CN101667210A - Authentication and authorization system based on embedded database - Google Patents
Authentication and authorization system based on embedded database Download PDFInfo
- Publication number
- CN101667210A CN101667210A CN200910197252A CN200910197252A CN101667210A CN 101667210 A CN101667210 A CN 101667210A CN 200910197252 A CN200910197252 A CN 200910197252A CN 200910197252 A CN200910197252 A CN 200910197252A CN 101667210 A CN101667210 A CN 101667210A
- Authority
- CN
- China
- Prior art keywords
- authentication
- user
- resource
- authorization system
- management module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
An authentication and authorization system based on an embedded database comprises an SQLite database and an authentication and authorization module, wherein the authentication and authorization module is connected with the SQLite database and is also provided with a passing application program interface which can be invoked by outside. The authentication and authorization module comprises an authentication management module used for user authentication, a user management module used for user management, a resource management module used for managing useable resource of the user, and an authorization management module used for managing the using authority of the usable resource of the user. In the invention, the deployment of the authentication and authorization system is simple, the configuration of the authentication and authorization system is convenient, the authentication and authorization system can be expanded, spans the platforms, has high performance, is applicable to the environment that has extremely high requirement on performance, such as industrial control field and the like, and can reduce the expense for operation and maintenance.
Description
Technical field
The invention belongs to the Certificate Authority management domain in the industrial control system, particularly a kind of based on embedded database authentication and authorization system and method thereof.
Background technology
Along with the continuous development based on electronic information, information security has obtained increasing attention.There are following shortcoming in traditional authentication and authorization system and method:
One, performance can't be met consumers' demand;
Two, extensibility is good inadequately;
Three, professional platform independence is good inadequately.
For example, name is called common authentication authorization service system and method, and application number is 200310117683.0 Chinese patent application, and its technical scheme that adopts comprises: a common authentication authorization server, a plurality of client computer and a database.The common authentication authorization server is used for realizing centralized authentification of user authorization service at distributed network.This common authentication authorization server comprises an authenticate device, is used for user's identity is discerned and being confirmed at distributed network, and generates authorized certificate; One authorization device is used for confirming the access rights of user to a plurality of application service systems at distributed network, and generates service evidence.Client computer provides an interactive user interface, so that the user imports User names and passwords, and obtain the authorization voucher and service evidence.Database is used to store user list, authorized certificate and service evidence.Utilize the present invention, can in distributed network, realize centralized authentification of user authorization service safely, efficiently.It is used in and realizes centralized authentification of user authorization service in the distributed network.
And, obviously being not suitable for adopting technique scheme for the management of the Certificate Authority in the industrial control system, its performance can't satisfy the requirement of user for real-time, extensibility and professional platform independence.
Summary of the invention
The purpose of this invention is to provide a kind of authentication and authorization system, manage the problem of the real-time difference that exists with the Certificate Authority in the solution industrial control system based on embedded database.
The purpose of this invention is to provide a kind of authentication and authorization system, manage extensibility and the professional platform independence problem that exists with the Certificate Authority that solves in the industrial control system based on embedded database.
The present invention adopts following technical scheme:
A kind of authentication and authorization system based on embedded database comprises:
The SQLite database,
The Certificate Authority module is connected with described SQLite database, is used for the spendable resource of user is carried out Certificate Authority, and described Certificate Authority module also is provided with the application programming interfaces that pass through for external call.
Further, described Certificate Authority module comprises the authentication management module, the user management module that is used for leading subscriber that are used for authentification of user, the resource management module that is used for the spendable resource of user is managed, is used for the entitlement management module that can use the rights of using of resource to manage to the user.
What further, described Certificate Authority module was provided with comprises importing, export interface for the api interface of external call.
Further, the module of C language call is write and supported to described Certificate Authority module for adopting C Plus Plus.
Further, the user type in the user management module comprises unique user and group user.
Further, the authority of described entitlement management module comprises and carries out in the authority transfer rights one or more between the authority, user of exclusive resource authority, group's resource.
The invention enables authentication and authorization system dispose simple, configuration make things convenient for, can expand, cross-platform, high-performance, is applicable to the environment very high to performance requirement such as industrial control field, can reduce operation and maintenance expenses usefulness.
Further specify the present invention below in conjunction with drawings and Examples.
Description of drawings
Fig. 1 is the authentication and authorization system example structure synoptic diagram that the present invention is based on embedded database.
Fig. 2 is the Certificate Authority modular structure synoptic diagram that the present invention is based among the authentication and authorization system embodiment of embedded database.
Embodiment
As shown in Figure 1, a kind of authentication and authorization system based on embedded database is characterized in that comprising:
The SQLite database,
The Certificate Authority module is connected with described SQLite database by application programming interfaces (API), and described Certificate Authority module also is provided with the api interface for external call.
Wherein, described SQLite database technology is a prior art, and it is a software library, is used to realize the SQL database engine of self-contained, non-service formula, zero configuration, affairsization.
As shown in Figure 2, described Certificate Authority module comprises authentication management module, user management module, resource management module and entitlement management module, and two api interfaces are respectively applied for and are connected with the SQLite database and for the external application module invokes.Wherein, described authentication management module is used for authentification of user.Described user management module is used for leading subscriber, as user types such as setting unique user and group user, and carries out corresponding user management etc.Described resource management module is used for the spendable resource of user is managed.Described entitlement management module is used for user's resources use right limit is managed, as authorizes the monopolize authority of certain user to certain access authorization for resource, the authorization based on group's resource is provided, and carries out authority transfer etc. between the user.
What further, described Certificate Authority module was provided with comprises importing, export interface for the api interface of external call.
Further, the module of C language call is write and supported to described Certificate Authority module for adopting C Plus Plus.
The present invention adopts the SQLite database, uses embedded data file storage data, therefore without any need for the support of other Database Systems.And can directly call the embedded database api interface, the authorization of nested group and resource can be provided.And can compile out the version of striding a plurality of platforms easily, and offer other application integration in the mode of dynamic base.It has the following advantages:
Dispose simple: do not need the running environment of Java or .Net, directly be in the same place with application integration with the form of dynamic base; Also, use Sqlite data file storage data without any need for the support of Database Systems.
Zero configuration: do not need to install, only need an independent dynamic base member (being the dll file, is so file) under the Windows system under Solaris and linux system.Can under situation, move, reduce the difficulty of system maintenance without any configuration file.
High-performance: high performance interface interchange is provided, and the query interface time of return on average is no more than 1 millisecond, and the operation-interface time of return on average is no more than 100 milliseconds.Support batch operation, guaranteed the performance called in enormous quantities, the very suitable application higher performance requirement.
Cross-platform support: support Windows, Solaris and Linux platform.Satisfy and be applied in the requirement of disposing under the different system.
The interface of thread-safe: guarantee the thread-safe of its own interfaces, when application need in multithreading condition following time, can guarantee the consistance and the integrality of data.
Multiple practical authorization function: the authorization based on group's resource is provided, supports that group is nested, can satisfy the demand of overwhelming majority application to authorizing; Provide authority to shift interface, support that the authority between the provisional controlled user is reversed.Function to resource lock is provided, guarantees to use requirement the access control of exclusivity resource.
Easy to maintenance: self provide to import and export interface, convenient clustered deploy(ment) of using also provides the support of the backup of data.Dispose simply, the backup based on file also can be directly adopted in backup.
Support expansion: callback interface is provided, and application developer can be come the customized extension function as required.
The method that the present invention adopts makes embedded authentication and authorization system be achieved, and by using embedded database file storage data, has removed the maintenance work of database from.The method that adopts by the present invention can significantly improve the performance of authentication and authorization system, can be widely used in the embedded industrial control system such as track traffic.
Above-described embodiment only is used to illustrate technological thought of the present invention and characteristics, its purpose is to make those skilled in the art can understand content of the present invention and implements according to this, can not only limit claim of the present invention with present embodiment, be all equal variation or modifications of doing according to disclosed spirit, still drop in the claim of the present invention.
Claims (6)
1, a kind of authentication and authorization system based on embedded database is characterized in that comprising:
The SQLite database,
The Certificate Authority module is connected with described SQLite database, is used for the spendable resource of user is carried out Certificate Authority, and described Certificate Authority module also is provided with the application programming interfaces that pass through for external call.
2, the authentication and authorization system based on embedded database according to claim 1 is characterized in that:
The resource management module that described Certificate Authority module comprises the authentication management module, the user management module that is used for leading subscriber that are used for authentification of user, be used for the spendable resource of user is managed, be used for the entitlement management module that to use the rights of using of resource to manage to the user.
3, the authentication and authorization system based on embedded database according to claim 1 and 2 is characterized in that:
The api interface for external call that described Certificate Authority module is provided with comprises importing, export interface.
4, the authentication and authorization system based on embedded database according to claim 3 is characterized in that:
The module of C language call is write and supported to described Certificate Authority module for adopting C Plus Plus.
5, the authentication and authorization system based on embedded database according to claim 4 is characterized in that:
User type in the user management module comprises unique user and group user.
6, the authentication and authorization system based on embedded database according to claim 5 is characterized in that:
The authority of described entitlement management module comprises carries out in the authority transfer rights one or more between the authority, user of exclusive resource authority, group's resource.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910197252A CN101667210A (en) | 2009-10-15 | 2009-10-15 | Authentication and authorization system based on embedded database |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910197252A CN101667210A (en) | 2009-10-15 | 2009-10-15 | Authentication and authorization system based on embedded database |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101667210A true CN101667210A (en) | 2010-03-10 |
Family
ID=41803828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910197252A Pending CN101667210A (en) | 2009-10-15 | 2009-10-15 | Authentication and authorization system based on embedded database |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101667210A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102915305A (en) * | 2011-08-02 | 2013-02-06 | 上海三一精机有限公司 | Data management system and data management method for embedded database of numerical control system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1635738A (en) * | 2003-12-26 | 2005-07-06 | 鸿富锦精密工业(深圳)有限公司 | General authentication authorization service system and method |
| US20080307506A1 (en) * | 2007-06-11 | 2008-12-11 | Anil Saldhana | Authorization framework |
| CN101377737A (en) * | 2007-08-28 | 2009-03-04 | 上海宝信软件股份有限公司 | Resource management apparatus of application system |
-
2009
- 2009-10-15 CN CN200910197252A patent/CN101667210A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1635738A (en) * | 2003-12-26 | 2005-07-06 | 鸿富锦精密工业(深圳)有限公司 | General authentication authorization service system and method |
| US20080307506A1 (en) * | 2007-06-11 | 2008-12-11 | Anil Saldhana | Authorization framework |
| CN101377737A (en) * | 2007-08-28 | 2009-03-04 | 上海宝信软件股份有限公司 | Resource management apparatus of application system |
Non-Patent Citations (1)
| Title |
|---|
| 英锋等: "一种基于SQLite的家庭网关的设计与实现", 《微计算机信息》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102915305A (en) * | 2011-08-02 | 2013-02-06 | 上海三一精机有限公司 | Data management system and data management method for embedded database of numerical control system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102460389B (en) | Methods and systems for launching applications into existing isolation environments | |
| Fan et al. | Manufacturing grid: needs, concept, and architecture | |
| US7735115B2 (en) | System which enforces policy for virtual private organization and method thereof | |
| CN102638566B (en) | BLOG system running method based on cloud storage | |
| US7650609B2 (en) | Multi-environment document management system access | |
| US7657609B2 (en) | Data transfer in a multi-environment document management system access | |
| WO2001091033A3 (en) | Security architecture for integration of enterprise information system with j2ee platform | |
| CN103209223A (en) | Distributed application conversation information sharing method and system and application server | |
| CN101388797A (en) | Method for realizing authority control in network management and network management system | |
| CN102722439B (en) | Method, device and system for improving running stability of FLASH assembly | |
| CN103019791A (en) | Software deploying method and system | |
| US20130091547A1 (en) | Method and System for Enabling Non-Intrusive Multi Tenancy Enablement | |
| CN102323884A (en) | Web service container and method for issuing multiple Web services | |
| CN102333108A (en) | Distributed cache synchronization system and method | |
| CN112583887B (en) | Data credible sharing method based on block chain | |
| He | Applications deployment on the SaaS platform | |
| CN104866976A (en) | Multi-tenant-oriented information managing system | |
| Sarga | Cloud computing: An overview. | |
| CN102375894A (en) | Method for managing different types of file systems | |
| US20020184405A1 (en) | Method, computer program product and system for providing information processing service | |
| Kiryakova et al. | Application of cloud computing services in business | |
| CN101667210A (en) | Authentication and authorization system based on embedded database | |
| US20090216548A1 (en) | License Management in a Networked Software Application Solution | |
| US20080288937A1 (en) | Enabling software service in a hosted environment | |
| WO2015076661A1 (en) | An architecture framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20100310 |