CN104270349A - Isolation method and device for cloud computing multi-tenant application - Google Patents
Isolation method and device for cloud computing multi-tenant application Download PDFInfo
- Publication number
- CN104270349A CN104270349A CN201410475563.6A CN201410475563A CN104270349A CN 104270349 A CN104270349 A CN 104270349A CN 201410475563 A CN201410475563 A CN 201410475563A CN 104270349 A CN104270349 A CN 104270349A
- Authority
- CN
- China
- Prior art keywords
- tenant
- address
- business
- log
- login user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
Abstract
The invention discloses an isolation method and device for a cloud computing multi-tenant application. The method comprises the steps of receiving log-in information including a tenant name and authentication information which are input by a log-in user, inquiring the corresponding relation between a preset tenant name and a tenant service data storage address, determining the tenant service data storage address corresponding to the tenant name included in the log-in formation as a first address, judging whether the authentication information is matched with identity information prestored in the first address, allowing the log-in operation of the user when the authentication information is successfully matched with the identity information, and setting a database address where the log-in user performs an operation as the first address. Different tenant service data storage addresses are set for different tenant names respectively, the data base addresses where the users perform operations are set as the found tenant service data storage addresses, and different tenants perform operations at different service data storage addresses, so that isolation of the multi-tenant application is achieved.
Description
Technical field
The application relates to field of cloud computer technology, more particularly, relates to partition method and the device of the many tenant's application of a kind of cloud computing.
Background technology
Namely software serve, and (software as a Service, SaaS) is one of Main Patterns of cloud computing.Traditional software mode of selling is transformed into the mode that user provides service by it, and user applies without the need to installation and deployment, without the need to considering the O&M of software, only needs input address of service to use.Under SaaS pattern, the same class user with common requirement is called as tenant, and user finally rents software in units of tenant.
In SaaS many tenants service mode, SaaS provider can simultaneously for multiple tenant provides software service.This mode greatly can improve resource utilization, reduce maintenance cost.But it is faced with the problem that mathematical logic, service logic, page logic etc. to different tenant are isolated.
Existing settling mode is the isolation carrying out many tenants application based on virtual machine.Isolation based on virtual machine supports a tenant with one or more virtual machine, once after having new tenant to add, needs to start new virtual machine, at the application example that the new virtual machine deploy started is new.Obviously, this processing mode can bring a large amount of expenses, consumes a large amount of physical computing resources, if many tenant's application need upgrading simultaneously, so needs to upgrade respectively for the application on each virtual machine, again can at substantial manpower.
Summary of the invention
In view of this, this application provides partition method and the device of the many tenant's application of a kind of cloud computing, for solve the many tenants of existing cloud computing apply isolation time, need to enable new virtual machine, thus consume a large amount of physical computing resources and be not easy to the problem of application upgrade.
To achieve these goals, the existing scheme proposed is as follows:
A partition method for the many tenant's application of cloud computing, comprising:
Receive the log-on message of login user input, described log-on message comprises tenant's name and authentication information;
The corresponding relation of tenant's name that inquiry is preset and tenant's business datum memory address, is defined as the first address by tenant's business datum memory address corresponding with the tenant's name comprised in described log-on message;
Judge whether described authentication information mates with the identity information prestored in described first address, allow the register of user when the match is successful for authentication information;
By described login user want the database address of executable operations to be set to described first address.
Preferably, also comprise:
The manner of execution judging described login user current operation whether with pre-define and be stored in described first address activate business identical, if, then call activate business identical with the manner of execution of described current operation be stored in described first address, and activating business of utilizing this to call replaces original business.
Preferably, also comprise:
The uniform resource position mark URL judging described login user current request whether with to pre-define and the personal page be stored in described first address shows that logic is identical, if, then call the personal page identical with the URL of described current request be stored in described first address and show logic, and the personal page utilizing this to call shows that logic replaces original page presentation logic.
Preferably, also comprise:
The session information of described login user is kept in Web container.
A shielding system for the many tenant's application of cloud computing, comprising:
Log-on message receiving element, for receiving the log-on message of login user input, described log-on message comprises tenant's name and authentication information;
Route data memory cell, for storing the corresponding relation of tenant's name and tenant's business datum memory address;
Address determination unit, for inquiring about described route data memory cell, is defined as the first address by tenant's business datum memory address corresponding with the tenant's name comprised in described log-on message;
Identity authenticating unit, for judging whether described authentication information mates with the identity information prestored in described first address, allows the register of user when the match is successful for authentication information;
Address setting unit, for by described login user want the database address of executable operations to be set to described first address.
Preferably, also comprise:
First judging unit, for judge described login user current operation manner of execution whether with pre-define and be stored in described first address activate business identical;
First processing unit, for when the judged result of described first judging unit is for being, call activate business identical with the manner of execution of described current operation be stored in described first address, and activating business of utilizing this to call replaces original business.
Preferably, also comprise:
Second judging unit, for judge described login user current request uniform resource position mark URL whether with to pre-define and the personal page be stored in described first address shows that logic is identical;
Second processing unit, for when the judged result of described second judging unit is for being, call the personal page identical with the URL of described current request be stored in described first address and show logic, and the personal page utilizing this to call shows that logic replaces original page presentation logic.
Preferably, also comprise:
Web container, for preserving the session information of described login user.
Preferably, also comprise:
Route data buffer unit, carries out buffer memory for described first address determined by described address determination unit.
Preferably, also comprise:
Administrator unit, activates business and described personal page displaying logic described in defining for tenant keeper.
As can be seen from above-mentioned technical scheme, the partition method of the many tenant's application of the cloud computing that the embodiment of the present application provides, receive the log-on message comprising tenant's name and authentication information of login user input, the corresponding relation of tenant's name that inquiry is preset and tenant's business datum memory address, the tenant business datum memory address corresponding with the tenant's name comprised in described log-on message is defined as the first address, judge whether authentication information mates with the identity information prestored in the first address, the register of user is allowed when the match is successful for authentication information, and by login user want the database address of executable operations to be set to the first address.The application establishes the corresponding relation between tenant's name and tenant's business datum memory address in advance, namely different tenant's business datum memory addresss is set respectively for different tenant's names, and inquire about the business datum memory address corresponding to tenant's name of current login user, when after login user Successful login, the database address of follow-up for this login user wanted executable operations is set to business datum memory address corresponding to tenant's name that is that find and this login user by us, the all operations of the follow-up execution of such user all carries out in its business datum memory address, the business datum memory address of different tenant's executable operations is different, mutual interference can not be there is between different tenant, achieve the isolation of many tenants application, and without the need to enabling new virtual machine, also additionally physical computing resources would not be consumed.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only the embodiment of the application, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to the accompanying drawing provided.
The partition method flow chart of the many tenant's application of Fig. 1 a kind of cloud computing disclosed in the embodiment of the present application;
The partition method flow chart of the many tenant's application of Fig. 2 another kind of cloud computing disclosed in the embodiment of the present application;
Fig. 3 is the partition method flow chart of the many tenant's application of the embodiment of the present application another cloud computing disclosed;
The shielding system structural representation of the many tenant's application of Fig. 4 a kind of cloud computing disclosed in the embodiment of the present application;
The shielding system structural representation of the many tenant's application of Fig. 5 another kind of cloud computing disclosed in the embodiment of the present application;
Fig. 6 is the shielding system structural representation of the many tenant's application of the embodiment of the present application another cloud computing disclosed;
Fig. 7 is the shielding system structural representation of the many tenant's application of the embodiment of the present application another cloud computing disclosed.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, be clearly and completely described the technical scheme in the embodiment of the present application, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtained under creative work prerequisite, all belong to the scope of the application's protection.
See the partition method flow chart of the many tenant's application of Fig. 1, Fig. 1 a kind of cloud computing disclosed in the embodiment of the present application.
As shown in Figure 1, the method comprises:
Step 100: the log-on message receiving login user input, described log-on message comprises tenant's name and authentication information;
Particularly, the log-on message of user's input includes tenant's name and authentication information.Authentication information can be user name encrypted code, or other can the information of identity verification.
Step 110: the corresponding relation of tenant's name that inquiry is preset and tenant's business datum memory address, is defined as the first address by tenant's business datum memory address corresponding with the tenant's name comprised in described log-on message;
Particularly, we have prestored the corresponding relation between different tenant's names and corresponding tenant's business datum memory address.Tenant's business datum memory address that different tenant's names is corresponding different.Also namely, each tenant carries out data manipulation in the business datum memory address of oneself.This corresponding relation can be store in the form of a list, is convenient to inquiry.
According to tenant's name Query List of user's input in previous step, find the tenant business datum memory address corresponding with this tenant's name, it is defined as the first address.
Step 120: judge whether described authentication information mates with the identity information prestored in described first address, allows the register of user when the match is successful for authentication information;
Particularly, the tenant's name inputted by login user determines the business datum memory address changing tenant's name correspondence, then in this business datum memory address, the authentication information prestored is called, and whether the authentication information contrasting login user input matches with the authentication information prestored, if the match is successful, then prove the identity legitimacy of current login user, allow the register of user.
Step 130: by described login user want the database address of executable operations to be set to described first address.
Particularly, after user's Successful login, the database address of its follow-up wanted executable operations is set to above-mentioned first address.Also namely, all operations performed by this tenant is all carry out in the separate traffic address data memory of its correspondence, does not interfere with each other, achieve the object that tenant applies isolation with other tenants.Such as, user wants maintenance list, then this operation is carry out in the business datum memory address of this tenant completely.
Tenant's business datum memory address can be the memory address of tenant's Service Database, for different tenants, different physical databases can be set, using the address of each physical database as this tenant's business datum memory address, certainly can also be utilize a physical database to store the business datum of all tenants, different tenants all divides in Same Physical database independently memory address.
The partition method of the many tenant's application of the cloud computing that the embodiment of the present application provides, receive the log-on message comprising tenant's name and authentication information of login user input, the corresponding relation of tenant's name that inquiry is preset and tenant's business datum memory address, the tenant business datum memory address corresponding with the tenant's name comprised in described log-on message is defined as the first address, judge whether authentication information mates with the identity information prestored in the first address, the register of user is allowed when the match is successful for authentication information, and by login user want the database address of executable operations to be set to the first address.The application establishes the corresponding relation between tenant's name and tenant's business datum memory address in advance, namely different tenant's business datum memory addresss is set respectively for different tenant's names, and inquire about the business datum memory address corresponding to tenant's name of current login user, when after login user Successful login, the database address of follow-up for this login user wanted executable operations is set to business datum memory address corresponding to tenant's name that is that find and this login user by us, the all operations of the follow-up execution of such user all carries out in its business datum memory address, the business datum memory address of different tenant's executable operations is different, mutual interference can not be there is between different tenant, achieve the isolation of many tenants application, and without the need to enabling new virtual machine, also additionally physical computing resources would not be consumed.
It should be noted that, all session informations of login user can also be kept in Web container by we.Situation about associating between the different requests that repeatedly between HTTP connection, maintenance customer and same user send is called a session.Associate between the different requests that session can send user and same user.The session of different user should be separate.Session just should exist once foundation always, until user exceedes some event horizons free time, Web container just can discharge this Session Resources.Between the survival period of session, user may have sent a lot of request to server, and the solicited message of this user can store in a session.
It should be noted that, the corresponding relation of above-mentioned tenant's name of setting up in advance and tenant's business datum memory address can be stored in route data memory space, needs outlet to be inquired about by data space during the business datum memory address of each this tenant of inquiry.Certainly, the corresponding relation of this tenant and tenant's business datum memory address after login user inquires about tenant's business datum memory address corresponding to tenant first, can also be buffered in local internal memory, accelerates the response time of subsequent user request like this by we.
See the partition method flow chart of the many tenant's application of Fig. 2, Fig. 2 another kind of cloud computing disclosed in the embodiment of the present application.
Composition graphs 1 and Fig. 2 known, the present embodiment further increases:
Step 200: whether the manner of execution judging described login user current operation activates business identical in described first address with pre-defining and be stored in, and if so, then performs step 210;
Particularly, the keeper of each tenant can log in many tenants application system in advance, carries out the personal settings of tenant.The backbone module of load application system and some patch modules, backbone module contains the most substantially, the most comprehensive function set, and any tenant directly can use the function of backbone module, but the function of backbone module does not have personalization capability.And patch module is the individual demand of developer according to tenant, generate after carrying out code development editor for the logic of some personalization.Tenant keeper selects activating business of part patch module, and by the activating business and be stored into corresponding to current tenant business datum memory space of this selection.
User's Successful login and executable operations time, whether identical with activating business of storing in tenant's business datum memory address by the manner of execution that judges user's current operation, if so, then trigger the step of following step 210, otherwise carry out according to former flow process.
Step 210: call activate business identical with the manner of execution of described current operation be stored in described first address, and activating business of utilizing this to call replaces original business.
Particularly, when above-mentioned judged result is for being, calls and being stored in activating business in tenant's business datum memory space, what utilize this to call activates business to replace corresponding business in backbone module, achieves the needs of tenant's personal settings.
Citing as: in project management system, backbone module contains the major functions such as project definition, the project plan, project monitoring and project concluding a research item, one of them concrete function is " line manager has the authority of checking all items information under this department ", this function is all rational for most of enterprise, but for military enterprise, consider from secret angle, it is too weak that this mode controls dynamics.Therefore, the function of military enterprise's personalization needs to be " line manager can not have the authority of checking all items information under this department, must be that program member just can check ".Obviously, the latter is the function that patch module provides, activating business that this patch module can provide by we is stored in the business datum memory address of this military enterprise tenant, when military enterprise tenant execution checks that project information operates, can check this executable operations method whether be stored in activating business in business datum memory address and match, therefore can utilize and activate business that " line manager can not have the authority of checking all items information under this department, must be that program member just can check " replace " line manager has the authority of checking all items information under this department " business in backbone module.
See the partition method flow chart that Fig. 3, Fig. 3 are the many tenant's application of the embodiment of the present application another cloud computing disclosed.Composition graphs 2 and Fig. 3 known, the present embodiment further increases:
Step 300: the uniform resource position mark URL judging described login user current request whether with to pre-define and the personal page be stored in described first address shows that logic is identical, if so, then perform step 310;
Particularly, identical with a upper embodiment, the keeper of each tenant can log in many tenants application system in advance, carries out the personal settings of tenant.The backbone module of load application system and some patch modules, backbone module contains the most substantially, the most comprehensive function set, and any tenant directly can use the function of backbone module, but the function of backbone module does not have personalization capability.And patch module is the individual demand of developer according to tenant, generate after carrying out code development editor for the logic of some personalization.What distinguish with a upper embodiment is, the personal page that in the present embodiment, tenant keeper can select part patch module to provide shows logic business, and the personal page of this selection is shown that logic business is stored in the business datum memory space corresponding to current tenant.
User's Successful login and executable operations time, by judging with the personal page in this tenant's business datum memory space, whether the uniform resource position mark URL that user asks shows that logic is identical, if so, then trigger the step of following step 210, otherwise carry out according to former flow process.
Step 310: call the personal page identical with the URL of described current request be stored in described first address and show logic, and the personal page utilizing this to call shows that logic replaces original page presentation logic.
Particularly, when above-mentioned judged result is for being, call the personal page be stored in tenant's business datum memory space and show logic, the personal page utilizing this to call shows that logic is to replace corresponding page presentation logic in backbone module, achieves the needs that tenant's personal page is arranged.
Citing as: in project management system, adopt the mode of list to check for project set in backbone module, and the demand of military enterprise's personalization adopts the mode of tree structure to check.Obviously, the latter is the function that patch module provides, the page presentation logical storage that this patch module can provide by we is in the business datum memory address of this military enterprise tenant, when the operation of the project set page is checked in military enterprise tenant execution, the uniform resource position mark URL that can check current request whether with to pre-define and the personal page be stored in described first address is shown that logic is identical and matched, if, " adopting the mode of tree structure to check project set " that then calling patch module provides replaces backbone module original " adopting the mode of list to check project set ".
It should be noted that, step 300 and the deterministic process of step 200, can be carry out simultaneously, also can be successively carry out, merely illustrate a kind of situation herein here.
Be described the shielding system of the many tenant's application of cloud computing that the embodiment of the present application provides below, the partition method that shielding system and the many tenants of above-described cloud computing of cloud computing described below many tenants application apply can mutual corresponding reference.
See the shielding system structural representation of the many tenant's application of Fig. 4, Fig. 4 a kind of cloud computing disclosed in the embodiment of the present application.
As shown in Figure 4, this system comprises:
Log-on message receiving element 41, for receiving the log-on message of login user input, described log-on message comprises tenant's name and authentication information;
Route data memory cell 42, for storing the corresponding relation of tenant's name and tenant's business datum memory address;
Address determination unit 43, for inquiring about described route data memory cell, is defined as the first address by tenant's business datum memory address corresponding with the tenant's name comprised in described log-on message;
Identity authenticating unit 44, for judging whether described authentication information mates with the identity information prestored in described first address, allows the register of user when the match is successful for authentication information;
Address setting unit 45, for by described login user want the database address of executable operations to be set to described first address.
Optionally, Fig. 5 illustrates the shielding system structural representation of the many tenant's application of another kind of cloud computing that the embodiment of the present application provides.
Composition graphs 4 and Fig. 5 known, the shielding system of the application can also comprise:
First judging unit 51, for judge described login user current operation manner of execution whether with pre-define and be stored in described first address activate business identical;
First processing unit 52, for when the judged result of described first judging unit 51 is for being, call activate business identical with the manner of execution of described current operation be stored in described first address, and activating business of utilizing this to call replaces original business.
Optionally, Fig. 6 illustrates the shielding system structural representation of the many tenant's application of another kind of cloud computing that the embodiment of the present application provides.
Composition graphs 5 and Fig. 6 known, the shielding system of the application can also comprise:
Second judging unit 61, for judge described login user current request uniform resource position mark URL whether with to pre-define and the personal page be stored in described first address shows that logic is identical;
Second processing unit 62, for when the judged result of described second judging unit 61 is for being, call the personal page identical with the URL of described current request be stored in described first address and show logic, and the personal page utilizing this to call shows that logic replaces original page presentation logic.
Optionally, the shielding system of the application can also comprise: Administrator unit, activates business and described personal page displaying logic described in defining for tenant keeper.Thus judge to carry out deterministic process for the first judging unit and second.
Optionally, the shielding system of the application can also comprise: Web container, for preserving the session information of described login user.
Optionally, Fig. 7 illustrates the shielding system structural representation of the many tenant's application of another kind of cloud computing that the embodiment of the present application provides.
Composition graphs 4 and Fig. 7 known, the shielding system of the application can also comprise:
Route data buffer unit 71, carries out buffer memory for described first address determined by described address determination unit.
By inquire about tenant's business datum memory address corresponding to tenant first user after, the corresponding relation of this tenant and tenant's business datum memory address is buffered in route data buffer cell 91, accelerates the response time of subsequent user request.
The shielding system of the many tenant's application of the cloud computing that the embodiment of the present application provides, receive the log-on message comprising tenant's name and authentication information of login user input, the corresponding relation of tenant's name that inquiry is preset and tenant's business datum memory address, the tenant business datum memory address corresponding with the tenant's name comprised in described log-on message is defined as the first address, judge whether authentication information mates with the identity information prestored in the first address, the register of user is allowed when the match is successful for authentication information, and by login user want the database address of executable operations to be set to the first address.The application establishes the corresponding relation between tenant's name and tenant's business datum memory address in advance, namely different tenant's business datum memory addresss is set respectively for different tenant's names, and inquire about the business datum memory address corresponding to tenant's name of current login user, when after login user Successful login, the database address of follow-up for this login user wanted executable operations is set to business datum memory address corresponding to tenant's name that is that find and this login user by us, the all operations of the follow-up execution of such user all carries out in its business datum memory address, the business datum memory address of different tenant's executable operations is different, mutual interference can not be there is between different tenant, achieve the isolation of many tenants application, and without the need to enabling new virtual machine, also additionally physical computing resources would not be consumed.
Finally, also it should be noted that, in this article, the such as relational terms of first and second grades and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical element.
In this specification, each embodiment adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar portion mutually see.
To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the application.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein when not departing from the spirit or scope of the application, can realize in other embodiments.Therefore, the application can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (10)
1. a partition method for the many tenant's application of cloud computing, is characterized in that, comprising:
Receive the log-on message of login user input, described log-on message comprises tenant's name and authentication information;
The corresponding relation of tenant's name that inquiry is preset and tenant's business datum memory address, is defined as the first address by tenant's business datum memory address corresponding with the tenant's name comprised in described log-on message;
Judge whether described authentication information mates with the identity information prestored in described first address, allow the register of user when the match is successful for authentication information;
By described login user want the database address of executable operations to be set to described first address.
2. partition method according to claim 1, is characterized in that, also comprises:
The manner of execution judging described login user current operation whether with pre-define and be stored in described first address activate business identical, if, then call activate business identical with the manner of execution of described current operation be stored in described first address, and activating business of utilizing this to call replaces original business.
3. partition method according to claim 2, is characterized in that, also comprises:
The uniform resource position mark URL judging described login user current request whether with to pre-define and the personal page be stored in described first address shows that logic is identical, if, then call the personal page identical with the URL of described current request be stored in described first address and show logic, and the personal page utilizing this to call shows that logic replaces original page presentation logic.
4. partition method according to claim 3, is characterized in that, also comprises:
The session information of described login user is kept in Web container.
5. a shielding system for the many tenant's application of cloud computing, is characterized in that, comprising:
Log-on message receiving element, for receiving the log-on message of login user input, described log-on message comprises tenant's name and authentication information;
Route data memory cell, for storing the corresponding relation of tenant's name and tenant's business datum memory address;
Address determination unit, for inquiring about described route data memory cell, is defined as the first address by tenant's business datum memory address corresponding with the tenant's name comprised in described log-on message;
Identity authenticating unit, for judging whether described authentication information mates with the identity information prestored in described first address, allows the register of user when the match is successful for authentication information;
Address setting unit, for by described login user want the database address of executable operations to be set to described first address.
6. shielding system according to claim 5, is characterized in that, also comprises:
First judging unit, for judge described login user current operation manner of execution whether with pre-define and be stored in described first address activate business identical;
First processing unit, for when the judged result of described first judging unit is for being, call activate business identical with the manner of execution of described current operation be stored in described first address, and activating business of utilizing this to call replaces original business.
7. shielding system according to claim 6, is characterized in that, also comprises:
Second judging unit, for judge described login user current request uniform resource position mark URL whether with to pre-define and the personal page be stored in described first address shows that logic is identical;
Second processing unit, for when the judged result of described second judging unit is for being, call the personal page identical with the URL of described current request be stored in described first address and show logic, and the personal page utilizing this to call shows that logic replaces original page presentation logic.
8. shielding system according to claim 7, is characterized in that, also comprises:
Web container, for preserving the session information of described login user.
9. shielding system according to claim 5, is characterized in that, also comprises:
Route data buffer unit, carries out buffer memory for described first address determined by described address determination unit.
10. shielding system according to claim 7, is characterized in that, also comprises:
Administrator unit, activates business and described personal page displaying logic described in defining for tenant keeper.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410475563.6A CN104270349A (en) | 2014-09-17 | 2014-09-17 | Isolation method and device for cloud computing multi-tenant application |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410475563.6A CN104270349A (en) | 2014-09-17 | 2014-09-17 | Isolation method and device for cloud computing multi-tenant application |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104270349A true CN104270349A (en) | 2015-01-07 |
Family
ID=52161839
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410475563.6A Pending CN104270349A (en) | 2014-09-17 | 2014-09-17 | Isolation method and device for cloud computing multi-tenant application |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104270349A (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104881749A (en) * | 2015-06-01 | 2015-09-02 | 北京圆通慧达管理软件开发有限公司 | Data management method and data storage system for multiple tenants |
| CN106161069A (en) * | 2015-01-30 | 2016-11-23 | 富士施乐株式会社 | Apparatus management system, management equipment, management method, trunking and trunking method |
| CN107959689A (en) * | 2018-01-10 | 2018-04-24 | 北京工业大学 | A kind of cloud platform tenant network isolation test |
| CN108829507A (en) * | 2018-03-30 | 2018-11-16 | 北京百度网讯科技有限公司 | The resource isolation method, apparatus and server of distributed data base system |
| CN108920494A (en) * | 2018-05-21 | 2018-11-30 | 深圳市彬讯科技有限公司 | Isolation access method, server-side and the storage medium of multi-tenant database |
| CN109194502A (en) * | 2015-12-31 | 2019-01-11 | 北京轻元科技有限公司 | The management method of multi-tenant container cloud computing system |
| CN109213584A (en) * | 2018-07-27 | 2019-01-15 | 阿里巴巴集团控股有限公司 | Task executing method, device, electronic equipment and computer readable storage medium |
| CN109510866A (en) * | 2018-10-23 | 2019-03-22 | 东软集团股份有限公司 | For the method for pushing of cloud supplying system, device, storage medium and electronic equipment |
| CN109784090A (en) * | 2018-12-27 | 2019-05-21 | 浪潮软件股份有限公司 | A kind of method and system for realizing multi-tenant control based on cloud messaging service |
| CN111126876A (en) * | 2019-12-31 | 2020-05-08 | 亚信科技(中国)有限公司 | Method and device for realizing service configuration based on plug-in technology |
| CN111259378A (en) * | 2020-01-08 | 2020-06-09 | 中国建设银行股份有限公司 | Multi-tenant management system and implementation method thereof |
| CN111970286A (en) * | 2020-08-21 | 2020-11-20 | 北京恒华伟业科技股份有限公司 | User login method and device and web server |
| CN113438228A (en) * | 2021-06-23 | 2021-09-24 | 金蝶软件(中国)有限公司 | Application login method and device and readable storage medium |
| CN114153858A (en) * | 2021-11-26 | 2022-03-08 | 泰康保险集团股份有限公司 | Method and device for automatically updating tenant in MySQL table space |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102340533A (en) * | 2011-06-17 | 2012-02-01 | 中兴通讯股份有限公司 | Multi-tenant system and method for accessing data thereof |
| US20120173581A1 (en) * | 2010-12-30 | 2012-07-05 | Martin Hartig | Strict Tenant Isolation in Multi-Tenant Enabled Systems |
| CN102651775A (en) * | 2012-03-05 | 2012-08-29 | 国家超级计算深圳中心(深圳云计算中心) | Method, equipment and system for managing shared objects of a plurality of lessees based on cloud computation |
| CN103532981A (en) * | 2013-10-31 | 2014-01-22 | 中国科学院信息工程研究所 | Identity escrow and authentication cloud resource access control system and method for multiple tenants |
| CN103955384A (en) * | 2014-04-15 | 2014-07-30 | 南威软件股份有限公司 | Individual customization supporting method based on multi-tenant mode |
| CN103984600A (en) * | 2014-05-07 | 2014-08-13 | 丽水桉阳生物科技有限公司 | Financial data processing method based on cloud computing |
| CN104050201A (en) * | 2013-03-15 | 2014-09-17 | 伊姆西公司 | Method and equipment for managing data in multi-tenant distributive environment |
-
2014
- 2014-09-17 CN CN201410475563.6A patent/CN104270349A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120173581A1 (en) * | 2010-12-30 | 2012-07-05 | Martin Hartig | Strict Tenant Isolation in Multi-Tenant Enabled Systems |
| CN102340533A (en) * | 2011-06-17 | 2012-02-01 | 中兴通讯股份有限公司 | Multi-tenant system and method for accessing data thereof |
| CN102651775A (en) * | 2012-03-05 | 2012-08-29 | 国家超级计算深圳中心(深圳云计算中心) | Method, equipment and system for managing shared objects of a plurality of lessees based on cloud computation |
| CN104050201A (en) * | 2013-03-15 | 2014-09-17 | 伊姆西公司 | Method and equipment for managing data in multi-tenant distributive environment |
| CN103532981A (en) * | 2013-10-31 | 2014-01-22 | 中国科学院信息工程研究所 | Identity escrow and authentication cloud resource access control system and method for multiple tenants |
| CN103955384A (en) * | 2014-04-15 | 2014-07-30 | 南威软件股份有限公司 | Individual customization supporting method based on multi-tenant mode |
| CN103984600A (en) * | 2014-05-07 | 2014-08-13 | 丽水桉阳生物科技有限公司 | Financial data processing method based on cloud computing |
Non-Patent Citations (1)
| Title |
|---|
| 刘波: "SaaS模式下多租户多用户软件功能与架构的研究", 《工学硕士学位论文》 * |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161069B (en) * | 2015-01-30 | 2020-06-23 | 富士施乐株式会社 | Device management system, management apparatus, management method, relay apparatus, and relay method |
| CN106161069A (en) * | 2015-01-30 | 2016-11-23 | 富士施乐株式会社 | Apparatus management system, management equipment, management method, trunking and trunking method |
| CN104881749A (en) * | 2015-06-01 | 2015-09-02 | 北京圆通慧达管理软件开发有限公司 | Data management method and data storage system for multiple tenants |
| CN109194502A (en) * | 2015-12-31 | 2019-01-11 | 北京轻元科技有限公司 | The management method of multi-tenant container cloud computing system |
| CN109194502B (en) * | 2015-12-31 | 2022-05-31 | 北京轻元科技有限公司 | Management method of multi-tenant container cloud computing system |
| CN107959689A (en) * | 2018-01-10 | 2018-04-24 | 北京工业大学 | A kind of cloud platform tenant network isolation test |
| CN107959689B (en) * | 2018-01-10 | 2020-09-25 | 北京工业大学 | Cloud platform tenant network isolation test method |
| CN108829507A (en) * | 2018-03-30 | 2018-11-16 | 北京百度网讯科技有限公司 | The resource isolation method, apparatus and server of distributed data base system |
| CN108920494A (en) * | 2018-05-21 | 2018-11-30 | 深圳市彬讯科技有限公司 | Isolation access method, server-side and the storage medium of multi-tenant database |
| CN109213584A (en) * | 2018-07-27 | 2019-01-15 | 阿里巴巴集团控股有限公司 | Task executing method, device, electronic equipment and computer readable storage medium |
| CN109213584B (en) * | 2018-07-27 | 2023-04-25 | 创新先进技术有限公司 | Task execution method, device, electronic equipment and computer readable storage medium |
| CN109510866A (en) * | 2018-10-23 | 2019-03-22 | 东软集团股份有限公司 | For the method for pushing of cloud supplying system, device, storage medium and electronic equipment |
| CN109784090A (en) * | 2018-12-27 | 2019-05-21 | 浪潮软件股份有限公司 | A kind of method and system for realizing multi-tenant control based on cloud messaging service |
| CN111126876A (en) * | 2019-12-31 | 2020-05-08 | 亚信科技(中国)有限公司 | Method and device for realizing service configuration based on plug-in technology |
| CN111259378A (en) * | 2020-01-08 | 2020-06-09 | 中国建设银行股份有限公司 | Multi-tenant management system and implementation method thereof |
| CN111970286A (en) * | 2020-08-21 | 2020-11-20 | 北京恒华伟业科技股份有限公司 | User login method and device and web server |
| CN113438228A (en) * | 2021-06-23 | 2021-09-24 | 金蝶软件(中国)有限公司 | Application login method and device and readable storage medium |
| CN113438228B (en) * | 2021-06-23 | 2022-08-23 | 金蝶软件(中国)有限公司 | Application login method and device and readable storage medium |
| CN114153858A (en) * | 2021-11-26 | 2022-03-08 | 泰康保险集团股份有限公司 | Method and device for automatically updating tenant in MySQL table space |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104270349A (en) | Isolation method and device for cloud computing multi-tenant application | |
| US10037430B2 (en) | System and method for controlling the on and off state of features of business logic at runtime | |
| CN108399101B (en) | Method, device and system for scheduling resources | |
| US11888980B2 (en) | Stateless service-mediated security module | |
| CN106101258A (en) | A kind of interface interchange method of mixed cloud, Apparatus and system | |
| CN106951773B (en) | User role distribution checking method and system | |
| US9189643B2 (en) | Client based resource isolation with domains | |
| US10333778B2 (en) | Multiuser device staging | |
| CN110008019B (en) | Method, device and system for sharing server resources | |
| CN114266021A (en) | User authority management method, device, equipment and medium | |
| CN110971566A (en) | Account unified management method, system and computer readable storage medium | |
| US10015279B2 (en) | Application assignment reconciliation and license management | |
| CN105357067A (en) | Test method and system for cloud platform | |
| CN106936907B (en) | File processing method, logic server, access server and system | |
| CN111338571B (en) | Task processing method, device, equipment and storage medium | |
| CN114666159A (en) | Cloud service system, method, device, equipment and medium | |
| CN103415847A (en) | A system and method for accessing a service | |
| CN110008665B (en) | Authority control method and device for blockchain | |
| US11537669B1 (en) | Preparation of signature fields within electronic documents | |
| CN107181801B (en) | Electronic accessory storage method and terminal | |
| CN106778206A (en) | Method, system and mobile terminal for being managed collectively multiple applications | |
| US9553787B1 (en) | Monitoring hosted service usage | |
| US11385919B1 (en) | Machine image launch system | |
| CN114692101A (en) | Account creation method, device, equipment and computer readable storage medium | |
| CN111191251A (en) | Data authority control method, device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20190409 Address after: 510000 Room 1921, 27 Huanshi Avenue Center, Nansha District, Guangzhou City, Guangdong Province Applicant after: Guangzhou Zhongke Yide Technology Co., Ltd. Address before: 511458 8th Floor, Building A, 1121 Haibin Road, Nansha District, Guangzhou City, Guangdong Province Applicant before: Institute of Software Application Technology, Guangzhou & Chinese Academy of Sciences |
|
| TA01 | Transfer of patent application right | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150107 |
|
| RJ01 | Rejection of invention patent application after publication |