  • the application context corresponding to each tenant access service is also marked with tenant identification information, and the application context corresponding to the tenant access service can be found by retrieving the incoming tenant identification information; and the virtual application platform relies on the application context to achieve Each tenant independently customizes the function, specifically by calling the function of the application context to realize the interface required for class instantiation.
  • the corresponding tenant access service of the tenant client can be realized by accessing the application context by accessing the thread where the service request is located.
  • tenant client A For example, the default function of tenant client A is function 1, function 2, and function 3.
  • application context A corresponding to tenant access service A.
  • Comonbean1 needs to instantiate interface 1
  • function 2 requires bean113 instance.
  • implement function 3 requires bean114 to instantiate interface 4.
  • Assigning application context A to the thread where the service request is accessed can implement function 1, function 2, and function 3 for tenant client A.
  • the application context that adapts to one set of tenant access services on the same platform is modified to the application context that adapts to multiple sets of independent tenant access services, and provides access for each set of tenants.
  • Service configuration common function realization class and tenant customization function realization class through the application context interface programming to start the corresponding instance of each function realization class; in the service start phase, first load the corresponding application context for each set of tenants to access the service; In the running process, the corresponding application context is obtained through the tenant credential information of the tenant client and access to the current thread, and the corresponding tenant access service is started, so as to obtain the beneficial effect of providing multiple sets of customized services on the multi-tenant architecture.
  • another embodiment of the method for implementing multi-tenant access services in the embodiment of the present application includes:
  • a set of common tenant access services will also be loaded to construct a default application context. For users who do not have the authority to customize functions, they can access their tenant access services by accessing common functions.
  • the association relationship between the required interface of the default application and the general function realization class can be judged through the programming information of the required interface and the label information of the interface to which the general function realization class belongs.
  • the interface required by the default application context may correspond to multiple general function implementation classes and custom function implementation classes. Because the custom function implementation class not only marks its own implementation interface, but also marks its tenant access service and does not include the general tenant access Service, and the interface required by each application context is also marked with its own reference preference, so when the platform server selects multiple function implementation classes corresponding to the interface required by the default application context, it selects the preset common function implementation class through the reference preference mark .
  • the implementation classes corresponding to interface A required by the default application context are: Comonbean3, Coonbean4, Coonbean5, bean3, bean4, bean5, and the platform server directly selects the three common implementation classes from Comonbean3, Coonbean4, and Coonbean5 for instantiating the interface.
  • a required common implementation class is: Comonbean3, Coonbean4, Coonbean5, bean3, bean4, bean5, and the platform server directly selects the three common implementation classes from Comonbean3, Coonbean4, and Coonbean5 for instantiating the interface.
  • a required common implementation class are: Comonbean3, Coonbean4, Coonbean5, bean3, bean4, bean5, and the platform server directly selects the three common implementation classes from Comonbean3, Coonbean4, and Coonbean5 for instantiating the interface.
  • a required common implementation class is: Comonbean3, Coonbean4, Coonbean5, bean3, bean4, bean5, and the platform server directly selects the three common implementation classes from Comonbean3, Co
  • the application can implement the creation and switching of instances during operation through dynamic agents.
  • the tenant configuration file stores corresponding function implementation classes for each tenant to access services, and each function implementation class is identified by identification information.
  • the first identification information corresponding to the customized function implementation class is used to identify the implemented interface and the tenant to which it belongs, and the second identification information corresponding to the general function implementation class is used to identify the implemented interface.
  • the platform marks the interface required by the corresponding application context based on the needs of each tenant to access the service, and the application context interface programming has a corresponding relationship with the corresponding first identification information and/or second identification information to determine the application context
  • the customized function realization class and/or each general function realization class corresponding to each interface are specified by the application context.
  • the function realization class refers to the ClassAnnotation annotation, and through the function identification of the interface to which the application context belongs, the two form an association relationship.
  • the function identification of the interface required by the application context and the definition annotation of the function realization class are used for the corresponding application context interface It is bound with the function implementation class to generate the application context corresponding to the tenant access service, and is identified by the tenant identification information corresponding to the tenant access service.
  • the specific implementation process of obtaining tenant credential information by analyzing the access service request is as follows:
  • the access service type is a non-logged-in access service, parse the access service request to obtain the tenant credential information corresponding to the tenant client as a secret key;
  • the access service type is a login state access service
  • the access service request is parsed, and the tenant credential information corresponding to the tenant client is obtained as a tenant identity token.
  • the platform server intercepts the access service request initiated by the tenant client through a request interceptor.
  • the request interceptor can filter and verify access requests from the virtual application platform. The login status of the user, whether the tenant credential information in the service access request is invalid, etc.
  • the session corresponding to the token is queried from the server cache, and the session validity period is obtained from the session. If the request is received time Within the validity period of the tenant identity token, it indicates that the tenant identity token is still valid and the processing flow of the access service request is executed normally; if the request receiving time exceeds the validity period of the tenant identity token, it indicates that the tenant identity order If the card is invalid, the request fails, and the processing logic of tenant identity token invalidation is executed. If a prompt message is sent to the tenant client to prompt the user to log in timeout, please log in again.
  • the request interceptor is used to intercept the client's service access request and obtain the current login token from the cookie of the service request, query the session from the server cache according to the token, and obtain tenant information from the session. , And execute the corresponding tenant access request processing logic through the type of the tenant identification information, where the type of access service can be a non-logged-in state and a logged-on state.
  • the tenant identity token needs to be carried in the access service request for the interceptor to verify, and the corresponding login state tenant access service request processing logic is executed, such as entering the corresponding tenant Access to the service interface, with customized functions for calling tenants to access the service, and interaction authority for functional communication with the platform server, etc.
  • tenant credential information obtain and analyze corresponding tenant information to obtain tenant identification information
  • tenant credential information is a tenant identity token
  • the tenant identity token in the tenant access request needs to be verified. If the verification is successful, it is the tenant customer
  • the client creates a corresponding session object and stores the tenant information for the function call interaction with the platform server. If the user calls function A through the tenant client, the session object communicates with the platform server to obtain the function implementation class corresponding to the function A.
  • the platform server generates corresponding session identification information for each tenant to access the service, which is stored by the platform server on the one hand, and sent to the tenant client on the other hand and stored as a cookie.
  • the tenant information to which the tenant access service belongs is obtained from the session object, and stored in the storage area of the platform server to call based on the tenant information The corresponding implementation class.
  • the tenant identification information determine the application context corresponding to the tenant client's access service and assign it to the thread where the access service request is located.
  • the first identification information or the second identification information determine the corresponding function realization class in the tenant information stored in the session object, and instantiate the application context interface corresponding to the client service processing through the function realization class.
  • the header of the service processing request initiated when the tenant client invokes the customized function will carry the session identification information for the platform server to retrieve the corresponding session object, and also need to carry the implementation class identification information corresponding to the customized function. For the platform server to identify the required function implementation class.
  • the user's invocation of the customized function on the virtual application platform is based on the instantiation of the application context interface by the function implementation class, and the instantiation of the application context interface is implemented by the dynamic agent.
  • the tenant information is obtained from the session object created by the tenant server when the tenant client logs in, and the interface corresponding to the function implementation class instantiation corresponding to the custom function is obtained.
  • the QR code of the login client is displayed on the authentication authorization page for the second client to scan and perform biometric authentication and user click authorization on the login client; If the second client has authorized the login client, it will log in directly without authentication and authorization; if the second client has not authorized the login client, it will need to perform the initial authentication and authorization, and then log in directly to achieve Password-free login of the second client to the first client.
  • the receiving module 301 is configured to read a tenant configuration file, where the tenant configuration file contains a customized function implementation class and/or a general function implementation class corresponding to each tenant's access service;
  • the creation module 302 is configured to create an application context corresponding to each tenant access service based on the customized function realization class and/or general function realization class corresponding to each tenant access service;
  • the parsing module 303 is configured to receive and parse the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; obtain and parse the corresponding tenant information according to the tenant credential information to obtain the tenant identification information;
  • the allocation module 304 is configured to determine the application context corresponding to the access service of the tenant client to the thread where the access service request is located according to the tenant identification information.
  • an HTTP authentication request is initiated to the authentication server, and the authentication server generates a QR code with the identification information of the first client by parsing the authentication request; the second client Initiate an authentication request to the authentication server by scanning the QR code, requesting the authentication server to determine whether the authentication server has authorized password-free login to the first client; if the second client has authorized the first client, Then the authentication server does not need to authenticate the corresponding user of the authentication server again, and the second client directly authorizes the password-free login to the first client; if the second client has not authorized the first client, the authentication server is required
  • the authentication server authenticates the user, and after the authentication is completed, the second client authorizes to log in to the first client without secret, store the authorization record, and respond to the first client by returning the user information acquisition code to the first client
  • the HTTP authentication request initiated by the client has passed.
  • the first client can also obtain the user information corresponding to the second client through the user information acquisition code.
  • another embodiment of the device for implementing multi-tenant access services in the embodiment of the present application includes:
  • the receiving module 401 is configured to read a tenant configuration file, where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
  • the creation module 402 is configured to create an application context corresponding to each tenant's access service based on the customized function realization class and/or general function realization class corresponding to each tenant's access service;
  • the parsing module 403 is configured to receive and parse the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; obtain the corresponding tenant information according to the tenant credential information and analyze it to obtain the tenant identification information;
  • the allocation module 404 is configured to determine the application context corresponding to the access service of the tenant client to the thread where the access service request is located according to the tenant identification information.
  • the device for implementing multi-tenant access services further includes a startup module 405, which is specifically configured to:
  • one of the preset general function implementation classes is selected as the implementation class corresponding to the interface required by the default application context.
  • the creation module 402 includes a parsing unit 4021, a screening unit 4022, and a matching unit 4023, which are used for:
  • the first parsing unit 4021 is configured to parse the tenant configuration file to obtain the customized function realization class with the first identification information and/or the general function realization class with the second identification information corresponding to each tenant's access service;
  • the screening unit 4022 is configured to determine the application context and the implementation class of each customized function and/or based on the first identification information and/or the second identification information, and the required interface for each tenant to access the application context corresponding to the service.
  • the matching unit 4023 is configured to bind the required interface with the corresponding customized function realization class and/or general function realization class based on the association relationship, and generate the application context corresponding to each tenant access service and use the corresponding tenant’s
  • the tenant identification information is used for identification.
  • the parsing module 403 includes an intercepting unit 4031, a discrimination unit 4032, and a parsing unit 4033, which are used for:
  • the intercepting unit 4031 is configured to intercept the service access request initiated by the tenant client;
  • the determining unit 4032 is configured to determine the access service type of the tenant client according to the access service request;
  • the second parsing unit 4033 is configured to parse the access service request if the access service type is a non-login access service, and obtain the tenant credential information corresponding to the tenant client as a secret key; if the access service type To access the service in the login state, the access service request is parsed, and the tenant credential information corresponding to the tenant client is obtained as the tenant identity token.
  • the device for implementing multi-tenant access services further includes a recording module 406, which is used to:
  • tenant credential information is a tenant identity token
  • the allocation module 404 is also used for:
  • the corresponding function realization class in the tenant information stored in the session object is determined, and the application context interface corresponding to the client service processing is instantiated through the function realization class.
  • the QR code of the login client is displayed on the authentication authorization page for the second client to scan and perform biometric authentication and user click authorization on the login client; If the second client has authorized the login client, it will log in directly without authentication and authorization; if the second client has not authorized the login client, it will need to perform the initial authentication and authorization, and then log in directly to achieve Password-free login of the second client to the first client.
  • FIG. 5 is a schematic structural diagram of a device for implementing multi-tenant access services provided by an embodiment of the present application.
  • the device 500 for implementing multi-tenant access services may have relatively large differences due to different configurations or performances, and may include one or more processors (central processing units, CPU) 510 (for example, one or more processors) and memory 520, one or more storage media 530 (for example, one or one storage device with a large amount of storage) storing application programs 533 or data 532.
  • the memory 520 and the storage medium 530 may be short-term storage or persistent storage.
  • the program stored in the storage medium 530 may include one or more modules (not shown in the figure), and each module may include a series of instruction operations in the device 500 for implementing multi-tenant access services. Further, the processor 510 may be configured to communicate with the storage medium 530, and execute a series of instruction operations in the storage medium 530 on the device 500 for implementing multi-tenant access services.
  • the device 500 for implementing multi-tenant access services may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input and output interfaces 560, and/or one or more operating systems 531, for example Windows Serve, Mac OS X, Unix, Linux, FreeBSD, etc.
  • operating systems 531 for example Windows Serve, Mac OS X, Unix, Linux, FreeBSD, etc.
  • the computer-readable storage medium may be a non-volatile computer-readable storage medium, and the computer-readable storage medium may also be a volatile computer-readable storage medium.
  • the computer-readable storage medium stores instructions, and when the instructions are executed on the computer, the computer executes the following steps:
  • Reading a tenant configuration file where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
  • tenant credential information obtain and analyze corresponding tenant information to obtain tenant identification information
  • the application context corresponding to the access service of the tenant client is determined and assigned to the thread where the service access request is located.
  • the computer-readable storage medium may mainly include a storage program area and a storage data area, where the storage program area may store an operating system, an application program required by at least one function, etc.; the storage data area may store Data created by the use of nodes, etc.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , Including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disks or optical disks and other media that can store program codes. .
  • the blockchain referred to in this application is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
  • Blockchain essentially a decentralized database, is a series of data blocks associated with cryptographic methods. Each data block contains a batch of network transaction information for verification. The validity of the information (anti-counterfeiting) and the generation of the next block.
  • the blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer.

Abstract

The present application relates to artificial intelligence, and provides a multi-tenant access service implementation method, apparatus and device, and a storage medium. The method comprises: by modifying underlying technology of a multi-tenant architecture, modifying, on the same platform, an application context adaptive to one tenant access service into an application context adaptive to multiple independent tenant access services, configuring a universal function implementation class and a tenant customized function implementation class for each tenant access service, and by programming to an interface of the application context, starting an instance corresponding to each function implementation class; in a service starting stage, first loading the corresponding application context for each tenant access service; and in a service operation process, acquiring the corresponding application context by means of tenant credential information of a tenant client, accessing the current thread, and starting a corresponding tenant access service. Moreover, the present application also relates to blockchain technology, and related information can be stored in a blockchain node. In the present application, and multiple customized services are provided on the multi-tenant architecture.

Description

多租户访问服务实现方法、装置、设备及存储介质Multi-tenant access service realization method, device, equipment and storage medium
本申请要求于2020年4月28日提交中国专利局、申请号为202010350026.4、发明名称为“多租户访问服务实现方法、装置、设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on April 28, 2020, the application number is 202010350026.4, and the invention title is "Multi-tenant access service implementation methods, devices, equipment and storage media". The entire content of the application is approved The reference is incorporated in the application.
技术领域Technical field
本申请涉及人工智能领域,尤其涉及一种多租户访问服务实现方法、装置、设备及存储介质。This application relates to the field of artificial intelligence, and in particular to a method, device, equipment and storage medium for implementing multi-tenant access services.
背景技术Background technique
微服务作为一项在云中部署应用和服务的新技术已成为当下最新的热门话题。微服务技术的发展最先在于解决传统大型软件的开发、测试、部署与维护问题,每个功能模块的修改都需要考虑软件应用整体的变动,而微服务技术将整个大的应用切割成多个独立的小模块,每个小模块基本上只需要负责各自的业务功能开发、测试、部署、运维即可。而现今,微服务更是作为软件应用模式创新的领头羊,从传统的企业内部部署软件产品到使用云端部署,定义了一种新的交付方式,减少本地部署所需的大量前期投入,将软件应用回归到其本质的服务属性。As a new technology for deploying applications and services in the cloud, microservices have become the latest hot topic. The development of microservice technology is first to solve the problems of traditional large-scale software development, testing, deployment and maintenance. The modification of each functional module needs to consider the overall changes of the software application, and the microservice technology divides the entire large application into multiple Independent small modules, each small module basically only needs to be responsible for its own business function development, testing, deployment, operation and maintenance. Nowadays, microservices are the leader in software application model innovation. From traditional enterprise internal deployment of software products to cloud deployment, a new delivery method is defined, which reduces the large upfront investment required for local deployment and integrates software The application returns to its essential service attributes.
现今的微服务使用多租户架构,同一套服务面向多个客户,需要尽量满足多租户各自的需求。对于个人用户,平台仅需满足公共需求即可。发明人意识到,对于企业用户,则需要尽量满足,但是由于客户需求各种各样,甚至相互冲突,所以很难面向企业用户展开。往往为了满足一个租户的需求,影响了其它租户的业务。故如何在多租户架构上提供多套定制化服务以满足不同用户需求?Today's microservices use a multi-tenant architecture. The same set of services is for multiple customers and needs to meet the needs of multiple tenants as much as possible. For individual users, the platform only needs to meet public needs. The inventor realizes that for enterprise users, it needs to be satisfied as much as possible, but due to the various customer needs and even conflicts, it is difficult to develop for enterprise users. Often in order to meet the needs of one tenant, it affects the businesses of other tenants. So how to provide multiple sets of customized services on the multi-tenant architecture to meet the needs of different users?
发明内容Summary of the invention
本申请的主要目的在于解决如何在多租户架构上提供多套定制化服务以满足不同用户需求的问题。The main purpose of this application is to solve the problem of how to provide multiple sets of customized services on a multi-tenant architecture to meet the needs of different users.
为实现上述目的,本申请第一方面提供了一种多租户访问服务实现方法,包括:读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。To achieve the above objective, the first aspect of this application provides a multi-tenant access service implementation method, including: reading a tenant configuration file, the tenant configuration file contains the customized function implementation class corresponding to each tenant access service and/or General function realization class; based on the custom function realization class and/or general function realization class corresponding to each tenant access service, create the application context corresponding to each tenant access service; receive and parse the access service request initiated by the tenant client to obtain The tenant credential information corresponding to the tenant client; obtain and parse the corresponding tenant information according to the tenant credential information to obtain tenant identification information; determine the application context corresponding to the tenant client to access the service according to the tenant identification information And assigned to the thread where the access service request is located.
本申请第二方面提供了一种多租户访问服务实现设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现如下步骤:读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。The second aspect of the present application provides a device for implementing multi-tenant access services, including a memory, a processor, and computer-readable instructions stored on the memory and running on the processor, and the processor executes the The computer-readable instructions implement the following steps: read the tenant configuration file, the tenant configuration file contains the customized function implementation class and/or the general function implementation class corresponding to each tenant access service; based on the corresponding tenant access service Customize function implementation classes and/or general function implementation classes to create an application context corresponding to each tenant's access service; receive and parse the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; The tenant credential information obtains and analyzes the corresponding tenant information to obtain tenant identification information; according to the tenant identification information, the application context corresponding to the tenant client's access service is determined and assigned to the thread where the access service request is located.
本申请第三方面提供了一种计算机可读存储介质,所述计算机可读存储介质中存储有计算机指令,当所述计算机指令在计算机上运行时,使得计算机执行如下步骤:读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;接收租户客户端发起的访问服务请求并解析,得到所 述租户客户端对应的租户凭证信息;根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。The third aspect of the present application provides a computer-readable storage medium, which stores computer instructions, and when the computer instructions are run on the computer, the computer executes the following steps: read the tenant configuration file , The tenant configuration file contains the customized function realization class and/or general function realization class corresponding to each tenant access service; based on the custom function realization class and/or general function realization class corresponding to each tenant access service, each An application context corresponding to the tenant's access service; receiving and parsing an access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; according to the tenant credential information, obtaining the corresponding tenant information and analyzing it to obtain the tenant Identification information; according to the tenant identification information, the application context corresponding to the tenant client's access service is determined and assigned to the thread where the access service request is located.
本申请第四方面提供了一种多租户访问服务实现装置,包括:接收模块,用于读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;创建模块,用于基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;解析模块,用于接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;分配模块,用于根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。The fourth aspect of the application provides a device for implementing multi-tenant access services, including: a receiving module for reading tenant configuration files, the tenant configuration files containing customized function implementation classes corresponding to each tenant access service and/or General function realization class; creation module, used to create the application context corresponding to each tenant access service based on the custom function realization class and/or general function realization class corresponding to each tenant access service; parsing module, used to receive tenant customers Access service request initiated by the client and parsed to obtain the tenant credential information corresponding to the tenant client; according to the tenant credential information, the corresponding tenant information is obtained and parsed to obtain the tenant identification information; the allocation module is used to obtain the tenant identification information according to the tenant credential information. The identification information determines the application context corresponding to the access service of the tenant client and assigns it to the thread where the access service request is located.
本申请提供的技术方案中,读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。本申请实施例中,获得在多租户架构上提供多套定制化服务的有益效果。In the technical solution provided by this application, the tenant configuration file is read, and the tenant configuration file contains the customized function realization class and/or the general function realization class corresponding to each tenant access service; based on the customization corresponding to each tenant access service The function realization class and/or the general function realization class create the application context corresponding to each tenant's access service; receive and analyze the service access request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; The credential information obtains and analyzes corresponding tenant information to obtain tenant identification information; according to the tenant identification information, the application context corresponding to the tenant client access service is determined and assigned to the thread where the access service request is located. In the embodiments of the present application, the beneficial effect of providing multiple sets of customized services on a multi-tenant architecture is obtained.
附图说明Description of the drawings
图1为本申请实施例中多租户访问服务实现方法的一个实施例示意图;FIG. 1 is a schematic diagram of an embodiment of a method for implementing multi-tenant access services in an embodiment of the application;
图2为本申请实施例中多租户访问服务实现方法的另一个实施例示意图;2 is a schematic diagram of another embodiment of a method for implementing multi-tenant access services in an embodiment of the application;
图3为本申请实施例中多租户访问服务实现装置的一个实施例示意图;Fig. 3 is a schematic diagram of an embodiment of a device for implementing multi-tenant access services in an embodiment of the application;
图4为本申请实施例中多租户访问服务实现装置的另一个实施例示意图;FIG. 4 is a schematic diagram of another embodiment of a device for implementing multi-tenant access services in an embodiment of the application;
图5为本申请实施例中多租户访问服务实现设备的一个实施例示意图。Figure 5 is a schematic diagram of an embodiment of a device for implementing multi-tenant access services in an embodiment of the application.
具体实施方式Detailed ways
本申请实施例提供了一种多租户访问服务实现方法、装置、设备及存储介质,通过修改多租户架构的底层技术,将同一个平台上适配一套租户访问服务的应用上下文修改为适配多套独立租户访问服务的应用上下文,并为每套租户访问服务配置通用的功能实现类与租户定制功能实现类,通过应用上下文的接口编程启动每个功能实现类对应的实例;在服务启动阶段,先为每套租户访问服务加载对应的应用上下文;在服务运行过程,通过租户客户端的租户凭证信息获取对应的应用上下文并接入当前线程,启动对应的租户访问服务,以获得通过优化多租户架构满足多用户不同需求的有益效果。The embodiments of the present application provide a method, device, device and storage medium for implementing multi-tenant access services. By modifying the underlying technology of the multi-tenant architecture, the application context that adapts to a set of tenant access services on the same platform is modified to adapt. Multiple sets of independent tenants access the application context of the service, and configure common function realization classes and tenant customization function realization classes for each set of tenant access services, and start the corresponding instance of each function realization class through the application context interface programming; in the service startup phase , First load the corresponding application context for each set of tenant access services; in the service running process, obtain the corresponding application context through the tenant credential information of the tenant client and access the current thread, and start the corresponding tenant access service to obtain optimized multi-tenancy The architecture meets the beneficial effects of the different needs of multiple users.
本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”、“第三”、“第四”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”或“具有”及其任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second", "third", "fourth", etc. (if any) in the description and claims of this application and the above-mentioned drawings are used to distinguish similar objects, without having to use To describe a specific order or sequence. It should be understood that the data used in this way can be interchanged under appropriate circumstances so that the embodiments described herein can be implemented in a sequence other than the content illustrated or described herein. In addition, the terms "including" or "having" and any variations thereof are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or device that includes a series of steps or units is not necessarily limited to those clearly listed. Steps or units, but may include other steps or units that are not clearly listed or are inherent to these processes, methods, products, or equipment.
为便于理解,下面对本申请实施例的具体流程进行描述,请参阅图1,本申请实施例中多租户访问服务实现方法的一个实施例包括:For ease of understanding, the following describes the specific process of the embodiment of the present application. Please refer to FIG. 1. An embodiment of the method for implementing multi-tenant access services in the embodiment of the present application includes:
101、读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;101. Read a tenant configuration file, where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
可以理解的是,本申请的执行主体可以为多租户访问服务实现装置,还可以是终端或者服务器,具体此处不做限定。本申请实施例以服务器为执行主体为例进行说明。It is understandable that the execution subject of this application may be a device for implementing multi-tenant access services, and may also be a terminal or a server, which is not specifically limited here. The embodiment of the present application takes the server as the execution subject as an example for description.
本实施例中,通过spring框架讲解本申请方法的具体实施方式。在本系统开发时,已创建一外部配置文件并储存有租户信息表与功能实现类;在租户访问服务启动时,根据租户信息表内说明的每一租户访问服务对应定制功能实现类和/或通用功能实现类以启动实例。In this embodiment, the specific implementation of the method of this application is explained through the spring framework. During the development of this system, an external configuration file has been created and stored with the tenant information table and function realization classes; when the tenant access service is started, the function realization classes and/or customized function realization classes corresponding to each tenant access service specified in the tenant information table are used Common function implementation class to start the instance.
如租户访问服务A包含Comonbean1、Comonbean2、Comonbean3、Comonbean4;租户访问服务B包含Comonbean1、Comonbean3、bean110、bean121,其中,Comonbean为通用功能实现类,bean为定制功能实现类。For example, tenant access service A includes Comonbean1, Comonbean2, Coonbean3, and Comonbean4; tenant access service B includes Comonbean1, Comonbean3, bean110, and bean121. Among them, Comonbean is a generic function implementation class, and bean is a custom function implementation class.
102、基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;102. Create an application context corresponding to each tenant access service based on the customized function implementation class and/or general function implementation class corresponding to each tenant access service;
本实施例中,spring属于一种容器框架,这里我们修改spring的底层技术应用上下文容器,将本来平台全局只有一套应用上下文修改为每个租户访问服务拥有各自的应用上下文。首先将适配一套租户访问服务的应用上下文环境修改为适配多套租户访问服务的应用上下文环境,平台服务端在获取得到每一租户访问服务的定制功能实现类和/或通用功能实现类后,基于每一租户访问服务的不同需求,标记对应接口编程,每一定制功能实现类标记自身可实现接口与所属租户,每一通用功能实现类标记自身可实现接口,对租户访问服务的每一标记接口与对应的功能实现类进行关联,生成每一租户访问服务对应的应用上下文。In this embodiment, spring belongs to a kind of container framework. Here we modify the application context container of spring's underlying technology, and modify the original platform global only one set of application contexts so that each tenant has its own application context for accessing services. First, modify the application context environment that adapts to one set of tenant access services to the application context environment that adapts to multiple sets of tenant access services. The platform server obtains the customized function implementation class and/or common function implementation class of each tenant access service. Later, based on the different needs of each tenant to access the service, the corresponding interface programming is marked. Each custom function realization class marks its own realization interface and its own tenant, and each general function realization class marks its own realization interface. A tag interface is associated with a corresponding function implementation class, and an application context corresponding to each tenant's access service is generated.
如租户访问服务A标记使用应用上下文环境的接口1、接口2、接口3、接口中的接口1、接口3、接口4、Comonbean1标记实现接口1、Comonbean2标记实现接口2、bean标记实现接口3且属于租户A、bean4标记实现接口4且属于租户A,则在租户访问A的应用上下文环境中,关联Comonbean1与接口1、bean113与接口3、bean114与接口4,得到租户访问服务A的专属应用上下文。For example, tenant access service A is marked to use interface 1, interface 2, interface 3 in the application context, interface 1, interface 3, interface 4, Comonbean1 mark to realize interface 1, Comonbean2 mark to realize interface 2, bean mark to realize interface 3, and Belonging to tenant A and bean4 mark to implement interface 4 and belong to tenant A, then in the application context environment of tenant access A, associate Comonbean1 with interface 1, bean113 and interface 3, bean114 and interface 4, and get the exclusive application context of tenant access service A .
103、接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;103. Receive and parse the access service request initiated by the tenant client to obtain tenant credential information corresponding to the tenant client;
本实施例中,在租户客户端访问由本spring框架搭建的虚拟应用平台时,需向平台服务端发起访问服务请求以进入对应的应用界面,访问服务请求头部带有该租户客户端的租户凭证信息,用于平台服务端验证租户客户端的身份。In this embodiment, when a tenant client accesses the virtual application platform built by the spring framework, it needs to initiate an access service request to the platform server to enter the corresponding application interface. The header of the access service request carries the tenant credential information of the tenant client. , Used for the platform server to verify the identity of the tenant client.
其中一类租户凭证信息为租户身份令牌,其示例为:字段A.字段B.字段C。其中,租户身份令牌最重要的信息为两个“.”之间的负载字段“字段B”,该字段代表租户身份令牌的租户客户端ID、及用于帮助检索租户客户端的创建时间与过期时间,表明本租户身份令牌的身份与有效性。One type of tenant credential information is the tenant identity token, an example of which is: field A, field B, and field C. Among them, the most important information of the tenant identity token is the load field "field B" between the two "."s. This field represents the tenant client ID of the tenant identity token and is used to help retrieve the creation time and time of the tenant client. The expiration time indicates the identity and validity of this tenant's identity token.
104、根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;104. According to the tenant credential information, obtain and analyze corresponding tenant information to obtain tenant identification information;
本实施例中,每个租户访问服务都存储有一份配置的租户信息,并用租户标识信息进行标记。在用户选择所需的租户访问服务时,绑定用户的租户客户端ID与该租户访问服务相应租户信息的租户标识信息。通过上一步获取的租户标识信息内的租户客户端ID,检索对应的租户标识信息,并获取该租户标识信息对应的租户信息,以供平台服务器为租户客户端调用所需的租户访问服务,且可用于后续平台服务端为租户客户端的所需定制服务调用相应的功能实现类。In this embodiment, each tenant access service stores a set of configured tenant information, which is marked with tenant identification information. When the user selects the desired tenant to access the service, the tenant client ID of the user is bound to the tenant identification information corresponding to the tenant information of the tenant to access the service. Through the tenant client ID in the tenant identification information obtained in the previous step, retrieve the corresponding tenant identification information, and obtain the tenant information corresponding to the tenant identification information, so that the platform server can call the tenant access services required by the tenant client, and It can be used for the subsequent platform server to call the corresponding function implementation class for the required customized service of the tenant client.
如租户凭证信息为租户安全令牌时,包含签名后的“字段B”,解码后得到该负载字段内的租户客户端ID,若该租户客户端ID绑定租户信息T的租户标识信息I,则检索租户标识信息I并获取对应的租户信息T。For example, when the tenant credential information is a tenant security token, it includes the signed "field B", and the tenant client ID in the payload field is obtained after decoding. If the tenant client ID is bound to the tenant identification information I of the tenant information T, Then, the tenant identification information I is retrieved and the corresponding tenant information T is obtained.
105、根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。105. According to the tenant identification information, determine the application context corresponding to the tenant client to access the service and assign it to the thread where the service access request is located.
本实施例中,每个租户访问服务对应的应用上下文亦用租户标识信息进行标记,通过检索传入的租户标识信息即可找到租户访问服务对应的应用上下文;而虚拟应用平台依靠该应用上下文实现每个租户独立定制功能,具体是通过调用应用上下文的功能实现类实例化所需接口,这里通过访问服务请求所在线程访问应用上下文即可实现租户客户端的对应租户访问服务。In this embodiment, the application context corresponding to each tenant access service is also marked with tenant identification information, and the application context corresponding to the tenant access service can be found by retrieving the incoming tenant identification information; and the virtual application platform relies on the application context to achieve Each tenant independently customizes the function, specifically by calling the function of the application context to realize the interface required for class instantiation. Here, the corresponding tenant access service of the tenant client can be realized by accessing the application context by accessing the thread where the service request is located.
如租户客户端A默认功能为功能1、功能2、功能3;租户客户端A线程中存在租户访问服务A对应的应用上下文A,实现功能A需要Comonbean1实例化接口1,实现功能2需要bean113实例化接口3,实现功能3需要bean114实例化接口4;将应用上下文A分配至访问服务请求所在线程即可为租户客户端A实现功能1、功能2、功能3。For example, the default function of tenant client A is function 1, function 2, and function 3. In the thread of tenant client A, there is an application context A corresponding to tenant access service A. To realize function A, Comonbean1 needs to instantiate interface 1, and to realize function 2 requires bean113 instance. To implement interface 3, implement function 3 requires bean114 to instantiate interface 4. Assigning application context A to the thread where the service request is accessed can implement function 1, function 2, and function 3 for tenant client A.
本申请实施例中,通过修改多租户架构的底层技术,将同一个平台上适配一套租户访问服务的应用上下文修改为适配多套独立租户访问服务的应用上下文,并为每套租户访问服务配置通用的功能实现类与租户定制功能实现类,通过应用上下文的接口编程启动每个功能实现类对应的实例;在服务启动阶段,先为每套租户访问服务加载对应的应用上下文;在服务运行过程,通过租户客户端的租户凭证信息获取对应的应用上下文并接入当前线程,启动对应的租户访问服务,以获得在多租户架构上提供多套定制化服务的有益效果。In the embodiment of this application, by modifying the underlying technology of the multi-tenant architecture, the application context that adapts to one set of tenant access services on the same platform is modified to the application context that adapts to multiple sets of independent tenant access services, and provides access for each set of tenants. Service configuration common function realization class and tenant customization function realization class, through the application context interface programming to start the corresponding instance of each function realization class; in the service start phase, first load the corresponding application context for each set of tenants to access the service; In the running process, the corresponding application context is obtained through the tenant credential information of the tenant client and access to the current thread, and the corresponding tenant access service is started, so as to obtain the beneficial effect of providing multiple sets of customized services on the multi-tenant architecture.
请参阅图2,本申请实施例中多租户访问服务实现方法的另一个实施例包括:Referring to FIG. 2, another embodiment of the method for implementing multi-tenant access services in the embodiment of the present application includes:
201、加载预置的默认应用上下文,以供实现各租户访问服务的通用功能;201. Load a preset default application context for realizing common functions for each tenant to access services;
202、判断所述默认应用上下文所需接口对应一个或多个通用功能实现类;202. Determine that the interface required by the default application context corresponds to one or more general function implementation classes;
203、若对应一个通用功能实现类,则以该通用功能实现类作为所述默认应用上下文的接口对应的实现类;203. If it corresponds to a general function implementation class, use the general function implementation class as the implementation class corresponding to the interface of the default application context;
204、若对应多个通用功能实现类,则选择其中一个预置通用功能实现类作为所述默认应用上下文所需接口对应的实现类。204. If there are multiple general function implementation classes, select one of the preset general function implementation classes as the implementation class corresponding to the interface required by the default application context.
本实施例中,在租户访问服务启动时,亦会加载一套通用的租户访问服务,构建默认的应用上下文。对于没有定制化功能权限的用户,以访问通用功能的方式访问其租户访问服务。In this embodiment, when the tenant access service is started, a set of common tenant access services will also be loaded to construct a default application context. For users who do not have the authority to customize functions, they can access their tenant access services by accessing common functions.
本实施例中,对于默认应用上下所需接口与通用功能实现类的关联关系可通过所需接口的编程信息与通用功能实现类所属接口的标记信息进行判断。In this embodiment, the association relationship between the required interface of the default application and the general function realization class can be judged through the programming information of the required interface and the label information of the interface to which the general function realization class belongs.
本实施例中,默认应用上下文所需接口可能对应多个通用功能实现类与定制功能实现类,由于定制功能实现类不仅标记自身实现接口,亦标记其所属租户访问服务且不包括本通用租户访问服务,,而每个应用上下文所需接口亦标记自身引用偏好,故平台服务端在选择默认应用上下文所需接口对应的多个功能实现类时,通过该引用偏好标记选择预置通用功能实现类。In this embodiment, the interface required by the default application context may correspond to multiple general function implementation classes and custom function implementation classes. Because the custom function implementation class not only marks its own implementation interface, but also marks its tenant access service and does not include the general tenant access Service, and the interface required by each application context is also marked with its own reference preference, so when the platform server selects multiple function implementation classes corresponding to the interface required by the default application context, it selects the preset common function implementation class through the reference preference mark .
例如,与默认应用上下文所需接口A对应的实现类有:Comonbean3、Comonbean4、Comonbean5、bean3、bean4、bean5,则平台服务器直接从Comonbean3、Comonbean4、Comonbean5三个通用实现类中筛选用于实例化接口A所需的通用实现类。For example, the implementation classes corresponding to interface A required by the default application context are: Comonbean3, Coonbean4, Coonbean5, bean3, bean4, bean5, and the platform server directly selects the three common implementation classes from Comonbean3, Coonbean4, and Coonbean5 for instantiating the interface. A required common implementation class.
本实施例中,通过在租户访问服务启动时加载默认应用上下文,可用于后续租户客户端调用该默认应用上下文使用通用租户访问服务。In this embodiment, by loading the default application context when the tenant access service starts, it can be used for subsequent tenant clients to call the default application context to use the general tenant access service.
205、读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;205. Read a tenant configuration file, where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
206、基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;206. Create an application context corresponding to each tenant access service based on the customized function implementation class and/or general function implementation class corresponding to each tenant access service;
本实施例中,每一租户访问服务对应的应用上下文具体创建过程如下:In this embodiment, the specific creation process of the application context corresponding to each tenant's access service is as follows:
解析租户配置文件,获得各租户访问服务对应的带有第一标识信息的定制功能实现类和/或带有第二标识信息的通用功能实现类;Parse the tenant configuration file to obtain the customized function implementation class with the first identification information and/or the general function implementation class with the second identification information corresponding to each tenant's access service;
基于所述第一标识信息和/或所述第二标识信息、以及各租户访问服务对应应用上下文的所需接口,确定所述应用上下文与各定制功能实现类和/或各通用功能实现类之间的关联关系;Based on the first identification information and/or the second identification information, and the required interface of the application context corresponding to each tenant to access the service, determine the application context and each customized function implementation class and/or each general function implementation class Relationship between
基于所述关联关系,将所述所需接口与对应的定制功能实现类和/或通用功能实现类进行绑定,生成每一租户访问服务对应应用上下文并使用对应租户的租户标识信息进行标识。Based on the association relationship, bind the required interface with the corresponding customized function realization class and/or general function realization class, generate the application context corresponding to each tenant access service and use the tenant identification information of the corresponding tenant for identification.
本实施例中,本申请可通过动态代理实现运行过程中实例的创建与切换,租户配置文件内存储有各租户访问服务的对应功能实现类,每一功能实现类均以标识信息进行标识。定制功能实现类对应的第一标识信息用于识别所实现接口与所属租户,通用功能实现类对应的第二标识信息用于识别所实现接口。In this embodiment, the application can implement the creation and switching of instances during operation through dynamic agents. The tenant configuration file stores corresponding function implementation classes for each tenant to access services, and each function implementation class is identified by identification information. The first identification information corresponding to the customized function implementation class is used to identify the implemented interface and the tenant to which it belongs, and the second identification information corresponding to the general function implementation class is used to identify the implemented interface.
在租户使用过程中调用功能时可通过动态代理实现应用上下文中实例的创建与调用,服务启动时,需要定义注解、应用上下文接口与对功能实现类进行注解声明。比如,定义一个名为AbcAnnotation的注解,在@Target中传入ElementType.TYPE以标明注解可用于功能实现类及接口,以@Retention(RetentionPolicy.RUNTIME)表示该注解生存期是在运行时,租户服务端通过功能实现类与该AbcAnnotation注解的引用关系,即可调用相应的功能实现类。When a function is invoked during the use of the tenant, the creation and invocation of instances in the application context can be realized through a dynamic proxy. When the service is started, it is necessary to define annotations, application context interfaces, and annotate declarations for function implementation classes. For example, define an annotation named AbcAnnotation, pass ElementType.TYPE in @Target to indicate that the annotation can be used for function implementation classes and interfaces, and @Retention(RetentionPolicy.RUNTIME) indicates that the annotation lifetime is at runtime, and tenant services Through the reference relationship between the function realization class and the AbcAnnotation annotation, the corresponding function realization class can be called.
本实施例中,本平台基于每一租户访问服务的需求,标记对应的应用上下文所需接口,应用上下文接口编程与对应的第一标识信息和/或第二标识信息具有对应关系,确定应用上下文每一接口对应的定制功能实现类和/或各通用功能实现类。In this embodiment, the platform marks the interface required by the corresponding application context based on the needs of each tenant to access the service, and the application context interface programming has a corresponding relationship with the corresponding first identification information and/or second identification information to determine the application context The customized function realization class and/or each general function realization class corresponding to each interface.
本实施例中,功能实现类引用ClassAnnotation注解,并通过应用上下文所属接口的功能标识,两者形成关联关系,通过应用上下文所需接口的功能标识与功能实现类的定义注解对相应的应用上下文接口与功能实现类进行绑定以生成租户访问服务对应的应用上下文,并由所属租户访问服务对应的租户标识信息进行标识。In this embodiment, the function realization class refers to the ClassAnnotation annotation, and through the function identification of the interface to which the application context belongs, the two form an association relationship. The function identification of the interface required by the application context and the definition annotation of the function realization class are used for the corresponding application context interface It is bound with the function implementation class to generate the application context corresponding to the tenant access service, and is identified by the tenant identification information corresponding to the tenant access service.
207、接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;207. Receive and parse the access service request initiated by the tenant client to obtain tenant credential information corresponding to the tenant client;
本实施例中,以访问服务请求解析得到租户凭证信息的具体实现过程如下所示:In this embodiment, the specific implementation process of obtaining tenant credential information by analyzing the access service request is as follows:
拦截所述租户客户端发起的访问服务请求;Intercepting the service access request initiated by the tenant client;
根据所述访问服务请求,确定所述租户客户端的访问服务类型;Determine the type of access service of the tenant client according to the access service request;
若所述访问服务类型为非登录态访问服务,则解析所述访问服务请求,得到所述租户客户端对应的租户凭证信息为秘钥;If the access service type is a non-logged-in access service, parse the access service request to obtain the tenant credential information corresponding to the tenant client as a secret key;
若所述访问服务类型为登录态访问服务,则解析所述访问服务请求,得到所述租户客户端对应的租户凭证信息为租户身份令牌。If the access service type is a login state access service, the access service request is parsed, and the tenant credential information corresponding to the tenant client is obtained as a tenant identity token.
本实施例中,当用户通过租户客户端访问本虚拟应用平台时,平台服务器通过请求拦截器拦截租户客户端发起的访问服务请求,该请求拦截器可过滤非本虚拟应用平台的访问请求、验证用户的登录状态、判断访问服务请求内的租户凭证信息是否失效等。In this embodiment, when a user accesses the virtual application platform through a tenant client, the platform server intercepts the access service request initiated by the tenant client through a request interceptor. The request interceptor can filter and verify access requests from the virtual application platform. The login status of the user, whether the tenant credential information in the service access request is invalid, etc.
如若通过请求拦截器拦截所得的访问服务请求携带租户身份令牌,根据身份令牌,从服务器缓存中查询该令牌所对应的会话(session),从会话中获取会话有效期,若该请求接收时间在该租户身份令牌有效期时间内,则表明该租户身份令牌仍有效,正常执行访问服务请求的处理流程;若该请求接收时间超出该租户身份令牌的有效期时间,则表明该租户身份令牌已失效,请求失败,执行租户身份令牌失效的处理逻辑,如发送提示信息至租户客户端以提示用户登录超时,请重新登录。If the access service request intercepted by the request interceptor carries the tenant identity token, according to the identity token, the session corresponding to the token is queried from the server cache, and the session validity period is obtained from the session. If the request is received time Within the validity period of the tenant identity token, it indicates that the tenant identity token is still valid and the processing flow of the access service request is executed normally; if the request receiving time exceeds the validity period of the tenant identity token, it indicates that the tenant identity order If the card is invalid, the request fails, and the processing logic of tenant identity token invalidation is executed. If a prompt message is sent to the tenant client to prompt the user to log in timeout, please log in again.
本实施例中,通过请求拦截器拦截客户端发出的访问服务请求并从服务请求的cookie中获取当前登录令牌,根据令牌从服务器缓存中查询会话(session),从会话中获取到租户信息,并通过该租户标识信息的类型,执行相应的租户访问请求处理逻辑,这里访问服务类型可以为非登录态与登录态。In this embodiment, the request interceptor is used to intercept the client's service access request and obtain the current login token from the cookie of the service request, query the session from the server cache according to the token, and obtain tenant information from the session. , And execute the corresponding tenant access request processing logic through the type of the tenant identification information, where the type of access service can be a non-logged-in state and a logged-on state.
本实施例中,在非登录态的租户访问服务中,需要在访问服务请求中加入秘钥以供请求拦截器进行通过验证,并执行相应的非登录态租户访问请求处理逻辑,如在成功访问本虚拟应用平台后无法进入业务处理界面、无业务处理历史记录、无部分功能模块的调用权限等。In this embodiment, in the non-logged-in tenant access service, it is necessary to add a secret key to the access service request for the request interceptor to pass the verification, and execute the corresponding non-logged-in tenant access request processing logic, such as successful access After this virtual application platform, it is not possible to enter the business processing interface, there is no business processing history record, and there is no calling authority for some functional modules, etc.
本实施例中,在登录态的租户访问服务中,需要在访问服务请求中携带租户身份令牌以供拦截器进行验证,并执行相应的登录态租户访问服务请求处理逻辑,如进入对应的租户访问服务界面、具有调用租户访问服务对应的定制功能、与平台服务端具有功能沟通的交互权限等。In this embodiment, in the tenant access service in the login state, the tenant identity token needs to be carried in the access service request for the interceptor to verify, and the corresponding login state tenant access service request processing logic is executed, such as entering the corresponding tenant Access to the service interface, with customized functions for calling tenants to access the service, and interaction authority for functional communication with the platform server, etc.
208、根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;208. According to the tenant credential information, obtain and analyze corresponding tenant information to obtain tenant identification information;
209、判断所述租户凭证信息是否为租户身份令牌;209. Determine whether the tenant credential information is a tenant identity token;
210、若所述租户凭证信息为租户身份令牌,基于所述租户身份令牌,创建所述租户客户端对应的会话对象;210. If the tenant credential information is a tenant identity token, create a session object corresponding to the tenant client based on the tenant identity token;
211、生成所述会话对象相应的会话标识信息并发送至租户客户端进行保存;211. Generate session identification information corresponding to the session object and send it to the tenant client for storage.
212、保存所述租户信息至所述会话对象,根据所述会话对象储存的所述租户信息以调用相应实现类。212. Save the tenant information to the session object, and call a corresponding implementation class according to the tenant information stored in the session object.
本实施例中,在登录态的租户访问服务中,在接受到带有租户身份令牌的租户访问请求后,需校验租户访问请求中的租户身份令牌,若检验成功,则为租户客户端创建对应的会话对象,并存入租户信息,以用于与平台服务端的功能调用交互。如用户通过租户客户端调用功能A,则通过会话对象与平台服务端沟通获取实现功能A对应的功能实现类。In this embodiment, in the tenant access service in the login state, after receiving the tenant access request with the tenant identity token, the tenant identity token in the tenant access request needs to be verified. If the verification is successful, it is the tenant customer The client creates a corresponding session object and stores the tenant information for the function call interaction with the platform server. If the user calls function A through the tenant client, the session object communicates with the platform server to obtain the function implementation class corresponding to the function A.
本实施例中,平台服务端为每个租户访问服务生成对应的会话标识信息,一方面由平台服务端进行存储,另一方面发送至租户客户端并作为cookie进行存储。In this embodiment, the platform server generates corresponding session identification information for each tenant to access the service, which is stored by the platform server on the one hand, and sent to the tenant client on the other hand and stored as a cookie.
本实施例中,对于租户客户端发起的业务处理请求中的会话标识信息,从会话对象中获取租户访问服务所属的租户信息,并将其存储至平台服务端的存储区域中,以根据租户信息调用相应实现类。In this embodiment, for the session identification information in the service processing request initiated by the tenant client, the tenant information to which the tenant access service belongs is obtained from the session object, and stored in the storage area of the platform server to call based on the tenant information The corresponding implementation class.
213、根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。213. According to the tenant identification information, determine the application context corresponding to the tenant client's access service and assign it to the thread where the access service request is located.
214、接收所述租户客户端调用定制功能时发起的带有所述会话标识信息以及所述第一标识信息或所述第二标识信息的业务处理请求;214. Receive a service processing request with the session identification information and the first identification information or the second identification information that is initiated when the tenant client invokes the customization function;
215、根据所述会话标识信息,确定所述租户客户端对应的会话对象;215. Determine the session object corresponding to the tenant client according to the session identification information.
216、根据所述第一标识信息或第二标识信息,确定所述会话对象存储的租户信息内对应的功能实现类,并通过所述功能实现类实例化客户端业务处理对应的应用上下文接口。216. According to the first identification information or the second identification information, determine the corresponding function realization class in the tenant information stored in the session object, and instantiate the application context interface corresponding to the client service processing through the function realization class.
本实施例中,租户客户端调用定制功能时发起的业务处理请求头部会携带会话标识信息以供平台服务端检索对应的会话对象,亦需携带实现该定制功能对应的实现类标识信息,以供平台服务端识别所需获取的功能实现类。In this embodiment, the header of the service processing request initiated when the tenant client invokes the customized function will carry the session identification information for the platform server to retrieve the corresponding session object, and also need to carry the implementation class identification information corresponding to the customized function. For the platform server to identify the required function implementation class.
本实施例中,用户在虚拟应用平台对定制功能的调用基于功能实现类对应用上下文接口的实例化,而应用上下文接口的实例化由动态代理实现。在用户调用定制功能时,从租户客户端登录时由租户服务端创建的会话对象中获取租户信息,并获取定制功能对应的功能实现类实例化对应的接口。In this embodiment, the user's invocation of the customized function on the virtual application platform is based on the instantiation of the application context interface by the function implementation class, and the instantiation of the application context interface is implemented by the dynamic agent. When a user calls a custom function, the tenant information is obtained from the session object created by the tenant server when the tenant client logs in, and the interface corresponding to the function implementation class instantiation corresponding to the custom function is obtained.
本申请实施例中,用户点击登录客户端后,在认证授权页面显示该登录客户端的二维 码,以供第二客户端扫描并对该登录客户端进行生物特征认证及用户点击授权;若该第二客户端曾授权该登录客户端,则直接登录,无需进行认证及授权;若该第二客户端未曾授权该登录客户端,则需进行初次认证及授权,后续直接登录即可,以实现第二客户端对第一客户端的免密登录。In the embodiment of this application, after the user clicks to log in to the client, the QR code of the login client is displayed on the authentication authorization page for the second client to scan and perform biometric authentication and user click authorization on the login client; If the second client has authorized the login client, it will log in directly without authentication and authorization; if the second client has not authorized the login client, it will need to perform the initial authentication and authorization, and then log in directly to achieve Password-free login of the second client to the first client.
上面对本申请实施例中多租户访问服务实现方法进行了描述,下面对本申请实施例中多租户访问服务实现装置进行描述,请参阅图3,本申请实施例中多租户访问服务实现装置一个实施例包括:The method for implementing multi-tenant access services in the embodiments of this application is described above, and the device for implementing multi-tenant access services in the embodiments of this application is described below. Please refer to FIG. include:
接收模块301,用于读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;The receiving module 301 is configured to read a tenant configuration file, where the tenant configuration file contains a customized function implementation class and/or a general function implementation class corresponding to each tenant's access service;
创建模块302,用于基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;The creation module 302 is configured to create an application context corresponding to each tenant access service based on the customized function realization class and/or general function realization class corresponding to each tenant access service;
解析模块303,用于接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;The parsing module 303 is configured to receive and parse the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; obtain and parse the corresponding tenant information according to the tenant credential information to obtain the tenant identification information;
分配模块304,用于根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。The allocation module 304 is configured to determine the application context corresponding to the access service of the tenant client to the thread where the access service request is located according to the tenant identification information.
本申请实施例中,在用户登录第一客户端时,向认证服务端发起HTTP认证请求,认证服务端通过解析该认证请求生成带有第一客户端标识信息的二维码;第二客户端通过扫描该二维码向认证服务端发起认证请求,请求认证服务端判断该认证服务端是否曾授权免密登录该第一客户端;若该第二客户端曾授权过该第一客户端,则认证服务端无需再次对认证服务端对应用户进行认证,第二客户端直接授权免密登录该第一客户端;若该第二客户端未曾授权过该第一客户端,则需要认证服务端对认证服务端对用用户进行认证,认证成后再由第二客户端授权免密登录该第一客户端并储存授权记录,并通过携带用户信息获取码返回第一客户端的方式响应第一客户端发起的HTTP认证请求已通过。第一客户端亦可通过该用户信息获取码获取第二客户端对应的用户信息。通过本实施例,第二客户端可实现对第一客户端的免密登录。In the embodiment of the present application, when a user logs in to the first client, an HTTP authentication request is initiated to the authentication server, and the authentication server generates a QR code with the identification information of the first client by parsing the authentication request; the second client Initiate an authentication request to the authentication server by scanning the QR code, requesting the authentication server to determine whether the authentication server has authorized password-free login to the first client; if the second client has authorized the first client, Then the authentication server does not need to authenticate the corresponding user of the authentication server again, and the second client directly authorizes the password-free login to the first client; if the second client has not authorized the first client, the authentication server is required The authentication server authenticates the user, and after the authentication is completed, the second client authorizes to log in to the first client without secret, store the authorization record, and respond to the first client by returning the user information acquisition code to the first client The HTTP authentication request initiated by the client has passed. The first client can also obtain the user information corresponding to the second client through the user information acquisition code. Through this embodiment, the second client can realize secret-free login to the first client.
请参阅图4,本申请实施例中多租户访问服务实现装置的另一个实施例包括:Referring to FIG. 4, another embodiment of the device for implementing multi-tenant access services in the embodiment of the present application includes:
接收模块401,用于读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;The receiving module 401 is configured to read a tenant configuration file, where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
创建模块402,用于基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;The creation module 402 is configured to create an application context corresponding to each tenant's access service based on the customized function realization class and/or general function realization class corresponding to each tenant's access service;
解析模块403,用于接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;The parsing module 403 is configured to receive and parse the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; obtain the corresponding tenant information according to the tenant credential information and analyze it to obtain the tenant identification information;
分配模块404,用于根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。The allocation module 404 is configured to determine the application context corresponding to the access service of the tenant client to the thread where the access service request is located according to the tenant identification information.
具体的,所述多租户访问服务实现装置还包括启动模块405,具体用于:Specifically, the device for implementing multi-tenant access services further includes a startup module 405, which is specifically configured to:
加载预置的默认应用上下文,以供实现各租户访问服务的通用功能;Load the preset default application context to realize the common functions of each tenant to access the service;
判断所述默认应用上下文所需接口是否对应一个或多个通用功能实现类;Judging whether the interface required by the default application context corresponds to one or more general function implementation classes;
若对应一个通用功能实现类,则以该通用功能实现类作为所述默认应用上下文的接口对应的实现类;If it corresponds to a general function realization class, use the general function realization class as the realization class corresponding to the interface of the default application context;
若对应多个通用功能实现类,则选择其中一个预置通用功能实现类作为所述默认应用上下文所需接口对应的实现类。If there are multiple general function implementation classes corresponding, one of the preset general function implementation classes is selected as the implementation class corresponding to the interface required by the default application context.
具体的,所述创建模块402包括解析单元4021、筛选单元4022、匹配单元4023,其用于:Specifically, the creation module 402 includes a parsing unit 4021, a screening unit 4022, and a matching unit 4023, which are used for:
第一解析单元4021,用于解析租户配置文件,获得各租户访问服务对应的带有第一标识信息的定制功能实现类和/或带有第二标识信息的通用功能实现类;The first parsing unit 4021 is configured to parse the tenant configuration file to obtain the customized function realization class with the first identification information and/or the general function realization class with the second identification information corresponding to each tenant's access service;
筛选单元4022,用于基于所述第一标识信息和/或所述第二标识信息、以及各租户访问服务对应应用上下文的所需接口,确定所述应用上下文与各定制功能实现类和/或各通用功能实现类之间的关联关系;The screening unit 4022 is configured to determine the application context and the implementation class of each customized function and/or based on the first identification information and/or the second identification information, and the required interface for each tenant to access the application context corresponding to the service The association relationship between various general function realization classes;
匹配单元4023,用于基于所述关联关系,将所述所需接口与对应的定制功能实现类和/或通用功能实现类进行绑定,生成每一租户访问服务对应应用上下文并使用对应租户的租户标识信息进行标识。The matching unit 4023 is configured to bind the required interface with the corresponding customized function realization class and/or general function realization class based on the association relationship, and generate the application context corresponding to each tenant access service and use the corresponding tenant’s The tenant identification information is used for identification.
具体的,所述解析模块403包括拦截单元4031、判别单元4032、解析单元4033,其用于:Specifically, the parsing module 403 includes an intercepting unit 4031, a discrimination unit 4032, and a parsing unit 4033, which are used for:
拦截单元4031,用于拦截所述租户客户端发起的访问服务请求;The intercepting unit 4031 is configured to intercept the service access request initiated by the tenant client;
判别单元4032,用于根据所述访问服务请求,确定所述租户客户端的访问服务类型;The determining unit 4032 is configured to determine the access service type of the tenant client according to the access service request;
第二解析单元4033,用于若所述访问服务类型为非登录态访问服务,则解析所述访问服务请求,得到所述租户客户端对应的租户凭证信息为秘钥;若所述访问服务类型为登录态访问服务,则解析所述访问服务请求,得到所述租户客户端对应的租户凭证信息为租户身份令牌。The second parsing unit 4033 is configured to parse the access service request if the access service type is a non-login access service, and obtain the tenant credential information corresponding to the tenant client as a secret key; if the access service type To access the service in the login state, the access service request is parsed, and the tenant credential information corresponding to the tenant client is obtained as the tenant identity token.
具体的,所述多租户访问服务实现装置还包括记录模块406,其用于:Specifically, the device for implementing multi-tenant access services further includes a recording module 406, which is used to:
若所述租户凭证信息为租户身份令牌,基于所述租户身份令牌,创建所述租户客户端对应的会话对象;If the tenant credential information is a tenant identity token, create a session object corresponding to the tenant client based on the tenant identity token;
生成所述会话对象相应的会话标识信息并发送至租户客户端进行保存;Generate the session identification information corresponding to the session object and send it to the tenant client for storage;
保存所述租户信息至所述会话对象,根据所述会话对象储存的所述租户信息以调用相应实现类。Save the tenant information to the session object, and call the corresponding implementation class according to the tenant information stored in the session object.
具体的,所述分配模块404还用于:Specifically, the allocation module 404 is also used for:
接收所述租户客户端调用定制功能时发起的带有所述会话标识信息以及所述第一标识信息或所述第二标识信息的业务处理请求;Receiving a service processing request with the session identification information and the first identification information or the second identification information initiated when the tenant client invokes the customization function;
根据所述会话标识信息,确定所述租户客户端对应的会话对象;Determine the session object corresponding to the tenant client according to the session identification information;
根据所述第一标识信息或第二标识信息,确定所述会话对象存储的租户信息内对应的功能实现类,并通过所述功能实现类实例化客户端业务处理对应的应用上下文接口。According to the first identification information or the second identification information, the corresponding function realization class in the tenant information stored in the session object is determined, and the application context interface corresponding to the client service processing is instantiated through the function realization class.
本申请实施例中,用户点击登录客户端后,在认证授权页面显示该登录客户端的二维码,以供第二客户端扫描并对该登录客户端进行生物特征认证及用户点击授权;若该第二客户端曾授权该登录客户端,则直接登录,无需进行认证及授权;若该第二客户端未曾授权该登录客户端,则需进行初次认证及授权,后续直接登录即可,以实现第二客户端对第一客户端的免密登录。In the embodiment of this application, after the user clicks to log in to the client, the QR code of the login client is displayed on the authentication authorization page for the second client to scan and perform biometric authentication and user click authorization on the login client; If the second client has authorized the login client, it will log in directly without authentication and authorization; if the second client has not authorized the login client, it will need to perform the initial authentication and authorization, and then log in directly to achieve Password-free login of the second client to the first client.
上面图3和图4从模块化功能实体的角度对本申请实施例中的多租户访问服务实现装置进行详细描述,下面从硬件处理的角度对本申请实施例中多租户访问服务实现设备进行详细描述。The above figures 3 and 4 describe in detail the multi-tenant access service implementation device in the embodiment of the present application from the perspective of modular functional entities, and the following describes the multi-tenant access service implementation device in the embodiment of the present application in detail from the perspective of hardware processing.
图5是本申请实施例提供的一种多租户访问服务实现设备的结构示意图,该多租户访问服务实现设备500可因配置或性能不同而产生比较大的差异,可以包括一个或一个以上处理器(central processing units,CPU)510(例如,一个或一个以上处理器)和存储器520,一个或一个以上存储应用程序533或数据532的存储介质530(例如一个或一个以上海量存储设备)。其中,存储器520和存储介质530可以是短暂存储或持久存储。存储在存储介 质530的程序可以包括一个或一个以上模块(图示没标出),每个模块可以包括对多租户访问服务实现设备500中的一系列指令操作。更进一步地,处理器510可以设置为与存储介质530通信,在多租户访问服务实现设备500上执行存储介质530中的一系列指令操作。FIG. 5 is a schematic structural diagram of a device for implementing multi-tenant access services provided by an embodiment of the present application. The device 500 for implementing multi-tenant access services may have relatively large differences due to different configurations or performances, and may include one or more processors (central processing units, CPU) 510 (for example, one or more processors) and memory 520, one or more storage media 530 (for example, one or one storage device with a large amount of storage) storing application programs 533 or data 532. Among them, the memory 520 and the storage medium 530 may be short-term storage or persistent storage. The program stored in the storage medium 530 may include one or more modules (not shown in the figure), and each module may include a series of instruction operations in the device 500 for implementing multi-tenant access services. Further, the processor 510 may be configured to communicate with the storage medium 530, and execute a series of instruction operations in the storage medium 530 on the device 500 for implementing multi-tenant access services.
多租户访问服务实现设备500还可以包括一个或一个以上电源540,一个或一个以上有线或无线网络接口550,一个或一个以上输入输出接口560,和/或,一个或一个以上操作系统531,例如Windows Serve,Mac OS X,Unix,Linux,FreeBSD等等。本领域技术人员可以理解,图5示出的多租户访问服务实现设备结构并不构成对多租户访问服务实现设备的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。The device 500 for implementing multi-tenant access services may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input and output interfaces 560, and/or one or more operating systems 531, for example Windows Serve, Mac OS X, Unix, Linux, FreeBSD, etc. Those skilled in the art can understand that the structure of the multi-tenant access service implementation device shown in FIG. 5 does not constitute a limitation on the multi-tenant access service implementation device, and may include more or less components than shown in the figure, or a combination of certain components , Or different component arrangements.
本申请还提供一种计算机可读存储介质,该计算机可读存储介质可以为非易失性计算机可读存储介质,该计算机可读存储介质也可以为易失性计算机可读存储介质,所述计算机可读存储介质中存储有指令,当所述指令在计算机上运行时,使得计算机执行如下步骤:This application also provides a computer-readable storage medium. The computer-readable storage medium may be a non-volatile computer-readable storage medium, and the computer-readable storage medium may also be a volatile computer-readable storage medium. The computer-readable storage medium stores instructions, and when the instructions are executed on the computer, the computer executes the following steps:
读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;Reading a tenant configuration file, where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;Create an application context corresponding to each tenant access service based on the customized function realization class and/or general function realization class corresponding to each tenant access service;
接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;Receiving and analyzing the access service request initiated by the tenant client to obtain tenant credential information corresponding to the tenant client;
根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;According to the tenant credential information, obtain and analyze corresponding tenant information to obtain tenant identification information;
根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。According to the tenant identification information, the application context corresponding to the access service of the tenant client is determined and assigned to the thread where the service access request is located.
进一步地,所述计算机可读存储介质可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序等;存储数据区可存储根据区块链节点的使用所创建的数据等。Further, the computer-readable storage medium may mainly include a storage program area and a storage data area, where the storage program area may store an operating system, an application program required by at least one function, etc.; the storage data area may store Data created by the use of nodes, etc.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that, for the convenience and conciseness of the description, the specific working process of the above-described system, device, and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本申请各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(read-only memory,ROM)、随机存取存储器(random access memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium. Based on this understanding, the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , Including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disks or optical disks and other media that can store program codes. .
本申请所指区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。区块链(Blockchain),本质上是一个去中心化的数据库,是一串使用密码学方法相关联产生的数据块,每一个数据块中包含了一批次网络交易的信息,用于验证其信息的有效性(防伪)和生成下一个区块。区块链可以包括区块链底层平台、平台产品服务层以及应用服务层等。The blockchain referred to in this application is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. Blockchain, essentially a decentralized database, is a series of data blocks associated with cryptographic methods. Each data block contains a batch of network transaction information for verification. The validity of the information (anti-counterfeiting) and the generation of the next block. The blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer.
以上所述,以上实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。As mentioned above, the above embodiments are only used to illustrate the technical solutions of the present application, but not to limit them; although the present application has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: The technical solutions recorded in the embodiments are modified, or some of the technical features are equivalently replaced; and these modifications or replacements do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims (20)

  1. 一种多租户访问服务实现方法,其中,包括:A method for implementing multi-tenant access services, including:
    读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;Reading a tenant configuration file, where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
    基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;Create an application context corresponding to each tenant access service based on the customized function realization class and/or general function realization class corresponding to each tenant access service;
    接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;Receiving and analyzing the access service request initiated by the tenant client to obtain tenant credential information corresponding to the tenant client;
    根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;According to the tenant credential information, obtain and analyze corresponding tenant information to obtain tenant identification information;
    根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。According to the tenant identification information, the application context corresponding to the access service of the tenant client is determined and assigned to the thread where the service access request is located.
  2. 根据权利要求1所述的多租户访问服务实现方法,其中,在所述读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类步骤之前,还包括:The method for implementing multi-tenant access services according to claim 1, wherein, in the reading tenant configuration file, the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant access service Before the steps, it also includes:
    加载预置的默认应用上下文,以供实现各租户访问服务的通用功能;Load the preset default application context to realize the common functions of each tenant to access the service;
    判断所述默认应用上下文所需接口是否对应一个或多个通用功能实现类;Judging whether the interface required by the default application context corresponds to one or more general function implementation classes;
    若对应一个通用功能实现类,则以该通用功能实现类作为所述默认应用上下文的接口对应的实现类;If it corresponds to a general function realization class, use the general function realization class as the realization class corresponding to the interface of the default application context;
    若对应多个通用功能实现类,则选择其中一个预置通用功能实现类作为所述默认应用上下文所需接口对应的实现类。If there are multiple general function implementation classes corresponding, one of the preset general function implementation classes is selected as the implementation class corresponding to the interface required by the default application context.
  3. 根据权利要求1所述的多租户访问服务实现方法,其中,所述基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文,包括:The method for implementing multi-tenant access services according to claim 1, wherein the application context corresponding to each tenant access service is created based on the customized function implementation class and/or general function implementation class corresponding to each tenant access service, include:
    解析租户配置文件,获得各租户访问服务对应的带有第一标识信息的定制功能实现类和/或带有第二标识信息的通用功能实现类;Parse the tenant configuration file to obtain the customized function implementation class with the first identification information and/or the general function implementation class with the second identification information corresponding to each tenant's access service;
    基于所述第一标识信息和/或所述第二标识信息、以及各租户访问服务对应应用上下文的所需接口,确定所述应用上下文与各定制功能实现类和/或各通用功能实现类之间的关联关系;Based on the first identification information and/or the second identification information, and the required interface of the application context corresponding to each tenant to access the service, determine the application context and each customized function implementation class and/or each general function implementation class Relationship between
    基于所述关联关系,将所述所需接口与对应的定制功能实现类和/或通用功能实现类进行绑定,生成每一租户访问服务对应应用上下文并使用对应租户的租户标识信息进行标识。Based on the association relationship, bind the required interface with the corresponding customized function realization class and/or general function realization class, generate the application context corresponding to each tenant access service and use the tenant identification information of the corresponding tenant for identification.
  4. 根据权利要求1所述的多租户访问服务实现方法,其中,所述接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息,包括:The method for implementing multi-tenant access services according to claim 1, wherein the receiving and parsing the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client includes:
    拦截所述租户客户端发起的访问服务请求;Intercepting the service access request initiated by the tenant client;
    根据所述访问服务请求,确定所述租户客户端的访问服务类型;Determine the type of access service of the tenant client according to the access service request;
    若所述访问服务类型为非登录态访问服务,则解析所述访问服务请求,得到所述租户客户端对应的租户凭证信息为秘钥;If the access service type is a non-logged-in access service, parse the access service request to obtain the tenant credential information corresponding to the tenant client as a secret key;
    若所述访问服务类型为登录态访问服务,则解析所述访问服务请求,得到所述租户客户端对应的租户凭证信息为租户身份令牌。If the access service type is a login state access service, the access service request is parsed, and the tenant credential information corresponding to the tenant client is obtained as a tenant identity token.
  5. 根据权利要求4所述的多租户访问服务实现方法,其中,在所述根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息步骤之后,还包括:The method for implementing multi-tenant access services according to claim 4, wherein after the step of obtaining and analyzing corresponding tenant information according to the tenant credential information to obtain tenant identification information, the method further comprises:
    若所述租户凭证信息为租户身份令牌,基于所述租户身份令牌,创建所述租户客户端对应的会话对象;If the tenant credential information is a tenant identity token, create a session object corresponding to the tenant client based on the tenant identity token;
    生成所述会话对象相应的会话标识信息并发送至租户客户端进行保存;Generate the session identification information corresponding to the session object and send it to the tenant client for storage;
    保存所述租户信息至所述会话对象,根据所述会话对象储存的所述租户信息以调用相应实现类。Save the tenant information to the session object, and call the corresponding implementation class according to the tenant information stored in the session object.
  6. 根据权利要求1所述的多租户访问服务实现方法,其中,在所述根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程步骤之后,还包括:The method for implementing multi-tenant access services according to claim 1, wherein after the step of determining the application context corresponding to the tenant client access service according to the tenant identification information and assigning it to the thread where the access service request is located ,Also includes:
    接收所述租户客户端调用定制功能时发起的带有所述会话标识信息以及所述第一标识信息或所述第二标识信息的业务处理请求;Receiving a service processing request with the session identification information and the first identification information or the second identification information initiated when the tenant client invokes the customization function;
    根据所述会话标识信息,确定所述租户客户端对应的会话对象;Determine the session object corresponding to the tenant client according to the session identification information;
    根据所述第一标识信息或第二标识信息,确定所述会话对象存储的租户信息内对应的功能实现类,并通过所述功能实现类实例化客户端业务处理对应的应用上下文接口。According to the first identification information or the second identification information, the corresponding function realization class in the tenant information stored in the session object is determined, and the application context interface corresponding to the client service processing is instantiated through the function realization class.
  7. 一种多租户访问服务实现设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现如下步骤:A device for implementing multi-tenant access services, including a memory, a processor, and computer-readable instructions stored on the memory and capable of running on the processor. The processor executes the computer-readable instructions as follows step:
    读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;Reading a tenant configuration file, where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
    基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;Create an application context corresponding to each tenant access service based on the customized function realization class and/or general function realization class corresponding to each tenant access service;
    接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;Receiving and analyzing the access service request initiated by the tenant client to obtain tenant credential information corresponding to the tenant client;
    根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;According to the tenant credential information, obtain and analyze corresponding tenant information to obtain tenant identification information;
    根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。According to the tenant identification information, the application context corresponding to the access service of the tenant client is determined and assigned to the thread where the service access request is located.
  8. 根据权利要求7所述的多租户访问服务实现设备,所述处理器执行所述计算机程序时还实现以下步骤:According to the device for implementing multi-tenant access services according to claim 7, the processor further implements the following steps when executing the computer program:
    加载预置的默认应用上下文,以供实现各租户访问服务的通用功能;Load the preset default application context to realize the common functions of each tenant to access the service;
    判断所述默认应用上下文所需接口是否对应一个或多个通用功能实现类;Judging whether the interface required by the default application context corresponds to one or more general function implementation classes;
    若对应一个通用功能实现类,则以该通用功能实现类作为所述默认应用上下文的接口对应的实现类;If it corresponds to a general function realization class, use the general function realization class as the realization class corresponding to the interface of the default application context;
    若对应多个通用功能实现类,则选择其中一个预置通用功能实现类作为所述默认应用上下文所需接口对应的实现类。If there are multiple general function implementation classes corresponding, one of the preset general function implementation classes is selected as the implementation class corresponding to the interface required by the default application context.
  9. 根据权利要求7所述的多租户访问服务实现设备,所述处理器执行所述计算机程序时还实现以下步骤:According to the device for implementing multi-tenant access services according to claim 7, the processor further implements the following steps when executing the computer program:
    解析租户配置文件,获得各租户访问服务对应的带有第一标识信息的定制功能实现类和/或带有第二标识信息的通用功能实现类;Parse the tenant configuration file to obtain the customized function implementation class with the first identification information and/or the general function implementation class with the second identification information corresponding to each tenant's access service;
    基于所述第一标识信息和/或所述第二标识信息、以及各租户访问服务对应应用上下文的所需接口,确定所述应用上下文与各定制功能实现类和/或各通用功能实现类之间的关联关系;Based on the first identification information and/or the second identification information, and the required interface of the application context corresponding to each tenant to access the service, determine the application context and each customized function implementation class and/or each general function implementation class Relationship between
    基于所述关联关系,将所述所需接口与对应的定制功能实现类和/或通用功能实现类进行绑定,生成每一租户访问服务对应应用上下文并使用对应租户的租户标识信息进行标识。Based on the association relationship, bind the required interface with the corresponding customized function realization class and/or general function realization class, generate the application context corresponding to each tenant access service and use the tenant identification information of the corresponding tenant for identification.
  10. 根据权利要求7所述的多租户访问服务实现设备,所述处理器执行所述计算机程序时还实现以下步骤:According to the device for implementing multi-tenant access services according to claim 7, the processor further implements the following steps when executing the computer program:
    拦截所述租户客户端发起的访问服务请求;Intercepting the service access request initiated by the tenant client;
    根据所述访问服务请求,确定所述租户客户端的访问服务类型;Determine the type of access service of the tenant client according to the access service request;
    若所述访问服务类型为非登录态访问服务,则解析所述访问服务请求,得到所述租户客户端对应的租户凭证信息为秘钥;If the access service type is a non-logged-in access service, parse the access service request to obtain the tenant credential information corresponding to the tenant client as a secret key;
    若所述访问服务类型为登录态访问服务,则解析所述访问服务请求,得到所述租户客户端对应的租户凭证信息为租户身份令牌。If the access service type is a login state access service, the access service request is parsed, and the tenant credential information corresponding to the tenant client is obtained as a tenant identity token.
  11. 根据权利要求10所述的多租户访问服务实现设备,所述处理器执行所述计算机程序时还实现以下步骤:According to the device for implementing multi-tenant access services according to claim 10, the processor further implements the following steps when executing the computer program:
    若所述租户凭证信息为租户身份令牌,基于所述租户身份令牌,创建所述租户客户端对应的会话对象;If the tenant credential information is a tenant identity token, create a session object corresponding to the tenant client based on the tenant identity token;
    生成所述会话对象相应的会话标识信息并发送至租户客户端进行保存;Generate the session identification information corresponding to the session object and send it to the tenant client for storage;
    保存所述租户信息至所述会话对象,根据所述会话对象储存的所述租户信息以调用相应实现类。Save the tenant information to the session object, and call the corresponding implementation class according to the tenant information stored in the session object.
  12. 根据权利要求7所述的多租户访问服务实现设备,所述处理器执行所述计算机程序时还实现以下步骤:According to the device for implementing multi-tenant access services according to claim 7, the processor further implements the following steps when executing the computer program:
    接收所述租户客户端调用定制功能时发起的带有所述会话标识信息以及所述第一标识信息或所述第二标识信息的业务处理请求;Receiving a service processing request with the session identification information and the first identification information or the second identification information initiated when the tenant client invokes the customization function;
    根据所述会话标识信息,确定所述租户客户端对应的会话对象;Determine the session object corresponding to the tenant client according to the session identification information;
    根据所述第一标识信息或第二标识信息,确定所述会话对象存储的租户信息内对应的功能实现类,并通过所述功能实现类实例化客户端业务处理对应的应用上下文接口。According to the first identification information or the second identification information, the corresponding function realization class in the tenant information stored in the session object is determined, and the application context interface corresponding to the client service processing is instantiated through the function realization class.
  13. 一种计算机可读存储介质,所述计算机可读存储介质中存储计算机指令,当所述计算机指令在计算机上运行时,使得计算机执行如下步骤:A computer-readable storage medium in which computer instructions are stored, and when the computer instructions are executed on a computer, the computer executes the following steps:
    读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;Reading a tenant configuration file, where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
    基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;Create an application context corresponding to each tenant access service based on the customized function realization class and/or general function realization class corresponding to each tenant access service;
    接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;Receiving and analyzing the access service request initiated by the tenant client to obtain tenant credential information corresponding to the tenant client;
    根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;According to the tenant credential information, obtain and analyze corresponding tenant information to obtain tenant identification information;
    根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。According to the tenant identification information, the application context corresponding to the access service of the tenant client is determined and assigned to the thread where the service access request is located.
  14. 根据权利要求13所述的计算机可读存储介质,当所述计算机指令在计算机上运行时,使得计算机还执行以下步骤:The computer-readable storage medium according to claim 13, when the computer instructions are executed on the computer, the computer is caused to further execute the following steps:
    加载预置的默认应用上下文,以供实现各租户访问服务的通用功能;Load the preset default application context to realize the common functions of each tenant to access the service;
    判断所述默认应用上下文所需接口是否对应一个或多个通用功能实现类;Judging whether the interface required by the default application context corresponds to one or more general function implementation classes;
    若对应一个通用功能实现类,则以该通用功能实现类作为所述默认应用上下文的接口对应的实现类;If it corresponds to a general function realization class, use the general function realization class as the realization class corresponding to the interface of the default application context;
    若对应多个通用功能实现类,则选择其中一个预置通用功能实现类作为所述默认应用上下文所需接口对应的实现类。If there are multiple general function implementation classes corresponding, one of the preset general function implementation classes is selected as the implementation class corresponding to the interface required by the default application context.
  15. 根据权利要求13所述的计算机可读存储介质,当所述计算机指令在计算机上运行时,使得计算机还执行以下步骤:The computer-readable storage medium according to claim 13, when the computer instructions are executed on the computer, the computer is caused to further execute the following steps:
    解析租户配置文件,获得各租户访问服务对应的带有第一标识信息的定制功能实现类和/或带有第二标识信息的通用功能实现类;Parse the tenant configuration file to obtain the customized function implementation class with the first identification information and/or the general function implementation class with the second identification information corresponding to each tenant's access service;
    基于所述第一标识信息和/或所述第二标识信息、以及各租户访问服务对应应用上下文的所需接口,确定所述应用上下文与各定制功能实现类和/或各通用功能实现类之间的关联 关系;Based on the first identification information and/or the second identification information, and the required interface of the application context corresponding to each tenant to access the service, determine the application context and each customized function implementation class and/or each general function implementation class Relationship between
    基于所述关联关系,将所述所需接口与对应的定制功能实现类和/或通用功能实现类进行绑定,生成每一租户访问服务对应应用上下文并使用对应租户的租户标识信息进行标识。Based on the association relationship, bind the required interface with the corresponding customized function realization class and/or general function realization class, generate the application context corresponding to each tenant access service and use the tenant identification information of the corresponding tenant for identification.
  16. 根据权利要求13所述的计算机可读存储介质,当所述计算机指令在计算机上运行时,使得计算机还执行以下步骤:The computer-readable storage medium according to claim 13, when the computer instructions are executed on the computer, the computer is caused to further execute the following steps:
    拦截所述租户客户端发起的访问服务请求;Intercepting the service access request initiated by the tenant client;
    根据所述访问服务请求,确定所述租户客户端的访问服务类型;Determine the type of access service of the tenant client according to the access service request;
    若所述访问服务类型为非登录态访问服务,则解析所述访问服务请求,得到所述租户客户端对应的租户凭证信息为秘钥;If the access service type is a non-logged-in access service, parse the access service request to obtain the tenant credential information corresponding to the tenant client as a secret key;
    若所述访问服务类型为登录态访问服务,则解析所述访问服务请求,得到所述租户客户端对应的租户凭证信息为租户身份令牌。If the access service type is a login state access service, the access service request is parsed, and the tenant credential information corresponding to the tenant client is obtained as a tenant identity token.
  17. 根据权利要求16所述的计算机可读存储介质,当所述计算机指令在计算机上运行执行以下步骤时,使得计算机还执行以下步骤:The computer-readable storage medium according to claim 16, when the computer instructions are executed on the computer to execute the following steps, the computer is caused to further execute the following steps:
    若所述租户凭证信息为租户身份令牌,基于所述租户身份令牌,创建所述租户客户端对应的会话对象;If the tenant credential information is a tenant identity token, create a session object corresponding to the tenant client based on the tenant identity token;
    生成所述会话对象相应的会话标识信息并发送至租户客户端进行保存;Generate the session identification information corresponding to the session object and send it to the tenant client for storage;
    保存所述租户信息至所述会话对象,根据所述会话对象储存的所述租户信息以调用相应实现类。Save the tenant information to the session object, and call the corresponding implementation class according to the tenant information stored in the session object.
  18. 根据权利要求13所述的计算机可读存储介质,当所述计算机指令在计算机上运行时,使得计算机还执行以下步骤:The computer-readable storage medium according to claim 13, when the computer instructions are executed on the computer, the computer is caused to further execute the following steps:
    接收所述租户客户端调用定制功能时发起的带有所述会话标识信息以及所述第一标识信息或所述第二标识信息的业务处理请求;Receiving a service processing request with the session identification information and the first identification information or the second identification information initiated when the tenant client invokes the customization function;
    根据所述会话标识信息,确定所述租户客户端对应的会话对象;Determine the session object corresponding to the tenant client according to the session identification information;
    根据所述第一标识信息或第二标识信息,确定所述会话对象存储的租户信息内对应的功能实现类,并通过所述功能实现类实例化客户端业务处理对应的应用上下文接口。According to the first identification information or the second identification information, the corresponding function realization class in the tenant information stored in the session object is determined, and the application context interface corresponding to the client service processing is instantiated through the function realization class.
  19. 一种多租户访问服务实现装置,其中,所述多租户访问服务实现装置包括:A device for implementing multi-tenant access services, wherein the device for implementing multi-tenant access services includes:
    接收模块,用于读取租户配置文件,所述租户配置文件中包含有各租户访问服务对应的定制功能实现类和/或通用功能实现类;The receiving module is used to read a tenant configuration file, where the tenant configuration file contains a customized function implementation class and/or a general function implementation class corresponding to each tenant's access service;
    创建模块,用于基于所述各租户访问服务对应的定制功能实现类和/或通用功能实现类,创建每一租户访问服务对应的应用上下文;The creation module is used to create an application context corresponding to each tenant's access service based on the customized function realization class and/or the general function realization class corresponding to each tenant's access service;
    解析模块,用于接收租户客户端发起的访问服务请求并解析,得到所述租户客户端对应的租户凭证信息;根据所述租户凭证信息,获取对应的租户信息并解析,得到租户标识信息;The parsing module is used to receive and parse the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; according to the tenant credential information, obtain and parse the corresponding tenant information to obtain the tenant identification information;
    分配模块,用于根据所述租户标识信息,确定所述租户客户端访问服务对应的应用上下文并分配至所述访问服务请求所在线程。The allocation module is configured to determine the application context corresponding to the tenant client's access service according to the tenant identification information and allocate it to the thread where the access service request is located.
  20. 根据权利要求19所述的多租户访问服务实现装置,其特征在于,所述创建模块还包括:The device for implementing multi-tenant access services according to claim 19, wherein the creation module further comprises:
    第一解析单元,用于解析租户配置文件,获得各租户访问服务对应的带有第一标识信息的定制功能实现类和/或带有第二标识信息的通用功能实现类;The first parsing unit is configured to parse the tenant configuration file to obtain the customized function realization class with the first identification information and/or the general function realization class with the second identification information corresponding to each tenant's access service;
    筛选单元,用于基于所述第一标识信息和/或所述第二标识信息、以及各租户访问服务对应应用上下文的所需接口,确定所述应用上下文与各定制功能实现类和/或各通用功能实现类之间的关联关系;The screening unit is configured to determine the application context and the implementation class of each customized function and/or each of the application contexts based on the first identification information and/or the second identification information, and the required interfaces for each tenant to access the service corresponding application context. Association relationship between common function realization classes;
    匹配单元,用于基于所述关联关系,将所述所需接口与对应的定制功能实现类和/或通 用功能实现类进行绑定,生成每一租户访问服务对应应用上下文并使用对应租户的租户标识信息进行标识。The matching unit is configured to bind the required interface with the corresponding customized function realization class and/or general function realization class based on the association relationship, and generate the corresponding application context for each tenant to access the service and use the tenant of the corresponding tenant Identification information for identification.
PCT/CN2021/078046 2020-04-28 2021-02-26 Multi-tenant access service implementation method, apparatus and device, and storage medium WO2021218328A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010350026.4A CN111641675A (en) 2020-04-28 2020-04-28 Multi-tenant access service implementation method, device, equipment and storage medium
CN202010350026.4 2020-04-28

Publications (1)

Publication Number Publication Date
WO2021218328A1 true WO2021218328A1 (en) 2021-11-04

Family

ID=72330860

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/078046 WO2021218328A1 (en) 2020-04-28 2021-02-26 Multi-tenant access service implementation method, apparatus and device, and storage medium

Country Status (2)

Country Link
CN (1) CN111641675A (en)
WO (1) WO2021218328A1 (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115391828A (en) * 2022-10-31 2022-11-25 泰豪软件股份有限公司 Data isolation method and system of multi-tenant platform based on micro-service architecture
CN115495718A (en) * 2022-09-19 2022-12-20 广东云徙智能科技有限公司 Method, device and equipment for authorizing back-end capability based on front-end declaration
CN115695017A (en) * 2022-11-02 2023-02-03 南方电网数字平台科技(广东)有限公司 Multi-tenant access control method suitable for cloud platform operation
CN115952487A (en) * 2023-03-14 2023-04-11 青岛安工数联信息科技有限公司 Tenant information configuration system and method under various organizations
CN116401231A (en) * 2023-03-20 2023-07-07 一临云(深圳)科技有限公司 Data source management method, device and storage medium
CN116743876A (en) * 2023-08-14 2023-09-12 云筑信息科技(成都)有限公司 Method for realizing multi-tenant scheduling based on xxl-job
CN116932091A (en) * 2023-09-15 2023-10-24 畅捷通信息技术股份有限公司 Configuration file generation method and device during credential generation and storage medium

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111641675A (en) * 2020-04-28 2020-09-08 深圳壹账通智能科技有限公司 Multi-tenant access service implementation method, device, equipment and storage medium
CN112182375A (en) * 2020-09-27 2021-01-05 中国建设银行股份有限公司 Demand response method, device, medium and platform of integrated service platform
CN112199113A (en) * 2020-10-28 2021-01-08 重庆撼地大数据有限公司 Software service access control method and device
CN112685719B (en) * 2020-12-29 2022-05-20 武汉联影医疗科技有限公司 Single sign-on method, device, system, computer equipment and storage medium
CN112637232B (en) * 2020-12-29 2022-09-27 国云科技股份有限公司 Cloud platform resource isolation framework implementation method and device supporting multiple strategies
CN113032805B (en) * 2021-03-23 2023-06-02 建信金融科技有限责任公司 Data access method and device, electronic equipment and storage medium
CN114499977B (en) * 2021-12-28 2023-08-08 天翼云科技有限公司 Authentication method and device
CN114885024B (en) * 2022-04-28 2023-09-12 远景智能国际私人投资有限公司 Routing method, device, equipment and medium of application instance
CN116881429B (en) * 2023-09-07 2023-12-01 四川蜀天信息技术有限公司 Multi-tenant-based dialogue model interaction method, device and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3324293A1 (en) * 2016-11-18 2018-05-23 Sap Se Application managed service instances
CN109408067A (en) * 2018-10-22 2019-03-01 浙江明度智控科技有限公司 A kind of data managing method and server based on monomer applications
CN109862051A (en) * 2017-11-30 2019-06-07 亿阳信通股份有限公司 The realization method and system of multi-tenant under a kind of micro services framework
CN110737508A (en) * 2019-10-14 2020-01-31 浪潮云信息技术有限公司 cloud container service network system based on wave cloud and implementation method
CN111641675A (en) * 2020-04-28 2020-09-08 深圳壹账通智能科技有限公司 Multi-tenant access service implementation method, device, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3324293A1 (en) * 2016-11-18 2018-05-23 Sap Se Application managed service instances
CN109862051A (en) * 2017-11-30 2019-06-07 亿阳信通股份有限公司 The realization method and system of multi-tenant under a kind of micro services framework
CN109408067A (en) * 2018-10-22 2019-03-01 浙江明度智控科技有限公司 A kind of data managing method and server based on monomer applications
CN110737508A (en) * 2019-10-14 2020-01-31 浪潮云信息技术有限公司 cloud container service network system based on wave cloud and implementation method
CN111641675A (en) * 2020-04-28 2020-09-08 深圳壹账通智能科技有限公司 Multi-tenant access service implementation method, device, equipment and storage medium

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115495718A (en) * 2022-09-19 2022-12-20 广东云徙智能科技有限公司 Method, device and equipment for authorizing back-end capability based on front-end declaration
CN115495718B (en) * 2022-09-19 2023-10-13 广东云徙智能科技有限公司 Front-end statement-based back-end capability authorization method, device and equipment
CN115391828A (en) * 2022-10-31 2022-11-25 泰豪软件股份有限公司 Data isolation method and system of multi-tenant platform based on micro-service architecture
CN115695017A (en) * 2022-11-02 2023-02-03 南方电网数字平台科技(广东)有限公司 Multi-tenant access control method suitable for cloud platform operation
CN115695017B (en) * 2022-11-02 2024-04-23 南方电网数字平台科技(广东)有限公司 Multi-tenant access control method suitable for cloud platform operation
CN115952487A (en) * 2023-03-14 2023-04-11 青岛安工数联信息科技有限公司 Tenant information configuration system and method under various organizations
CN116401231A (en) * 2023-03-20 2023-07-07 一临云(深圳)科技有限公司 Data source management method, device and storage medium
CN116401231B (en) * 2023-03-20 2024-04-26 一临云(深圳)科技有限公司 Data source management method, device and storage medium
CN116743876A (en) * 2023-08-14 2023-09-12 云筑信息科技(成都)有限公司 Method for realizing multi-tenant scheduling based on xxl-job
CN116743876B (en) * 2023-08-14 2023-12-08 云筑信息科技(成都)有限公司 Method for realizing multi-tenant scheduling based on xxl-job
CN116932091A (en) * 2023-09-15 2023-10-24 畅捷通信息技术股份有限公司 Configuration file generation method and device during credential generation and storage medium
CN116932091B (en) * 2023-09-15 2023-12-26 畅捷通信息技术股份有限公司 Configuration file generation method and device during credential generation and storage medium

Also Published As

Publication number Publication date
CN111641675A (en) 2020-09-08

Similar Documents

Publication Publication Date Title
WO2021218328A1 (en) Multi-tenant access service implementation method, apparatus and device, and storage medium
US10027716B2 (en) System and method for supporting web services in a multitenant application server environment
JP6510568B2 (en) System and method for supporting security in a multi-tenant application server environment
US6668327B1 (en) Distributed authentication mechanisms for handling diverse authentication systems in an enterprise computer system
RU2523113C1 (en) System and method for target installation of configured software
US6058426A (en) System and method for automatically managing computing resources in a distributed computing environment
US6385724B1 (en) Automatic object caller chain with declarative impersonation and transitive trust
US8060932B2 (en) Modular enterprise authorization solution
WO2021013033A1 (en) File operation method, apparatus, device, and system, and computer readable storage medium
US10891569B1 (en) Dynamic task discovery for workflow tasks
US11888856B2 (en) Secure resource authorization for external identities using remote principal objects
US11924210B2 (en) Protected resource authorization using autogenerated aliases
US11233800B2 (en) Secure resource authorization for external identities using remote principal objects
US20060089967A1 (en) Secure multi-user web hosting
CN111279317A (en) Dynamic rule-based transformation of API calls
US7363487B2 (en) Method and system for dynamic client authentication in support of JAAS programming model
US20020138727A1 (en) System and process for enhancing method calls of special purpose object-oriented programming languages to have security attributes for access control
US11947657B2 (en) Persistent source values for assumed alternative identities
WO2014140116A1 (en) System and method for managing computational task sets
Karp et al. The client utility architecture: the precursor to E-speak
CN113300852B (en) Service management method and platform, computer device and computer readable storage medium
US20230370473A1 (en) Policy scope management
US20240007463A1 (en) Authenticating commands issued through a cloud platform to execute changes to inventory of virtual objects deployed in a software-defined data center
US8875300B1 (en) Method and apparatus for authenticating a request between tasks in an operating system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21796093

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 21/02/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 21796093

Country of ref document: EP

Kind code of ref document: A1