WO2021218328A1 - Procédé d'implantation de service d'accès multi-locataire, appareil et dispositif et support d'enregistrement - Google Patents

Procédé d'implantation de service d'accès multi-locataire, appareil et dispositif et support d'enregistrement Download PDF

Info

Publication number
WO2021218328A1
WO2021218328A1 PCT/CN2021/078046 CN2021078046W WO2021218328A1 WO 2021218328 A1 WO2021218328 A1 WO 2021218328A1 CN 2021078046 W CN2021078046 W CN 2021078046W WO 2021218328 A1 WO2021218328 A1 WO 2021218328A1
Authority
WO
WIPO (PCT)
Prior art keywords
tenant
access service
identification information
access
client
Prior art date
Application number
PCT/CN2021/078046
Other languages
English (en)
Chinese (zh)
Inventor
杨越
Original Assignee
深圳壹账通智能科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳壹账通智能科技有限公司 filed Critical 深圳壹账通智能科技有限公司
Publication of WO2021218328A1 publication Critical patent/WO2021218328A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles

Definitions

  • This application relates to the field of artificial intelligence, and in particular to a method, device, equipment and storage medium for implementing multi-tenant access services.
  • microservices As a new technology for deploying applications and services in the cloud, microservices have become the latest hot topic.
  • the development of microservice technology is first to solve the problems of traditional large-scale software development, testing, deployment and maintenance.
  • the modification of each functional module needs to consider the overall changes of the software application, and the microservice technology divides the entire large application into multiple Independent small modules, each small module basically only needs to be responsible for its own business function development, testing, deployment, operation and maintenance.
  • microservices are the leader in software application model innovation. From traditional enterprise internal deployment of software products to cloud deployment, a new delivery method is defined, which reduces the large upfront investment required for local deployment and integrates software The application returns to its essential service attributes.
  • Today's microservices use a multi-tenant architecture.
  • the same set of services is for multiple customers and needs to meet the needs of multiple tenants as much as possible.
  • the platform only needs to meet public needs.
  • the inventor realizes that for enterprise users, it needs to be satisfied as much as possible, but due to the various customer needs and even conflicts, it is difficult to develop for enterprise users. Often in order to meet the needs of one tenant, it affects the businesses of other tenants. So how to provide multiple sets of customized services on the multi-tenant architecture to meet the needs of different users?
  • the main purpose of this application is to solve the problem of how to provide multiple sets of customized services on a multi-tenant architecture to meet the needs of different users.
  • the first aspect of this application provides a multi-tenant access service implementation method, including: reading a tenant configuration file, the tenant configuration file contains the customized function implementation class corresponding to each tenant access service and/or General function realization class; based on the custom function realization class and/or general function realization class corresponding to each tenant access service, create the application context corresponding to each tenant access service; receive and parse the access service request initiated by the tenant client to obtain The tenant credential information corresponding to the tenant client; obtain and parse the corresponding tenant information according to the tenant credential information to obtain tenant identification information; determine the application context corresponding to the tenant client to access the service according to the tenant identification information And assigned to the thread where the access service request is located.
  • the second aspect of the present application provides a device for implementing multi-tenant access services, including a memory, a processor, and computer-readable instructions stored on the memory and running on the processor, and the processor executes the
  • the computer-readable instructions implement the following steps: read the tenant configuration file, the tenant configuration file contains the customized function implementation class and/or the general function implementation class corresponding to each tenant access service; based on the corresponding tenant access service Customize function implementation classes and/or general function implementation classes to create an application context corresponding to each tenant's access service; receive and parse the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; The tenant credential information obtains and analyzes the corresponding tenant information to obtain tenant identification information; according to the tenant identification information, the application context corresponding to the tenant client's access service is determined and assigned to the thread where the access service request is located.
  • the third aspect of the present application provides a computer-readable storage medium, which stores computer instructions, and when the computer instructions are run on the computer, the computer executes the following steps: read the tenant configuration file ,
  • the tenant configuration file contains the customized function realization class and/or general function realization class corresponding to each tenant access service; based on the custom function realization class and/or general function realization class corresponding to each tenant access service, each An application context corresponding to the tenant's access service; receiving and parsing an access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; according to the tenant credential information, obtaining the corresponding tenant information and analyzing it to obtain the tenant Identification information; according to the tenant identification information, the application context corresponding to the tenant client's access service is determined and assigned to the thread where the access service request is located.
  • the fourth aspect of the application provides a device for implementing multi-tenant access services, including: a receiving module for reading tenant configuration files, the tenant configuration files containing customized function implementation classes corresponding to each tenant access service and/or General function realization class; creation module, used to create the application context corresponding to each tenant access service based on the custom function realization class and/or general function realization class corresponding to each tenant access service; parsing module, used to receive tenant customers Access service request initiated by the client and parsed to obtain the tenant credential information corresponding to the tenant client; according to the tenant credential information, the corresponding tenant information is obtained and parsed to obtain the tenant identification information; the allocation module is used to obtain the tenant identification information according to the tenant credential information.
  • the identification information determines the application context corresponding to the access service of the tenant client and assigns it to the thread where the access service request is located.
  • the tenant configuration file is read, and the tenant configuration file contains the customized function realization class and/or the general function realization class corresponding to each tenant access service; based on the customization corresponding to each tenant access service
  • the function realization class and/or the general function realization class create the application context corresponding to each tenant's access service; receive and analyze the service access request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client;
  • the credential information obtains and analyzes corresponding tenant information to obtain tenant identification information; according to the tenant identification information, the application context corresponding to the tenant client access service is determined and assigned to the thread where the access service request is located.
  • the beneficial effect of providing multiple sets of customized services on a multi-tenant architecture is obtained.
  • FIG. 1 is a schematic diagram of an embodiment of a method for implementing multi-tenant access services in an embodiment of the application
  • FIG. 2 is a schematic diagram of another embodiment of a method for implementing multi-tenant access services in an embodiment of the application
  • Fig. 3 is a schematic diagram of an embodiment of a device for implementing multi-tenant access services in an embodiment of the application
  • FIG. 4 is a schematic diagram of another embodiment of a device for implementing multi-tenant access services in an embodiment of the application
  • Figure 5 is a schematic diagram of an embodiment of a device for implementing multi-tenant access services in an embodiment of the application.
  • the embodiments of the present application provide a method, device, device and storage medium for implementing multi-tenant access services.
  • the application context that adapts to a set of tenant access services on the same platform is modified to adapt.
  • Multiple sets of independent tenants access the application context of the service, and configure common function realization classes and tenant customization function realization classes for each set of tenant access services, and start the corresponding instance of each function realization class through the application context interface programming; in the service startup phase , First load the corresponding application context for each set of tenant access services; in the service running process, obtain the corresponding application context through the tenant credential information of the tenant client and access the current thread, and start the corresponding tenant access service to obtain optimized multi-tenancy
  • the architecture meets the beneficial effects of the different needs of multiple users.
  • An embodiment of the method for implementing multi-tenant access services in the embodiment of the present application includes:
  • tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
  • the execution subject of this application may be a device for implementing multi-tenant access services, and may also be a terminal or a server, which is not specifically limited here.
  • the embodiment of the present application takes the server as the execution subject as an example for description.
  • tenant access service A includes Comonbean1, Comonbean2, Coonbean3, and Comonbean4; tenant access service B includes Comonbean1, Comonbean3, bean110, and bean121.
  • Comonbean is a generic function implementation class, and bean is a custom function implementation class.
  • spring belongs to a kind of container framework.
  • the platform server obtains the customized function implementation class and/or common function implementation class of each tenant access service.
  • the corresponding interface programming is marked.
  • Each custom function realization class marks its own realization interface and its own tenant, and each general function realization class marks its own realization interface.
  • a tag interface is associated with a corresponding function implementation class, and an application context corresponding to each tenant's access service is generated.
  • tenant access service A is marked to use interface 1, interface 2, interface 3 in the application context, interface 1, interface 3, interface 4, Comonbean1 mark to realize interface 1, Comonbean2 mark to realize interface 2, bean mark to realize interface 3, and Belonging to tenant A and bean4 mark to implement interface 4 and belong to tenant A, then in the application context environment of tenant access A, associate Comonbean1 with interface 1, bean113 and interface 3, bean114 and interface 4, and get the exclusive application context of tenant access service A .
  • a tenant client accesses the virtual application platform built by the spring framework, it needs to initiate an access service request to the platform server to enter the corresponding application interface.
  • the header of the access service request carries the tenant credential information of the tenant client. , Used for the platform server to verify the identity of the tenant client.
  • tenant identity token an example of which is: field A, field B, and field C.
  • the most important information of the tenant identity token is the load field "field B" between the two ".”s.
  • This field represents the tenant client ID of the tenant identity token and is used to help retrieve the creation time and time of the tenant client. The expiration time indicates the identity and validity of this tenant's identity token.
  • tenant credential information obtain and analyze corresponding tenant information to obtain tenant identification information
  • each tenant access service stores a set of configured tenant information, which is marked with tenant identification information.
  • the tenant client ID of the user is bound to the tenant identification information corresponding to the tenant information of the tenant to access the service.
  • the platform server can call the tenant access services required by the tenant client, and It can be used for the subsequent platform server to call the corresponding function implementation class for the required customized service of the tenant client.
  • the tenant credential information when the tenant credential information is a tenant security token, it includes the signed "field B", and the tenant client ID in the payload field is obtained after decoding. If the tenant client ID is bound to the tenant identification information I of the tenant information T, Then, the tenant identification information I is retrieved and the corresponding tenant information T is obtained.
  • the tenant identification information determine the application context corresponding to the tenant client to access the service and assign it to the thread where the service access request is located.
  • the application context corresponding to each tenant access service is also marked with tenant identification information, and the application context corresponding to the tenant access service can be found by retrieving the incoming tenant identification information; and the virtual application platform relies on the application context to achieve Each tenant independently customizes the function, specifically by calling the function of the application context to realize the interface required for class instantiation.
  • the corresponding tenant access service of the tenant client can be realized by accessing the application context by accessing the thread where the service request is located.
  • tenant client A For example, the default function of tenant client A is function 1, function 2, and function 3.
  • application context A corresponding to tenant access service A.
  • Comonbean1 needs to instantiate interface 1
  • function 2 requires bean113 instance.
  • implement function 3 requires bean114 to instantiate interface 4.
  • Assigning application context A to the thread where the service request is accessed can implement function 1, function 2, and function 3 for tenant client A.
  • the application context that adapts to one set of tenant access services on the same platform is modified to the application context that adapts to multiple sets of independent tenant access services, and provides access for each set of tenants.
  • Service configuration common function realization class and tenant customization function realization class through the application context interface programming to start the corresponding instance of each function realization class; in the service start phase, first load the corresponding application context for each set of tenants to access the service; In the running process, the corresponding application context is obtained through the tenant credential information of the tenant client and access to the current thread, and the corresponding tenant access service is started, so as to obtain the beneficial effect of providing multiple sets of customized services on the multi-tenant architecture.
  • another embodiment of the method for implementing multi-tenant access services in the embodiment of the present application includes:
  • a set of common tenant access services will also be loaded to construct a default application context. For users who do not have the authority to customize functions, they can access their tenant access services by accessing common functions.
  • the association relationship between the required interface of the default application and the general function realization class can be judged through the programming information of the required interface and the label information of the interface to which the general function realization class belongs.
  • the interface required by the default application context may correspond to multiple general function implementation classes and custom function implementation classes. Because the custom function implementation class not only marks its own implementation interface, but also marks its tenant access service and does not include the general tenant access Service, and the interface required by each application context is also marked with its own reference preference, so when the platform server selects multiple function implementation classes corresponding to the interface required by the default application context, it selects the preset common function implementation class through the reference preference mark .
  • the implementation classes corresponding to interface A required by the default application context are: Comonbean3, Coonbean4, Coonbean5, bean3, bean4, bean5, and the platform server directly selects the three common implementation classes from Comonbean3, Coonbean4, and Coonbean5 for instantiating the interface.
  • a required common implementation class is: Comonbean3, Coonbean4, Coonbean5, bean3, bean4, bean5, and the platform server directly selects the three common implementation classes from Comonbean3, Coonbean4, and Coonbean5 for instantiating the interface.
  • a required common implementation class are: Comonbean3, Coonbean4, Coonbean5, bean3, bean4, bean5, and the platform server directly selects the three common implementation classes from Comonbean3, Coonbean4, and Coonbean5 for instantiating the interface.
  • a required common implementation class is: Comonbean3, Coonbean4, Coonbean5, bean3, bean4, bean5, and the platform server directly selects the three common implementation classes from Comonbean3, Co
  • the application can implement the creation and switching of instances during operation through dynamic agents.
  • the tenant configuration file stores corresponding function implementation classes for each tenant to access services, and each function implementation class is identified by identification information.
  • the first identification information corresponding to the customized function implementation class is used to identify the implemented interface and the tenant to which it belongs, and the second identification information corresponding to the general function implementation class is used to identify the implemented interface.
  • the platform marks the interface required by the corresponding application context based on the needs of each tenant to access the service, and the application context interface programming has a corresponding relationship with the corresponding first identification information and/or second identification information to determine the application context
  • the customized function realization class and/or each general function realization class corresponding to each interface are specified by the application context.
  • the function realization class refers to the ClassAnnotation annotation, and through the function identification of the interface to which the application context belongs, the two form an association relationship.
  • the function identification of the interface required by the application context and the definition annotation of the function realization class are used for the corresponding application context interface It is bound with the function implementation class to generate the application context corresponding to the tenant access service, and is identified by the tenant identification information corresponding to the tenant access service.
  • the specific implementation process of obtaining tenant credential information by analyzing the access service request is as follows:
  • the access service type is a non-logged-in access service, parse the access service request to obtain the tenant credential information corresponding to the tenant client as a secret key;
  • the access service type is a login state access service
  • the access service request is parsed, and the tenant credential information corresponding to the tenant client is obtained as a tenant identity token.
  • the platform server intercepts the access service request initiated by the tenant client through a request interceptor.
  • the request interceptor can filter and verify access requests from the virtual application platform. The login status of the user, whether the tenant credential information in the service access request is invalid, etc.
  • the session corresponding to the token is queried from the server cache, and the session validity period is obtained from the session. If the request is received time Within the validity period of the tenant identity token, it indicates that the tenant identity token is still valid and the processing flow of the access service request is executed normally; if the request receiving time exceeds the validity period of the tenant identity token, it indicates that the tenant identity order If the card is invalid, the request fails, and the processing logic of tenant identity token invalidation is executed. If a prompt message is sent to the tenant client to prompt the user to log in timeout, please log in again.
  • the request interceptor is used to intercept the client's service access request and obtain the current login token from the cookie of the service request, query the session from the server cache according to the token, and obtain tenant information from the session. , And execute the corresponding tenant access request processing logic through the type of the tenant identification information, where the type of access service can be a non-logged-in state and a logged-on state.
  • the tenant identity token needs to be carried in the access service request for the interceptor to verify, and the corresponding login state tenant access service request processing logic is executed, such as entering the corresponding tenant Access to the service interface, with customized functions for calling tenants to access the service, and interaction authority for functional communication with the platform server, etc.
  • tenant credential information obtain and analyze corresponding tenant information to obtain tenant identification information
  • tenant credential information is a tenant identity token
  • the tenant identity token in the tenant access request needs to be verified. If the verification is successful, it is the tenant customer
  • the client creates a corresponding session object and stores the tenant information for the function call interaction with the platform server. If the user calls function A through the tenant client, the session object communicates with the platform server to obtain the function implementation class corresponding to the function A.
  • the platform server generates corresponding session identification information for each tenant to access the service, which is stored by the platform server on the one hand, and sent to the tenant client on the other hand and stored as a cookie.
  • the tenant information to which the tenant access service belongs is obtained from the session object, and stored in the storage area of the platform server to call based on the tenant information The corresponding implementation class.
  • the tenant identification information determine the application context corresponding to the tenant client's access service and assign it to the thread where the access service request is located.
  • the first identification information or the second identification information determine the corresponding function realization class in the tenant information stored in the session object, and instantiate the application context interface corresponding to the client service processing through the function realization class.
  • the header of the service processing request initiated when the tenant client invokes the customized function will carry the session identification information for the platform server to retrieve the corresponding session object, and also need to carry the implementation class identification information corresponding to the customized function. For the platform server to identify the required function implementation class.
  • the user's invocation of the customized function on the virtual application platform is based on the instantiation of the application context interface by the function implementation class, and the instantiation of the application context interface is implemented by the dynamic agent.
  • the tenant information is obtained from the session object created by the tenant server when the tenant client logs in, and the interface corresponding to the function implementation class instantiation corresponding to the custom function is obtained.
  • the QR code of the login client is displayed on the authentication authorization page for the second client to scan and perform biometric authentication and user click authorization on the login client; If the second client has authorized the login client, it will log in directly without authentication and authorization; if the second client has not authorized the login client, it will need to perform the initial authentication and authorization, and then log in directly to achieve Password-free login of the second client to the first client.
  • the receiving module 301 is configured to read a tenant configuration file, where the tenant configuration file contains a customized function implementation class and/or a general function implementation class corresponding to each tenant's access service;
  • the creation module 302 is configured to create an application context corresponding to each tenant access service based on the customized function realization class and/or general function realization class corresponding to each tenant access service;
  • the parsing module 303 is configured to receive and parse the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; obtain and parse the corresponding tenant information according to the tenant credential information to obtain the tenant identification information;
  • the allocation module 304 is configured to determine the application context corresponding to the access service of the tenant client to the thread where the access service request is located according to the tenant identification information.
  • an HTTP authentication request is initiated to the authentication server, and the authentication server generates a QR code with the identification information of the first client by parsing the authentication request; the second client Initiate an authentication request to the authentication server by scanning the QR code, requesting the authentication server to determine whether the authentication server has authorized password-free login to the first client; if the second client has authorized the first client, Then the authentication server does not need to authenticate the corresponding user of the authentication server again, and the second client directly authorizes the password-free login to the first client; if the second client has not authorized the first client, the authentication server is required
  • the authentication server authenticates the user, and after the authentication is completed, the second client authorizes to log in to the first client without secret, store the authorization record, and respond to the first client by returning the user information acquisition code to the first client
  • the HTTP authentication request initiated by the client has passed.
  • the first client can also obtain the user information corresponding to the second client through the user information acquisition code.
  • another embodiment of the device for implementing multi-tenant access services in the embodiment of the present application includes:
  • the receiving module 401 is configured to read a tenant configuration file, where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
  • the creation module 402 is configured to create an application context corresponding to each tenant's access service based on the customized function realization class and/or general function realization class corresponding to each tenant's access service;
  • the parsing module 403 is configured to receive and parse the access service request initiated by the tenant client to obtain the tenant credential information corresponding to the tenant client; obtain the corresponding tenant information according to the tenant credential information and analyze it to obtain the tenant identification information;
  • the allocation module 404 is configured to determine the application context corresponding to the access service of the tenant client to the thread where the access service request is located according to the tenant identification information.
  • the device for implementing multi-tenant access services further includes a startup module 405, which is specifically configured to:
  • one of the preset general function implementation classes is selected as the implementation class corresponding to the interface required by the default application context.
  • the creation module 402 includes a parsing unit 4021, a screening unit 4022, and a matching unit 4023, which are used for:
  • the first parsing unit 4021 is configured to parse the tenant configuration file to obtain the customized function realization class with the first identification information and/or the general function realization class with the second identification information corresponding to each tenant's access service;
  • the screening unit 4022 is configured to determine the application context and the implementation class of each customized function and/or based on the first identification information and/or the second identification information, and the required interface for each tenant to access the application context corresponding to the service.
  • the matching unit 4023 is configured to bind the required interface with the corresponding customized function realization class and/or general function realization class based on the association relationship, and generate the application context corresponding to each tenant access service and use the corresponding tenant’s
  • the tenant identification information is used for identification.
  • the parsing module 403 includes an intercepting unit 4031, a discrimination unit 4032, and a parsing unit 4033, which are used for:
  • the intercepting unit 4031 is configured to intercept the service access request initiated by the tenant client;
  • the determining unit 4032 is configured to determine the access service type of the tenant client according to the access service request;
  • the second parsing unit 4033 is configured to parse the access service request if the access service type is a non-login access service, and obtain the tenant credential information corresponding to the tenant client as a secret key; if the access service type To access the service in the login state, the access service request is parsed, and the tenant credential information corresponding to the tenant client is obtained as the tenant identity token.
  • the device for implementing multi-tenant access services further includes a recording module 406, which is used to:
  • tenant credential information is a tenant identity token
  • the allocation module 404 is also used for:
  • the corresponding function realization class in the tenant information stored in the session object is determined, and the application context interface corresponding to the client service processing is instantiated through the function realization class.
  • the QR code of the login client is displayed on the authentication authorization page for the second client to scan and perform biometric authentication and user click authorization on the login client; If the second client has authorized the login client, it will log in directly without authentication and authorization; if the second client has not authorized the login client, it will need to perform the initial authentication and authorization, and then log in directly to achieve Password-free login of the second client to the first client.
  • FIG. 5 is a schematic structural diagram of a device for implementing multi-tenant access services provided by an embodiment of the present application.
  • the device 500 for implementing multi-tenant access services may have relatively large differences due to different configurations or performances, and may include one or more processors (central processing units, CPU) 510 (for example, one or more processors) and memory 520, one or more storage media 530 (for example, one or one storage device with a large amount of storage) storing application programs 533 or data 532.
  • the memory 520 and the storage medium 530 may be short-term storage or persistent storage.
  • the program stored in the storage medium 530 may include one or more modules (not shown in the figure), and each module may include a series of instruction operations in the device 500 for implementing multi-tenant access services. Further, the processor 510 may be configured to communicate with the storage medium 530, and execute a series of instruction operations in the storage medium 530 on the device 500 for implementing multi-tenant access services.
  • the device 500 for implementing multi-tenant access services may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input and output interfaces 560, and/or one or more operating systems 531, for example Windows Serve, Mac OS X, Unix, Linux, FreeBSD, etc.
  • operating systems 531 for example Windows Serve, Mac OS X, Unix, Linux, FreeBSD, etc.
  • the computer-readable storage medium may be a non-volatile computer-readable storage medium, and the computer-readable storage medium may also be a volatile computer-readable storage medium.
  • the computer-readable storage medium stores instructions, and when the instructions are executed on the computer, the computer executes the following steps:
  • Reading a tenant configuration file where the tenant configuration file contains customized function realization classes and/or general function realization classes corresponding to each tenant's access service;
  • tenant credential information obtain and analyze corresponding tenant information to obtain tenant identification information
  • the application context corresponding to the access service of the tenant client is determined and assigned to the thread where the service access request is located.
  • the computer-readable storage medium may mainly include a storage program area and a storage data area, where the storage program area may store an operating system, an application program required by at least one function, etc.; the storage data area may store Data created by the use of nodes, etc.
  • the integrated unit is implemented in the form of a software functional unit and sold or used as an independent product, it can be stored in a computer readable storage medium.
  • the technical solution of the present application essentially or the part that contributes to the existing technology or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , Including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (read-only memory, ROM), random access memory (random access memory, RAM), magnetic disks or optical disks and other media that can store program codes. .
  • the blockchain referred to in this application is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
  • Blockchain essentially a decentralized database, is a series of data blocks associated with cryptographic methods. Each data block contains a batch of network transaction information for verification. The validity of the information (anti-counterfeiting) and the generation of the next block.
  • the blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

La présente invention concerne l'intelligence artificielle, et porte sur un procédé, un appareil et un dispositif d'implémentation de service d'accès multi-locataire, et un support d'enregistrement. Le procédé comprend les étapes consistant : par la modification de la technologie sous-jacente d'une architecture multi-locataire, à modifier, sur la même plateforme, un contexte d'application s'adaptant à un service d'accès de locataire dans un contexte d'application s'adaptant à de multiples services d'accès de locataire indépendants, à configurer une classe de mise en œuvre de fonction universelle et une classe de mise en œuvre de fonction personnalisée de locataire pour chaque service d'accès de locataire, et par la programmation d'une interface du contexte d'application, à démarrer une instance correspondant à chaque classe de mise en œuvre de fonction ; dans une étape de démarrage de service, à charger d'abord le contexte d'application correspondant pour chaque service d'accès de locataire ; et dans un processus d'opération de service, à acquérir le contexte d'application correspondant au moyen d'informations de justificatif d'identité de locataire d'un client locataire, à accéder au fil actuel, et à démarrer un service d'accès de locataire correspondant. En outre, la présente invention concerne également la technologie de chaînes de blocs, et les informations associées peuvent être stockées dans un nœud de chaîne de blocs. Dans la présente invention, de multiples services personnalisés sont fournis sur l'architecture multi-locataire.
PCT/CN2021/078046 2020-04-28 2021-02-26 Procédé d'implantation de service d'accès multi-locataire, appareil et dispositif et support d'enregistrement WO2021218328A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202010350026.4A CN111641675A (zh) 2020-04-28 2020-04-28 多租户访问服务实现方法、装置、设备及存储介质
CN202010350026.4 2020-04-28

Publications (1)

Publication Number Publication Date
WO2021218328A1 true WO2021218328A1 (fr) 2021-11-04

Family

ID=72330860

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/078046 WO2021218328A1 (fr) 2020-04-28 2021-02-26 Procédé d'implantation de service d'accès multi-locataire, appareil et dispositif et support d'enregistrement

Country Status (2)

Country Link
CN (1) CN111641675A (fr)
WO (1) WO2021218328A1 (fr)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826738A (zh) * 2022-04-26 2022-07-29 天工信创(广州)信息科技有限公司 基于sso用户体系的多租户实现方法、处理器及装置
CN115391828A (zh) * 2022-10-31 2022-11-25 泰豪软件股份有限公司 基于微服务架构的多租户平台的数据隔离方法及系统
CN115495718A (zh) * 2022-09-19 2022-12-20 广东云徙智能科技有限公司 一种基于前端声明的后端能力授权方法、装置及设备
CN115695017A (zh) * 2022-11-02 2023-02-03 南方电网数字平台科技(广东)有限公司 适用于云平台运营的多租户访问控制方法
CN115952487A (zh) * 2023-03-14 2023-04-11 青岛安工数联信息科技有限公司 多种组织机构下租户信息配置系统及方法
CN116401231A (zh) * 2023-03-20 2023-07-07 一临云(深圳)科技有限公司 数据源管理方法、设备及存储介质
CN116743876A (zh) * 2023-08-14 2023-09-12 云筑信息科技(成都)有限公司 一种基于xxl-job实现多租户调度的方法
CN116932091A (zh) * 2023-09-15 2023-10-24 畅捷通信息技术股份有限公司 一种凭证生成时的配置文件生成方法、装置及存储介质

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111641675A (zh) * 2020-04-28 2020-09-08 深圳壹账通智能科技有限公司 多租户访问服务实现方法、装置、设备及存储介质
CN112182375A (zh) * 2020-09-27 2021-01-05 中国建设银行股份有限公司 一种综合服务平台的需求响应方法、装置、介质及平台
CN112199113A (zh) * 2020-10-28 2021-01-08 重庆撼地大数据有限公司 软件服务访问控制方法及装置
CN112637232B (zh) * 2020-12-29 2022-09-27 国云科技股份有限公司 支持多种策略的云平台资源隔离框架实现方法及装置
CN112685719B (zh) * 2020-12-29 2022-05-20 武汉联影医疗科技有限公司 单点登录方法、装置、系统、计算机设备和存储介质
CN113032805B (zh) * 2021-03-23 2023-06-02 建信金融科技有限责任公司 一种数据访问方法、装置、电子设备及存储介质
CN114499977B (zh) * 2021-12-28 2023-08-08 天翼云科技有限公司 一种认证方法及装置
CN114443171A (zh) * 2022-01-29 2022-05-06 中国建设银行股份有限公司 可配置化服务平台及可配置化服务实现方法
CN114885024B (zh) * 2022-04-28 2023-09-12 远景智能国际私人投资有限公司 应用实例的路由方法、装置、设备及介质
CN115834378A (zh) * 2022-10-31 2023-03-21 中电金信软件有限公司 数据处理方法和配置系统
CN116881429B (zh) * 2023-09-07 2023-12-01 四川蜀天信息技术有限公司 一种基于多租户的对话模型交互方法、装置及存储介质

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3324293A1 (fr) * 2016-11-18 2018-05-23 Sap Se Instances de service gérées par application
CN109408067A (zh) * 2018-10-22 2019-03-01 浙江明度智控科技有限公司 一种基于单体应用的数据管理方法和服务器
CN109862051A (zh) * 2017-11-30 2019-06-07 亿阳信通股份有限公司 一种微服务架构下多租户的实现方法及系统
CN110737508A (zh) * 2019-10-14 2020-01-31 浪潮云信息技术有限公司 一种基于浪潮云的云容器服务网络系统及实现方法
CN111641675A (zh) * 2020-04-28 2020-09-08 深圳壹账通智能科技有限公司 多租户访问服务实现方法、装置、设备及存储介质

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9460176B2 (en) * 2010-12-29 2016-10-04 Sap Se In-memory database for multi-tenancy
US10397073B2 (en) * 2013-03-15 2019-08-27 Cisco Technology, Inc. Supporting programmability for arbitrary events in a software defined networking environment
CN104216725B (zh) * 2013-06-04 2019-04-19 Sap欧洲公司 用于软件解决方案托管的存储库层策略调整
US9996321B2 (en) * 2015-06-23 2018-06-12 Microsoft Technology Licensing, Llc Multi-tenant, tenant-specific applications
CN106201506B (zh) * 2016-07-07 2019-11-22 华南理工大学 基于多租户模式的功能装配与定制方法
CN109274731B (zh) * 2018-09-04 2020-07-31 京东数字科技控股有限公司 基于多租户技术的web服务的部署、调用方法和装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3324293A1 (fr) * 2016-11-18 2018-05-23 Sap Se Instances de service gérées par application
CN109862051A (zh) * 2017-11-30 2019-06-07 亿阳信通股份有限公司 一种微服务架构下多租户的实现方法及系统
CN109408067A (zh) * 2018-10-22 2019-03-01 浙江明度智控科技有限公司 一种基于单体应用的数据管理方法和服务器
CN110737508A (zh) * 2019-10-14 2020-01-31 浪潮云信息技术有限公司 一种基于浪潮云的云容器服务网络系统及实现方法
CN111641675A (zh) * 2020-04-28 2020-09-08 深圳壹账通智能科技有限公司 多租户访问服务实现方法、装置、设备及存储介质

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114826738A (zh) * 2022-04-26 2022-07-29 天工信创(广州)信息科技有限公司 基于sso用户体系的多租户实现方法、处理器及装置
CN115495718A (zh) * 2022-09-19 2022-12-20 广东云徙智能科技有限公司 一种基于前端声明的后端能力授权方法、装置及设备
CN115495718B (zh) * 2022-09-19 2023-10-13 广东云徙智能科技有限公司 一种基于前端声明的后端能力授权方法、装置及设备
CN115391828A (zh) * 2022-10-31 2022-11-25 泰豪软件股份有限公司 基于微服务架构的多租户平台的数据隔离方法及系统
CN115695017B (zh) * 2022-11-02 2024-04-23 南方电网数字平台科技(广东)有限公司 适用于云平台运营的多租户访问控制方法
CN115695017A (zh) * 2022-11-02 2023-02-03 南方电网数字平台科技(广东)有限公司 适用于云平台运营的多租户访问控制方法
CN115952487A (zh) * 2023-03-14 2023-04-11 青岛安工数联信息科技有限公司 多种组织机构下租户信息配置系统及方法
CN116401231A (zh) * 2023-03-20 2023-07-07 一临云(深圳)科技有限公司 数据源管理方法、设备及存储介质
CN116401231B (zh) * 2023-03-20 2024-04-26 一临云(深圳)科技有限公司 数据源管理方法、设备及存储介质
CN116743876A (zh) * 2023-08-14 2023-09-12 云筑信息科技(成都)有限公司 一种基于xxl-job实现多租户调度的方法
CN116743876B (zh) * 2023-08-14 2023-12-08 云筑信息科技(成都)有限公司 一种基于xxl-job实现多租户调度的方法
CN116932091B (zh) * 2023-09-15 2023-12-26 畅捷通信息技术股份有限公司 一种凭证生成时的配置文件生成方法、装置及存储介质
CN116932091A (zh) * 2023-09-15 2023-10-24 畅捷通信息技术股份有限公司 一种凭证生成时的配置文件生成方法、装置及存储介质

Also Published As

Publication number Publication date
CN111641675A (zh) 2020-09-08

Similar Documents

Publication Publication Date Title
WO2021218328A1 (fr) Procédé d'implantation de service d'accès multi-locataire, appareil et dispositif et support d'enregistrement
US10027716B2 (en) System and method for supporting web services in a multitenant application server environment
JP6510568B2 (ja) マルチテナントアプリケーションサーバ環境におけるセキュリティをサポートするためのシステムおよび方法
US11146569B1 (en) Escalation-resistant secure network services using request-scoped authentication information
US6668327B1 (en) Distributed authentication mechanisms for handling diverse authentication systems in an enterprise computer system
RU2523113C1 (ru) Система и способ целевой установки сконфигурированного программного обеспечения
US6058426A (en) System and method for automatically managing computing resources in a distributed computing environment
US6385724B1 (en) Automatic object caller chain with declarative impersonation and transitive trust
US20080109898A1 (en) Modular enterprise authorization solution
WO2021013033A1 (fr) Procédé, appareil, dispositif et système d'opération de fichier, et support de stockage lisible par ordinateur
US10891569B1 (en) Dynamic task discovery for workflow tasks
US11888856B2 (en) Secure resource authorization for external identities using remote principal objects
US11924210B2 (en) Protected resource authorization using autogenerated aliases
US11233800B2 (en) Secure resource authorization for external identities using remote principal objects
US20060089967A1 (en) Secure multi-user web hosting
CN111279317A (zh) Api调用的动态的基于规则的变换
US20020138727A1 (en) System and process for enhancing method calls of special purpose object-oriented programming languages to have security attributes for access control
WO2022119872A1 (fr) Valeurs sources persistantes pour des identités alternatives adoptées
US20050005090A1 (en) Method and system for dynamic client authentication in support of JAAS programming model
WO2014140116A1 (fr) Système et procédé de gestion d'ensembles de tâches informatiques
Karp et al. The client utility architecture: the precursor to E-speak
CN113300852B (zh) 服务管理方法及平台、计算机设备及计算机可读存储介质
US20240104223A1 (en) Portable verification context
US20230370473A1 (en) Policy scope management
US20240007463A1 (en) Authenticating commands issued through a cloud platform to execute changes to inventory of virtual objects deployed in a software-defined data center

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21796093

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205 DATED 21/02/2023)

122 Ep: pct application non-entry in european phase

Ref document number: 21796093

Country of ref document: EP

Kind code of ref document: A1